网络弹性：网络风险挑战与保险的作用.

　　联网是一把双刃剑，它在为人们的生活和工作带来便捷的同时，也会对用户的信息安全和财产安全造成威胁，网络攻击将使互联网用户蒙受巨大的损失。随着网络环境的复杂化，网络风险成本不断提高，首席风险官开始探索为网络安全投保，用保险的方法来抵御网络风险，提高网络弹性，保障互联网用户的信息和财产安全。

　　3.2 Risk management of cyber risk exposure

　　3.2网络风险管理

　　The challenges set out in section 3.1 provide an important context for understanding and managing the risks arising from underwriting cyber risk. For the CRO, this is crucial to enable:

　　3.1节中所列的挑战提供了重要的背景，来理解和管理保险业中的网络风险。关键是CRO应实现：

　　1) Classification and codification of cyber risks;

　　2) An assessment of cyber risk exposure accumulation; and

　　3) Development of an appropriate risk management framework to manage cyber risk exposure.

　　1) 网络风险的分类和编码

　　2) 网络风险累积评估

　　3) 开发适当的风险管理框架，来管理网络风险

　　3.2.1 Codification

　　3.2.1编码

　　Understanding and managing the underwriting exposure of an insurer begins with accurate classification and coding of risks. Codification is fundamental to pricing, measuring profitability, managing aggregations and allocating capital, as well as allowing insurers to link underwriting exposures to their own operational risks.

　　理解和管理保险公司的承保风险应当从对风险精确的分类和编码开始。编码对定价、盈利能力测量、资金聚集管理和分配至关重要。除此之外，编码对保险公司把承保风险与自己的经营风险相联系也至关重要。

　　However, the rapidly changing nature of cyber risk and the broad array of products being offered by carriers make accurate coding of cyber policies challenging for the industry. Cyber coverage is not currently coded in a consistent way, which complicates risk measurement.

　　然而，迅速变化的网络风险与承包单位产品多样性让网络保险的准确编码变得十分棘手。网络保单的编码方式目前尚不一致，这让风险测量变得复杂。

　　The implementation of specific codes for cyber risks would help insurers capture and monitor cyber exposures in a consistent and transparent way. Consequently, CROs should work with Chi Underwriting Officers to establish a robust system of control around cyber codification both within the Underwriting and Claims functions.

　　针对网络风险采用特定编码将有助于保险公司以一致公开的方式获取并监控网络风险。因此，CRO应与首席核保人合作，共同在承保和理赔功能方面建立一个稳健的网络编码控制系统。

　　The challenges for a consistent coding of cyber policies include:

　　网络保单编码一致的挑战包括：

　　An evolving threat

　　不断演变的威胁

　　The use of the internet for commercial purposes has exposed companies to the risk of operating in a cyber environment which is continuously evolving.

　　以商业目的使用互联网将企业置于网络环境运营风险之中，且该网络环境还在不断变化。

　　The potential for operational disruption in the wake of a cyber attack was recognised, and the insurance industry responded by providing the first cyber insurance cover, which focused on the loss caused by early computer viruses or hackers.

　　已经认识到发生网络攻击时网络运行有可能中断。保险行业的反应是提供第一网络保险，这一保险侧重于早期的计算机病毒或黑客引起的损失。

　　As companies increasingly created, collected and stored data across networked systems, the nature of the risk posed by cyber threats widened to include the loss or manipulation of confidential customer and commercial information. Changes in the regulatory environment, in particular US data breach notification laws, significantly increased the potential cost of a data event to companies.

　　企业不断在整个网络系统中创建、收集和存储数据，网络威胁带来的风险已经蔓延到机密客户和商业信息的丢失或操纵。监管环境的变化显著增加了企业数据事件的潜在成本，尤其是《美国数据泄露通知法》。

　　Today the threat has evolved still further. A sophisticated cyber attack can cause physical damage to assets (see "Stuxnet" virus7). Even though the target in this case was highly specific and potentially not insurable, the implication for commercial industries of this type of attacks and the need to protect against business interruption, property damage and other operational risks was profound.

　　如今，威胁还在进一步演变。一个复杂的网络攻击可能会导致资产的有形损失。尽管该事例中的攻击对象非常具体且具有潜在的不可保性，但该类型的攻击对商业的寓意和对业务中断、财产损失及其他的运营风险防护的必要性已变得非常显著。