Tag Archives: cyber

The Intangibles Protection Gap

This is the third blog in a series of four blogs examining three potential “protection gaps” and the importance of “protection gap analytics”. To read the first blog post in this series, click here.

In 1975, 83 percent of the value of the S&P 500 companies was invested in physical assets: factories, refineries, ships and offices. By 2015 that percentage had fallen to 16 percent, leaving 84 percent of the assets as intangible. Intangibles included intellectual property, data on clients, brand value and innovation potential. This massive shift has had huge significance for insurance.

The insurance product was designed to cover tangible risks: first ships and their cargoes, then houses, factories, cars and airplanes. Each item could be independently valued. A claims assessor could be sent out to inspect the damage and measure the costs of repair and replacement.

Now, much of business value is intangible. The “Intangibles Protection Gap” includes all those situations where insurance fails to cover losses suffered by non-physical business assets. How does one assess the value of intangibles — how does one measure loss? Some intellectual property (IP) has been stolen — how much is it worth? You are a cloud service provider hit by a deadly cyberattack which has released some confidential data. What is the value of your lost business, the damage to your reputation and of the penalties levied by the regulator and your customers.

Continue reading

Looking Beyond the Catch-all “Cyber” Category

The mass production of the internal combustion engine facilitated many new kinds of insurable damage and loss. It also provided opportunities to extend and expand older forms of crime. Before cars, robbers were reduced to committing burglary within their own town or village, potentially aided by a speedy horse. Cars took these crimes to a new level. Cars facilitated “smash-and-grab” raids on banks, and kidnap and ransom, grabbing the unfortunate victim on the street and hustling them into the back of the car. Cars facilitated rapid getaway after any kind of attack, whatever the motivation — sabotage, vandalism, revenge. And that is before all the causes of loss associated with cars themselves, such as hit-and-run, manslaughter, dangerous driving, or speeding.

The term “car crime” relates specifically to the robbery of the car or its contents, or otherwise damaging the car — we would not consider lumping together all these different ways in which the car has facilitated losses and crimes under a single heading.

So why does it make sense to lump together all those varieties of crime and loss facilitated by another quantum leap in communications, through computing and the Internet? Because that is what we currently do when it comes to the use of the catch-all term “cyber”.

Continue reading

Equifax Data Heist: Patching Up a Familiar Problem

The recent Equifax incident was by all measures a significant cyberattack. As the press statement released by Equifax on September 8 highlighted, the data theft potentially impacted approximately 143 million U.S. consumers. To put this into perspective this represents nearly 70 percent of the U.S. working population.

However, we should not be surprised. RMS tracks data theft among other types of cyber events on an ongoing basis, and we have seen numerous events of this magnitude or larger over the last few years. This Equifax breach would have ranked just #7 on the list of the largest data breaches in the 2017 RMS Cyber Risk Landscape report.

Continue reading

Crossing the Divide – How Cyberattacks Affect the Physical World

We tend to think that critical systems responsible for managing oil rigs, power stations, steel production plants, are somewhat immune to what happens in the “wild west” of cyberspace. News of cyberattacks tend to focus on data theft, financial heists, or bringing down websites; they are contained within IT systems. If cyberattacks are contained in the cyber world, then the logic goes that only cyber insurers should be concerned by the risk.

There is also a sense of security in the belief that critical control systems for “real world” assets and processes would either be too mechanical, too old, not connected to the same network as the wider Internet, or would run on their own networks. The reality is that industrial control systems (ICS) that manage energy, water, transport, communications, and manufacturing plants, are increasingly managed and controlled remotely or need to be networked. Wherever the systems need to use a network, the systems are exposed to vulnerabilities on that network. For non-cyber insurers, this risk needs to be assessed and managed.

Continue reading

Implications of the WannaCry Cyber-Attack for Insurance

The event is arguably the most significant cyber-catastrophe to date and clearly demonstrates the systemic nature of cyber risk. A single vulnerability was utilized to spread malware to over 300,000 machines in over 150 countries causing havoc to industries as diverse as hospitals and car manufacturers.

Continue reading

EXPOSURE Magazine Snapshots: A New Way of Learning

This is a taster of an article published by RMS in the second edition of EXPOSURE magazine.  Click here and download your full copy now.

7 Apr 2017 - Machine Learning blog - Exposure banner image 720 x 168

 

In EXPOSURE magazine, we delved into the algorithmic depths of machine learning to better understand the data potential that it offers the insurance industry.  In the article, Peter Hahn, head of predictive analytics at Zurich North America illustrated how pattern recognition sits at the core of current machine learning. How do machines learn?  Peter compares it to how a child is taught to differentiate between similar animals; a machine would “learn” by viewing numerous different pictures of the animals, which are clearly tagged, again and again.

