Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CONFIDENTIAL ©2015 AIR WORLDWIDE New Approaches for Managing Cyber Risk.

Published byCharleen Marsha Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "1 CONFIDENTIAL ©2015 AIR WORLDWIDE New Approaches for Managing Cyber Risk."— Presentation transcript:

1 1 CONFIDENTIAL ©2015 AIR WORLDWIDE New Approaches for Managing Cyber Risk

2 2 CONFIDENTIAL ©2015 AIR WORLDWIDE Agenda Overview of the cyber market AIR modeling framework Data partners Cyber data standards Roadmap AIR Model for Cyber Risk

3 3 CONFIDENTIAL ©2015 AIR WORLDWIDE The Worldwide Cyber Insurance Market Is Growing Rapidly -“Cyber is a new risk and it is a concern, Lloyd’s is at the heart of cyber attacks, providing coverage right now. It’s going to grow dramatically ” Inga Beale, CEO, Lloyd’s of London, Oct. 2014 Sources: Betterley Report / Advisen -“Cyber Insurance: Maybe next year turns into I need it now” Betterley Report, June 2014 -“Former U.S. Homeland Security Secretary Tom Ridge has teamed with reinsurance brokerage Guy Carpenter & Co. L.L.C. to offer a cyber security and insurance product” Business Insurance, Oct. 2014

4 4 CONFIDENTIAL ©2015 AIR WORLDWIDE -Direct losses when intellectual property is stolen, data destroyed, or operations interrupted -Indirect losses when data proprietary to its clients is compromised -Reputational losses -Physical damage What Exposes Organizations to Cyber Risk? A Breach Is One Critical Type of Hazard In the office At offsite data storage sites In the “cloud”

5 5 CONFIDENTIAL ©2015 AIR WORLDWIDE -What is typically covered? Legal fees Forensics Notification and call center Credit monitoring Public relations fees -Limits Low, in the low millions -Exclusions -Evaluation strategy Driven by industry, company size, etc. Companies offer network analyses Facts About Cyber Coverage

6 6 CONFIDENTIAL ©2015 AIR WORLDWIDE AIR’s Stochastic Modeling Framework Can Be Applied to Cyber Policy Conditions Exposure Information Damage Estimation Loss Calculation Policy Conditions Limit Deductible VULNERABILITY FINANCIAL Intensity Calculation Event Generation HAZARD

7 7 CONFIDENTIAL ©2015 AIR WORLDWIDE -Has developed a database of over 16,000 historical worldwide cyber incidents -Based in Richmond, Virginia -Publically disclosed clients include AIG and Willis Risk Based Security (RBS) Selected as Incident Data Provider

8 8 CONFIDENTIAL ©2015 AIR WORLDWIDE Risk Based Security Data Examples

9 9 CONFIDENTIAL ©2015 AIR WORLDWIDE -Analyzes public traffic on the Internet to unobtrusively give scores to companies -Based in Cambridge, Massachusetts -Founded by several MIT graduates -Publically disclosed clients include AIG and Liberty BitSight Collaboration will Give the AIR Model Several Key Benefits

10 10 CONFIDENTIAL ©2015 AIR WORLDWIDE AIR’s Collaboration with BitSight Will Provide Many Benefits to Clients

11 11 CONFIDENTIAL ©2015 AIR WORLDWIDE

12 12 CONFIDENTIAL ©2015 AIR WORLDWIDE The Verisk Enterprise Offers AIR Unique Resources, Information, and Data ISO Cyber Program Argus Cyber Forum Information Sharing and Analysis Centers Maplecroft

13 13 CONFIDENTIAL ©2015 AIR WORLDWIDE AIR Categorizes Risks by Exposure Type

14 14 CONFIDENTIAL ©2015 AIR WORLDWIDE Cyber Insurance Record Company Information Insurance Coverages Data Assets / Storage Transfer

15 15 CONFIDENTIAL ©2015 AIR WORLDWIDE Minimum Data Required to Run Model: Industry, Revenue, and Insurance Information Revenue Insurance Industry

16 16 CONFIDENTIAL ©2015 AIR WORLDWIDE Company Information—Detailed Industry Recovery Plans Demographics Revenue Security

17 17 CONFIDENTIAL ©2015 AIR WORLDWIDE Multiple Insurance Coverages Will be Supported Security Breach Expense Security Breach Liability Business Interruption Fines Replacement of Electronic Data Website Publishing Liability Programming Errors and Omissions Extortion Public Relations Physical Insurance Coverages

18 18 CONFIDENTIAL ©2015 AIR WORLDWIDE Data Are the Basis of Potential Cyber Losses Type Country of Origin Number and Value Asset / Storage Record Transfer Record

