Download Presentation 1
Download
Report
Transcript Download Presentation 1
New Approaches for
Managing Cyber Risk
CONFIDENTIAL
©2015 AIR WORLDWIDE
1
Agenda
AIR Model for Cyber Risk
•
•
•
•
•
Overview of the cyber market
AIR modeling framework
Data partners
Cyber data standards
Roadmap
CONFIDENTIAL
©2015 AIR WORLDWIDE
2
The Worldwide Cyber Insurance Market Is Growing Rapidly
US Cyber Premiums
-
“Cyber is a new risk and it is a concern, Lloyd’s
is at the heart of cyber attacks, providing
coverage right now. It’s going to grow
dramatically ”
• Inga Beale, CEO, Lloyd’s of London,
Oct. 2014
-
“Cyber Insurance: Maybe next year turns into
I need it now”
• Betterley Report, June 2014
-
“Former U.S. Homeland Security Secretary Tom
Ridge has teamed with reinsurance brokerage
Guy Carpenter & Co. L.L.C. to offer a cyber
security and insurance product”
• Business Insurance, Oct. 2014
6
5.0
5
USD Billions
4
3
2.4
2.0
2
1
0.6
0.8
1.0
1.3
0
2010
2011
2012
2013
2014
Sources: Betterley Report / Advisen
2015E
2020E
CONFIDENTIAL
©2015 AIR WORLDWIDE
3
What Exposes Organizations to Cyber Risk?
A Breach Is One Critical Type of Hazard
In the office
At offsite data storage sites
In the “cloud”
-
Direct losses when intellectual property is stolen, data destroyed, or
operations interrupted
-
Indirect losses when data proprietary to its clients is compromised
-
Reputational losses
-
Physical damage
CONFIDENTIAL
©2015 AIR WORLDWIDE
4
Facts About Cyber Coverage
What is typically covered?
> $5B
$1B to $5B
$300M to $1B
• Driven by industry, company
size, etc.
• Companies offer network
analyses
$100M to $300M
Exclusions
Evaluation strategy
$25M to $100M
-
$10M to $25M
• Low, in the low millions
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
$5M to $10M
Limits
Cyber insurance take-up rates
$2.5M to $5M
-
Legal fees
Forensics
Notification and call center
Credit monitoring
Public relations fees
< $2.5M
•
•
•
•
•
Take up rate
-
Company revenue (USD)
CONFIDENTIAL
©2015 AIR WORLDWIDE
5
AIR’s Stochastic Modeling Framework
Can Be Applied to Cyber
HAZARD
VULNERABILITY
Event Generation
Intensity Calculation
FINANCIAL
Damage
Estimation
Limit
Loss Calculation
Exposure Information
Deductible
Policy
Policy
Conditions
Conditions
CONFIDENTIAL
©2015 AIR WORLDWIDE
6
Risk Based Security (RBS) Selected as Incident
Data Provider
- Has developed a database of over 16,000 historical
worldwide cyber incidents
- Based in Richmond, Virginia
- Publically disclosed clients include AIG and Willis
CONFIDENTIAL
©2015 AIR WORLDWIDE
7
Risk Based Security Data Examples
Count of RBS Events that Impacted Different Data Types
0.2500
0.2000
Probability
10000
9000
8000
7000
6000
5000
4000
3000
2000
1000
0
Probability of attack size by source
Inside
0.1500
InsideAccidental
0.1000
0.0500
InsideMalicious
0.0000
Outside
1
CONFIDENTIAL
2 3 4 5 6 7 8 9
Log (Number of Records)
©2015 AIR WORLDWIDE
8
BitSight Collaboration will Give the AIR Model Several
Key Benefits
- Analyzes public traffic on the Internet to unobtrusively give
scores to companies
- Based in Cambridge, Massachusetts
- Founded by several MIT graduates
- Publically disclosed clients include AIG and Liberty
CONFIDENTIAL
©2015 AIR WORLDWIDE
9
AIR’s Collaboration with BitSight Will Provide Many
Benefits to Clients
CONFIDENTIAL
©2015 AIR WORLDWIDE
10
CONFIDENTIAL
©2015 AIR WORLDWIDE
11
The Verisk Enterprise Offers AIR Unique
Resources, Information, and Data
ISO Cyber
Program
Information
Sharing and
Analysis
Centers
Argus
Cyber Forum
Maplecroft
CONFIDENTIAL
©2015 AIR WORLDWIDE
12
AIR Categorizes Risks by Exposure Type
CONFIDENTIAL
©2015 AIR WORLDWIDE
13
Company
