ENSAE Paris - École d'ingénieurs pour l'économie, la data science, la finance et l'actuariat

Catastrophic Risks, Cyber Risk and Insurance Markets


This course studies how insurance markets cover catastrophic risks, be they natural disasters (e.g., flood, earthquake, hurricane) or industrial risks (e.g., environmental catastrophes, nuclear accidents). The focus is on one side on insurance mechanisms (limits to mutualisation under correlated risks, reinsurance mechanisms, transfers to financial markets through Insurance Linked Securities), and on the other side on the role of public policies for the solvency of insurance schemes and for incentives to prevention, from theoretical and applied standpoints.

A last part of the course  will be dedicated to cyber risk insurance. Due to the systemic and extreme nature of cyber risk, many questions arise about the viability of the cyber-insurance market and the sector's ability to pool losses in the event of a major disaster. To see the emergence of economically viable financial protection, it is necessary to quantify the impacts of cyber risk. However, this assessment of a multi-faceted risk requires advanced statistical and probabilistic techniques in order to anticipate the costs, the evolution of the threat and its financial impacts. After recalling the particularities of cyber risk, the objective is to present some useful theoretical tools for a better modeling and quantification of cyber risk, both in terms of the severity component (size of claims) and the frequency component (contagion and accumulation).



Part I: Three examples of insurance schemes for natural disasters:
Natural disaster insurance in France
National Flood Insurance Program in the US
Caribbean catastrophe Risk Insurance Facility

Part II: Risk pooling, correlated risks, reinsurance and Alternative Risk Transfer:
The limits to risk pooling under correlated risks
Mechanisms of reinsurance for catastrophic risks
Transferring catastrophic risks to financial markets

Part III: Insurance coverage and risk prevention
Interaction between insurance, self-protection and self-insurance
Equity and efficiency in insurance coverage schemes for natural disaster risks
Insurance and liability for industrial risks

Part IV: Cyber risk

Introduction: characteristics of cyber risk, identification of factors jeopardizing pooling

Modeling of accumulation scenarios: epidemiological models and network effects, risk of saturation and impact of protective measures.

Auto-correlation of claims arrivals: self-excited Hawkes processes

Risk segmentation, extreme events: CART classification tree, heavy-tailed distributions.c



*Lecture notes (including copies of slides and bibliographical references)

*References for  cyber risk:

[ODHL21] C. Hillairet et O. Lopez. « Cyber-assurance : enjeux, modélisations et leviers de mutualisation », Opinions & Débats n°24, Institut Louis Bachelier, 2021. 

[BBH20] Y. Bessy-Roland, A. Boumezoued and C. Hillairet. « Multivariate Hawkes process for cyber insurance », Annals of Actuarial Science, 2020.

[FLT21] S. Farkas, O. Lopez and M. Thomas.  « Cyber claim analysis through Generalized Pareto Regression Trees with applications to insurance pricing and reserving », Insurance: Mathematics and Economics, 2021.

[HL21] C. Hillairet and O. Lopez. « Propagation of cyber incidents in an insurance portfolio : counting processes combined with compartmental epidemiological models », Scandinavian Actuarial Journal, 2021.

[RM19] Etat de la menace numérique en 2019, https://www.interieur.gouv.fr/Actualites/Communiques/L-etat-de-la-menace-liee-au-numerique-en-2019