Cyber insurers face a dynamic and confusing risk outlook. For instance, according to a recent cyber report from broker Howden, during the COVID-19 pandemic, cyber insurance premiums surged between 2020 and 2022 in response to the remote working boom.
Businesses then raced to adapt their cyber security to manage threats from personal device use and remote network access. This paid off as better threat awareness, especially of major high-profile cyber-attacks, and good cyber hygiene practices such as multifactor verification, built business resilience and helped ease premiums.
Gains in resilience are then continually tested, as on the other side, ransomware, and malware attacks have intensified; Zscaler reported that the U.S. received 1.13 billion phishing attacks in 2023 alone.
This hardening of cybersecurity now sees criminal gangs and state-backed threat actors becoming more opportunistic and broadening their targeting into areas that were previously deemed off-limits. The Russian state-backed group Qilian demanded £40 million in ransom after it attacked U.K. pathology services provider Synnovis, which saw over 300 million patient interaction records stolen, such as blood transfusion data, disrupting the U.K.’s National Health Service (NHS).
The recent CrowdStrike faulty update distributed on July 19 then heightened the risk of non-malicious events, as a single update saw millions of Windows devices rendered useless and users greeted with the ‘Blue Screen of Death’ with real-world impacts ranging from flight cancellations, payment system failures, and stuck health systems. The CrowdStrike event had the potential to be more impactful, had it been malicious than cyberattacks such as WannaCry in 2017, which brought event response into focus – to establish the extent of the impact of this event.
How can cyber insurers make sense of the risk?
Cyber Risk Rises up the Agenda
At our annual Exceedance™ conference this year, cyber risk surged to the top of the issues list as more insurers looked to enter or expand their cyber business, and it was a pivotal subject among risk management leaders and experts.
There was much discussion at the conference and a consensus formed on a collective industry effort is required to understand the risks and comprehensively address them.
Moody's has been leading efforts alongside the industry to enhance understanding, management, risk transfer, and pricing strategies for cyber risks, viewing these challenges as opportunities to grow this market.
With nearly ten years in cyber risk modeling, Moody's recently unveiled Moody’s RMS™ Cyber Solutions Version 8.0, introducing significant methodology and data updates, ensuring insurers, brokers and investors can capture a landscape of cyber threats that are constantly evolving; a risk that is both dynamic and multifaceted.
Working with our cyber insurance clients and partners, we support the expanding market as it rightly demands a well-rounded strategy for quantification and in-depth analysis, and unlocking cyber capacity in ILS markets.
New Evolution: Cyber Solutions Version 8
Moody’s RMS Cyber Solutions is known for its robustness and comprehensive approach, and building on sound foundations, Version 8 has been fine-tuned to reflect the latest in threat and vulnerability landscapes, software usage, and mitigation strategies.
Surveying cyber risks during a keynote session at the Exceedance conference, ransomware and malware remain at the forefront of concerns, followed by cloud outages. The latest model iteration ensures the model remains reflective of the current state of cyber threats bringing to light changes in threat actor behaviors and increases in vulnerabilities that could potentially spread more widely.
In line with the cyber insurance market, the model now includes a broader range of scenarios, with the number of unique events cataloged doubling to over 20,000. This expansion brings forth further diversification within portfolios aimed at enhancing decision-making support, risk transfer processes, and the foundations for improved event response strategies.
Moody's provides a detailed – yet understandable – scenario framework, acknowledging the complexity of the cyber ecosystem. One of the benefits is to help model users uncover potential correlations that might influence pricing and risk aggregation by delving deeper into the data and broadening the range of modeled events.
Cyber risks unlike natural peril risks cannot be diversified simply through geographical spread due to their complex correlation structures. This represents a preliminary step towards achieving diversification in cyber risk management or assessing correlations in ILS investor portfolios.
For many insurers, collecting basic exposure data, such as company size, industry, and geographical location, remains challenging, and to help address this, our Cyber Solutions is utilizing a portion of Moody’s Orbis dataset. To enhance user data, this dataset covers approximately 19 million companies worldwide with revenues over US$1 million.
Through interactions with industry partners and clients, it’s clear that while cyber represents a significant growth opportunity, there are obstacles to its sustainable expansion, but as the past ten years in cyber risk modeling shows, Moody’s is committed to investing in cyber risk modeling and innovation to overcome these challenges.
As our clients move forward to capitalize on the growth in the cyber insurance market, we are equally ambitious for the future, and looking forward, Moody's aims to deepen its understanding of cyber risks across various modeling dimensions to diminish risk uncertainty and bolster confidence about managing this risk.
Whether it is developing HD modeling frameworks that can adapt to the evolving cyber insurance market or dissecting the mechanics and impacts of cloud outages on organizational revenue resilience, Moody's is leading the charge in model development for cyber risk.