Verisk Releases Updated Cyber Risk Modeling Platform
New fully probabilistic systemic ransomware model now available in ARC
JERSEY CITY, N.J., July 22, 2020 — Verisk (Nasdaq:VRSK), a leading data analytics provider, today announced the latest release of ARC (Analytics of Risk from Cyber), a state-of-the-art cyber risk modeling platform that informs risk selection, portfolio management, and risk transfer. This release of ARC hosts a comprehensive set of models powered by AIR, including individual risk models, aggregation risk models, and the newly available probabilistic systemic ransomware model, to help companies analyze systemic ransomware events by simulating aggregated losses from global-scale ransomware attacks, such as WannaCry (2017) and NotPetya (2017). The economic loss from a major systemic ransomware attack can exceed 15 billion USD, causing significant damage to the global economy, thereby making modeling such attacks critical to the insurance industry.
“Cyber risk is constantly evolving and growing, especially with the digital acceleration driven by the COVID-19 pandemic,” said Prashant Pai, vice president of Verisk Cyber Solutions. “Likewise, we, as the insurance industry are recognizing that this growing risk impacts many of the cyber coverages; both affirmative and non-affirmative. In addition to the unique systemic ransomware model that is now available in ARC, this release features a number of innovations including a significantly enhanced web user interface that provides efficient workflows coupled with a powerful new financial model that more accurately models insurance terms specific to cyber.”
Other enhancements in ARC include access to a breadth of loss breakdowns by a range of event vectors and more than a dozen coverages; and the ability to automate workflows and integrate ARC’s analytics into a client’s internal applications by leveraging public APIs.
The 50,000-year stochastic catalog of systemic ransomware events includes tens of thousands of events of varying severities. The model focuses on points of aggregation (including operating system, geocoded internet infrastructure location, poor cyber hygiene, and industry), stochastic probability of infection, and downtime duration to understand the potential spread and severity of these events. Clients can use ARC to look at the financial impact and understand potential losses across four key cyber coverages triggered by these events, including business interruption, data and asset recovery and remediation, cyber forensics/incident remediation, and extortion (ransom payments). Overall, the updated cyber model has more than six million simulated events between those that impact individual risks, points of aggregation, and systemic ransomware attacks.
“The probabilistic ransomware model covers systemic ransomware events, that is, widescale events that affect more than one organization at a time,” said Scott Stransky, vice president & director of emerging risk modeling at AIR Worldwide. “However, unlike an event that takes an entire cloud provider down and all the companies using that cloud with it, these ‘partial’ aggregation events only impact a percentage of organizations that are vulnerable to that particular method of attack, a problem that is particularly well-suited to stochastic modeling. For example, NotPetya impacted only a small fraction of the companies that had the necessary vulnerability – older, unpatched versions of SMB (Server Message Block), a protocol used to communicate between nodes on a network. By modeling many potential points of aggregation, we can capture a wide range of ransomware scenarios.”
ARC is a part of Verisk's Cyber Solutions Suite which was named Cyber Solution of the Year at the InsuranceERM Annual Awards 2020 – Americas. The Verisk Cyber Solutions suite, built on a database with information from more than 12 million worldwide businesses, delivers policy language, loss costs, analytics, modeling, workflow capabilities, and more.
Verisk (Nasdaq:VRSK) provides predictive analytics and decision-support solutions to customers in the insurance, energy and specialized markets, and financial services industries. More than 70 percent of the FORTUNE 100 relies on the company’s advanced technologies to manage risks, make better decisions and improve operating efficiency. The company’s analytic solutions address insurance underwriting and claims, fraud, regulatory compliance, natural resources, catastrophes, economic forecasting, geopolitical risks, as well as environmental, social, and governance (ESG) matters. Celebrating its 50th anniversary, the company continues to make the world better, safer and stronger, and fosters an inclusive and diverse culture where all team members feel they belong. With more than 100 offices in nearly 35 countries, Verisk consistently earns certification by Great Place to Work. For more: Verisk.com, LinkedIn, Twitter, Facebook, and YouTube.
For more information, contact: