Systemic cyber risk poses a significant threat, causing substantial economic losses across industries. This study aims to define key factors of such risks and evaluate financial burdens of industries with extracted loss data. Using text mining techniques and Loss Distribution Approach (LDA), we identify systemic cyber incidents, estimate parametric distributions for monthly frequency and individual severity, and generate aggregate losses. Our results show that loss frequency and severity follow a negative binomial distribution and a combination of log-normal and generalized Pareto distributions, respectively. In addition, manufacturing and information industries may face higher financial burdens, whereas financial and retail industries may not. The results imply that customized risk assessment and rate-making at the industry level might help enhance the capital capacity of the supply side in the global cyber insurance market.

In this paper, we develop a dynamic model of optimal reinsurance and asset allocation for an insurer who aims to minimize the ruin probability of facing cyber disasters. We find a vital discontinuity and significant change in the insurer’s optimal choices with cyber risk compared to the case without cyber risk. Whether or not the frequency of cyber disasters is estimated correctly does not matter for the insurer’s optimal policies. Instead, considering the presence of cyber risk resulting in the insurer defaulting in an extreme cyber disaster scenario is of utmost importance to the insurer’s cyber risk management. Analytical comparative statics and numerical experiments are provided to discuss various properties of the insurer’s optimal strategies.

We examine the association between business efficiency of Korean insurers and their ESG policies that are of interest for quality evaluation of how their ESG efforts are effective. Using the data envelopment analysis (DEA) and local regression with insurer-specific financial information and the largest ESG score data of the Korean market for the period between 2012 and 2021, we find that relatively higher scored insurers in terms of ESG total score tend to have relatively lower efficiency. This tendency is commonly identified in both technical and size efficiency indices. It implies that insurers’ ESG policies may not result in effectiveness, shown by the empirical data of the recent decade in Korean insurance companies. Our results further suggest that insurers’ ESG policies may lead to an increase in business inefficiency in the short-term. That is, the costs by implementing ESG business strategy could worsen business efficiency. This study can contribute to the literature by providing evidence of an anecdotal relationship between business efficiency and corporate ESG policies.

We investigate firm-specific and time effects on cyber risk frequency using a widely-used mortality model proposed by Lee and Carter(1992), which helps analyze heterogeneity in cyber risks by firm size and industry. Using a large dataset of cyber risk, we find that large organizations and those in the financial, information, and public sectors are likely to be more exposed to cyber risks. However, we find that utility industries are relatively more vulnerable to cyber risks than information or financial industries. In addition, we determine that cyber risk frequency tends to increase over time, which can provide supporting evidence for the literature of increasing frequency of cyber loss events. Our results can help cyber insurers or policymakers to be better aware of the importance of firm size and industry in cyber risk underwriting and further discuss how the market and public sector can manage such risks amid their increasing threats.

This study proposes a two-step machine learning approach to predicting economic damage caused by tropical cyclones (TCs) in the Korean Peninsula. We first analyze track clusters of TCs to classify regional physical hazards. We then predict regional TC losses by considering geographic and socio-economic information. Comparing traditional regression model(multiple linear regression), we show better performance of our machine learning-based model than the traditional linear model. We also determine that some economic and geographic factors (i.e. embankment, local income per capita, artificial water) are statistically significant in explaining TC losses. We further predict the economic loss per TC in the year 2100 under a climate change scenario of the Intergovernmental Panel on Climate Change(IPCC) and provide a TC risk map on a regional basis. We find in this prediction that the projected losses per TC can be 6.4 to 14.8 times larger than those at present. Our findings can provide (re)insurers with a stepwise process for predicting climate change-driven TC losses can help them for better financial management and proactive responses to climate changes.

We examine what determine cyber loss occurrence and financial costs of data breach loss events, and discuss implications of the findings for the current third-party liability insurance market of data breach risk in Korea. Using one of the largest databases for cyber risk over the last three decades in the U.S., we identify that a large-sized firm or one with a higher industry-level security is more likely to face cyber loss occurrence, where in the literature the higher industry-level security implies negative externality to increase loss probability by a target-changing plan of cyber attackers. We also find that the number of breached records and firm size are the key determinants of financial costs by data breach events. Firms with litigation or affiliated with the financial services industry (i.e. banks and insurers) tend to have more costs. We determine that a smaller-sized loss event shows larger cost per breached record, the finding that can help overcome the limitation of the literature suggesting the average cost per record for claims calculation. We check robustness of the findings using pure financial losses of events (without litigation cost) as an alternative measure to the total cost. Our findings are material for cyber insurers and market participants to better understand data breach loss events and develop the underwriting process of cyber risk.