logo image

NEWARK, Calif. - May 02, 2017  RMS, a global risk modeling and analytics firm, today announced the release of its updated and expanded RMS Cyber Accumulation Management System, which includes a suite of cyber models and supporting software. The update comes in response to the rapidly changing cyber risk landscape, analysis of which is detailed in a new RMS report, Cyber Risk Landscape 2017, published today.

The update incorporates new functionality, including the RMS Expected Loss Baseline model. RMS analysts have used this new model to calculate that if all U.S. businesses had cyber insurance, over $5 billion a year would be lost to the insurance industry from cyber data exfiltration alone. Data breaches are the leading cause of cyber insurance loss.

“In only fifteen months since we launched the RMS Cyber Accumulation Management System, we’ve seen the cyber risk landscape change dramatically and version 2.0 of the system reflects those changes,” said RMS senior vice president, Dr. Andrew Coburn. “For example, we’ve seen the largest ever data breaches, denial of service attacks, and attempted financial thefts. Data breaches can cost companies hundreds of millions of dollars, and our modeling shows the overall insurable loss across U.S. businesses from data exfiltration is running at over $5 billion a year. The past year has also demonstrated the potential for future systemic cyber catastrophes, for which overall losses would far exceed $5 billion, and version 2.0 has the capacity to model this risk.”

Version 2.0 of the RMS Cyber Accumulation Management System gives clients unprecedented analytics, enabling firms to be even more accurate with their calculations of attritional annual losses across cyber portfolios, as well as probable maximum loss (PML). To keep pace with rapidly-changing cyber risk, the updated system includes major updates to its affirmative cyber scenarios, which have been created from the largest available database of historical cyber incidents and claims data. The scenarios cover,

  • shifting patterns of data exfiltration  updated scenarios reflect changing criminal targeting, larger magnitude data breaches, and improvements in security standards against accidental data loss;
  • more intense denial of service attacks  version 2.0 responds to the increasing firepower available to attackers who could harness the Internet of Things;
  • financial theft  updated to include larger attack campaigns and reflect improvements in security networks being used within the financial services sector;
  • cloud service provider failure   incorporates the substantial growth in cloud usage by companies, the increasing market dominance of the big four cloud service providers, and lessons learned from recent cloud outages;
  • cyber extortion   updated to include recent examples of extortion demands on larger companies, with ransom payment sizes recalibrated to recent experience, and the consequences of business interruption.

As announced last month, the system now includes cyber-physical scenarios providing insight on cyber-attacks that cause losses to traditional lines of property insurance, such as fire and explosion triggered by hackers. These non-cyber lines range from commercial and residential property to industrial facilities, upstream energy, and marine. The updated cyber-physical scenarios also enable assessment of the ‘silent’ exposures in policies that have ambiguous terms on cyber-attack losses.

“As the first cyber risk management solution of its kind, the RMS Cyber Accumulation Management System has benefited from over a year of use by leading cyber insurance writers, helping them to analyze a third of the market by premium.” commented Coburn. “That’s a lot of client feedback and refinement which has informed the innovations of our latest update. And with our continued substantial investments into cyber model development, there is already more capability in our pipeline.”

The RMS Cyber Accumulation Management System continues to be developed in collaboration with the Center for Risk Studies at the University of Cambridge. It also includes the RMS Cyber Exposure Data Schema, which is open source and the industry standard for providing a systematic and uniform way to capture cyber exposure data and manage accumulation risk.

Notes for Editors

The loss rate of over $5 billion for U.S. businesses is derived from the RMS cyber model of data exfiltration incidents in private sector enterprises. The estimate is based on a comprehensive database of cyber events and insurance claims, and trended cost estimates for 2017.

Related Resources
July 07, 2020
Covid-19 Can Be Springboard to Understanding Clash Risk: RMS CEO

June 19, 2020
The COVID Catastrophe

June 19, 2020
A Model Approach

About RMS

Risk Management Solutions, Inc. (RMS) helps insurers, financial markets, corporations, and public agencies evaluate and manage global risk from natural and man-made catastrophes, including hurricanes, earthquakes, floods, climate change, cyber, and pandemics.

RMS leads the catastrophe risk industry that we helped to pioneer by marrying data and advanced model science with leading-edge technology. Leaders across multiple industries can address the risks of tomorrow through RMS Risk Intelligence™, our open, real-time exposure and risk management platform, enabling them to tap into RMS HD models, rich data layers, intuitive applications and APIs that simply integrate into existing enterprise systems.

RMS is a trusted solutions partner enabling effective risk management for better business decision making across underwriting, risk selection, mitigation, and portfolio management.

Visit RMS.com to learn more and follow us on LinkedIn and Twitter.

Media Contacts

Matthew Longbottom

PR Lead, EU and APAC
+44 20 7444 7706 prteam@rms.com

Devonne Cusi

PR Lead, Americas
+1 551 226 1604 prteam@rms.com
cta image

Subscribe to Our Newsletter

close button
Video Title

Thank You

You’ll be contacted by an RMS specialist shortly.

RMS.com uses cookies to improve your experience and analyze site usage. Read Cookie Policy or click I understand.