Vine Copula Modeling Dependence among Cyber Risks: A Dangerous Regulatory Paradox

Dependence among different cyber risk classes is a fundamentally underexplored topic in the literature. However, disregarding the dependence structure in cyber risk management leads to inconsistent estimates of potential unintended losses. To bridge this gap, this article adopts a regulatory perspective to develop vine copulas to capture dependence. In quantifying the solvency capital requirement gradient for cyber risk measurement according to Solvency II, a dangerous paradox emerges: an insurance company does not tend to provide cyber risk hedging products as they are excessively expensive and would require huge premiums that it would not be possible to find policyholders.