Sign up and be the first to know

About Hugh Terry & The Digital Insurer

Hugh Terry & The Digital Insurer Video

Contact Us

1 Scotts Road
#24-10 Shaw Centre
Singapore 228208

Write an article

Get in touch with the editor Martin Kornacki

email your ideas at

Pre Registration Popup

itcasia2020 Registration Popup

Share Popup

Prime Member: Find out more

Access a unique programme!
  • 56 pre recorded lesson of online content from industry experts over 7 courses
  • The best in digital insurance for practitioners and by practtioners
  • Online MCQ after each lesson
  • Join the discussion forum and make new friends
  • Certificate upon completion to show your expertise and comitment
  • 3 months to complete
  • Normal price US$1,400 Your Prime member price is US$999
  • Access to future versions included in your Prime membership!
Become a member

Prime Member: Contact Us

REach out to us. Please fill up the form below
  • Let us know how we can help. You can expect a response within 24 hours

Taming Cyber


Article Synopsis :

 The Digital Insurer reviews Oliver Wyman’s Report on Taming Cyber

New methods of quantifying Cyber risk help CxOs and boards better manage it  

Identifying and quantifying Cyber risk is different from quantifying other “financial” risks. This report from Oliver Wyman shares new methods for measuring Cyber in a more structured way.

Many institutions assess Cyber risk by soliciting the opinions of in-house IT experts on the topic. These exercises are typically sub-optimal given the answers are more guesstimates than proper risk quantification exercises. As a result, the outcomes are relatively ineffective risk management tools.

Cyber risk quantification is tricky for three main reasons:

  1. Institutions lack historical data. Cyber risk is an emerging risk with limited useful historical data. And the situation is unlikely to change soon, because institutions are often unwilling to disclose the details of successful attacks, and especially the true cost of incurred losses.
  2. The threat environment is rapidly changing. Attackers are constantly finding new ways to access IT systems and infrastructure. What an institution knows about current vulnerabilities today is likely to become obsolete tomorrow. Without a structured process, institutions will find the task of keeping up with these changes extremely difficult.
  3. Cyber attack outcomes are not always comparable. The impact and cost of various Cyber risk events such as a data breach or disruption are typically unique to the institution and highly dependent on the individual operational, IT, system, or data environment.

Based on structured-scenario analysis, the report outlines the following four-step approach to risk identification and quantification:


To begin, business, risk, and information technology personnel should identify assets from all business and functional units (e.g., HR) potentially subject to Cyber attacks. The list should include both digital assets – such as critical data that should be protected or operational services that can be disrupted – and physical assets, including computing hardware and connected infrastructure that can be damaged or destroyed. Next, Cyber security experts should assess the materiality of each Cyber-relevant asset based on inputs from each business and functional unit. The goal is to identify assets that, if lost or compromised, would lead to significant loss to the institution.


Once institution-wide high-value assets are identified, the business or functional unit should develop a list of Cyber risk events by identifying each potential malicious action to which each high-value asset could be subject, ordered by relevance.


Industry resources exist to help calculate the frequency of various types of Cyber attacks on various sorts of systems in a given time frame. The data allows for a historical view of not only the overall volume of Cyber attacks, but also the volume of attacks and success rates by vector of attack. When analysing the frequency of Cyber attacks, institutions should consider not only the number of attacks, but also the number of loss-triggering attacks (which are typically a small subset of the total attacks).


Given the challenges inherent to traditional quantification approaches commonly used for “financial” risks (e.g., credit, market), use structured scenarios as a mechanism for quantifying the severity of potential Cyber risk events. These scenarios, which are typically used for the quantification of “hard to quantify” operational risks, consist of a series of table-top exercises/workshops with key stakeholders from the business, risk, and information technology units.

Better Cyber risk quantification enables more informed business decision-making in the following areas:

  • Risk management: Better understand Cyber risk exposure and the underlying drivers of the losses, and improve response to attacks
  • Investments: Prioritize investments across the Cyber risk mitigation spectrum and relative to competing investment demands
  • Insurance: Determine Cyber coverage strategy and the nature/extent of premiums
  • Executive oversight: Understand Cyber risk exposure status, trends/outlook and impact of investments over time

By converting qualitative concerns from boards and senior management into dollar amounts, an institution will be able to integrate Cyber risk management more fully into the overall risk management strategy – which is the ultimate goal.

Link to Full Article:: click here

Digital Insurer's Comments

Though she may be biased, Ginni Rometty, IBM’s chairman, president and CEO, definitely isn’t wrong when she says: “Cyber crime is the greatest threat to every company in the world.”

Ransomware damage costs are expected to exceed $5 billion this year, up from just $325 million in 2015. Global spending on cybersecurity products and services are predicted to exceed $1 trillion between now and 2021. The approach outlined in this report helps leaders quantify their own unique problem before setting out to spend on solutions. 

Link to Source:: click here



Livefest 2019 Register Popup Event

Livefest 2019 Already Registered Popup Event

Livefest 2019 Join Live Logged-in Not Registered

Livefest 2019 Join Live Not Logged-in