Modelers of pandemics and cyber risk are reliant on understanding and predicting human behaviour, but there is a lot they can learn from each other, according to a new report from CyberCube.
The report, Viruses, contagion and tail risk: Modeling cyber risk in the age of pandemics, aims to understand the lessons pandemic and cyber modelers can learn from one another. It can be downloaded for free here.
It claims that political decisions and the public’s response can affect the duration and severity of both types of events, and understanding this is critical for modelling.
The report identifies the ways modelers represent the complex interactions between human-created risks is key to building effective models. Whilst pandemics are born from pathogens, the challenge for modelers is how they can illustrate the various outcomes based on individual and societal reactions that impact the spread of disease or a cyber threat.
CyberCube head of client success Oli Brew said, “It’s clear that lessons can be learnt and applied to cyber risk modelling from understanding how pandemic models have evolved. As the COVID-19 pandemic continues, even though there are differences between computer and human viruses, parallels are emerging in the modelling, the methodologies and the data challenges.
“There is real value in learning from interdisciplinary teams in how to balance the needs of accuracy and precision in developing models to meet the market needs. At a minimum, the need for a creative, but reality-based imagination to represent forward-looking risks is critical.”
The report includes comments from experts within Munich Re, as well as contributions from leading pandemic modelling firm Metabiota.
One of the other key takeaways is that the lack of data and collection capabilities is hindering the progress of both cyber and pandemic modelers. It states that since the beginning of the 20th century, there have been less than 12 major global pandemics. Similarly, there have been only a handful of significant systemic cyber events. There have been countless cyber incidents, but not of magnitude size. This has left little data around the events, making it tough to predict the impact of an event.
If the current limitations around data collection are improved, the value and insights models can provide the insurance space will increase.
Munich Re senior actuary of epidemic risk solutions Dr Hjalmar Böhm said, “In both cyber risk and pandemics, there is a need to consider accumulation risk. For example, a pandemic is a key consideration for life insurers and a high mortality event could create significant economic loss. A solid approach to controlling accumulation risk exposure needs to be the basis for every business model for epidemic risk insurance.”
These thoughts were echoed by Metabiota CEO Nita Madhav, who stated that there are parallels with modelling the spread of a virus and how cyber systems are connected. Madhav said, “both are network issues.” One of the best defences for both is early action, but that can be tough without the right tools. She added, “You can be asymptomatic with COVID-19; similarly, you may not know if a cyber intruder has already infiltrated your network.”