Cyber models must tackle aggregation
Firms creating cyber models must tackle the problem of aggregation, according to a senior figure in the cyber insurance market.
Speaking to The Insurance Insider, Mark Camillo, head of cyber EMEA at American International Group, said that examples of cyber aggregation events included cloud providers being breached or viruses impacting numerous companies at once.
"These are some of the examples being brought up by government and regulatory authorities. But the likelihood of those events actually happening are very low," he added.
"A model needs to be able to take into consideration the different policies that might have different scenarios and thus trigger multiple policies.
"But it should also be able to understand some of the safeguards that are in place that companies use to protect their assets."
Camillo's comments followed the news that AIR Worldwide had signed partnerships with two data companies to help it build a cyber risk model.
AIR said that it hoped the model would be ready for release in two to three years.
The full model will also provide a means for the industry to examine accumulations of risk for the first time.
AIR's partnership with BitSight Technologies will offer insight into how risks written for different clients or industries could be connected via shared cloud systems.
Meanwhile, its partnership with Risk Based Security has given the company historical incident data on more than 16,000 breaches.
AIR Worldwide manager and principal scientist Scott Stransky said that leveraging the data assets from its new partners would be a major step forward in developing a robust cyber model.
"We're developing a comprehensive cyber industry exposure database that can enable us to better estimate potential financial losses to entire sectors and portfolios due to common vulnerabilities," he said.
"The AIR model will be critical to a true understanding of the financial implications of cyber-attacks, including the aggregation risk associated with a mega-scale attack."