Quantify Risk with Cyber Modeling
Moody's RMS Cyber Solutions use the latest cyber risk analytics and most current cyber risk data to quantify the risks of this dynamic peril helping you make sound underwriting, portfolio management, and risk transfer decisions.
Improve Cyber Pricing
Our financial model is calibrated for cyber risk using econometric data, robust modeling of threat factors, and our Cyber Incident Database (which includes data on millions of attacks).
Understand Market Position
The Moody's RMS Cyber Economic Exposure Database enables you to understand your relative market share and account for annual fluctuations in the U.S. cyber market.
Manage Risk Effectively
Stay ahead of the competition with the cyber risk model that helps you intelligently underwrite, diversify, and manage both catastrophic and attritional cyber risk.
Key Cyber Model Features
The comprehensive Moody's RMS cyber risk model supports (re)insurers’ end-to-end cyber risk management.
Get a Complete View of Cyber Risk
The increasing risks posed by cyber attack, security breaches, and cyber threat make it critical that insurers have a complete view of potential vulnerabilities and exposure aggregations. Moody's RMS cyber risk models assess attritional risk (one-off), large event, and catastrophic event losses for a comprehensive perspective and the ability to improve risk selection and pricing. The Moody's RMS financial model is calibrated using econometric data, robust modeling of factors, and our Cyber Incident Database which includes data on millions of attacks.
Related Cyber Solutions
Moody's RMS Cyber Solutions offer a full range of cyber risk modeling, quantification and management solutions to help (re)insurers regardless of the maturity of their cyber business.

Underwriting Solution
Moody's RMS Cyber Solutions Underwriting enables effective pricing of affirmative cyber risk contracts. Using the same modeling engine as the portfolio management application to ensure consistency and compatibility, this tool leverages hundreds of thousands of real-world cyber incidents to provide the most current representation of an ever-evolving threat.

Portfolio Management Solution
Moody's RMS Cyber Solutions Portfolio Management facilitates portfolio optimization and the setting of capital requirements, effectively capturing both affirmative and silent cyber risk within your book.

Moody's RMS U.S. Cyber IED/EED
Get a broader view of risk through the Moody's RMS® U.S. Cyber Economic Exposure Database (EED) and Moody's RMS® U.S. Cyber Industry Exposure Database (IED) to support applications from business strategy to risk transfer.

Cyber Consulting Services
Regardless of your size, Moody's RMS offers a wide range of consulting services and modeled outputs to assist (re)insurers with quantification, management, and operationalization of cyber risk.

Thought Leadership
From publications to cyber events to working with a range of cyber experts, Moody's RMS brings the latest research and understanding of cyber risk modeling to the insurance market.

Software and Models
The Moody's RMS Cyber Solutions applications offer full access to comprehensive cyber risk models, a standardized cyber exposure data schema, configurable analysis profiles, results data, and reporting.
Spotlight

Beyond Cyber as a Coverage
The core Moody's RMS cyber risk models can be used to quantify cyber risk arising from a range of scenarios for various coverages and categories of exposure. But to gain a complete view of risk, other Moody's RMS solutions can help (re)insurers.



Resources

Cyber is Uncertain, Probabilistic, and Chaotic: It’s Time ...
Cyber risk represents one of the fastest-growing opportunities in the insurance marketplace. The cyber insurance market is set to grow at a compound annual growth rate (CAGR) of 25 percent between 2022 and 2028, to reach a market size of US$28 billion. This outpaces the growth in other insurance lines and represents a net new (and diversifying) revenue stream. But the nascent cyber market is different from long-established natural catastrophe peril markets, which are well understood in terms of loss experien...

Log4j Vulnerability and the Complexity of Modeling Cyber R...
The cybersecurity world has turned its focus to the discovery of a vulnerability in Log4j, a Java library for logging error messages in applications. Log4j is widely used in enterprise Java software, from well-known major vendor software applications and services to software developed in-house. Everyday users see Log4j in action when an application generates an error message, alerting the user to the error on screen, logging the error, and in some instances, giving feedback to the software vendor with details ab...

Lessons from SolarWinds Breach: How IT Supply Chain Attack...
This article was originally published in Insurance Day - click here to access (subscription required) Cybersecurity company FireEye was the first to reveal how a serious threat actor had hacked their internal network via a compromised SolarWinds Orion application, closely followed by several U.S. government agencies. SolarWinds Orion IT monitoring and management software has over 300,000 customers worldwide, including 425 of the U.S. Fortune 500 businesses, and significant penetration in many U.S. government,...

New Ways of Modeling Property-Liability Clash and Uncoveri...
Natural disasters and other large catastrophes can trigger huge economic losses potentially among multiple insurance lines. RMS, in collaboration with research partner Cambridge Centre for Risk Studies at University of Cambridge, have developed eight template scenarios that model liability clash triggered by natural or man-made catastrophic events. This research was primarily focused on property–liability clash modeling and was the continuation of the two-year Global Exposure Accumulation and Clash (GEAC) pro...

Succeeding in a Changing Cyber Risk Landscape
Though a relatively new peril, cyber risk is dynamic – and 2020 has certainly been a year of rapid change in terms of the nature of cyber risk. Due to national or state-level COVID-19 lockdowns, employees around the globe left the protective IT bubble at their office buildings to work from home, causing cyber exposure to shift radically for cyber insurers. Research from Stanford University published at the end of June 2020 suggested that 42 percent of the entire U.S. labor force was working from home full time. ...

Cyber Risk Outlook 2019
The report provides insights into the rapidly evolving world of cyber risk and describes the latest insights from RMS analysts and modelers in collaboration with the Cambridge Centre for Risk Studies.

Quantify Your Silent Cyber Exposure With These Three Steps
In 2017, WannaCry infected computers in over 150 countries across the globe, taking out critical functions such as the National Health Service (NHS) in the U.K. One year later, the NotPetya cyberattack brought many household names to a standstill. The pharmaceutical giant, Merck, was reportedly the source of US$1.3 billion of total impact to (re)insurers from the NotPetya attack, 87 percent of which was considered silent exposure. These two major cyberattacks highlighted to insurance carriers the risk of being e...

Toward a Science of Cyber Risk
A new article, The Science of Cyber Risk: A Research Agenda has just been published in Science. A free, non-paywall version of this paper is available here. Written by a diverse team of 19 authors, including myself, it presents a concise argument for interdisciplinary research, to establish a scientific basis for risk analysis and management in the cyber security domain. As a leading provider of cyber risk models for the (re)insurance industry, RMS is committed to advancing the state-of-the-art...

Cyberterrorism: A Risk Assessment
Technological advances in communications, computing and computer networks are exposing new vulnerabilities that terrorist groups can exploit, making cyberterrorism a potential security concern. The media has extensively discussed this issue, invoking images of massive economic losses and even larger-scale loss of life from a cyberattack executed by a terrorist group. But just how real is the threat that cyberterrorism poses? Fortunately, the fear surrounding this issue outpaces the magnitude of the risk, and in ...

Standardized Cyber Exposure Data Schema
A data schema for a growing cyber insurance market. Cyber Insurance Exposure Data Schema v1.0

Find the Right Cyber Risk Models for Your Business