LONDON--(BUSINESS WIRE)--The global economy has proved relatively resilient to material widespread financial loss from attacks to date although analysis of near-miss events suggests that far larger losses are quite possible, according to research by leading cyber analytics firm CyberCube.
In a new report, CyberCube conducted an analysis of cyber cat events and documented over 100 global cyber aggregation events with catastrophic potential over the past six years - equating to approximately one every three weeks. The vast majority of those events were resolved by the cybersecurity community with minimal financial loss to insurers. However, CyberCube warns that while few security issues have become major (re)insurance losses, the counterfactuals on observed near-miss events suggest that far larger losses are quite plausible.
The advice comes from CyberCube’s ongoing review of cyber threat trends and has been reflected in its software-as-a-service solution Portfolio Manager Version 5 (PMv5). Portfolio Manager is the (re)insurance industry’s cyber risk modeling platform of choice, allowing stress testing of portfolios against a range of systemic cyber-related scenarios including data breaches, cloud outages, and global ransomware attacks among others.
Originally launched in March 2018, Portfolio Manager has become the industry’s leading, fully-probabilistic cyber catastrophe model that enables clients to drill down to identify loss drivers and areas of risk accumulation. In PMv5, CyberCube has applied an “Event Family” structure to all scenario classes and updated a variety of underpinning model parameters, narratives, and data, while maintaining its overall modeling methodology. The new release also enables (re)insurers to better understand the ramifications of cyber-specific policy terms and sublimits through more refined financial modeling controls.
The industry is exploring how policy language can contain (re)insurers’ exposure to cat scenarios and what this could do to reduce capital requirements. CyberCube found that some approaches could yield modest results while others could have more significant benefits. To illustrate this, an analysis of the CyberCube US Industry Exposure Database indicates that the 1-in-100-year US cyber insurance industry loss could be reduced by up to 65% with the implementation of stringent widespread event language.
Jon Laux, CyberCube VP of Analytics and report author, said: “Understanding the nature and potential extent of cyber catastrophe risk is absolutely essential for a sustainable cyber (re)insurance market. For PMv5 we reviewed nearly every aspect of our model to provide a coherent view of risk – driven by a combination of deep expertise and data, and organized so results make sense for both technical users and senior decision makers. We hope this model serves as a basis for the critical business decisions the industry needs to make.”
Cody Stumpo, CyberCube Senior Director of Product Management, said: “The PMv5 release includes broad updates across multiple modules to ensure that it continues to reflect CyberCube’s latest research, and analysis of the current threat landscape. PMv5 also delivers even more data-driven and justified model elements to increase the reliability of analyses at all levels of granularity. This release ensures that Portfolio Manager will give the industry the ability to robustly quantify the financial loss impact of mass aggregation cyber events with the underlying rigor and analytical flexibility that the solution has come to be associated with.”
The research “Cyber Attack Event Analysis - Reflecting trends in CyberCube’s Portfolio Manager Version 5” is available here.
PMv5 is available immediately.
About CyberCube
CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations quantify cyber risk to facilitate placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modeling on thousands of points of technology failure.
The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners. It is backed by Morgan Stanley Tactical Value, Forgepoint Capital, HSCM Bermuda, MTech Capital, individuals from Stone Point Capital and Scott G. Stephenson.