Hahn comments “Over time, the machine intuitively forms a pattern recognition that allows them to tell a tiger from, say, a leopard. You can’t predefine a set of rules to categorize every animal, but through pattern recognition you learn what the differences are.”

Hahn adds that pattern recognition is already a part of how underwriters assess a risk. “A decision-making process will obviously involve traditional, codified analytical processes, but it will also include sophisticated pattern recognition based on their experiences of similar companies operating in similar fields with similar constraints. They essentially know what this type of risk ‘looks like’ intuitively.”

The Potential of Machine Learning

EXPOSURE magazine asked Christos Mitas, vice president of model development at RMS, on how he sees machine learning being used.  Mitas opened the discussion saying “We are now operating in a world where that data is expanding exponentially, and machine learning is one tool that will help us to harness that.”

Here are three areas where Mitas believes machine learning will make an impact:

Cyber Risk Modeling: Mitas adds “Where machine learning can play an important role here is in helping us tackle the complexity of this risk. Being able to collect and digest more effectively the immense volumes of data which have been harvested from numerous online sources and datasets will yield a significant advantage.”

Image Processing: “With developments in machine learning, for example, we might be able to introduce new data sources into our processing capabilities and make it a faster and more automated data management process to access images in the aftermath of a disaster. Further, we might be able to apply machine learning algorithms to analyze building damage post event to support speedier loss assessment processes.”

Natural Language Processing: “Advances here could also help tremendously in claims processing and exposure management,” Mitas adds, “where you have to consume reams of reports, images and facts rather than structured data. That is where algorithms can really deliver a different scale of potential solutions.”

For the full article and more insight for the insurance industry, click here and download your full copy of EXPOSURE magazine now.

For more information on RMS(one)®, a big data and analytics platform built from the ground-up for the insurance industry, and solutions such as Risk Modeler and Exposure Manager, please click here.

The Changing Landscape of Cyber Threats

The cyber risk landscape is constantly changing. In the last few weeks alone we’ve seen potentially game-changing events with the release of U.S. National Security Agency hacking tools through the shadow brokers auction, and one of the most significant Denial of Service (DDoS) attacks ever seen when millions of Internet of Things devices were hijacked to target a major piece of Internet infrastructure taking hundreds of websites offline. In this blog I’ll discuss some of the constant ebb and flow of attack verses defense through the lens of the five cyber loss methods currently modeled by RMS.

Data Breaches

The loss of 500 million records in a single cyberattack represents the largest data breach event in history – so far, at least. The recent Yahoo hack, and the potential impact on the proposed Verizon takeover, has sent another stark reminder to industry executives of the dangers surrounding data breaches.

It may have been the biggest single hack ever in terms of records lost, but it’s hardly an isolated one. The leak of the Panama Papers was significant in terms of size – but also led to huge political fall-out globally as politicians were implicated in secret offshore funds, with the resignation of the Icelandic prime minister.

Governments and public agencies themselves have also been targeted in the U.S., Mexico, and the Philippines, for example. One of the most significant breaches affected Turkey, with the release of nearly 50 million records from the country’s General Directorate of Population and Citizenship Affairs, which included addresses, birth dates, and most troublingly, national ID numbers.

These individual large events fit within the observed pattern for 2016 so far, with less frequent cyber data hacks, though ones of higher severity.

Denial of Service Attack

2016 has been another active period for Denial of Service (DDoS) attacks. Going into the year we’d seen signs of a downwards trend. However this was spectacularly reversed in the first quarter which saw 19 attacks greater than 100 gigabits per second. Gaming and software industries continue to be most heavily impacted. Furthermore, we’re seeing a growing number of companies attacked repeatedly – on average, each targeted company was attacked 29 times, but with one company being attacked 283 times!

Frequency aside, the increasing complexity of attacks is most disturbing. 59% in the first quarter of 2016 were “multi-vector” attacks which require unique mitigation controls for each attack vector, as seen in the recent DDoS attack on Dyn, the DNS provider. If this trend continues we can expect existing defenses to be less effective against DDoS, and therefore disruption to be increased.

