Second Generation RMS Cyber Model Shows Over $5 Billion Insurable Loss Each Year To U.S. Businesses Through Data Exfiltration
Advanced modeling capabilities of RMS Cyber Accumulation Management System version 2.0 used to calculate expected loss baselines, as new RMS research details the growing risk to insurers from hackers
NEWARK, Calif. -
May 02, 2017 -
RMS, a global risk modeling and analytics firm, today announced the release of its updated and expanded RMS Cyber Accumulation Management System, which includes a suite of cyber models and supporting software. The update comes in response to the rapidly changing cyber risk landscape, analysis of which is detailed in a new RMS report, Cyber Risk Landscape 2017, published today.
The update incorporates new functionality, including the RMS Expected Loss Baseline model. RMS analysts have used this new model to calculate that if all U.S. businesses had cyber insurance, over $5 billion a year would be lost to the insurance industry from cyber data exfiltration alone. Data breaches are the leading cause of cyber insurance loss.
“In only fifteen months since we launched the RMS Cyber Accumulation Management System, we’ve seen the cyber risk landscape change dramatically and version 2.0 of the system reflects those changes,” said RMSseniorvice president, Dr. Andrew Coburn. “For example, we’ve seen the largest ever data breaches, denial of service attacks, and attempted financial thefts. Data breaches can cost companies hundreds of millions of dollars, and our modeling shows the overall insurable loss across U.S. businesses from data exfiltration is running at over $5 billion a year. The past year has also demonstrated the potential for future systemic cyber catastrophes, for which overall losses would far exceed $5 billion, and version 2.0 has the capacity to model this risk.”
Version 2.0 of the RMS Cyber Accumulation Management System gives clients unprecedented analytics, enabling firms to be even more accurate with their calculations of attritional annual losses across cyber portfolios, as well as probable maximum loss (PML). To keep pace with rapidly-changing cyber risk, the updated system includes major updates to its affirmative cyber scenarios, which have been created from the largest available database of historical cyber incidents and claims data. The scenarios cover,
shifting patterns of data exfiltration – updated scenarios reflect changing criminal targeting, larger magnitude data breaches, and improvements in security standards against accidental data loss;
more intense denial of service attacks – version 2.0 responds to the increasing firepower available to attackers who could harness the Internet of Things;
financial theft – updated to include larger attack campaigns and reflect improvements in security networks being used within the financial services sector;
cloud service provider failure – incorporates the substantial growth in cloud usage by companies, the increasing market dominance of the big four cloud service providers, and lessons learned from recent cloud outages;
cyber extortion – updated to include recent examples of extortion demands on larger companies, with ransom payment sizes recalibrated to recent experience, and the consequences of business interruption.
As announced last month, the system now includes cyber-physical scenarios providing insight on cyber-attacks that cause losses to traditional lines of property insurance, such as fire and explosion triggered by hackers. These non-cyber lines range from commercial and residential property to industrial facilities, upstream energy, and marine. The updated cyber-physical scenarios also enable assessment of the ‘silent’ exposures in policies that have ambiguous terms on cyber-attack losses.
“As the first cyber risk management solution of its kind, the RMS Cyber Accumulation Management System has benefited from over a year of use by leading cyber insurance writers, helping them to analyze a third of the market by premium.” commented Coburn. “That’s a lot of client feedback and refinement which has informed the innovations of our latest update. And with our continued substantial investments into cyber model development, there is already more capability in our pipeline.”
The RMS Cyber Accumulation Management System continues to be developed in collaboration with the Center for Risk Studies at the University of Cambridge. It also includes the RMS Cyber Exposure Data Schema, which is open source and the industry standard for providing a systematic and uniform way to capture cyber exposure data and manage accumulation risk.
Notes for Editors
The loss rate of over $5 billion for U.S. businesses is derived from the RMS cyber model of data exfiltration incidents in private sector enterprises. The estimate is based on a comprehensive database of cyber events and insurance claims, and trended cost estimates for 2017.
RMS solutions help insurers, financial markets, corporations, and public agencies evaluate and manage catastrophe risks throughout the world. RMS has over 1,200 employees across 13 offices in the US, London, Bermuda, Zurich, India, China, Japan, Singapore and Australia - our products and models covering six continents.
We lead an industry that we helped to pioneer—catastrophe risk modeling—and are delivering models, data, and risk management solutions on the RMS(one)® platform to transform the world’s understanding and quantification of risk through open, real-time exposure and risk management.
More than 400 insurers, reinsurers, trading companies, and other financial institutions trust RMS solutions to better understand and manage the risks of natural and human-made catastrophes, including hurricanes, earthquakes, floods, terrorism, and pandemics.