Cyber risks to be modelled. Challenge, opportunity or... both?
AIR Worldwide announced during the Rendez-vous de Septembre in Monte Carlo that it is working on an advanced cyber risk model, the first of its kind so far. The company will be assisted by security risk and cyber data providers. According to sources and various media reports, the solution might be launched sometime during 2017. AIR Worldwide is a provider of risk modeling software and consulting services since 1987. The company models the risk from natural catastrophes and terrorism in more than 90 countries.
In addition to probabilistic loss estimation, the AIR Cyber Risk Model will offer a set of deterministic scenarios that will allow companies to begin to truly understand their aggregated risk from large-scale cyber-attacks. The model will serve to help the insurance industry better manage the evolving threat of cyber-attacks by incorporating into the model the most up-to-date and complete incident data, real-time security ratings of companies, exposure data, and supplier data in the "cyber supply chain." How does it work? Basically, AIR will leverage terabytes of data gathered by BitSight from sensors deployed across the Internet, while a different company - Risk Based Security - will provide AIR with historical incident data on more than 16.000 breaches.
"The pace of data breach activity shows no sign of slowing, despite the unprecedented focus on protecting systems and data from attack and compromise. In fact, if the current rate of disclosure continues, 2015 will be the worst year on record for the number of breach events reported," said a Risk Based Security official. "Comprehensive modeling of cyber risk has never been more important."
Cyber risks are, according to the brokerage firm GUY CARPENTER, one of 4 key areas globally where risks continue to emerge or are largely unknown; it is the evolving nature of cyber risks that poses a serious threat to governments, corporations and individuals around the world. "Data breaches, for example, are very difficult to predict and the potential form and target of the next cyber-attack are largely unknown. A key function of modeling for cyber risk is trying to determine the likelihood of an event occurring, and once it happens, what the size of that loss might be", according to a recent GUY CARPENTER report named "A Clearer View of Emerging Risks".
The same document claims that although progress is being made, the level of historical and scientific data needed to build probabilistic models for natural catastrophes does not yet fully exist for cyber risk. This fact, combined with the potential for a single breach to have a wide-spread, cascading impact presents both a significant challenge and opportunity for the industry.
Author: Alexandru CIUNCAN
Comment this article