Though a relatively new peril, cyber risk is dynamic – and 2020 has certainly been a year of rapid change in terms of the nature of cyber risk. Due to national or state-level COVID-19 lockdowns, employees around the globe left the protective IT bubble at their office buildings to work from home, causing cyber exposure to shift radically for cyber insurers. Research from Stanford University published at the end of June 2020 suggested that 42 percent of the entire U.S. labor force was working from home full time. Similar figures were reported for other countries: 46 percent for the U.K. and 35 percent for Germany.
It has not been easy for enterprises to accommodate this work-from-home shift. According to analyst Gartner, around 50 percent of businesses with more than US$1 billion revenue were unprepared for their employees to work from home en masse. Applications such as Zoom video conferencing saw a jump from around 10 million users at the start of 2020 to 300 million by the end of April. McKinsey reported that chief information security officers (CISOs) diverted budget to ensuring security for remote workers and any cyber threats they may have faced.
Evolving Risk Environment
The release of RMS® Cyber Solutions 5.0 ensures our modeling is based on the latest view of risk. At RMS, we have been supporting the (re)insurance community to understand this risk for more than four years – starting with our Cyber Accumulation Management System (CAMS) platform in 2016, which we evolved each year to where we are today. In addition, Cyber Solutions 5.0 includes the launch of the new RMS Cyber Solutions Underwriting application as well as a significant update to the RMS Cyber Solutions Portfolio Management application.
What has the shift to home working meant for cyber risk? Looking at email, the volume of fraudulent and malicious emails has increased, with criminals exploiting COVID-19 fears to trick users to click on misleading web links. Vulnerable home workers are being targeted with phishing emails to garner sensitive information. For infrastructure, risks have increased due to use of home devices to log onto corporate networks, and a lack of secure network access. And the familiar threats remain, as data exfiltration and data breaches continue unabated with healthcare, public sector, and NGOs being targeted.
Ransomware activity has seen a significant uptick. Insurer Beazley reported a 131 percent year-on-year increase in ransomware attacks, and average ransom payments were up a third to over US$110,000 for larger enterprises, according to Coveware. Whereas contagious malware is more constrained by the ability of threat actors to develop and weaponize exploits, for ransomware, established “exploit kits” and “ransomware as a service” provides a quicker and easier route to payment.
Ransomware attacks in 2020 have impacted fitness brand Garmin, with a multimillion dollar payment, and multiple healthcare providers including an attack on four hundred Universal Health Services locations which affected emergency room systems. RMS Cyber Solutions modeling framework reflects these landscape changes.
New Parametrization for Japan
With RMS Cyber Solutions 5.0, we have extended the “out-of-the-box” global parametrization to eight major markets with the inclusion of Japan. It is now a specifically modeled country with its own set of rates and costs that have been determined through significant research of cyber events, infrastructure, and insurance in Japan.
To get a full distribution along the exceedance probability (EP) curve for metrics such as 100-year return periods and year loss tables (YLT), you need to simulate over tens of thousands of years of potential events. The new simulation framework in our cyber model offers a more robust and intuitive approach, simulating events directly onto a timeline.
This framework allows you to drill into the rates and costs to see which events contribute to the loss, such as malware or a cloud outage, as well as the key drivers of that loss. This depth of insight allows users to make informed decisions for their business such as: grow/shrink, portfolio optimization, reinsurance strategy, and capital allocation.
All of this is within the transparent and open framework you would expect from RMS, allowing you to query results however you choose, examine the drivers of loss, validate model assumptions, and change parameters as you see fit.
Cyber Solutions 5.0 introduces our new RMS Cyber Solutions Underwriting application as a separately licensable product. It is designed to deploy our modeled insight at the per-risk level, helping affirmative cyber insurance underwriters technically price risk in a consistent and profitable fashion. This pricing approach is consistent with the RMS Cyber Solutions Portfolio Management application. The model explicitly prices for catastrophe load and leverages the Cyber Incident Database, curated and sourced by RMS, with over 100,000 data breach events plus over 100,000 ransomware events (as well as numerous cloud and DDoS events).
Both the underwriting application and the portfolio management solution within RMS Cyber Solutions 5.0 support integration with a variety of industry-leading cyber risk scoring vendors. This allows you to drill into the specific “technographic” aspects of an individual risk and refine your pricing further.
These are only a few of the many upgrades to RMS Cyber Solutions that are now available in version 5.0. With the new model reflecting the latest risk landscape, combined with effective tools to analyze, manage, and price cyber risk, model users can move forward with greater confidence managing this ever-changing peril.