logo image

Insurance Solutions

Formerly Moody’s RMS

What will cyber-risk look like in 2030? Given the rate of change of technology this may seem like an impossible question to answer. But for those making investments that depend on these new technologies and the risk that surround them – either managing or insuring the risk – it’s critical that these investments are being made not only with a 12 month horizon in mind, but with a projection that extends over the next five or even ten years.

To facilitate this important discussion, RMS is delighted to be co-hosting an event at the University of Cambridge Judge Business School on “The Future of Cyber Risk”. To be held on July 24, the event will challenge cyber risk specialists and risk managers to think beyond the next 12 months and to consider how cyber could evolve over a five- to ten-year horizon.

In particular, the event will focus on the potential paradigm shifts that could provide strategic shock, and how business strategies should be developed to cope with this uncertain future.


Changing Cyber Risk Trends

Cyber Event

It’s an obvious statement that technology trends are changing fast. Some of the most pervasive tech innovations are now only just in their teens; Facebook is 15 years old; the Apple iPhone is 12, Uber and Airbnb are 10 – all from a standing start to being almost ubiquitous across the developed world.

And it’s the same story in the business world. In our recent cyber risk outlook report, RMS highlighted that the digital economy is now responsible for almost a third of the GDP of developed economies, up from just three percent a decade ago. Businesses are increasingly seeing the digital revolution as the key to disruptive growth, using machine learning and artificial intelligence techniques to identify trends and patterns and drive agility in the way they connect to their customers.

The successors in this new world will be the companies that are able to embrace these new technologies, taking advantage from the huge benefits they offer – but at the same time managing the increased risks posed by the digital innovations.

This is reflective of the approach insurers need to take. Cyber risk is not going away, and with premiums continuing to grow in double-digits and penetration rates still low, there is clearly a growing role for the insurance industry to play in supporting this digital revolution. However, given both the potential for hidden accumulations of risk, and systemic events to wipe out many years of profitable business, the cyber insurance market needs to approach with caution.

A Multi-Disciplined Challenge

As with any man-made risks the future is uncertain. However, having a good understanding of the underlying drivers of the risk is the first step in building a picture of the future.

The factors that drive cyber risk are extremely broad – ranging from geopolitical to corporate risk management, and from technology capabilities to international law enforcement.

To address the range of topics, the conference will bring together world-leading experts from a range of disciplines. Presentations will be given by CISOs, academics specializing in cybercrime and cybersecurity, experts in threat intelligence, ethical hackers, insurance professionals and more.

Speakers include:

  • Andrew Coburn, Senior Vice President, RMS; Chief Scientist, Cambridge Centre for Risk Studies
  • Conrad Prince, former U.K. Cyber Security Ambassador, former Director General – Operations, GCHQ
  • Eireann Leverett, Founder and Chief Executive Officer, Conncinity Risks
  • Jasson Casey, Chief Technology Officer, SecurityScorecard
  • Stephen Boyer, Founder and Chief Technology Officer, BitSight Technologies
  • Rob Chandhok, Group Chief Technology Officer, DMGT
  • Sarah Stephens, Head of Cyber, Marsh/JLT Group
  • Eric Durand, Head of Cyber Center of Competence

For details on the conference, including a full agenda and speaker list, and to register your interest in attending, please click here.

You May Also Like
October 10, 2019
Cyber Risk Seminars Introduce New Solutions to Address Evolving Threat Landscape

