Why cyber insurance is broken and what we should do about it
2021-06-12, 15:00–15:45, Track 3

Cyber insurance policies have been around since the 1998 with top profile spokespersons such as Bruce Schneier that were encouraging both the adoption and academic research since 2001. Insurance providers have experienced excellent profits up until 2019 when the loss ratio increased by 10% to reach approximately 45% which correlated with the spread of ransomware. We are observing that insurance providers are essentially funding cyber criminals with their policies, this has to stop!

The talk will be organized as below:
1) the history of cyber insurance
2) the business drivers of cyber insurance
3) the process of cyber insurance
4) technical challenges that cyber insurance is facing
5) how cyber insurance has reacted to catastrophic issues such as Petya,Mirai,NotPetya,WannaCry
6) why cyber insurance is effectively funding cyber criminals through ransomware
7) why CISOs and regulators are colluding with insurance providers
8) how attackers are leveraging insurance policies to increase their profits
8) what is the future ahead: rising premiums, lower pay out ratios?

Dr. Paolo Di Prodi has a software engineer background with a PhD in machine learning.
He has worked as a senior data scientist for Microsoft and Fortinet in the cyber security domain.
His current research focus includes differential privacy, privacy preserving machine learning and cyber insurance.
He is also one of the contributors behind the EPSS scoring system which is a similar score to the CVSS with the aim to predict when a vulnerability will be exploited.