Reference no: EM133337946
Case: An e-commerce firm estimates a stock market loss of a breach to be Z =$100,000. The firm purchases a cyber insurance policy with a deductible of $50,000. The policy covers direct losses from a breach minus the deductible. The firm and the insurer estimate that there will be a Low loss L (with probability p) or a Medium loss M (with probability q) or a High loss H (with probability 1 - p -
q). Assume that the firm is not obliged by law to disclose a breach when the loss is Low, but government regulations require the firm to disclose a Medium or a High breach.
The insurer uses the following (traditional) formula to the firm to calculate the premium P (x) based on the deductible, x:
P(x) = 1.05[p(L - x)+ + q(M - x)+ + (1 - p - q)(H - x)+]
The firm and the insurer agree on the estimates L = $100,000 (with a proba- bility of 0.4), M = $200,000 (with a probability of 0.4) and H = $600,000 (with a probability of 0.2).
What premium will be charged based on the above formula?
Is this premium fair, or is it overpriced based on the firm's correct claiming strategy?
Given the firm's correct claiming strategy, what should the fair premium be?
Under the traditional contract, can you suggest a better choice for the deductible that will maintain the current claiming strategy (based on the current deductible of 50, 000)?