29th July 2020

Verisk releases updated cyber risk modelling platform

Verisk has announced the latest release of ARC(Analytics of Risk from Cyber), a state-of-the-art cyber risk modelling platform that informs risk selection, portfolio management, and risk transfer. This release of ARC hosts a comprehensive set of models powered by AIR, including individual risk models, aggregation risk models, and the newly available probabilistic systemic ransomware model, to help companies analyze systemic ransomware events by simulating aggregated losses from global-scale ransomware attacks, such as WannaCry(2017) and NotPetya(2017). The economic loss from a major systemic ransomware attack can exceed $15bn, causing significant damage to the global economy, thereby making modelling such attacks critical to the insurance industry.
“Cyber risk is constantly evolving and growing, especially with the digital acceleration driven by the COVID-19 pandemic,” said Prashant Pai, vp of Verisk Cyber Solutions. “Likewise, we, as the insurance industry are recognizing that this growing risk impacts many of the cyber coverages; both affirmative and non-affirmative. In addition to the unique systemic ransomware model that is now available in ARC, this release features a number of innovations including a significantly enhanced web user interface that provides efficient workflows coupled with a powerful new financial model that more accurately models insurance terms specific to cyber.”
Other enhancements in ARC include access to a breadth of loss breakdowns by a range of event vectors and more than a dozen coverages; and the ability to automate workflows and integrate ARC’s analytics into a client’s internal applications by leveraging public APIs.
The 50,000-year stochastic catalog of systemic ransomware events includes tens of thousands of events of varying severities. The model focuses on points of aggregation (including operating system, geocoded internet infrastructure location, poor cyber hygiene, and industry), stochastic probability of infection, and downtime duration to understand the potential spread and severity of these events. Clients can use ARC to look at the financial impact and understand potential losses across four key cyber coverages triggered by these events, including business interruption, data and asset recovery and remediation, cyber forensics/incident remediation, and extortion (ransom payments). Overall, the updated cyber model has more than six million simulated events between those that impact individual risks, points of aggregation, and systemic ransomware attacks.
“The probabilistic ransomware model covers systemic ransomware events, that is, widescale events that affect more than one organszation at a time,” said Scott Stransky, vice president & director of emerging risk modelling at AIR Worldwide. “However, unlike an event that takes an entire cloud provider down and all the companies using that cloud with it, these ‘partial’ aggregation events only impact a percentage of organisations that are vulnerable to that particular method of attack, a problem that is particularly well-suited to stochastic modelling. For example, NotPetya impacted only a small fraction of the companies that had the necessary vulnerability–older, unpatched versions of SMB (Server Message Block), a protocol used to communicate between nodes on a network. By modeling many potential points of aggregation, we can capture a wide range of ransomware scenarios.”
ARC is a part of Verisk's Cyber Solutions Suite which was named Cyber Solution of the Year at the InsuranceERM Annual Awards 2020–Americas. The Verisk Cyber Solutions suite, built on a database with information from more than 12 million worldwide businesses, delivers policy language, loss costs, analytics, modelling, workflow capabilities, and more.

Verisk Trends(151 articles)
Cyber Trends(980 mentions in Insurance Newslink)