Cyber risk valuation via a hidden Markov-modulated modelling approach
Abstract
The growing demand for cyber insurance, which serves as a crucial vehicle for businesses' cyber risk management, is precipitated by the increasing number of incidents of cyberattacks and the corresponding legislative developments. As the cyber insurance market is hardening, risk insurers are faced with the challenge of reasonably pricing their products, particularly stand-alone policies. In this thesis, a pricing framework is established to benefit insurance carriers in the valuation of cyber insurance products and regulators in connection with reserving for cyber losses. Specifically, a hidden Markov model, driving certain factors of cyber risk dynamics, is used to calibrate the counting process for cyber incidents. Three self-contained but closely linked research undertakings in developing methodologies for cyber-risk analyses are presented in this thesis.
The first research study puts forward a valuation framework in which cyber-attack occurrences are captured by a regime-switching model driven by a Markov process that transitions in a three-state cyber kill chain. The estimator for the transition matrix is calculated utilising the change of reference probability measures along with the EM algorithm. The cyber insurance premium is then computed based on the random total losses, which are assumed to be following the doubly truncated Pareto distribution. The Vasi\v{c}ek model describes the interest-are process for discounting.
In our second research investigation, a modelling framework is proposed for the risk assessment of private health data breaches. Our investigation focuses on the data sets compiled by the Privacy Rights Clearinghouse and the U.S. Department of Health and Human Services. The counting process for the data-breach incidents is shown to be adequately modelled by the Markov-modulated non-homogeneous Poisson process (MMNPP) whilst the logarithm of the breach sizes is well-captured by the generalised Pareto distribution. We compute the cyber insurance premium at the institution level as well as both the Value-at-Risk (VaR) and Average VaR metrics. Our results indicate that cyber insurance policies with longer maturity are more cost-effective. This contribution advances in parameter estimation and implementation of the MMNPP in the context of cyber risk modelling.
The third research work extends the MMNPP model by constructing robust filter-based and smoother-based EM algorithms. In contrast to the usual EM algorithm for the maximum likelihood estimation, the filtering and smoothing-driven algorithms are more efficient and can incorporate new information into the parameter estimates in real time. A numerical demonstration of the MMNPP is carried out using the HHS data. To compare the three EM algorithms, we conduct a comprehensive simulation-based analysis with respect to the algorithms' efficiency, partition size, data size, intensity difference, regime occurrences impacted by transition rates, and the number-of-regimes selection. The comparative-analysis results together with the various heuristics for detailed implementation provide practical guidance to the end users of MMNPP.