Iran and Modeling Cyber Risk

Australian insurers push back on data proposals and gaslighting bushfires

Chris Westfall
Chris Westfall

Today’s RMN is free to all subscribers. This is also an opportunity to roll out a new feature, Catastrophe Q&A.

This week we discuss cyber risk and modeling, post Iran, with Kovrr’s Yakir Golan.  The next Cat Q&A will be with a model user.

Below is a list of what RMN full subscribers read this week…

Consider becoming a full subscriber to get access to daily emails and exclusive features. along with discussion access.

Subscribe now

Catastrophe Q&A: Model Maker

Kovvr’s Yakir Golan

Risk Market News: There is a great deal of discussion that cyber-attacks will loom large in any Iran conflict. How do you account for this kind of scenario in your model?

Yakir Golan: We develop our platform and model framework so that it doesn't matter who the actual attacker is. What's important is that you integrate into the model -- how the attacker operates. What are the ways they infiltrate businesses and infrastructure. What are the service providers and technologies they are aiming to seize? Is their goal to cause an outage or data theft?

We are continuously collecting data from the threat landscape on any attack group that is out there. Whether it's a nation state, individuals or an organized cybercrime group. We are detecting and analyzing the campaigns that attackers are launching and how they operate. That’s what we inject into the model.

For us, it's more interesting to understand the ways and the techniques they are using, not necessarily who the name behind it is.

RMN: What are the ways state actors execute a cyber-attack that are different from a criminal or private sector actor?

Golan: They have more resources and supportive research they can use to explore potential vulnerabilities and exploit them to conduct specific attacks.

Many state actors do use techniques that were published in the past, and modify and adapt them to make it look different. Basically, their aspiration is to cause a massive impact or collect strategic data.

RMN: What is your understanding of the way insurers and reinsurers are exposed to cyber-attacks from state actors?

Golan: I would say that this is an issue that is not solved yet. There is a whole debate in the insurance space about liability in a situation where an attack is attributed to a state actor. There are more complex consequences than just insurance payouts.

An interesting path in the industry might be to initiate a third-party organization that will be supported by several key governments, regulators, big insurance and reinsurance companies, and will provide attribution services that are accepted by everyone.

RMN: Do you think there's enough experience in war and conflict scenarios using cyber methods to accurately model the risk involved?

Golan: You are looking at two issues: you're looking at frequency and severity.

There is frequency data out there and if you know how to get it you can build a platform to collect it, label it and model on top of it. The data exists in terms of frequency modeling and if done right, you're able to achieve some very high-level accuracy.

In terms of severity, it is more challenging because there is limited data. There are all kinds of ways that vendors use to bridge this gap. Whether it's bringing data from other arenas or bringing data that is not publicly available on financial implications of cyber incidents.

We see fantastic progress in this search for data, although in terms of claims data, it's not sufficient yet. We think that gradually the gap is being closed and making the modeling more mature.

RMN: How do you overcome the limited data set for cyber-attacks in general, especially when compared to other perils?

Golan:  We are just in the beginning of the journey with cyber. Modelers and cyber experts still have a lot of work to do together. When it comes to cyber, (re)insurers don’t necessarily know all the data they need to request from their clients. They need to work closely with vendors and cyber specialists to gain a better understanding of the data needed.

RMN: There is some discussion among insurers and reinsurers that the limited data creates a lot of variance between different cyber models. What are your thoughts on that?

Golan: Variance is not a bad thing from the client's perspective, as long as you understand what is underlying the model in regard to specific methodologies applied. Meaning, are you being provided with clear transparency to how the model works and which assumptions are being taken into account?

You need to understand: what the data is, where the data is coming from, how the data is labeled, how the modeling framework was built, and of course a lot more.

If you have that, I think variance is actually something that is very good. You'll see a variance in terms of outputs.

If you have two models with significant variance, you may have a better view of the risks. You have two mindsets. But again, you need to know very clearly what the model is derived from.

RMN: What do you think of the chances of a real market developing for insurance-linked products and other capital markets structures tied to cyber risk?

Golan: This is an exciting market for cyber risk. I think it’s needed. If you're asking about the market today, the big problem is there is not enough capacity because reinsurers are limiting it. And for a good reason. They still don’t have good feeling about their understanding of cyber or the tools and data to support it. There is a demand. ILS can serve as a very interesting vehicle to bring the market to higher efficiency.

Risk Reads

Bushfire Data Demand
Josh Frydenberg has demanded insurers provide Treasury with an unprecedented level of detail about claims for bushfire property losses, a proposal the industry doubts is feasible.
The demand was outlined in a draft letter circulated to insurers on Thursday by the Insurance Council of Australia, which outlined 38 pieces of information about individual claims that Frydenberg wants provided to Treasury, including street address, the year the building was constructed and the amount for which the property was insured.

Josh Frydenberg demands insurers provide unprecedented detail about bushfire property losses (The Guardian)

Puerto Rico Earthquake Risk
“Puerto Rico "has a definite earthquake risk, compounded because its infrastructure is vulnerable, as demonstrated in other recent natural disasters, such as the 2017 Hurricane Maria"

950 earthquakes have hit Puerto Rico so far this year. Why? Blame it on an 'earthquake swarm' (USA Today)

Bushfire Gaslight
Donald Trump Jr. and Sean Hannity were among the most prominent tweeters this week of the allegation that close to 200 people in Australia have been charged with arson for deliberately lighting brushfires. Other people on the right, as well as bots trying to amplify climate skepticism, jumped on board with the hashtag #ArsonEmergency.

The viral false claim that nearly 200 arsonists are behind the Australia fires, explained (Vox)