Cyber risk modeller DeNexus’ CEO José Seara said Lloyd’s of London must balance protecting its business while recognising the importance of second-generation cyber modelling in providing necessary risk visibility for effective risk transfer.
Lloyd’s of London, the 330-year-old institution, has responded to the growing cyber risk landscape by clamping down on coverage for state-sponsored cyber attacks, Seara said in a recent interview with Reinsurance News.
“First-generation cyber modelling went only part of the way to this clarity, being reliant on limited, historic and manually collated data, such as an annual questionnaire.”
DeNexus’ second-generation modelling on the other hand, culls regularly updated data not only from outside but also deep inside a company’s systems, automatically using telemetry to discover network architecture, devices/assets in that network, vulnerabilities and controls in place. This provides an accurate picture of exposures and guides industrial clients on which risk mitigation measures to take, with the aim of preventing a loss happening in the first place.
Second-generation modelling can also give a near real-time picture of what’s happening during an event, allowing for timely loss reserving as well as providing unique insights into the effectiveness of insureds’ loss prevention and mitigation techniques, Seara explained.
DeNexus’ insurance product, DeRISK Insurance, feeds data through standardised processes to provide probability analysis and the financial impact of different threat scenarios, looking at all tiers in the insurance risk transfer chain.
Earlier in April, DeNexus announced the launch of Version 5.3 of its DeRISK Platform to help improve cyber risk modelling capabilities for reinsurers and the insurance-linked securities (ILS) sectors.
“DeNexus is the first ‘second-generation’ cyber modeller,” Seara had said. “First generation cyber modellers took a ‘one-size-fits-all’ approach to cyber risk.”
Operational technology represents a growing cyber risk, with attacks on critical industrial assets, such as oil pipelines, power producers, or water utilities, being a major worry.
“Cyber attacks on critical infrastructure orchestrated by Russia or its allies were a major fear at the start of the Ukraine war. Whether they come to pass or not, cyber risk is growing and affects us all.”
Cyber risk is growing and affects us all, and over time the state may step in as an insurer of last resort. However, the commercial risk transfer market has yet to credibly demonstrate its understanding of cyber risk and how much it can comfortably digest, Seara added.
“The ILS market, for one, has a key role to play but while it’s reliant on primary insurers’ risk management and underwriting processes its appetite will be limited.”
DeNexus’ second-generation modelling offers vital visibility for all levels of the risk transfer chain, which could increase the capital market’s willingness to engage.
“Cyber risk may look daunting but it’s a man-made risk that is to a high degree insurable. Providing cover constitutes a tremendous opportunity for risk carriers. Markets that are seen to bow out, by contrast, may lose relevance.”