Escolar Documentos
Profissional Documentos
Cultura Documentos
A Case Study
David Fishbaum
Enterprise Risk 1
The Problem
You’re the risk manager of a financial institution
with a new web site
Your insurance broker has provided you a quote
for new e-commerce risk insurance coverage:
$350,000 - $450,000 with low limits
Your not exactly sure what the risks of the web
site are
What to do?
Enterprise Risk 2
Background
Enterprise Risk 3
What are the risks?
Enterprise Risk 4
Resultant damages are
also varied
Enterprise Risk 5
Background: E-commerce
insurance coverage
Enterprise Risk 6
How do you insure the high
P/E ratio
Enterprise Risk 7
Why bring in Actuaries?
Enterprise Risk 8
Methodology
Enterprise Risk 9
Model
MMC ER developed a computer program to
model the economic performance of the e-
commerce infrastructure
Used company’s performance statistics
Used a monte carlo simulation to produce
expected revenue and branding values
Based on this quantification, valued the
potential losses of a series of scenarios
Enterprise Risk 10
Flow of Information and quantification of failure probabilities
ISP Provider
In our estimation of the probability of failure at the application host level, elements such as software outage, hardware outage,
data base performance etc were considered. 11
Assumptions
Enterprise Risk 12
Results-Base Case
2000 2001 2002
# of participating banks
Internet applications
Application fees
Insurance underwriting
TOTAL
Enterprise Risk 13
The Scenarios
Denial of service
Physical damage to hardware location
New virus brings down complete system
Malicious employee
Threats/extortion
Theft of credit card numbers
Enterprise Risk 14
The Scenarios
Denial of service
Attack causes a degradation of performance or
loss of service to web site
Not covered under current coverage
Modeling assumption: site down for 3 hours
Income loss/Customer value loss
Enterprise Risk 15
The Scenarios
Physical damage to hardware location
Location of where hardware is kept is disabled
Covered under current insurance
Modeling assumption: site down for 10 days
Income loss/Customer value loss
Client bank’s lost revenue
Enterprise Risk 16
The Scenarios
New virus brings down complete system
Not covered under current coverage
Model assumption: system down for 2 days
Income loss/Customer loss
Enterprise Risk 17
The Scenarios
Malicious Employee
Destruction of important data or programs
Cost of recovery process covered under current
coverage
Not modeled
Theft of policyholder info or other intangible
property
Not covered under current coverage
Enterprise Risk 18
The Scenarios
Threats/extortion
Threat to commit a computer crime or to use
information gained from a computer crime in
exchange for money, personal gain or to
embarrass the company
Would be covered under current kidnap and
ransom policies
Enterprise Risk 19
The Scenarios
Theft of credit card numbers
CD universe and Salesgate (e-mall)
No credit card numbers are stored
Enterprise Risk 20
Results of analysis
Enterprise Risk 21
Conclusions
Enterprise Risk 22
Postscript
Enterprise Risk 22
Causes for stock drops -
MMC Research
Enterprise Risk 23
Causes for stock drops -
Fortune 1000 group
Risk Event Precipitating Stock Drop (# of Companies)
% of top 100
25 24
20
15
12
11
10
7 7 7
6 6
5 4
3
2 2
1 1 1 1
0 0
0
Competitive Mis- Loss of R&D Cost Manage- Foreign High Interest Law- Natural
Pressure aligned Key Delays Overruns ment Macro- Input Rate suits Disasters
Products Customer ineffective- Economic Comm- Fluct-
Customer M&A Customer Regulatory Supplier Accounting ness Issues odity uation
Demand Integration Pricing Problems Problems irregularities Supply Chain Price
Shortfall Problems Pressure Issues
58% 31% 6% 0%
Enterprise Risk 24