Cyber risk is showing no signs of stopping and the reliance on cloud-based systems makes potential ripple effects vast. It is crucial for the global insurance industry to efficiently measure cyber risk.
Cyber as a risk is vast and can be devastating. CyberCube chief growth officer Chris Methven said, “It’s truly systemic, with the potential to impact all industries and geographies simultaneously.” This is especially the case nowadays with more companies relying heavily on cloud-based systems.
Last year’s SolarWinds breach is a prime example of how widespread a cyber breach can be. The attack, which was allegedly by a group backed by the Russian government, enabled hackers to access the systems of various high-profile organisations, including the US federal government. Microsoft president Brad Smith even called it the world’s largest and most sophisticated attack.
These threats are a constant fear and will never go away. The global information security market is expected to reach $170.4bn in 2022, according to data from Gartner. As cyber risk gets more complex to manage and the reliance on the internet accelerates, it will be crucial for insurance and reinsurance firms to better measure all the cyber risk in their portfolio. Making this even tougher, is that all the organisations an insurer or reinsurer covers will have different hidden points of accumulation that need to be accounted for.
The pandemic has only added to the challenges. With staff forced to work from home, the risk profile has changed for those managing the IT and security of an organisation. There has also been a spike of cyberattacks in the past year, particularly ransomware, as criminals target these new vulnerabilities in security. There was a ransomware victim every ten seconds in 2020, according to a report from Infosecurity Magazine. Methven stated this problem will only continue to rise.
Furthermore, firms are increasingly migrating from their traditional on-premise applications to third-party cloud organisations. These platforms are appealing to use, but they are increasingly large accumulation points of cyber risk. As more and more companies put data on cloud-based systems, the fallout of an incident could be huge.
“A lot of emphasis is placed on efficiency, innovation and cost effectiveness, but I think [third-party cloud systems] are a double edged sword. These big cloud vendors are extremely sophisticated in how they manage security, far more so than most large enterprises, however, the flipside is they do provide a point of aggregation. So, when there is an event it widely impacts across a large range of industries and a large range of geographies, simply due to the nature of the number of clients that they support.”
This is where CyberCube’s Portfolio Manager solution comes to help, as the platform is focused on modelling cyber aggregation events for the (re)Insurance Industry, with additional insights for clients supplied through an attritional loss model. Clients can use the tool to receive insights into accumulations within a specific portfolio and access quantifiable output to help measure risk.
An insurer or reinsurer might use Portfolio Manager for accumulation monitoring in an insurance portfolio to understand where points of aggregated risks are, or they might use it to articulate and set boundaries around risk appetite and risk tolerance. Other use cases include supporting pricing decisions related to reinsurance transactions, setting capital for internal controls and informing future strategy of underwriters to steer their portfolio over time.
CyberCube is releasing Portfolio Manager Version 3.0 to reflect the changing nature of the global threat landscape for cyber, Methven said. For example, incidents of ransomware have significantly increased in the past year as criminals have sought to exploit the changing working practices as a result of the pandemic. Furthermore, there has also been a significant rise in the high profile activity of state sponsored actors in recent months. The threat landscape is extremely dynamic and so models need to constantly refine, enhance, calibrate and improve so they can effectively quantify cyber risk exposure.
So what is new? There are a number of enhancements coming in Portfolio Manager Version 3.0, but one of the key elements is a significant increase to the depth and breadth of data coverage on individual company records. Additionally, CyberCube is introducing an attribution loss model, which will help model smaller and more constant insured loss events that occur in clients’ portfolios.
Where did CyberCube begin?
The ability to effectively transfer and share cyber and digital risk is increasingly essential to fuel the global economy by enabling companies to innovate. The problem has been how to facilitate the risk transfer in a manner that is sustainable for the global insurance and reinsurance industry. The solution to the problem required experts from across insurance, cybersecurity, data science and analytics, along with third-party cyber threat data which would help quantify the risk.
“Without the ability to transfer some of that risk via insurance products, commerce and innovation will be throttled. This will lead to adverse outcomes for the economy and society at large,” Methven said.
CyberCube was built to solve this challenge. The company was incubated inside of cybersecurity giant Symantec and emerged as a stand-alone business in 2018. The company is singularly focused on providing best-in-class cyber risk analytics to the reinsurance and insurance industry to enable risk transfer in a sustainable way. Last year, CyberCube completed a Series B fundraising of $40 million. It has invested $100m in its software, and expects to employ 150 staff by year end in its offices in San Francisco, New York, London and Tallinn, Estonia.
The company’s accomplishments are largely due to its dynamic business model and its partnership with the world’s leading cyber carriers, reinsurers, brokers, and capital providers. CyberCube lists among its clients 17 out of the 30 largest cyber insurers, four out of the five largest reinsurers, and 16 out of the top 50 cyber insurance brokers globally.
Cyber risk quantification is complex and the nature of the threat landscape is continuously evolving. As a result, a vast amount of data is required to effectively model the peril. Methven said the key for CyberCube being able to successfully make sense of the data was down to its team of experts, which is formed of world leaders in cybersecurity, data science, AI, software engineering, actuarial science and commercial insurance. It was the strong team that was one of the driving forces behind Methven’s choice to join CyberCube.
Methven, who joined CyberCube in April 2020, said: “The team areextremely talented individuals from a very diverse range of backgrounds, and they’re pretty inspiring and interesting people to be able to work around every day.”
What is next?
Last year, CyberCube released its Broker Manager service. The platform helps brokers and insured clients have more informed discussions about coverage and limits the organisation should purchase as well as how their buying behaviours compare with similar businesses. CyberCube is on track to reach around 35% of the top 100 retail brokers in North America by the Q3 2021.
Secondly, the company is also planning to launch an update to its Account Manager tool later in the year. Account Manager is a software-as-a-service application that supplies a detailed view of enterprise risk profiles for individual risk underwriting.
This update has two core areas of improvement. The first will improve the individual company coverage to improve the models. The second improvement is designed to help people hook CyberCube’s data and processing capabilities directly into their existing insurance and reinsurance workflows through APIs. “We feel for major carriers today as there are a lot of people competing for the desktop of an underwriter. What we want to do is prove extremely high fidelity and high- quality data signals to allow them to make actionable decisions, and to plug that into their underwriting platforms that they’re using today.”
Copyright © 2021 FinTech Global
Copyright © 2018 RegTech Analyst
