It’s hard to imagine a time when cyber risk wasn’t on the minds of insurers and their clients, but as hack attacks evolve in scope and sophistication, it’s getting harder to turn a blind eye to cyber threats.
“Twelve to 18 months ago, catastrophic attacks leading to substantial insurance losses impacting many companies at the same time were somewhat theoretical,” said Pascal Millaire, chief executive officer of CyberCube. “The insurance industry has really woken up with the recent WannaCry attacks, Petya attacks, Dyn DNS outage that actually, there is tremendous aggregation risk that sits within their cyber insurance portfolios. But the challenge that they faced was, without the right analytic tools in order to model that cyber aggregation risk, it was a very difficult risk for insurers and reinsurers to understand.”
CyberCube Analytics fills that gap by using intelligence from Symantec to develop the industry’s first risk modeling platform that helps insurers and reinsurers figure out the cyber risk exposure of their clients.
“One of the things that I hear very commonly from insurers is they complain about the lack of data available to model cyber risk. In fact, there are terabytes of data being created on cyber risk from the technology industry every day,” said Millaire. “Given our distinctive strategic relationship with Symantec, we’re able to take data from the world’s largest cyber security company and use that data to help insurers solve some of their most difficult problems within the cyber insurance space.”
The tech company has access to hundreds of millions of endpoints that help model ransomware and malware as well as Symantec data from millions of emails every day that can model phishing attacks.
An insurer can use the risk modeling platform in two ways. The first is to underwrite a company’s insurance policy. Companies can look very similar on the surface and so can their exposures, but, with microsegment data, the differences between, for example, a metallic mining company and a non-metallic mining company become visible, which is useful when underwriting single risks.
“The second thing we’re able to help the insurance industry with is modeling catastrophic risk,” said Millaire. “One of the questions that insurers wonder is if today loss ratios are quite attractive in cyber insurance, somewhere between 40% to 55%, what’s going to happen if there’s an outage of data in the US – malware that impacts a popular operating system or the breach of cloud storage providers.
“Up until today, that’s been a very difficult question for insurance carriers to model, but with CyberCube’s catastrophic cyber risk modeling, we’re able to provide a probabilistic view of risk that can help insurers model catastrophic cyber risk.”
That risk is climbing to the top of the list of concerns for global risk experts. In 2013, the Allianz Risk Barometer put it at #15, whereas by 2018, it became the #2 risk on their minds. The influx of IoT devices is sure to make cyber risk an even more critical consideration for the insurance industry.
“Connected technology is being put into all aspects of the modern economy and society, and that means that cyber risk exists in all aspects of our lives as well,” said Millaire.