Information
Insurance
Coverages
Transfer
Cyber
Insurance
Record
Assets /
Storage
Data
CONFIDENTIAL
©2015 AIR WORLDWIDE
14
Minimum Data Required to Run Model:
Industry, Revenue, and Insurance Information
Industry
Revenue
CONFIDENTIAL
Insurance
©2015 AIR WORLDWIDE
15
Company Information—Detailed
Industry
Recovery
Plans
Demographics
Revenue
CONFIDENTIAL
Security
©2015 AIR WORLDWIDE
16
Multiple Insurance Coverages Will be Supported
Insurance Coverages
• Security Breach Expense
• Security Breach Liability
• Business Interruption
•
•
•
•
•
•
•
Fines
Replacement of Electronic Data
Website Publishing Liability
Programming Errors and Omissions
Extortion
Public Relations
Physical
CONFIDENTIAL
©2015 AIR WORLDWIDE
17
Data Are the Basis of Potential Cyber Losses
Type
Country of
Origin
Number and
Value
Asset /
Storage
Record
Transfer
Record
CONFIDENTIAL
©2015 AIR WORLDWIDE
18
Storage Can Lead to Aggregation Risks
Type
Security
OS Type
CONFIDENTIAL
Cloud
©2015 AIR WORLDWIDE
19
Transferring Data Introduces Additional
Vulnerabilities
Type
Security
Service /
Vendor Type
CONFIDENTIAL
Cloud
©2015 AIR WORLDWIDE
20
Developing a Cyber IED Will Allow the Model to
Account for “Unknowns”
- Most refined results are obtained when every field of an
exposure record is correctly filled in
- But what if we have only some of the information that
completely describes an exposure?
- AIR’s Cyber Model will populate “unknown” fields with values
derived from our planned Cyber Industry Exposure Database
Data
Type
Credit Card
PII
Record Value
?
$225
?
$99
Country of Origin
?
US
US
Ownership
? rd Party
3
? st Party
1
Annual Revenue
Company
Revenue
Total
1,300,000,000
% from Internet
?
17%
% Domestic
?
72%
% Foreign
?
28%
CONFIDENTIAL
©2015 AIR WORLDWIDE
21
Mock-up of Cyber Exposure Aggregation and Accumulation in
Touchstone
Distribution of Limits by Coverage
Distribution of Records by Industry
Distribution of Revenue by Geography
Distribution of Employees by Age Band
CONFIDENTIAL
©2015 AIR WORLDWIDE
22
Studies Provide Data for Our Prototype Model
Insured loss by industry
$100,000,000
$10,000,000
$1,000,000
$100,000
$10,000
$1,000
Median
Mean
NetDiligence
Mean Loss Per
Record
$250.00
Loss per record by country
$200.00
Symantec
$150.00
$100.00
$50.00
$United
States
UK
Germany
France
Australia
Italy
CONFIDENTIAL
India
Japan
All Others
©2015 AIR WORLDWIDE
23
The “Hurricane Andrew” of Cyber Is Coming
CONFIDENTIAL
©2015 AIR WORLDWIDE
24
Aggregation Is More than the Cloud
CONFIDENTIAL
©2015 AIR WORLDWIDE
25
AIR’s Prototype Cyber Framework and Its Roadmap
Catalog
Frequency of
attack data from
sample VERIS
breach database
Stochastically
generated breach
events
Signed with RBS
to get a
comprehensive
dataset
Creating a 100K
catalog using all
available data
Exposure
Over 400
companies in our
sample exposure
database
Getting Internet
footprint data from
BitSight
Open data
standards schema
released and
implemented in
Touchstone
Building a cyber
industry exposure
database
Vulnerability
10 key basic risk
factors, including
company industry
and encryption
Signed with
BitSight
Relative
vulnerabilities
between industry,
company size, etc.
BitSight score as
real-time
secondary
features in model
Loss
Loss per record
information from
Symantec,
accounting for risk
features
Framework
calibrated to the
reported loss from
the 2013 Target
breach
Partnering with
insurance
companies to
receive cyber loss
data
Modelling of loss
aggregation
scenarios
Model
Results and
reports available
through consulting
studies
Deterministic and
probabilistic
results
Will be in
Touchstone in the
future
CONFIDENTIAL
©2015 AIR WORLDWIDE
26