University of Illinois Urbana-Champaign

Applications of actuarial and data science techniques to emerging topics in risk management

Zhang, Linfeng

This item is only available for download by members of the University of Illinois community. Students, faculty, and staff at the U of I may log in with your NetID and password to view the item. If you are trying to access an Illinois-restricted dissertation or thesis, you can request a copy through your library's Inter-Library Loan office or purchase a copy directly from ProQuest.

Permalink

https://hdl.handle.net/2142/120418

Description

Title
Applications of actuarial and data science techniques to emerging topics in risk management
Author(s)
Zhang, Linfeng
Issue Date
2023-04-28
Director of Research (if dissertation) or Advisor (if thesis)
  • Feng, Runhuan
  • Chong, Wing Fung
Doctoral Committee Chair(s)
Quan, Zhiyu
Committee Member(s)
Bashir, Masooda
Department of Study
Mathematics
Discipline
Mathematics
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
Ph.D.
Degree Level
Dissertation
Keyword(s)
  • Actuarial science
  • Emerging risks
  • Data science
  • Pandemic
  • Cyber risk
  • Privacy
  • Risk management
Abstract
With the ever-advancing developments in industrialization and technologies across the globe, risks and threats that were previously not a central focus of actuarial studies have quickly emerged. Some risks are new, such as cyber and privacy risks, and because they have distinct features from traditional risks, these risks impose the requirement for innovative management tools on enterprises. Some risks have been in existence, but because of their rapidly growing financial and economic impacts, they bring new challenges to risk managers, such as the pandemic risk. In this thesis, we focus on how the actuarial principles for capital allocation and risk sharing can be adopted to solve organizational and societal problems resulting from the aforementioned emerging risks, i.e., cyber, privacy, and pandemic risks. For pandemic risk management, we proposed a three-pillar framework, which includes predictions on resource demands using epidemic compartment models, stockpiling and distribution of resources across time, and allocation of resources across regions. The optimal stockpiling and allocation strategies are solved to minimize the costs associated with the spatial and temporal shortage or surplus of resources. To establish the connection between cybersecurity and economic losses resulting from cyber incidents and provide guidance on making investments in cybersecurity controls, we proposed a cyber risk assessment and management framework. It utilizes the relationship among cyber threats, vulnerabilities, and assets to associate the expenditures on patching vulnerabilities with the consequential cyber losses. In addition, we showed how to balance the competing interests in cyber risk management, including optimal ex-ante investment and ex-post-loss reserve allocations, via the holistic approach. Other than reducing and retaining cyber risks through cybersecurity investment and reserving, cyber insurance is also a viable tool for organizations to transfer their cyber risks. Based on our observations about practices in the cyber insurance industry, although policies specific to different types of cyber incidents are offered on the market, neither insurers nor policyholders have a scientifically sound way to determine how those incident-specific risks should be shared between the two parties. To address this issue, we developed a method to calculate incident-specific coverage for the Pareto optimality of the insurer and the insured. The approach is coherent with modern actuarial practices and can be easily adapted to quantitative risk management practices. We also investigated the impact of one particular type of cyber incident, data breaches, on personal privacy, and how data controllers should manage the risk of such privacy losses. To facilitate the measurements of privacy, information-theoretic utility and privacy loss metrics are proposed in the context of information sharing between the data controller and the data user and a data breach from the data user to an adversary. Classic privacy-preserving techniques often overlook the utility aspect of data and the trade-off between keeping data private and keeping data usable. We formulate the choice of a data masking strategy in this process of information flow as an optimization problem that the privacy loss shall be minimized in the data breach with a constraint on the data utility in the information sharing stage.
Graduation Semester
2023-05
Type of Resource
Thesis
Copyright and License Information
Copyright 2023 Linfeng Zhang

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois