AIR Worldwide has released the industry’s first open source deterministic cyber risk scenario, with plans to release a series of deterministic cyber scenarios over the next 12 months. The catastrophe modelling firm has also expanded its cyber risk consulting practice to help clients augment the cyber exposure information in their existing books of business and to produce custom reports on aggregation risk and the probability of breach.

The scenarios, used in conjunction with AIR’s data schema, will serve as practical examples to help perform deterministic scenario modelling of an insurer’s or reinsurer’s book of business. The first scenario will consist of a major cloud service provider experiencing downtime for several days, resulting in significant business interruption losses for its customers. Such a scenario has the potential to reveal significant aggregation risk within an insurer’s book.

AIR has said its consulting clients will gain early access to future scenarios.
Scott Stransky, assistant vice-president and principal scientist, AIR Worldwide, said these open source deterministic cyber scenarios will supplement the number and variety of cyber scenarios that companies are currently managing, allowing the insurance industry to begin to truly understand their aggregated risk from large-scale cyber attacks that could lead to catastrophic accumulated losses.

AIR’s cyber scenarios will include detailed descriptions of potential cyber events and be accompanied by SQL scripts that capture the event’s severity and loss potential and can be run against a book of business. These scripts are based on the open source Verisk Cyber Exposure Data Standard, enabling companies to view all the assumptions made within the scenario and modify them according to their view of risk. Using the scenarios, deterministic loss estimates can be studied for aggregations on cloud providers, payment processors, accidental breaches, encryption quality, and so on.

The Verisk Cyber Exposure Data Standard, released earlier this year, is designed to help create a uniform method for data transfer across the insurance value chain. AIR also developed a preparer’s guide to assist companies in collecting and storing the necessary cyber exposure data in an open format suitable for modelling, along with an SQL implementation, to allow organisations to begin to use the standard in their enterprises while helping them understand their exposure and aggregation risk, evaluate risk, and make underwriting decisions.

“As transferring cyber books of business across the insurance value chain becomes more widespread, the practical implementation of the Verisk Cyber Exposure Data Standard will help make the process more uniform," Stransky explained. "In addition, the schema we released will be used in the upcoming AIR probabilistic cyber model so that organisations can prepare for modelling cyber risk in the future.”

Share Story: