confidential: for seminar attendees only 1 · ©2020 verisk analytics, inc. confidential: for...


The Next Frontier of

Cyber Modeling

Scott Stransky Vijay RamanPamela Eck


Agenda

Recent Cyber Events

Individual Risk Events Still Drive the Majority of Claims

Systemic Ransomware

Aggregation Beyond the Cloud

Cyber as a Peril (aka Silent Cyber)

Cyber Modeling Platform – Key Enhancements


Recent Events: Marriott and Continued Data

Breaches

Estimated insurance loss: USD 350 million


Recent Events: Norsk Hydro and the Targeted

Ransomware

Estimated insurance loss: GBP 75 million


Recent Events: NotPetya and the Rise of

Systemic Ransomware

Estimated insurance loss: USD 320 million(to traditional affirmative

cyber policies)


Cyber Regulatory Environment Is Ramping Up

Source: enforcementtracker.com

GDPR fines Continue to Ramp Up New regulations in the U.S.

month

Am

ou

nt

of

Fin

es

(Eu

ros)

month

Co

un

ts o

f fin

es

Counts of fines


Individual Risk Events Still

Drive the Majority of

Claims


Business Interruption

By Country Frequency

Predictors by Attack

Vector

Correlation by Attack

Vector

Individual Risk Modeling: The Next Generation

of Data Compromise


Business Interruption Continues to Drive Losses


Costs of Data Compromises Vary by Country

Source: IBM/Ponemon


Different Predictors for Different Modes of Attack

Machine learning helps us understand which potential cyber predictors lead to incidents

Separate predictors for each attack vector scenario


Data Compromise Correlation: The Impact of

a Common Vulnerability Being Exploited

The Local Bakery The Food truck The Coffee Shop

Correlation specific to each attack vector – lost device events have no

correlation, while phishing has stronger correlation


Understanding Risk from

Systemic Ransomware


•Yes

•NoSystemic

•Windows

•Mac

•AndroidOperating system

•Ukraine

•Bosnia

•Etc.Geotargeting

•Email

•Trojan

•DatabaseDelivery mechanism

•Particular vulnerable programs (Adobe, Java, Flash, etc.)

•Does it destroy data or just encrypt it?

•Has the encryption already been broken?Other characteristics

Ransomware Science: Hierarchy of Ransomware


Email Downloads MessagingVulnerability Exploitation

Ransomware Science: What Happens in a

Ransomware Event

Windows MAC Android Linux

Backups Scareware Compromised Encryption

Payment Destruction

De

live

ry

Me

tho

dO

pe

ratin

g

Syste

mR

em

ed

iatio

n

Typ

e


Ransomware Modeling: The Stochastic Catalog

Point of aggregation

Infection rate

Severity (BI)


Ransomware Modeling: Loss Calculation

0

0.2

0.4

0.6

0.8

1

0 1 2 3 4 5 6

Day

BI cost experienced

SMB V1 Vulnerable Computers (2017): 1 billion

NotPeyta impacts: 12.5K devices

Infection rate: 1/80,000


Aggregation

Beyond the Cloud


Manufacturers

Sources of Aggregation

Operating Systems

Browsers

DNS

CDN

Cloud

Email Payment Processors

ISPInfrastructure providers

VPN Providers

Managed Services

Ad

SSL Certificates

…are numerous!


Manufacturers


Operating Systems

Browsers

DNS

CDN

Cloud

Email

How severe would an event be?

Payment Processors


VPN Providers

Managed Services

Ad

SSL Certificates


Manufacturers


Operating Systems

Browsers

DNS

CDN

Cloud

Email

How frequent would an event be?


Managed Services

SSL Certificates



Browsers

DNS

CDN

Cloud

Email


How much aggregation would the event have?

Managed Services



CDN

Cloud

DNS

Email

Infrastructure providersISP

What’s left?


Email Provider Model


How Does a Content Delivery Network (CDN) Work?

