Verisk Releases Updated Cyber Risk Modeling Platform
New fully probabilistic systemic ransomware model now available in ARC
JERSEY CITY, N.J., July 22, 2020 — Verisk (Nasdaq:VRSK), a leading data analytics provider, today announced the latest release of ARC (Analytics of Risk from Cyber), a state-of-the-art cyber risk modeling platform that informs risk selection, portfolio management, and risk transfer. This release of ARC hosts a comprehensive set of models powered by AIR, including individual risk models, aggregation risk models, and the newly available probabilistic systemic ransomware model, to help companies analyze systemic ransomware events by simulating aggregated losses from global-scale ransomware attacks, such as WannaCry (2017) and NotPetya (2017). The economic loss from a major systemic ransomware attack can exceed 15 billion USD, causing significant damage to the global economy, thereby making modeling such attacks critical to the insurance industry.
“Cyber risk is constantly evolving and growing, especially with the digital acceleration driven by the COVID-19 pandemic,” said Prashant Pai, vice president of Verisk Cyber Solutions. “Likewise, we, as the insurance industry are recognizing that this growing risk impacts many of the cyber coverages; both affirmative and non-affirmative. In addition to the unique systemic ransomware model that is now available in ARC, this release features a number of innovations including a significantly enhanced web user interface that provides efficient workflows coupled with a powerful new financial model that more accurately models insurance terms specific to cyber.”
Other enhancements in ARC include access to a breadth of loss breakdowns by a range of event vectors and more than a dozen coverages; and the ability to automate workflows and integrate ARC’s analytics into a client’s internal applications by leveraging public APIs.
The 50,000-year stochastic catalog of systemic ransomware events includes tens of thousands of events of varying severities. The model focuses on points of aggregation (including operating system, geocoded internet infrastructure location, poor cyber hygiene, and industry), stochastic probability of infection, and downtime duration to understand the potential spread and severity of these events. Clients can use ARC to look at the financial impact and understand potential losses across four key cyber coverages triggered by these events, including business interruption, data and asset recovery and remediation, cyber forensics/incident remediation, and extortion (ransom payments). Overall, the updated cyber model has more than six million simulated events between those that impact individual risks, points of aggregation, and systemic ransomware attacks.
“The probabilistic ransomware model covers systemic ransomware events, that is, widescale events that affect more than one organization at a time,” said Scott Stransky, vice president & director of emerging risk modeling at AIR Worldwide. “However, unlike an event that takes an entire cloud provider down and all the companies using that cloud with it, these ‘partial’ aggregation events only impact a percentage of organizations that are vulnerable to that particular method of attack, a problem that is particularly well-suited to stochastic modeling. For example, NotPetya impacted only a small fraction of the companies that had the necessary vulnerability – older, unpatched versions of SMB (Server Message Block), a protocol used to communicate between nodes on a network. By modeling many potential points of aggregation, we can capture a wide range of ransomware scenarios.”
ARC is a part of Verisk's Cyber Solutions Suite which was named Cyber Solution of the Year at the InsuranceERM Annual Awards 2020 – Americas. The Verisk Cyber Solutions suite, built on a database with information from more than 12 million worldwide businesses, delivers policy language, loss costs, analytics, modeling, workflow capabilities, and more.
Verisk (Nasdaq:VRSK) is a leading data analytics provider serving customers in insurance, energy and specialized markets, and financial services. Using advanced technologies to collect and analyze billions of records, Verisk draws on unique data assets and deep domain expertise to provide first-to-market innovations that are integrated into customer workflows. Verisk offers predictive analytics and decision support solutions to customers in rating, underwriting, claims, catastrophe and weather risk, global risk analytics, natural resources intelligence, economic forecasting, and many other fields. Around the world, Verisk helps customers protect people, property, and financial assets.
Headquartered in Jersey City, N.J., Verisk operates in 30 countries and is a member of Standard & Poor's S&P 500® Index. In 2018, Forbes magazine named Verisk to its World's Best Employers list. For more information, please visit www.verisk.com.
For more information, contact: