{"title":"The effect of corporate risk management on cyber risk mitigation: Evidence from the insurance industry","authors":"Kwangmin Jung, Chanjin Kim, Jiyeon Yun","doi":"10.1057/s41288-024-00326-z","DOIUrl":null,"url":null,"abstract":"<p>We examine how corporate risk management can be used to address a firm’s vulnerability to cyber risk. We use a large, novel dataset on cyber risk and corporate risk management to analyse US insurers’ cyber loss events during the period of 2000–2021. Our analysis includes information on whether insurers have implemented an enterprise risk management (ERM) programme and whether they report applying cyber risk management (CRM). The results illustrate that the implementation of CRM measures may have no significant effect on cyber risk mitigation. However, we determine that the likelihood (frequency) of a cyber loss event decreases by 3.9% (6.8%) as ERM programmes mature year on year. We also find that an insurer can benefit from implementing both CRM and ERM through a lowered event likelihood (frequency) of 3.8 percentage points on average (3.7 percentage points) per year compared to solely implementing an ERM programme.</p>","PeriodicalId":75009,"journal":{"name":"The Geneva papers on risk and insurance. Issues and practice","volume":"64 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Geneva papers on risk and insurance. Issues and practice","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1057/s41288-024-00326-z","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
We examine how corporate risk management can be used to address a firm’s vulnerability to cyber risk. We use a large, novel dataset on cyber risk and corporate risk management to analyse US insurers’ cyber loss events during the period of 2000–2021. Our analysis includes information on whether insurers have implemented an enterprise risk management (ERM) programme and whether they report applying cyber risk management (CRM). The results illustrate that the implementation of CRM measures may have no significant effect on cyber risk mitigation. However, we determine that the likelihood (frequency) of a cyber loss event decreases by 3.9% (6.8%) as ERM programmes mature year on year. We also find that an insurer can benefit from implementing both CRM and ERM through a lowered event likelihood (frequency) of 3.8 percentage points on average (3.7 percentage points) per year compared to solely implementing an ERM programme.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
