Equifax Data Heist: Patching Up a Familiar Problem

Support Center

Access all customer product support, event response, and training in one place

LifeRisks Portal

Find modeling tools based on best practice actuarial techniques and medical science

Miu Portal

Explore analytics and risk insights for the alternative capital market

Products

Intelligent Risk Platform
Uncover global risk insights with the world’s first open, modular and unified risk platform and applications suite in the cloud

Risk Modeler ExposureIQ TreatyIQ UnderwriteIQ Location Intelligence API Third-Party Modeling

Models and Risks
Understand uncertainty with risk- and region-specific models that integrate unmatched data depth

Agriculture Builders Risk Climate Change Cyber Cyclone, Hurricane, and Typhoon Earthquake Flood High-Definition Models Industrial Facilities LifeRisks

Marine Cargo and Specie Offshore Platform Severe Convective Storm Terrorism Wildﬁre Windstorm Winterstorm Workers' Compensation

Data
Get real-time understanding when and where you need it most with accurate, insightful data

Exposure Geocoding Hazard Loss Costs Risk Scores Maps

More Software Products
Turn data into intelligence with traditional Moody's software solutions

Miu RiskBrowser RiskLink
Services

Services Overview

Assess Risk and Strategy
Identify issues and develop actionable recommendations that drive progress

Implement a Solution
Maximize the business value Moody's software delivers at every step in your workflow

Manage Your Business
Extend your in-house capabilities with an experienced team of on-demand analytics experts

Catastrophe modeling

For more than 30 years, we've been dedicated to providing our customers with superior catastrophe modeling that integrates innovative analytics, technology, and science.
Learn more
Solutions

Solutions Overview

By Industry

Find Moody's solutions developed to support the needs of your industry
Insurance Reinsurance Brokers Corporate Risk Management Financial Services Insurance-Linked Securities Public Sector

By Function

Discover how Moody's solutions can benefit specific areas of your business
Catastrophe Modeling IT and Technology Portfolio Management Resilience Underwriting Resources & Insights Regulatory Affairs

By Region

Explore models focused on unique risks in specific areas of the world
North America Europe Caribbean and Latin America Asia-Pacific

Explore Moody's RMS insights on issues impacting the world

Climate Change Catastrophe Modeling Sustainable Underwriting Moody's Risk Labs Digitizing Workflows
Resources

Resources Overview

Blogs
Get expert perspectives as our team weighs in on the latest events, topics, and insights to help you demystify risk and deepen resilience

Our Customers
Meet the customers who are solving some of the world’s toughest problems with Moody’s

Developer Resources
Find API references documentation, tutorials, quick start guides, tools, and more

Risk Data Open Standard
Learn about the flexible, modern data schema that drives value and innovation throughout the industry

High-Definition (HD) Models

Discover the latest generation of our probabilistic modeling suite.
Learn more
Company

Company

Find out more about Moody's history, leadership team, and career opportunities
About Leadership Security Careers Open Positions Graduate Program

Newsroom

Stay on top of the latest Moody's news and announcements
In the News Press Releases and Announcements

Events

Join Moody's experts in person or online for the latest insights
Upcoming Events and Webinars On-Demand Events and Webinarsg Industry Conferences Exceedance Conference
Resources & Insights

Great software career opportunities
Find your position
Support

Support Center
Learn more about Moody’s Support Center which provides access to a library of detailed product and model documentation, support history, event response, and more

Customer Education
Moody’s training provides a variety of e-learning modules, certification programs, and interactive training
Event Response

Event Response
Monitor real-time information about natural catastrophes around the world
Event Response Services HWind

Support Center

Access all of the proprietary resources available to you in one place

LifeRisks Portal

Find modeling tools based on best practice actuarial techniques and medical science

Miu Portal

Explore analytics and risk insights for the alternative capital market

Insurance Solutions

Formerly Moody’s RMS

The recent Equifax incident was by all measures a significant cyberattack. As the press statement released by Equifax on September 8 highlighted, the data theft potentially impacted approximately 143 million U.S. consumers. To put this into perspective this represents nearly 70 percent of the U.S. working population.

However, we should not be surprised. RMS tracks data theft among other types of cyber events on an ongoing basis, and we have seen numerous events of this magnitude or larger over the last few years. This Equifax breach would have ranked just #7 on the list of the largest data breaches in the 2017 RMS Cyber Risk Landscape report.

