Global catastrophe risk modeller, AIR Worldwide, has announced the development of a new probabilistic cyber model that market participants state will reinforce their ability to develop and deliver innovative solutions such as cyber ILWs and insurance-linked securities (ILS) for cyber risk.
The new cyber risk model is to be included in the latest version of the firm’s cyber risk modelling and analytics platform, ARC (Analytics of Risk from Cyber), which is due for general release on October 31st, 2018.
According to AIR, the new probabilistic cyber model estimates the likelihood, severity, and economic and insurance impact of security breaches and cloud service provider downtime, which are one of the most likely forms of aggregation risk for cyber.
It will help traditional underwriters of cyber insurance and reinsurance risk, providing them an enhanced view of threats and ability to analyse portfolio and risk metrics data.
At the same time, Ian Newman, partner and global head of cyber at reinsurance broker Capsicum Re, one of the first users of AIR’s new model and part of the model’s development, said that the model reinforces the company’s ability to develop innovative insurance solutions, “such as cyber industry loss warranties (ILWs), and work with insurance-linked securities (ILS).”
The inherently complex and far-reaching nature of cyber risk suggests the potential exposures require more capacity than that of the traditional insurance and reinsurance markets, with the capital markets increasingly discussed as a viable source of diversifying capital.
“We also believe analytics are key to the market of the future, which will consist of three core classes: property, casualty, and cyber (PC&C),” added Newman.
AIR’s new cyber model has been calibrated with public, commercial, and new insurance claims data that includes information of over 60,000 global incidents, and the cybersecurity profile of more than 100,000 organisations from across the world.
Scott Stransky, assistant vice president and director of emerging risk modeling at AIR, said: “The detail and quality of the data we have has allowed us to apply innovative stochastic and machine learning techniques to create a model that provides granular output. By training our machine learning model on real claims data, the model can differentiate the risk by technographic parameters such as cybersecurity practices, cloud service provider, and the cause of cloud downtime incidents, in addition to firmographic characteristics such as company size and sector. AIR’s philosophy is to be transparent and flexible about the various modeling assumptions we’ve made, and model users can dig into them and truly own the risk. Additionally, we’ve collaborated with development partners to allow outputs to be displayed to our users at the organization level.”
Prashant Pai, vice president of cyber offerings at Verisk, added: “Many insurers are challenged to understand how often various types of cyber incidents can occur and how they can affect the performance of their book. As a result, decisions on product development, underwriting, portfolio optimization, and capital allocation tend to be made with limited data; and too much weight is often put on intuition or broad assumptions. This is where probabilistic modeling can help the industry better manage cyber risk globally.
“The AIR cyber model is the output of several years of work by experts across all of Verisk in the fields of cybersecurity, data science, underwriting, and catastrophe modeling. Our mission is to help the cyber insurance industry grow profitably, and this model will help us take a big leap forward.”
AIR has also announced that in addition to the probabilistic model, the latest release of ARC features functionality that helps insurance and reinsurance firms understand additional risk as a result of GDPR, the expansion of AIR’s cyber industry exposure database to regions globally, as well as many other enhancements.