Catastrophe modeling firm AIR Worldwide has released a new cyber risk modeling application for the insurance and reinsurance markets.
ARC (Analytics of Risk from Cyber) is designed to evaluate any commercial policy (including those vulnerable to silent cyber), measure and monitor aggregations of cyber risk within a portfolio, and estimate potential insured cyber losses for portfolios. AIR Worldwide is a Verisk Analytics business.
According to Scott Stransky, assistant vice president and principal scientist, AIR Worldwide, ARC uses information compiled by AIR on companies to help insurers identify their sources of aggregation risk and determine which of their insureds would be affected by various aggregation scenarios.
ARC makes use of a proprietary database of industry exposures that users can leverage to enhance their view of the risk. AIR has combined data from multiple commercial and public sources to develop a view of the insurable cyber market in the United States and companies around the world.
AIR’s data on company exposures contains information about a company’s demographic, information technology, and cybersecurity profile as outlined by the Verisk Cyber Exposure Data Standard. For millions of organizations, AIR has data on risk attributes such as company industry and size, data storage and transfer mechanisms, and cloud and domain name service providers, among other information.
To estimate expected losses from cyber incidents, AIR’s ground-up methodology first considers an organization’s risk profile as the basis for determining the magnitude and cause of loss. Users can determine how each cause of loss, such as security breach expense or business interruption, is best represented within the insurer’s policy coverage framework. Any commercial policy can be evaluated by the AIR cyber application, including:
- Stand-alone cyber — policies that affirmatively cover damages resulting from cybersecurity incidents
- Cyber endorsements — supplemental cyber coverage added to existing commercial policies, such as directors and officers and errors and omissions coverage, general liability, or property
- Silent cyber — any policy that doesn’t explicitly include or exclude cyber
As part of the new cyber application, AIR offers cyber scenarios that can be used to estimate the financial impact of a defined event on an individual company or portfolio. Such scenarios include cloud service provider downtime, accidental data breach, and blackout events for regions in the United States and the United Kingdom. Included with these scenarios is the ability to modify severity parameters; risk managers can also implement their own view of the risk, test the sensitivity of portfolios to different event circumstances, and explore the impact of adjusting cyber policy terms.
A cyber risk consulting practice is also available to help clients augment the cyber exposure information in their existing books of business and to produce custom reports on aggregation risk and the probability of breach.
AIR Worldwide provides catastrophe risk modeling on natural catastrophes, terrorism, cyber attacks, and pandemics globally.
Was this article valuable?
Here are more articles you may enjoy.