The lessons and intelligence from natural catastrophe models built over the past 20 years may provide a template for cyber modellers, but should not be expected to produce a complete picture, For that, cyber modellers must develop their own solutions.

This is the advice of cyber analytics provider, CyberCube, which reflects on the lack of historical data and the rapidly evolving nature of cyber risks.

While there are similarities between the two types of models, CyberCube highlights three key differences. In addition to a lack of historical data and the rapid frequency with which cyber events are changing, cyber attacks involve ‘active adversaries’ in the form of criminals or ter-rorists. These important differences mean that cyber modelers do not have the time or ability to ‘observe, learn and adapt from past data and models’.

CyberCube’s head of client services, Oliver Brew, said: “There’s a well-known phrase in statistical circles that while all models are wrong, some are useful. Models like CyberCube’s do not have a predictive line of sight to outcomes but they do aid decision-making, capital planning and a wide range of other factors.

“For a long time, our sector thought that by studying the way in which nat cat models developed, we could find answers to build better cyber models. What this report shows is that those parallels will only take us so far.

“The challenge for businesses like CyberCube is to use the tools at our disposal to learn from the past and make informed decisions about the future. The good news is that cyber models are improving rapidly with more useful data sources and faster cloud-hosted processing power.”

Share Story: