Why Modeling is the Holy Grail of Cyber Insurance
Are you able to quantify the threat of cyber risks to your business? What about quantifying and managing systemic risk? When I asked those questions to a panel of insurers, underwriters, reinsurers, and data/analytics professionals at Advisen’s 2015 Cyber Risk Insights Conference, I received a lot of answers. But the one thing everyone agreed on was: We need more modeling.
Cyber Modeling Builds Understanding
Modeling capabilities that determine cyber losses are increasingly sought after by insureds, underwriters, and brokers. The cyber insurance market does not have the actuarial data that other product lines do, which is why we are often left in a quandary over how to get the information.
Predicting losses can better arm you against cyber-attacks. For example, Marsh’s Cyber IDEAL (identify damages, evaluate, and assess limits) model estimates the cost of a breach involving 1.7 million payment card industry (PCI) records at almost $30 million. Even if your organization has half that exposure, it’s a significant loss.
Why is modeling in the cyber insurance market so important? Generally speaking, it helps to:
- Price cyber insurance.
- Evaluate claims loss data.
- Understand cyber risk.
- Enable the market to be more resilient in the face of dynamic cyber threats by predicting losses.
- Apply modeling techniques pioneered in the natural disaster space to cyber.
- Match predictive scenarios with the appropriate cyber coverages, which can help you determine if you will be paid for cyber losses.
Modeling, however, can be challenging because how information is valued in the cyber insurance industry is constantly changing. For example, some models take cyber operational risks and scenario solutions into consideration. That’s fine for organizations that might suffer large losses if, say, a website were to go down. But what about those companies that wouldn’t be as affected by such an event?
And then there are different ways to build the models. Some threat models are developed based on value-at-risk analysis, or another measure.
The coding of premiums is another issue; and improved coding could enhance cyber loss modeling. Currently, it is often difficult to predict the losses involved due to uncertainty over the premium allocation.
The good news is that brokers, insurers, and analytics companies are deep in the process of quantifying cyber risk. Models now can even pinpoint a company and an industry’s potential breach exposure, which can provide assurance to senior management and the board.
Though it will take more time as an industry to aggregate additional data, the benefits of cyber risk modeling are clear.