Heavy-Tailed Data Breaches in the Nat-Cat Framework \& the Challenge of Insuring Cyber Risks accepted and presented at the Symposium on Insurance and Emerging Risks, St. John's University, March 10th, 2018. Addressing insurance of data breach cyber risks in the catastrophe framework,

Considering cyber risk as a (man-made) natural catastrophe (Nat-Cat) systematically clarifies the actuarial need for multiple levels of analysis, going beyond claims-driven statistics to forecast losses, and necessitating ambitious advances in scope, quality, and standards of both data and models. The prominent human component and dynamic and multi-type nature of cyber risk makes it uniquely challenging when compared with other Nat-Cat type risks. Despite noted limitations of data standards and models, using updated U.S. breach data, we show that this extremely heavy-tailed risk is getting significantly worse -- both in frequency and severity of private information items (ids) exfiltrated. The median predicted number of ids breached in the U.S. due to hacking, for the last 6 months of 2018, is about 0.5 billion, but there is a 5 percent chance that it exceeds 7 billion -- doubling the historical total! In view of this extreme loss potential, insurance principles indicate a need to reduce ambiguity through research and to provide a sufficient basis for writing sustainable insurance policies. However, as demand for extended insurance coverage exists, premium differentiation is deemed attractive to incentivize self-protection and internalize externalities.