AIR Worldwide, a catastrophe modelling firm, has launched the first open source deterministic cyber risk scenario which intends to help companies and the insurance industry “better understand aggregated risk from large-scale cyber-attacks.” This cyber risk scenario will be used in affiliation with AIR’s data schema and “will serve as practical examples to help perform deterministic scenario modelling of an insurer’s or reinsurer’s book of business,” according to a statement from AIR Worldwide during the RIMS 2016 conference and exhibition in San Diego this week.
This new product is targeted toward the insurance industry and the scenarios will ideally help capture the severity and loss potential following an attack. They will include potential cyber events in detail and will also be available to the public. “By offering this scenario for free, we hope to encourage people to adopt our [data] standard so you can actually change the assumptions underlying it,” said Scott Stransky, assistant vice president and principal scientist for AIR Worldwide. In the first scenario, a major cloud service provider will experience “downtime for several days, resulting in significant business interruption for its customers.” AIR notes that explaining these scenarios “has the potential for revealing significant aggregation risk within an insurer’s book. Using the scenarios, deterministic loss estimates can be studied for aggregations on cloud providers, payment processors, accidental breaches, black-outs, encryption quality and more.”