What Happened?

Equifax confirmed that hackers gained access to their network through a popular open-source software package called Apache Struts, that powers some of its Web-facing applications. The hackers utilized a vulnerability that was spotted in March this year, which was then patched by Apache within a few days.

Once inside the Equifax network, during a two-month period the hackers accessed birth dates, addresses, driver’s license numbers and social security numbers of U.S. consumers, as well as 209,000 credit card numbers. The breach was not solely limited to American consumers, the hackers had also illegally accessed data from consumers in the U.K. and Canada.

The attack was discovered by Equifax’s security team on July 29, as they observed suspicious network traffic associated with its U.S. online dispute portal web application. The team blocked the suspicious traffic, and a day later the affected web application was taken offline. Upon discovering a vulnerability in the Apache Struts web application framework as the initial attack vector, Equifax patched the affected web application before bringing it back online.

Since the attack, Equifax have engaged specialist cyber security experts to assist with the investigation, in addition to working with the FBI and the U.S. Federal Trade Commission. It has also seen the departure of both Equifax’s Chief Information Officer and Chief Security Officer.

What Is the Impact for Insurers?

According to the RMS® Cyber Accumulation Management System model, a company such as Equifax could reasonably expect to lose around US$109 million from an event of this magnitude, although this could increase to in excess of US$250million. The typical types of cover triggered by these attacks include incident response costs, notification and ongoing monitoring of consumers, regulatory and defense costs, and business interruption. Given the sensitivity of this case it is likely Equifax will suffer substantial litigation, with many class action lawsuits already taking place.

Insurers would typically protect themselves against large single company losses with the use of controlled limits and sub limits. We would expect these limits to be saturated in this event.

In addition to the losses suffered by Equifax and their insurers, the growing market for personal lines cyber insurance is also likely to suffer losses. Where data of this nature has been stolen in the past, we have seen a noticeable increase in identify theft attempts, costs of which are typically covered under personal lines cyber policies. Once this data is stolen, criminals use it for identify fraud, filing of fraudulent tax returns, loan applications, counterfeit cards, and even extortion and blackmail attempts.

Does This Change the Likelihood of Systemic Cyber Catastrophe?

While this breach is extremely significant, in the view of RMS it does not reflect a significant change in the potential for a systemic cyber catastrophe. Attacks utilizing unpatched software are unfortunately all too common. As we saw with the recent WannaCry malware attack that utilized a Microsoft flaw, it highlights the need for insureds to keep updated on the latest security announcements from product vendors, and to ensure patches are deployed quickly and effectively.

High profile attacks such as Equifax will always attract great attention from the media and the insurance industry, but this underlines the importance of effective modeling for cyber risk to be able to both keep up with the latest threat trends and to ensure that cyber incidents are always put into context.

