Last week it was my pleasure to moderate a session during the digital NetDiligence Santa Monica Conference. We had a great panel including, Scor’s Simon Cartagena, Justyna Piniska from Capsicum Re, Evgenia Agreeva of Swiss Re, and Danielle Smith from RMS. Wherever you sit in the insurance ecosystem, I would hope you were able to come away with some solid insight into both the cyber risk modeling landscape today and what it needs to look like in the near future.
We started our discussion on the topic of current models and the strategic use cases that have yet to be unlocked, specifically relating to capital management. The panel discussed the items that model vendors would have to address for a carrier to fully rely on them for capital management. This includes a robust model validation process, strong change management, and enough transparency to allow users to become comfortable with all the different data inputs and assumptions. Vendors need to equip their customers to be able to comply with an array of regulators.
We then moved on to model development and what needs to happen for reinsurers to rely on them for strategic planning purposes. While validation and transparency are both needed in this case, similarly to capital management, additional model reporting functionality is also necessary. Having per risk, per event year-loss-tables is one such development. Others include better access and validation to firmographic and technographic data. The panelists discussed the difficulties in evaluating differences between vendors who may all supply differing data on the same risk.
Lastly, we wrapped up by discussing catastrophic scenarios and future model development. While a lot of the industry has reached consensus on significant scenarios for cloud outage, ransomware, and utility outages, it remains to be seen what other risks have not hit our radar. This is one area, in particular, where carriers are looking to vendors to supply additional expertise and insight.
From our discussions, it is apparent the market is expecting major model development strides in the next 12-24 months. While certainly new features and reporting functionality will be rolled out, the major focus anticipated is around model validation, data validation, and additional transparency.
As CyberCube looks to develop the next version of Portfolio Manager - our scenario-based data-driven model that enables enterprise risk managers to manage cyber risk portfolio accumulations and set risk tolerance thresholds - it will be important to address these needs being voiced by the industry. In the past year, model documentation and transparency has made great progress. Continued collaboration with our clients will be more important than ever.