Sustainable Catastrophic Cyber-Risk Management in IoT Societies

Abstract

IoT-driven smart cities are popular service-networked ecosystems, whose proper functioning is hugely based on digitally secure and reliable supply chain relationships. However, the naivety in the current security efforts by concerned parties to protect IoT devices, pose tough challenges to scalable and expanding cyber-risk management markets for IoT societies, post a systemic cyber-catastrophe. As firms increasingly turn to cyber-insurance for reliable risk management, and insurers turn to reinsurance for their own risk management, questions arise as to how modern-day cyber risks aggregate and accumulate, and whether reinsurance is a feasible model for reliable catastrophic risk management and transfer in smart cities. In this introductory effort, we analyze (a) whether traditional cyber-risk spreading is a sustainable risk management practice and (b) under what conditions, for the quite conservative scenario when proportions of i.i.d. catastrophic cyber-risks of a significant heavy-tailed nature are aggregated by a cyber-risk manager.