Cyber risk management company KYND’s Realistic Disaster Scenarios models represent a significant step forward in supporting (re)insurers.
Lloyds introduced Realistic Disaster Scenarios (RDS) in 1995 in response to significant aggregations of property losses across the market as a result of three events: the explosion of the North Sea oil-drilling platform Piper Alpha (1988), Hurricane Andrew (1992), and the Northridge Earthquake (1994).
Lloyd’s has recently updated their set of events to include an escalating threat in today’s world: cyber risk.
According to KYND, Realistic Disaster Scenarios mean descriptions of catastrophic events used to assess the risk of single incident causing widespread insurance claims.
Although often these scenarios may be extreme, (re)insurers are expected to be prepared for them and remain solvent so policyholders can successfully make claims.
As such, (re)insurance carriers and affiliated modellers have developed iterations of RDS models that report on the losses to be anticipated in the case of the three mandatory Lloyds cyber scenarios: “Business Blackout II”, a power cut in the Eastern US; “Cloud Cascade”, an outage for a major cloud service provider; and “Ransomware Contagion”, a spread of ransomware exploiting a newly-discovered vulnerability in a widely-used operating system.
More effective modelling
In order to support its insurance partners, KYND has developed models to assess the impact of Lloyds’ mandatory RDS. However, what makes these models unique in the market is that the company is able to base its models on the actual cyber footprint of portfolio organisations to determine the extent of impact if one of these disasters were to strike.
KYND said it is able to identify exactly which organisations and which parts of their infrastructure would be affected by these incidents.
This model, KYND continued, doesn’t just make the quantification of aggregate loss more accurate, but it also means the specifics of policy conditions to accurately model the impact for (re)insurers can be incorporated. This means that parametric insurers, carriers at excess layers, or reinsurers covering multiple points in the tower, are all accounted for.
More probable scenarios
As (re)insurers have more sophisticated discussions about the type of systemic events that are pertinent to portfolios of risk, KYND said a trend is playing out whereby organisations are becoming more interested in truly relevant scenarios that target the real cyber accumulation of their portfolios.
For example, the mandatory RDS are relevant for an organisation with a large proportion of their digital infrastructure hosted in the US. But for those with assets in other regions, these scenarios are less relevant.
In such cases, KYND said it can target similar events to the types of risks which would incur a systemic loss for the portfolio. For a European portfolio, for example, the company might model a northwest European blackout resulting from a gas supply interruption.
KYNDs data and modelling empowers organisations to quantify these relevant, smaller and more nuanced scenarios.
The company’s granular data on the infrastructure of each insured allows it to identify specific instances where these unusual points of accumulation occur, and to model the impact of new and varied scenarios.
What’s more, the company is also able to develop bespoke scenarios with its insurance partners, producing analyses for the specific cases which are important to them.
Earlier this year, KYND was selected by Lombard Odier Investment Managers for its portfolio risk management solution.
Find the full post here.
Copyright © 2023 FinTech Global