The insurance-linked securities (ILS) market can be a future provider of capacity to help to transfer the enormous exposures presented by cyber risks, according to risk modelling firm AIR Worldwide which has announced a new collaboration to build an advanced cyber risk model.
One of the aspects missing that could help the ILS market to begin to allocate some capital to cyber risk insurance and reinsurance is a robust model and a wealth of data on the exposures and the potential penetration rates faced.
AIR Worldwide is partnering with two leading tech security and cyber data providers, BitSight Technologies and Risk Based Security (RBS), in order to build an advanced cyber risk model.
AIR hopes that the resulting Cyber Risk Model will help the insurance industry better manage the evolving threat of cyber attacks, by incorporating into the model the most up-to-date and complete incident data, real-time security ratings of companies, exposure data, and supplier data in the “cyber supply chain.”
Partnering with cyber security providers is one of the ways that cyber insurance is expected to become a more viable product set and a reinsurance market expected to emerge. AIR’s new risk model will leverage terabytes of data gathered by BitSight from sensors deployed across the Internet. This includes security ratings which are available by industry, company size, and company headquarters location.
This type of data could also be key to the development of both reinsurance and ILS products, potentially even cyber catastrophe bonds, as this sensor data could be real-time and could signal major attacks and threats to networks or even globally, perhaps becoming useful as triggers in years to come.
“Cybersecurity is viewed as a top priority for many companies, and the importance and value of security ratings have already been realized across numerous industries,” commented Ira Scharf, general manager of worldwide cyber insurance at BitSight.
“As more and more companies purchase cyber insurance, insurers are becoming increasingly concerned with aggregation risk. We’re collaborating with AIR to help them more accurately account for cyber risk in the entire supply chain, such as security vulnerabilities on hosting companies, cloud providers, and other third-party suppliers,” he continued.
Risk Based Security provided AIR with historical incident data on more than 16,000 breaches, providing a robust set of historical data from which to derive losses. The RBS data contains industry-specific details on threat vectors and vulnerabilities and data breach information on businesses, industries, and geographies.
Again, this kind of data will be essential towards the development of cyber risk cat bonds or ILS products, as well as traditional insurance and reinsurance protection.
“The pace of data breach activity shows no sign of slowing, despite the unprecedented focus on protecting systems and data from attack and compromise. In fact, if the current rate of disclosure continues, 2015 will be the worst year on record for the number of breach events reported,” Inga Goddijn, executive vice president, Risk Based Security said. “Comprehensive modeling of cyber risk has never been more important. We’re pleased to collaborate with an innovative company like AIR to help them utilize this valuable data for building a more complete and advanced cyber risk model.”
“Leveraging these key data assets from BitSight and Risk Based Security is a major step forward in developing a robust cyber model,” added Scott Stransky, manager and principal scientist at AIR Worldwide.
“We’re developing a comprehensive cyber industry exposure database that can enable us to better estimate potential financial losses to entire sectors and portfolios due to common vulnerabilities. The AIR model will be critical to a true understanding of the financial implications of cyber attacks, including the aggregation risk associated with a mega-scale attack,” Stransky explained.
Rob Newbold, Senior Vice President, Business Development and Consulting & Client Services at AIR Worldwide, spoke with Artemis about the new cyber risk model and its potential application in the ILS market.
“This is a risk on the forefront of everyone’s mind, but take-up rates for cyber insurance are relatively low and there really isn’t a reinsurance market for the coverage, potentially because there are currently no tools in the insurance and risk transfer space to quantify the risk,” Newbold explained.
“By bringing an industry leading cyber risk model to the market, we believe there is a future for this important peril in the ILS space,” he continued.
The AIR Cyber Risk Model will provide probabilistic loss estimation, as well as a set of deterministic scenarios enabling companies to begin to truly understand their aggregated risk from large-scale cyber attacks.
Tools such as this will be essential as understanding of cyber risk and the need for risk transfer, and the ample risk capital, to financially minimise the impact of cyber risk exposure.