Nat cat models can't be replicated in cyber modeling, says CyberCube
Natural catastrophe models can only act as a template for cyber modellers, who will need to develop their own solutions to tackle the evolving cyber risks, according to a new report by risk analytics provider CyberCube.
The report states that a lack of historical data and the rapidly evolving nature of cyber threats means that cyber risk modellers need to be selective in the lessons they learn from natural catastrophe models.
It noted that despite the similarities there are some key differences between the two types of models.
"In addition to a lack of historical data and the rapid frequency with which cyber events are changing, cyber-attacks involve ‘active adversaries’ in the form of criminals or terrorists," CyberCube said. "These important differences mean that cyber modelers do not have the time or ability to ‘observe, learn and adapt from past data and models’."
Oliver Brew, CyberCube’s head of client services, said: “For a long time, our sector thought that by studying the way in which nat cat models developed, we could find answers to build better cyber models. What this report shows is that those parallels will only take us so far.
“The challenge for businesses like CyberCube is to use the tools at our disposal to learn from the past and make informed decisions about the future. The good news is that cyber models are improving rapidly with more useful data sources and faster cloud-hosted processing power.”
The report studied how Hurricane Andrew in 1992 highlighted significant weaknesses in what were then current modelling practices. Yvette Essen, head of content at CyberCube, said: “Back then, insurers estimated the size of future losses using ‘experience’ data based only on what happened in the past. Actuaries simply adjusted recent history to reflect current trends. Hurricane Andrew helped to prove that past data is a poor gauge for future catastrophe exposure. Previous projections failed to recognise that science indicated unprecedented events were within the realm of reasonable possibility.”
CyberCube noted that the limited volume of ‘categorised and structured’ data relating to insured cyber losses may also hamper the development of cyber models. While there are many sources for information on well-documented cyber incidents, the report notes, these have not translated into a similar volume of useful data that insurers and modelers can utiltise.
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk
Editor's picks
Editor's picks
More articles
Copyright © intelligentinsurer.com 2024 | Headless Content Management with Blaze