Cloud Provider Failure

With the leading cloud providers continuing to achieve double and even triple-digit year-on-year growth, the clear trend of companies moving their services to the cloud is continuing apace. Though overall trends have seen a decrease in the annual downtime, 2016 has seen several small but significant failures including an Amazon Web Services outage in Australia, Salesforce in both the U.S. and Europe and a Verizon issue that impacted among others JetBlue Airways. As these cloud services become more popular, the accumulation of risk to both business interruption and data loss is becoming ever more severe as more companies become increasingly reliant on the cloud.

Financial Transaction Theft

Perhaps the most audacious cyber-attack of the past year was when almost US$100 million was stolen from Bangladesh’s central bank and transferred to accounts in Manila and the Philippines. Even more shocking, this money was stolen from the bank account at the U.S. Federal Reserve and was transferred using standard SWIFT financial transaction messages.

The largest cyber heist ever could have been even larger but for a misspelling, and it was this typo that raised the attention of the U.S. Federal Reserve Bank in New York. The perpetrators had attempted to withdraw $950 million over 35 separate transactions. A similar attack, using a vulnerability in the SWIFT messaging system, led to another multi-million dollar theft from a Ukrainian bank.

Perhaps more than any other sector, the interconnected nature of modern financial services leaves the industry open to large scale systemic cyber losses.

Cyber Extortion

Ransomware attacks are continuing to become more frequent and more complex in 2016. One alarming pattern has seen an increased targeting of healthcare institutions where we’ve seen multiple hospitals in California and Kentucky in the U.S. and in Germany, all being attacked. In one particularly un-ethical incident the Hollywood Presbyterian Hospital had to pay out around $17,000 to regain access to their systems.

The more sophisticated software now being used to perpetrate attacks is starting pay dividends for the hacking groups. The “Jigsaw” malware, for example, threatens to delete an increasing number of files after every hour of nonpayment. Encryption type malware has become the norm – and targeted, business-focused malware is growing as evidenced by the “Samsam” scheme which targets unpatched server software.

Incorporating Into the RMS Cyber Model

RMS is continuing to monitor the broad spectrum of cyber-attacks that are impacting thousands of companies every month. During a recent online seminar, the RMS cyber team shared some of these key trends outlined in this blog, and discussed the impacts on cyber insurers. Through the RMS Cyber Accumulation Management System, RMS is continuing to incorporate these insights into our modeling to provide the most comprehensive and accurate view of cyber risk.

Launching a New Journal for Terrorism and Cyber Insurance

Natural hazard science is commonly studied at college, and to some level in the insurance industry’s further education and training courses. But this is not the case with terrorism risk. Even if insurance professionals learn about terrorism in the course of their daily business, as they move into other positions, their successors may begin with hardly any technical familiarity with terrorism risk. It is not surprising therefore that, even fifteen years after 9/11, knowledge and understanding of terrorism insurance risk modeling across the industry is still relatively low.

There is no shortage of literature on terrorism, but much has a qualitative geopolitical and international relations focus, and little is directly relevant to terrorism insurance underwriting or risk management.

As a step towards redressing the imbalance in available terrorism literature, a new online journal, The Journal of Terrorism and Cyber Insurance, has been established; its launch is to coincide with the fifteenth anniversary of 9/11. The journal has been welcomed and supported by global terrorism insurance pools, and its launch will be publicized at the annual terrorism pools congress in Canberra, Australia, on October 7, 2016.

Originally conceived as a journal of terrorism insurance, coverage has been extended to include cyber risk, recognizing the increasing insurance industry concerns over cyber terrorism and the burgeoning insurance market in cyber risk. The aim of the open access journal is to raise the industry’s level of knowledge and understanding of terrorism risk. By increasing information transparency for this subject the editorial board hopes to facilitate the growth of the terrorism insurance market, which serves the risk management requirements of the wider international community. The first issue is a solid step in this direction, and will include articles on the ISIS attacks in Paris in November 2015; terrorism insurance in France and Australia; parametric terrorism insurance triggers; non-conventional threats; the clean-up costs of anthrax, and the terrorist use of drones.

The four founding editors of the journal have extensive knowledge of the field. The managing editor is Rachel Anne Carter, who has terrorism insurance administrative experience with both OECD and U.K. Pool Re. Dr. Raveem Ismail, specialty terrorism underwriter at Ariel Re, brings to the editorial board detailed direct terrorism and political risk underwriting knowledge. Padraig Belton is a writer with extensive political risk expertise, having served as a correspondent in the Middle East and Pakistan. As chief architect of the RMS terrorism model, I will bring terrorism risk modeling expertise to the team and have the responsibility and pleasure to review all article submissions. I look forward to sharing insights from the journal with subscribers to this blog.