Compass Initiative: Policy Workshop for the Cyber Insurance Market Progression (Day II)


Wed, 04/12/2019 - 08:45 to 17:30


Room 502, The Maiersdorf Faculty Club, The Hebrew University, Mt. Scopus, Jerusalem

Compass Initiative Logos

For the Conference Pictures Click Here.

It is increasingly apparent that the cyber risk exposure of private sector entities is rapidly mounting, while mechanisms for assessing this exposure, managing it, and channeling some of the risk have yet to catch up. Moreover, some of the existing arrangements to underwrite cyber risks may not even be sustainable. A robust cyber insurance market could be both the beneficiary and the stimulant for far better cyber risk management.

Our four organizations are coming together to convene a high-level workshop in an effort to identify the key obstacles standing in the way of building a more mature cyber insurance market and to devise a strategy for addressing these obstacles. We aim to bring together under one roof for a day and a half diverse stakeholders from industry, government, and the NGO community to help develop a compass for moving ahead constructively on this front. Toward this end various stakeholders in the Israeli government are willing to explore how Israel could responsibly develop a beta site for testing the solutions identified by the workshop participants.

This workshop will convene key players – state regulators and cyber agencies, insurers and re-insurers, cyber risk quantification and modelling start-ups – in one place along with global big-thinkers from the relevant research and innovation fields. The aim will be to develop a compass for a true cyber insurance market progression. A genuine public-private partnership to jointly brainstorm in an intimate, closed-door workshop will allow key stakeholders to set holistic policy solutions for the challenges at hand.

The agenda of the workshop will cover the following issues:

  1. War exclusions, or what risks would cyber risks exceed insurers appetite for underwriting
  2. Backstopping mechanisms – what should be the threshold for state intervention and the modalities for doing so
  3. Risk assessments and monetization of cyber risk exposure
  4. Risk aggregation and the regulation for insurance carriers' solvency
  5. Models for information sharing and cooperation between states and insurers
  6. Cyber risk credit rating as complementary incentive for better cyber risk management.

Agenda (Day II)

08:45 – Gathering, Coffee and Refreshments

09:00-10:30 – Session II: Thinking About Aggregation and Catastrophic Risks in Cyberspace

Aggregation risk emerges as the most worrisome prospect for cyber insurance. How can it be bounded? How does it affect what cyber risks reinsurers will be willing to cover? What products and practices will insurance regulators worried about carriers’? What insights for cyberspace may we infer from mechanisms developed for dealing with risks associated with classical wars and terrorism? Solvency encourage and discourage?

10:30 – Coffee Break

10:45-12:15 – Session III: Cyber Risk Assessments, Methodology and Applications

How can emerging tools and methodologies produce viable assessments of cyber risk to offset inherent limitations in the applicability of actuary models to cyberspace?

12:15 – Coffee Break

12:30-14:00 – Working Lunch: Information Sharing and Collaboration 

What realistically can be done collectively or at least cooperatively to support robust risk assessments, effective controls, robust defense and resiliency? What level of insights are necessary from pertinent collaborators and participants to enable effective risk mitigation? What understanding is necessary of the risks suppliers present within the supply chain of their customers?

14:00 – Coffee Break

14:15-15:45 Session IV: Government Backstopping and Shared Responsibility

What insights for cyberspace may we infer from governmental mechanisms developed for dealing with risks associated with classical wars and terrorism? What else may be needed of governments to unlock the cyber insurance potential or make up for its limitations?

15:45-16:05 – Make Up Session

  • Sector and Corporate Based Cyber Risk Assessments: Derek Vadala, Moody’s/Team8 (by Skype)

16:05 – Coffee Break

16:15-17:15 – Participants’ Takeaways and Suggestions for Follow Up

17:15-17:30 – Concluding Reflections



Abed Hasdia, Capital Market Insurance and Savings Authority
Amit Ashkenazi, Israel National Cyber Directorate
Amir Dahan, Tax Authority Compensation Department
Andrew James Grotto, CISAC, Stanford University
Asaf Lubin, Harvard Law School and The Hebrew University of Jerusalem
Assaf Michaeli, Capital Market Insurance and Savings Authority
Chris FinanManifold Technologies
David Levi Faur, The Hebrew University of Jerusalem
Efrat Bat Shua Oren, Tax Authority
Eli Touboul, Capital Markets, Insurance and Savings Authority
Elon Kaplan, Cytigic
Eric Durand, Swiss Re
Esther Ying Yang, Risk Lighthouse LLC
Fabien Caparros,  Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), French Government
Hagai Mei-Zahav, Israel National Cyber Directorate 
Hudi Zack, Israel National Cyber Directorate
Itai Benartzi, Israel National Cyber Directorate
Kirsten Mitchell-Wallace, Llyods
Matthias Fischer, Federal Ministry of the Interior, the Federal Republic of Germany
Michal Shlomo, Menora Mivtachim Insurance Company
Monica Ruiz, Hewlett Foundation
Moshe Bareket, Israel Ministry of Finance
Nick Beecroft, CyberCube
Noa Vider, Finance Division, Accountant General Office
Omri Goldin, Accountant General Office
Refael Franco, Israel National Cyber Directorate
Robert Morgus, Cyberspace Solarium Commission, US Government
Scott Kannry, Axio
Shaun Shuxun WangNanyang Technological University
Tali Shemer, Israel National Cyber Directorate 
Yael Goren Hezkiya, Israel National Cyber Directorate
Yakir Golan, Kovrr
Yann Tonnellier, Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), French Government
Yifat Siminovski, INCD

See Also: Day I