Upload
charleen-marsha-hill
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
1CONFIDENTIAL ©2015 AIR WORLDWIDE
New Approaches for Managing Cyber Risk
2CONFIDENTIAL ©2015 AIR WORLDWIDE
Agenda
• Overview of the cyber market• AIR modeling framework• Data partners• Cyber data standards• Roadmap
AIR Model for Cyber Risk
3CONFIDENTIAL ©2015 AIR WORLDWIDE
The Worldwide Cyber Insurance Market Is Growing Rapidly
- “Cyber is a new risk and it is a concern, Lloyd’s is at the heart of cyber attacks, providing coverage right now. It’s going to grow dramatically ”
• Inga Beale, CEO, Lloyd’s of London, Oct. 2014
Sources: Betterley Report / Advisen
- “Cyber Insurance: Maybe next year turns into I need it now”
• Betterley Report, June 2014
- “Former U.S. Homeland Security Secretary Tom Ridge has teamed with reinsurance brokerage Guy Carpenter & Co. L.L.C. to offer a cyber security and insurance product”
• Business Insurance, Oct. 2014
2010 2011 2012 2013 2014 2015E 2020E0
1000000000
2000000000
3000000000
4000000000
5000000000
6000000000
600,000,000.0800,000,000.01,000,000,000.01,300,000,000.0
2,000,000,000.02,400,000,000.0
5,000,000,000.0
US Cyber Premiums
4CONFIDENTIAL ©2015 AIR WORLDWIDE
- Direct losses when intellectual property is stolen, data destroyed, or operations interrupted
- Indirect losses when data proprietary to its clients is compromised
- Reputational losses
- Physical damage
What Exposes Organizations to Cyber Risk?A Breach Is One Critical Type of Hazard
In the office At offsite data storage sites In the “cloud”
5CONFIDENTIAL ©2015 AIR WORLDWIDE
- What is typically covered?• Legal fees• Forensics• Notification and call center• Credit monitoring• Public relations fees
- Limits• Low, in the low millions
- Exclusions- Evaluation strategy
• Driven by industry, company size, etc.
• Companies offer network analyses
Facts About Cyber Coverage
< $2
.5M
$2.5
M to
$5M
$5M
to $
10M
$10M
to $
25M
$25M
to $
100M
$100
M to
$30
0M
$300
M to
$1B
$1B
to $
5B
> $5
B
0%
20%
40%
60%
80%
100%
Cyber insurance take-up rates
Company revenue (USD)
Take
up
rate
6CONFIDENTIAL ©2015 AIR WORLDWIDE
AIR’s Stochastic Modeling FrameworkCan Be Applied to Cyber
PolicyConditions
Exposure Information
DamageEstimation
Loss Calculation
PolicyConditions
Limit
Deductible
VULNERABILITY
FINANCIALIntensity CalculationEvent Generation
HAZARD
7CONFIDENTIAL ©2015 AIR WORLDWIDE
- Has developed a database of over 16,000 historical worldwide cyber incidents
- Based in Richmond, Virginia- Publically disclosed clients include AIG and Willis
Risk Based Security (RBS) Selected as Incident Data Provider
8CONFIDENTIAL ©2015 AIR WORLDWIDE
Risk Based Security Data Examples
Name
Password
E-mail a
ddress
Socia
l Secu
rity N
umber
Misc
ellaneous D
ata
User N
ame
Address
Date of Birt
h
Medica
l Reco
rds
Credit C
ard N
umber
Account In
formation
Financia
l Inform
ation
Unknown /
Not Disc
losed
Phone Number
Intellectu
al Pro
perty0
100020003000400050006000700080009000
10000
Count of RBS Events that Impacted Different Data Types
1 2 3 4 5 6 7 8 90.0000
0.0500
0.1000
0.1500
0.2000
0.2500
Probability of attack size by source
Inside
Inside-Ac-cidental
Inside-Ma-licious
Outside
Log (Number of Records)
Prob
abili
ty
9CONFIDENTIAL ©2015 AIR WORLDWIDE
- Analyzes public traffic on the Internet to unobtrusively give scores to companies
- Based in Cambridge, Massachusetts- Founded by several MIT graduates- Publically disclosed clients include AIG and Liberty
BitSight Collaboration will Give the AIR Model Several Key Benefits
10CONFIDENTIAL ©2015 AIR WORLDWIDE
AIR’s Collaboration with BitSight Will Provide Many Benefits to Clients
11CONFIDENTIAL ©2015 AIR WORLDWIDE
AIR Is Collaborating With Several Cyber Insurance Carriers
12CONFIDENTIAL ©2015 AIR WORLDWIDE
The Verisk Enterprise Offers AIR Unique Resources, Information, and Data
ISO Cyber Program Argus Cyber Forum
