Verisk unveils new probabilistic ransomware model for systemic events

Insurance data analytics provider Verisk has unveiled a cyber risk modeling platform that informs risk selection, portfolio management, and risk transfer.

The platform, called Analytics of Risk from Cyber (ARC), includes a new probabilistic systemic ransomware model designed to help companies analyse systemic ransomware events by simulating aggregated losses from global-scale ransomware attacks, such as WannaCry (2017) and NotPetya (2017).

The updated ARC model also includes access to loss breakdowns by a range of event vectors and coverages, as well as the ability to automate workflows and integrate its analytics into internal applications by leveraging public APIs.

“Cyber risk is constantly evolving and growing, especially with the digital acceleration driven by the COVID-19 pandemic,” said Prashant Pai, vice president of Verisk Cyber Solutions. “Likewise, we, as the insurance industry are recognising that this growing risk impacts many of the cyber coverages; both affirmative and non-affirmative. In addition to the unique systemic ransomware model that is now available in ARC, this release features a number of innovations including a significantly enhanced web user interface that provides efficient workflows coupled with a powerful new financial model that more accurately models insurance terms specific to cyber.”

Scott Stransky, vice president & director of emerging risk modeling at AIR Worldwide, added: “The probabilistic ransomware model covers systemic ransomware events, that is, wide scale events that affect more than one organisation at a time. However, unlike an event that takes an entire cloud provider down and all the companies using that cloud with it, these ‘partial’ aggregation events only impact a percentage of organizations that are vulnerable to that particular method of attack, a problem that is particularly well-suited to stochastic modeling. For example, NotPetya impacted only a small fraction of the companies that had the necessary vulnerability – older, unpatched versions of SMB (Server Message Block), a protocol used to communicate between nodes on a network. By modeling many potential points of aggregation, we can capture a wide range of ransomware scenarios.”