Verisk Releases Industry's First Cyber Exposure Data Standard

Verisk Analytics have announced that it has released the industry's first global cyber exposure data standard. This standard will help create a uniform method for data transfer across the insurance value chain. Verisk's catastrophe modeling business AIR Worldwide has also developed a preparer's guide to assist companies in collecting and storing the necessary cyber exposure data in an open format suitable for modeling.

The Verisk cyber exposure data standard is the first step in the process of managing accumulations of cyber risk and will help create a uniform method for data transfer throughout the industry. Many of the fields are optional to provide flexibility for companies that collect different types of information or at different levels of detail. The AIR preparer's guide will assist companies in collecting and storing the data. Many client organizations, including companies in the insurance, broker, and reinsurance industry, have reviewed the standard and provided valuable input.

Cyber risk has become the fastest-growing peril over the past year. The ability to analyze cyber risk accurately requires a full understanding of the cyber exposure data. It is imperative that companies capture this data in a common format that can be used by organizations across the insurance value chain. It is also crucial that the exposure data standard used today and in the future be robust enough for organizations to grow into.

"Verisk and AIR have developed a comprehensive data standard containing the critical parameters that must be captured to assess a company's risk from cyber attacks," said Nigel Pearson, global head of fidelity, Allianz Global Corporate & Specialty SE. "Collecting and storing this data forms a basis for analyzing accumulated risk, and Allianz can immediately begin leveraging AIR's preparer's guide to determine which additional parameters we should start capturing. We look forward to applying the standard for modeling when the AIR cyber risk model is complete."

"Cyber insurance is an important new area of coverage, and it is essential that we have good-quality standardized data to track exposures," said Tom Bolt, director, performance management, Lloyd's of London. "I am delighted that AIR has collaborated with us to help standardize some common data requirements and that their new data schema incorporates this."

In addition, AIR has developed an SQL implementation to allow organizations to begin to use the standard in their enterprises. In the coming months, AIR aims to provide SQL scripts that can be used for deterministic scenario analysis and accumulation analysis.

"AIR Worldwide's forthcoming probabilistic cyber risk model will serve to help insurers and reinsurers manage accumulations of cyber risk as well as assess and evaluate the risk of individual contracts," said Scott Stransky, manager and principal scientist at AIR Worldwide. "The preparer's guide represents a key first step in the development of a common cyber exposure data standard that better enables companies to capture the correct data and store it in a format usable in the forthcoming AIR model. The innovative cyber risk model will be critical to better understanding the financial implications of cyber attacks, including the aggregation risk associated with a megascale attack."


back to top