19 19 CONFIDENTIAL ©2015 AIR WORLDWIDE Storage Can Lead to Aggregation Risks TypeSecurity OS Type Cloud

20 20 CONFIDENTIAL ©2015 AIR WORLDWIDE Transferring Data Introduces Additional Vulnerabilities TypeSecurity Service / Vendor Type Cloud

21 21 CONFIDENTIAL ©2015 AIR WORLDWIDE DataTypeRecord ValueCountry of OriginOwnership Credit Card??? PII?US? Annual RevenueTotal% from Internet% Domestic% Foreign 1,300,000,000??? DataTypeRecord ValueCountry of OriginOwnership Credit Card$225US3 rd Party PII$99US1 st Party Company RevenueTotal% from Internet% Domestic% Foreign 1,300,000,00017%72%28% -Most refined results are obtained when every field of an exposure record is correctly filled in -But what if we have only some of the information that completely describes an exposure? -AIR’s Cyber Model will populate “unknown” fields with values derived from our planned Cyber Industry Exposure Database Developing a Cyber IED Will Allow the Model to Account for “Unknowns”

22 22 CONFIDENTIAL ©2015 AIR WORLDWIDE Distribution of Limits by Coverage Mock-up of Cyber Exposure Aggregation and Accumulation in Touchstone Distribution of Records by Industry Distribution of Employees by Age Band Distribution of Revenue by Geography

23 23 CONFIDENTIAL ©2015 AIR WORLDWIDE Studies Provide Data for Our Prototype Model NetDiligence Symantec

24 24 CONFIDENTIAL ©2015 AIR WORLDWIDE The “Hurricane Andrew” of Cyber Is Coming

25 25 CONFIDENTIAL ©2015 AIR WORLDWIDE Aggregation Is More than the Cloud

26 26 CONFIDENTIAL ©2015 AIR WORLDWIDE AIR’s Prototype Cyber Framework and Its Roadmap Catalog Frequency of attack data from sample VERIS breach database Stochastically generated breach events Signed with RBS to get a comprehensive dataset Creating a 100K catalog using all available data Exposure Over 400 companies in our sample exposure database Getting Internet footprint data from BitSight Open data standards schema released and implemented in Touchstone Building a cyber industry exposure database Vulnerability 10 key basic risk factors, including company industry and encryption Signed with BitSight Relative vulnerabilities between industry, company size, etc. BitSight score as real-time secondary features in model Loss Loss per record information from Symantec, accounting for risk features Framework calibrated to the reported loss from the 2013 Target breach Partnering with insurance companies to receive cyber loss data Modelling of loss aggregation scenarios Model Results and reports available through consulting studies Deterministic and probabilistic results Will be in Touchstone in the future

Download ppt "1 CONFIDENTIAL ©2015 AIR WORLDWIDE New Approaches for Managing Cyber Risk."

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Cyber Insurance cs5493(7493). AKA E-commerce insurance E-business insurance Information system insurance Network intrusion insurance.

Cyber Insurance cs5493(7493). AKA E-commerce insurance E-business insurance Information system insurance Network intrusion insurance.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
TERRORISM / POLITICAL VIOLENCE SOLUTIONS FAIR International Insurance Conference on Political Violence 12-13 April 2010 – Karachi Daniel O’Connell

TERRORISM / POLITICAL VIOLENCE SOLUTIONS FAIR International Insurance Conference on "Political Violence" April 2010 – Karachi Daniel O’Connell
Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.

Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime

Overview of Cybercrime
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
BCN 4708 Fall 2008 Chapter 8 Insurance. Insurance What is Risk? Specific types of Risk Inflation Inflation Market Market Principal Principal Liquidity.

BCN 4708 Fall 2008 Chapter 8 Insurance. Insurance What is Risk? Specific types of Risk Inflation Inflation Market Market Principal Principal Liquidity.
CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © 2014 CUNA Mutual Group, All Rights Reserved. Understanding Cyber Insurance.

CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © 2014 CUNA Mutual Group, All Rights Reserved. Understanding Cyber Insurance.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
AUGUST 25, 2015 Cyber Insurance:

AUGUST 25, 2015 Cyber Insurance:
HIPLA/UH 20 th Annual Fall Institute 2004 Managing Intellectual Property Exposure Tough Market, Creative Solutions Joby Hughes Joby A. Hughes, P.C. Friday,

HIPLA/UH 20 th Annual Fall Institute 2004 Managing Intellectual Property Exposure Tough Market, Creative Solutions Joby Hughes Joby A. Hughes, P.C. Friday,

Similar presentations

Ads by Google