RMS Launches New Data Standard for Managing Cyber Insurance Featured

RMS Launches New Data Standard for Managing Cyber Insurance

Ahead of the February launch of its new suite of cyber risk management tools, RMS has released its recently developed Cyber Exposure Data Schema. The ‘open standard’ data schema will provide the insurance industry with a systematic and uniform way to capture cyber exposure data and manage cyber accumulation risk. A report detailing the Cyber Exposure Data Schema has been published today here.

The Cyber Exposure Data Schema, developed in collaboration with the Centre for Risk Studies at Cambridge University and with support from eight leading insurance and reinsurance companies, provides firms with a standardized approach to identifying, quantifying and reporting cyber insurance exposure. The schema is both model agnostic and compatible with any exposure management system and will enable firms to:

  • Share and transfer information about exposures in a consistent and standardized format for risk transfer transactions, benchmarking exercises, and regulatory reporting 
  • Report exposure aggregates by different types of coverage and potential loss characteristics to a level of granularity that can inform risk appetite decisions 
  • Assess and monitor risk appetite by estimating losses from accumulation scenarios, or other types of risk models, to the exposure recorded
  • Clarify silent or affirmative covers by identifying insurance policies with ambiguity in whether they would pay out in the event of a cyber incident

Download in PDF now!.

Andrew Coburn, senior vice president, RMS, said: “Having a standardized way to capture cyber insurance exposures will provide a much-needed framework for the market to grow its cyber capacity safely. We worked with a development consortium of leading international cyber insurance practitioners to develop the RMS schema, passing it through a series of rigorous consultation reviews. Our Cyber Exposure Data Schema is one component of our four-part cyber risk management framework being released in full at the beginning of February.”

To develop the Cyber Exposure Data Schema, the Cambridge Centre for Risk Studies consulted with a broad range of organizations seeking to harmonize cyber exposure reporting, including cyber risk experts, cyber insurance writers, and industry organizations such as the Lloyd’s Market Association, U.S. rating agencies, the Reinsurance Association of America, and the Chief Risk Officers Forum.

Simon Ruffle, director of technology research and innovation at the Cambridge Centre for Risk Studies, said: “Establishing agreed categories and a common language for cyber exposure segmentation is a key objective of the schema design. The launch of the data schema is a major milestone in our research and development work on cyber risk management and will solve many of the current cyber data management challenges re/insurers are seeking to address.”

In addition to making its Cyber Exposure Data Schema available to all industry participants, RMS has also collaborated with Lloyd’s of London and AIR Worldwide to help the growing cyber insurance market quickly establish the core data requirements for managing cyber risk common to both modeling firms. By using similar terminology and precise definitions, in addition to highlighting the common elements across their data schemas, the initiative will make it easier for companies to code existing account data to identify their potential cyber accumulations.

Tom Bolt, director, performance management, Lloyd’s of London, said: “Cyber insurance is an important new area of coverage, and it is essential that we have good-quality standardized data to track exposures. I am delighted that RMS has collaborated with us to help standardize some common data requirements and that their new data schema incorporates this."


back to top