Original server

CDN server

User


How Do DNS, CDN, and Cloud Work Together?

User

Dynamic Content

Routed to nearest Edge Location

Region of the

Cloud

CDN


Cyber as a Peril (aka

Silent Cyber)


Silent Cyber: The Continually Evolving Definition

Cyber

Event


What Modeling Solutions Are Currently Available?

Dep

th

Breadth

Blackout

*NEW*

Commercial

Fire


Overview of the Commercial Fire Model

Fire/No Fire

Damage Function

Fire Alarm Control Panel

Building Characteristics P-factor

σ𝑆𝑐𝑒𝑛𝑎𝑟𝑖𝑜 𝑁𝑢𝑚𝑏𝑒𝑟 (1 - 8)


What Modeling Solutions Are Coming Soon?

Dep

th

Breadth

Blackout

*NEW*

Commercial

Fire

Area of Focus


Cyber Risk Continues to Evolve

Bad actors are a step ahead

Business interruption continues to be a driver of major losses

Systemic ransomware is a concern

Aggregation risk extends beyond the cloud

Cyber as a peril is here to stay


Cyber Risk Modeling

Platform: Analytics of Risk

from Cyber (ARC)


The Cyber Risk Modeling Platform

Flexibility and Transparency

Comprehensive Risk Modeling

Cyber Risk Data Augmentation


Manage Your Cyber Risk Program from Start to Finish

Verisk Cyber Data Standard

Includes Cyber Exposure Database

Includes technographic and firmographic data

User Data Management Data Enhancement

AnalyticsReporting


What’s Inside Our Cyber Risk Platform Today?C

yb

er

Da

ta S

ou

rce

s

Server and Database

Cyber Analytics

Loss Engine

Monitoring and

Reporting

User Interface

Probabilistic Loss Analytics

Deterministic Loss Analytics

Scenarios

Cyber Analytics

Industry Exposure Database (IED)

Data Import and Validation

Matching Algorithms for Augmentation

Exposure Data management

Selective Backfilling


Roadmap and Key

Enhancements


A Comprehensive Roadmap Ahead

Workflow Enhancements(Web based Interface)

Loss Reporting by Coverages(Enhanced Financial Modeling for support

up to 14 business coverages)

Loss Breakdown by Attack Vectors(Single Risk Ransomware, Phishing, Physical

Tampering etc.)

Public API Support(Loss Analysis workflow support via RESTful

API’s)

Systemic Ransomware(Using Market Share Data)

Systemic Ransomware(Using Detailed Data)

Global Industry Exposure

Database(Support for 300M+ organizations)

Complete Aggregation Models(Complete aggregation support for new

scenarios with catalogs)

Enhanced Individual Risk

Models

(Enhanced GDPR, BI losses & attack

vector correlation)

Summer 2020 (v3.0) Q1 2021 (v4.0)

Reinsurance Policy Workflows (Support for Single Risk & CAT Treaty)

Cyber-as-a-Peril(Ability to analyze affirmative & silent

cyber exposure for Property, D&O, E&O and other Lines)

Q4 2021 (v5.0)


You Will Experience Rich Configurable Graphics

Upload Exposures Validate Exposures Configure workflows for company match & data enhancements

Run Loss Analytics

Exposure Summary Dashboard Loss Metrics Dashboard Workflow Manager


Leveraging Cloud-Native Platform Services

Application UI and API’s

Loss Analytics

Data Management

Cloud Data

Platform Services

Functions

Clo

ud

Pla

tfo

rm S

erv

ice

s

• Identity management

• API management

• Serverless processing

• Batch processing

• Data Warehousing as

Service (DWaaS)

• BI & reporting

Cloud Services

Elastic Auto-Scaling

ARC Platform (Servers and DB)

AIR Cloud /Public Cloud


Providing You With the Most Comprehensive

View of Your Cyber Risk

confidential: for seminar attendees only 1 · ©2020 verisk analytics, inc. confidential: for...

Documents