Second Generation RMS Cyber Model Shows Over $5 Billion Insurable Loss Each Year To U.S. Businesses Through Data Exfiltration

Advanced modeling capabilities of RMS Cyber Accumulation Management System version 2.0 used to calculate expected loss baselines, as new RMS research details the growing risk to insurers from hackers

NEWARK, Calif.--()--RMS, a global risk modeling and analytics firm, today announced the release of its updated and expanded RMS Cyber Accumulation Management System, which includes a suite of cyber models and supporting software. The update comes in response to the rapidly changing cyber risk landscape, analysis of which is detailed in a new RMS report, Cyber Risk Landscape 2017, published today.

The update incorporates new functionality, including the RMS Expected Loss Baseline model. RMS analysts have used this new model to calculate that if all U.S. businesses had cyber insurance, over $5 billion a year would be lost to the insurance industry from cyber data exfiltration alone. Data breaches are the leading cause of cyber insurance loss.

In only fifteen months since we launched the RMS Cyber Accumulation Management System, we’ve seen the cyber risk landscape change dramatically and version 2.0 of the system reflects those changes,” said RMS senior vice president, Dr. Andrew Coburn. “For example, we’ve seen the largest ever data breaches, denial of service attacks, and attempted financial thefts. Data breaches can cost companies hundreds of millions of dollars, and our modeling shows the overall insurable loss across U.S. businesses from data exfiltration is running at over $5 billion a year. The past year has also demonstrated the potential for future systemic cyber catastrophes, for which overall losses would far exceed $5 billion, and version 2.0 has the capacity to model this risk.”

Version 2.0 of the RMS Cyber Accumulation Management System gives clients unprecedented analytics, enabling firms to be even more accurate with their calculations of attritional annual losses across cyber portfolios, as well as probable maximum loss (PML). To keep pace with rapidly-changing cyber risk, the updated system includes major updates to its affirmative cyber scenarios, which have been created from the largest available database of historical cyber incidents and claims data. The scenarios cover,

  • shifting patterns of data exfiltration – updated scenarios reflect changing criminal targeting, larger magnitude data breaches, and improvements in security standards against accidental data loss;
  • more intense denial of service attacks – version 2.0 responds to the increasing firepower available to attackers who could harness the Internet of Things;
  • financial theft – updated to include larger attack campaigns and reflect improvements in security networks being used within the financial services sector;
  • cloud service provider failure – incorporates the substantial growth in cloud usage by companies, the increasing market dominance of the big four cloud service providers, and lessons learned from recent cloud outages;
  • cyber extortion – updated to include recent examples of extortion demands on larger companies, with ransom payment sizes recalibrated to recent experience, and the consequences of business interruption.

As announced last month, the system now includes cyber-physical scenarios providing insight on cyber-attacks that cause losses to traditional lines of property insurance, such as fire and explosion triggered by hackers. These non-cyber lines range from commercial and residential property to industrial facilities, upstream energy, and marine. The updated cyber-physical scenarios also enable assessment of the ‘silent’ exposures in policies that have ambiguous terms on cyber-attack losses.

As the first cyber risk management solution of its kind, the RMS Cyber Accumulation Management System has benefited from over a year of use by leading cyber insurance writers, helping them to analyze a third of the market by premium.” commented Coburn. “That’s a lot of client feedback and refinement which has informed the innovations of our latest update. And with our continued substantial investments into cyber model development, there is already more capability in our pipeline.”

The RMS Cyber Accumulation Management System continues to be developed in collaboration with the Center for Risk Studies at the University of Cambridge. It also includes the RMS Cyber Exposure Data Schema, which is open source and the industry standard for providing a systematic and uniform way to capture cyber exposure data and manage accumulation risk.

ENDS

Notes for Editors

The loss rate of over $5 billion for U.S. businesses is derived from the RMS cyber model of data exfiltration incidents in private sector enterprises. The estimate is based on a comprehensive database of cyber events and insurance claims, and trended cost estimates for 2017.

About RMS

RMS solutions help financial institutions and public agencies evaluate and manage catastrophe risks throughout the world, promoting resilient societies and a sustainable global economy.

Visit RMS.com to learn more.

Contacts

Risk Management Solutions Ltd
Nick Ravenscroft (U.K.)
+44-7780-225-625
PRTeam@rms.com
or
Devonne Cusi (U.S.)
+1-551-226-1604
PRTeam@rms.com

Release Summary

Second Generation RMS Cyber Model Shows Over $5 Billion Insurable Loss Each Year To U.S. Businesses Through Data Exfiltration, as new RMS research details the growing risk to insurers from hackers

Contacts

Risk Management Solutions Ltd
Nick Ravenscroft (U.K.)
+44-7780-225-625
PRTeam@rms.com
or
Devonne Cusi (U.S.)
+1-551-226-1604
PRTeam@rms.com