Catastrophe risk modeling firm AIR Worldwide announced it has developed a probabilistic model for cyber risk capable of accounting for security breach and cloud service provider downtime incidents for insurance portfolios worldwide. The new model will be included in the latest release of ARC (Analytics of Risk from Cyber), AIR’s cyber risk modeling and analytics platform, due for general release on October 31, 2018. AIR Worldwide is a Verisk (Nasdaq:VRSK) business.
“Many insurers are challenged to understand how often various types of cyber incidents can occur and how they can affect the performance of their book,” said Prashant Pai, vice president of cyber offerings at Verisk. “As a result, decisions on product development, underwriting, portfolio optimization, and capital allocation tend to be made with limited data; and too much weight is often put on intuition or broad assumptions. This is where probabilistic modeling can help the industry better manage cyber risk globally.”
AIR’s probabilistic cyber model estimates the likelihood, severity, and economic and insurance impact of security breach and cloud service provider downtime incidents; cloud service provider downtime incidents are one of the most likely forms of aggregation risk for cyber. The new AIR cyber model has been calibrated with public, commercial, and insurance claims data that includes information on more than 60,000 worldwide incidents and the cybersecurity profile of over 100,000 organizations globally.
“The detail and quality of the data we have has allowed us to apply innovative stochastic and machine learning techniques to create a model that provides granular output,” said Scott Stransky, assistant vice president and director of emerging risk modeling at AIR. “By training our machine learning model on real claims data, the model can differentiate the risk by technographic parameters such as cybersecurity practices, cloud service provider, and the cause of cloud downtime incidents, in addition to firmographic characteristics such as company size and sector. AIR’s philosophy is to be transparent and flexible about the various modeling assumptions we’ve made, and model users can dig into them and truly own the risk. Additionally, we’ve collaborated with development partners to allow outputs to be displayed to our users at the organization level.”
Ian Newman, partner and global head of cyber at Capsicum Re, said, “We’re excited to be both one of the first users of AIR’s new probabilistic cyber model and a part of the model’s development. Making use of AIR’s cutting-edge model will help our current and prospective clients better understand their cyber exposures. It will reinforce our ability to develop and deliver innovative cyber insurance solutions, such as cyber industry loss warranties (ILWs), and work with insurance-linked securities (ILS). We also believe analytics are key to the market of the future, which will consist of three core classes: property, casualty, and cyber (PC&C).”
Pai concluded, “The AIR cyber model is the output of several years of work by experts across all of Verisk in the fields of cybersecurity, data science, underwriting, and catastrophe modeling. Our mission is to help the cyber insurance industry grow profitably, and this model will help us take a big leap forward.”