Willis Re’s proprietary PRISM-Re cyber modeling tool considers catastrophic as well as attritional losses to portfolios of risk. It employs a two-part framework for analysis of cyber threats. The first component addresses affirmative cyber exposure arising from explicit cyber policies written by an insurer. The second separately considers cyber losses as a result of implicit or inadvertent cyber exposure leaking into insurance policies not designed to cover cyber. The methodology for quantification of the loss potential within a portfolio is different based on the nature of the peril.
Affirmative cyber is addressed through two modules—one for data breach and another for network outage. The first relies on comprehensive cyber threat intelligence and historical breach incident data. This information has been studied through detailed regression analyses to identify relationships between vulnerability to privacy breach and organizations’ revenue size and industry sector. Using the resulting rate of privacy breach parameters, the model determines, based on individual insureds’ unique characteristics, which policies in a portfolio are likely to experience breaches.