Cyber Risk Seminars Introduce New Solutions to Address Evolving Threat Landscape

During September, RMS ran a series of cyber risk seminars in London and New York. These half-day events coincided with the release of RMS Cyber Solutions version 4.0 and featured both RMS and industry experts discussing cyber risk and the opportunities for the cyber insurance industry. At both events, the day kicked off with Dr. Andrew Coburn, senior vice president for RMS, examining recent developments within the cyber risk landscape by outlining the approach RMS takes to tracking and categorizing the wide range of evolving threat actor groups. He also proposed some key future trends, such as the potential impact of a “gloves-off” nation-state cyberattack and its implications for the cyber insurance industry. Former ethical hacker Eireann Leverett dug deep into the topic of contagion mapping and how hacking groups – both good and bad, are utilizing innovative techniques to map out the digital world. He also touched on the growing use of deepfakes in spear phishing attacks, whereby executive identities are faked to trick employees into fraudulently transferring funds out of the business. To provide the industry’s perspective, we were delighted to be joined by two expert panels in London and New York discussing the cyber market and the role of models to support growth. Thanks to Jamie Pocock (Guy Carpenter), Laila Khudairi (Tokio Marine Kiln), Rory Egan (Munich Re), and Kirsten Mitchell-Wallace (Lloyd’s) for participating in London, and to Anthony Shapella (AIG), Jon Laux (Aon), and Kara Owens (Markel) in New York. RMS Cyber Risk Seminars held in London (left) and New York (right)For the second half of the agenda, members of the RMS cyber team focused on the release of RMS Cyber Solutions version 4.0. This release features substantial enhancements to the RMS model and capabilities across several key areas including exposure data enrichment, expanded model data sources, and new stochastic modeling approaches to quantify cyber risk. Dave Gatey, senior director – modeling for RMS, revealed how new modeling methods, such as agent-based modeling and multi-compartment models were being used in RMS Cyber Solutions v4. Chris Vos, lead modeler for RMS, took to the stage in New York, and myself in London, to give context as to how these improvements to the model and software will assist clients in understanding their cyber risk and therefore making better decisions for their business. In New York, the RMS cyber seminar was followed by a half-day terrorism seminar. Introducing RMS Cyber Solutions Version 4.0 For many insurers, obtaining complete and accurate exposure data from cyber submissions remains a challenge. Often, these submissions are missing key information such as business revenue, profit, or business sector – all attributes that are critical to understanding the potential effect of cyber events. To address this, RMS has released a company database consisting of 13 million companies across 30 countries, alongside a data enrichment engine that uses a custom similarity matching algorithm to allow users to enrich their exposure data. This will help ensure the inputs into the model are as accurate as possible, reducing model uncertainty, and minimizing an insurer’s data collection efforts. Although historical data does not show you the whole picture when it comes to cyber risk, it is still critical to inform the lower return period scenarios. To enable this, RMS has invested substantially in automating our historical event data collection techniques by employing bespoke machine learning algorithms that extract event data from hundreds of thousands of unstructured data sources. These new data sets cover multiple event types including breach, malware, ransomware, and cloud outages and allows our v4 model to be run at a significantly increased level of granularity, supporting greater risk differentiation. RMS has continued to research the causal processes that drive cyber risk, working closely with our partners across cybersecurity and academia, to map out and build simulations of these underlying processes. By stochastically modeling these individual components and applying game theory models to explore threat actor behavior, we can extract probabilities associated with both short- and long-tail cyber events. Investing in Cyber-Physical Loss Models Finally, RMS has maintained its substantial investment in cyber-physical loss models. These models take data from the EDM (the RMS property exposure data store) and other casualty classes to quantify the impact of clash-type cyber catastrophe events such as power blackouts. This allows insurers to explore the potential for silent cyber losses across their business, supporting regulatory reporting. Many insurers are exposed to this type of cyber risk, even if they don’t write affirmative cyber insurance policies. These new insights and models continue to be delivered within an open modeling framework, allowing complete transparency into each of the modeling components. This transparency allows users to validate each component and create custom models to support their own view of risk. This new solution from RMS represents a significant step forward for the insurance industry to model its cyber risk. For more information, please contact cyberrisk@rms.com.…

July 03, 2019

The Future of Cyber Risk

Tom Harvey

Head of Cyber Product Management, RMS

Tom is the Head of Cyber Product Management for RMS, and since early 2015 has worked together with the Cambridge Centre for Risk Studies and RMS’ development partners to bring the RMS Cyber Accumulation Management System and subsequent RMS Cyber Solutions to the market. Tom joined RMS in 2013 as a technical sales expert assisting a number of leading (re)insurers further their catastrophe management practices.

Prior to joining RMS, Tom spent 4 years at Hewlett Packard Software within the European presales team working closely with a number of HPS’ IT security products.

Assess Risk and Strategy
Identify issues and develop actionable recommendations that drive progress

Implement a Solution
Maximize the business value Moody's software delivers at every step in your workflow

Manage Your Business
Extend your in-house capabilities with an experienced team of on-demand analytics experts

Catastrophe modeling

By Industry

By Function

By Region

Blogs
Get expert perspectives as our team weighs in on the latest events, topics, and insights to help you demystify risk and deepen resilience

Our Customers
Meet the customers who are solving some of the world’s toughest problems with Moody’s

Developer Resources
Find API references documentation, tutorials, quick start guides, tools, and more

Risk Data Open Standard
Learn about the flexible, modern data schema that drives value and innovation throughout the industry

High-Definition (HD) Models

Company

Newsroom

Events

Great software career opportunities

Equifax Data Heist: Patching Up a Familiar Problem

Share:

You May Also Like

Cyber Risk Seminars Introduce New Solutions to Address Evolving Threat Landscape

The Future of Cyber Risk

Tom Harvey

Need Help Managing Your Portfolio?

Company

For Customers

Newsroom

Resources

Video Title