Analysing cyber-insurance claims to design harm-propagation trees

With a continuously changing threat landscape, companies must be prepared for the most unforeseen cyber events. Harm originating from cyberspace varies in magnitude and type, with potential for systemic consequences. While the adoption of security controls may partially mitigate the impact of cyber-attacks, a nuanced understanding of how events unfold during and after an incident will help organisations to better estimate the risk they face and implement advanced incident response strategies. A better estimation of risk is of particular importance to the insurance community because the costs from claims due to cyber-events vary significantly. Towards this end, we collected and analysed more than 70 claims against an insurance company, extracting different types of harm and their characteristics. We then reconstructed the claims based on these types of harm in order to obtain patterns of how cyber-harm propagates. The result is a graph indicating the most common paths that harm follows on multiple events. The findings can help policy-makers and insurance companies to understand how harm propagates, estimate more accurately the value-at-risk and adopt the necessary controls to mitigate these harms.