AIR Worldwide releases cyber risk modelling tool for re/insurers

Cat modelling firm AIR Worldwide has released a cyber risk modelling application for the insurance and reinsurance markets. ARC (Analytics of Risk from Cyber) has been designed to evaluate any commercial policy (including those vulnerable to silent cyber), measure and monitor aggregations of cyber risk within a portfolio, and estimate potential insured cyber losses for portfolios.

Assistant vice-president and principal scientist, AIR Worldwide, Scott Stransky, says insurers typically have very little information about the cyber risk characteristics of the companies they insure and instead rely on a “crude market-share approach”.

“ARC takes advantage of the detailed information that AIR has compiled on companies to help insurers identify their sources of aggregation risk and to determine with greater certainty which of their insureds would be affected by various aggregation scenarios,” he explains.

To estimate expected losses from cyber incidents, AIR employs a ground-up methodology that first considers an organisation’s risk profile as the basis for determining the magnitude and cause of loss. Users have the flexibility to determine how each cause of loss, such as security breach expense or business interruption, is best represented within the insurer’s unique policy coverage framework. Any commercial policy can be evaluated by the AIR cyber application, including stand-alone cyber, cyber endorsements, and silent cyber, or any policy that doesn’t explicitly include or exclude cyber.

As part of the new cyber application, AIR offers a variety of cyber scenarios that can be used to estimate the financial impact of a defined event on an individual company or portfolio. Such scenarios include cloud service provider downtime, accidental data breach, and blackout events for regions in the US and the UK.

Included with these scenarios is the ability to modify severity parameters, risk managers can implement their own view of the risk, test the sensitivity of portfolios to different event circumstances, and explore the impact of adjusting cyber policy terms.

A cyber risk consulting practice is also available to help clients augment the cyber exposure information in their existing books of business and to produce custom reports on aggregation risk and the probability of breach.


Read CIR's latest feature on underwriting cyber.

Related Articles