During September, RMS ran a series of cyber risk seminars in London and New York. These half-day events coincided with the release of RMS Cyber Solutions version 4.0 and featured both RMS and industry experts discussing cyber risk and the opportunities for the cyber insurance industry. At both events, the day kicked off with Dr. Andrew Coburn, senior vice president for RMS, examining recent developments within the cyber risk landscape by outlining the approach RMS takes to tracking and categorizing the wide range of evolving threat actor groups. He also proposed some key future trends, such as the potential impact of a “gloves-off” nation-state cyberattack and its implications for the cyber insurance industry. Former ethical hacker Eireann Leverett dug deep into the topic of contagion mapping and how hacking groups – both good and bad, are utilizing innovative techniques to map out the digital world. He also touched on the growing use of deepfakes in spear phishing attacks, whereby executive identities are faked to trick employees into fraudulently transferring funds out of the business. To provide the industry’s perspective, we were delighted to be joined by two expert panels in London and New York discussing the cyber market and the role of models to support growth. Thanks to Jamie Pocock (Guy Carpenter), Laila Khudairi (Tokio Marine Kiln), Rory Egan (Munich Re), and Kirsten Mitchell-Wallace (Lloyd’s) for participating in London, and to Anthony Shapella (AIG), Jon Laux (Aon), and Kara Owens (Markel) in New York. RMS Cyber Risk Seminars held in London (left) and New York (right)For the second half of the agenda, members of the RMS cyber team focused on the release of RMS Cyber Solutions version 4.0. This release features substantial enhancements to the RMS model and capabilities across several key areas including exposure data enrichment, expanded model data sources, and new stochastic modeling approaches to quantify cyber risk. Dave Gatey, senior director – modeling for RMS, revealed how new modeling methods, such as agent-based modeling and multi-compartment models were being used in RMS Cyber Solutions v4. Chris Vos, lead modeler for RMS, took to the stage in New York, and myself in London, to give context as to how these improvements to the model and software will assist clients in understanding their cyber risk and therefore making better decisions for their business. In New York, the RMS cyber seminar was followed by a half-day terrorism seminar. Introducing RMS Cyber Solutions Version 4.0 For many insurers, obtaining complete and accurate exposure data from cyber submissions remains a challenge. Often, these submissions are missing key information such as business revenue, profit, or business sector – all attributes that are critical to understanding the potential effect of cyber events. To address this, RMS has released a company database consisting of 13 million companies across 30 countries, alongside a data enrichment engine that uses a custom similarity matching algorithm to allow users to enrich their exposure data. This will help ensure the inputs into the model are as accurate as possible, reducing model uncertainty, and minimizing an insurer’s data collection efforts. Although historical data does not show you the whole picture when it comes to cyber risk, it is still critical to inform the lower return period scenarios. To enable this, RMS has invested substantially in automating our historical event data collection techniques by employing bespoke machine learning algorithms that extract event data from hundreds of thousands of unstructured data sources. These new data sets cover multiple event types including breach, malware, ransomware, and cloud outages and allows our v4 model to be run at a significantly increased level of granularity, supporting greater risk differentiation. RMS has continued to research the causal processes that drive cyber risk, working closely with our partners across cybersecurity and academia, to map out and build simulations of these underlying processes. By stochastically modeling these individual components and applying game theory models to explore threat actor behavior, we can extract probabilities associated with both short- and long-tail cyber events. Investing in Cyber-Physical Loss Models Finally, RMS has maintained its substantial investment in cyber-physical loss models. These models take data from the EDM (the RMS property exposure data store) and other casualty classes to quantify the impact of clash-type cyber catastrophe events such as power blackouts. This allows insurers to explore the potential for silent cyber losses across their business, supporting regulatory reporting. Many insurers are exposed to this type of cyber risk, even if they don’t write affirmative cyber insurance policies. These new insights and models continue to be delivered within an open modeling framework, allowing complete transparency into each of the modeling components. This transparency allows users to validate each component and create custom models to support their own view of risk. This new solution from RMS represents a significant step forward for the insurance industry to model its cyber risk. For more information, please contact cyberrisk@rms.com.…

January 30, 2019
Cyber Risk: Are We Increasingly Being Held to Ransom?
Tom Harvey
Tom Harvey
Head of Cyber Product Management, RMS

Tom is the Head of Cyber Product Management for RMS, and since early 2015 has worked together with the Cambridge Centre for Risk Studies and RMS’ development partners to bring the RMS Cyber Accumulation Management System and subsequent RMS Cyber Solutions to the market. Tom joined RMS in 2013 as a technical sales expert assisting a number of leading (re)insurers further their catastrophe management practices.

Prior to joining RMS, Tom spent 4 years at Hewlett Packard Software within the European presales team working closely with a number of HPS’ IT security products.

cta image

Need Help Managing Your Portfolio?

close button
Overlay Image
Video Title

Thank You

You’ll be contacted by an Moody's RMS specialist shortly.