Information Sharing and
Analysis Centers
Maplecroft
13CONFIDENTIAL ©2015 AIR WORLDWIDE
AIR Categorizes Risks by Exposure Type
14CONFIDENTIAL ©2015 AIR WORLDWIDE
Cyber Insurance Record
Company Information
Insurance Coverages
DataAssets / Storage
Transfer
15CONFIDENTIAL ©2015 AIR WORLDWIDE
Minimum Data Required to Run Model:Industry, Revenue, and Insurance Information
Revenue InsuranceIndustry
16CONFIDENTIAL ©2015 AIR WORLDWIDE
Company Information—Detailed
Industry Recovery Plans Demographics Revenue Security
$£€
17CONFIDENTIAL ©2015 AIR WORLDWIDE
Multiple Insurance Coverages Will be Supported
• Security Breach Expense• Security Breach Liability• Business Interruption
• Fines• Replacement of Electronic Data• Website Publishing Liability• Programming Errors and Omissions• Extortion• Public Relations• Physical
Insurance Coverages
18CONFIDENTIAL ©2015 AIR WORLDWIDE
Data Are the Basis of Potential Cyber Losses
Type Country of Origin
Number and Value
Asset / Storage Record
Transfer Record
19CONFIDENTIAL ©2015 AIR WORLDWIDE
Storage Can Lead to Aggregation Risks
Type Security OS Type Cloud
20CONFIDENTIAL ©2015 AIR WORLDWIDE
Transferring Data Introduces Additional Vulnerabilities
Type Security Service / Vendor Type Cloud
21CONFIDENTIAL ©2015 AIR WORLDWIDE
Data Type Record Value Country of Origin OwnershipCredit Card ? ? ?PII ? US ?
Annual Revenue Total % from Internet % Domestic % Foreign1,300,000,000 ? ? ?
Data Type Record Value Country of Origin OwnershipCredit Card $225 US 3rd PartyPII $99 US 1st Party
Company Revenue Total % from Internet % Domestic % Foreign1,300,000,000 17% 72% 28%
- Most refined results are obtained when every field of an exposure record is correctly filled in
- But what if we have only some of the information that completely describes an exposure?
- AIR’s Cyber Model will populate “unknown” fields with values derived from our planned Cyber Industry Exposure Database
Developing a Cyber IED Will Allow the Model to Account for “Unknowns”
22CONFIDENTIAL ©2015 AIR WORLDWIDE
Distribution of Limits by Coverage
Mock-up of Cyber Exposure Aggregation and Accumulation in Touchstone
Distribution of Records by Industry
Distribution of Employees by Age BandDistribution of Revenue by Geography
23CONFIDENTIAL ©2015 AIR WORLDWIDE
United States
UK Germany France Australia Italy India Japan All Others $-
$50.00 $100.00 $150.00 $200.00 $250.00
Loss per record by country
Mea
n L
oss
Per
Rec
ord
Studies Provide Data for Our Prototype Model
$1,000
$10,000
$100,000
$1,000,000
$10,000,000 Insured loss by industry
Median
Mean
NetDiligence
Symantec
24CONFIDENTIAL ©2015 AIR WORLDWIDE
The “Hurricane Andrew” of Cyber Is Coming
25CONFIDENTIAL ©2015 AIR WORLDWIDE
Aggregation Is More than the Cloud
26CONFIDENTIAL ©2015 AIR WORLDWIDE
AIR’s Prototype Cyber Framework and Its Roadmap
Catalog Frequency of attack data from sample VERIS breach database
Stochastically generated breach events
Signed with RBS to get a comprehensive dataset
Creating a 100K catalog using all available data
Exposure Over 400 companies in our sample exposure database
Getting Internet footprint data from BitSight
Open data standards schema released and implemented in Touchstone
Building a cyber industry exposure database
Vulnerability 10 key basic risk factors, including company industry and encryption Signed with BitSight Relative vulnerabilities between
industry, company size, etc.BitSight score as real-time
secondary features in model
Loss Loss per record information from Symantec, accounting for risk features
Framework calibrated to the reported loss from the 2013 Target breach
Partnering with insurance companies to receive cyber loss data
Modelling of loss aggregation scenarios
Model Results and reports available through consulting studies
Deterministic and probabilistic results Will be in Touchstone in the future