A lack of historical data and the rapidly evolving nature of cyber threats mean that cyber risk modellers need to be selective in the lessons they learn from natural catastrophe models.

According to a new report from market-renowned cyber analytics provider firm, CyberCube, the evolution of natural catastrophe modeling since Hurricane Andrew in 1992 can act as a template for cyber modelers, but only up to a point. Beyond that, cyber modelers need to develop their own solutions.

‘Drawing from the Experience of Nat Cat Modeling’

‘Drawing from the Experience of Nat Cat Modeling’, highlights three key differences

While there are similarities between the two types of models, the report, ‘Drawing from the Experience of Nat Cat Modeling’, highlights three key differences. In addition to a lack of historical data and the rapid frequency with which cyber events are changing, cyber-attacks involve ‘active adversaries’ in the form of criminals or terrorists.

These important differences mean that cyber modelers do not have the time or ability to ‘observe, learn and adapt from past data and models’. One key challenge for cyber modelers identified in the report is the need to improve accuracy in this sector in which the past provides limited guidance as to future activity.

Enhancing cyber security

Oliver Brew, CyberCube’s Head of Client Services and one of the report’s authors, said “There’s a well-known phrase in statistical circles that while all models are wrong, some are useful. Models like CyberCube’s model do not have a predictive line of sight to outcomes but they do aid decision-making, capital planning and a wide range of other factors.”

He adds, “For a long time, our sector thought that by studying the way in which nat cat models developed, we could find answers to build better cyber models. What this report shows is that those parallels will only take us so far. The challenge for businesses like CyberCube is to use the tools at our disposal to learn from the past and make informed decisions about the future. The good news is that cyber models are improving rapidly with more useful data sources and faster cloud-hosted processing power.

‘Categorized and structured’ data

The report studied how Hurricane Andrew in 1992 highlighted significant weaknesses in what were then current modeling practices. Yvette Essen, Head of Content at CyberCube, said “Back then, insurers estimated the size of future losses using ‘experience’ data based only on what happened in the past. Actuaries simply adjusted recent history to reflect current trends. Hurricane Andrew helped to prove that past data is a poor gauge for future catastrophe exposure. Previous projections failed to recognize that science indicated unprecedented events were within the realm of reasonable possibility.

Limited volume of ‘categorised and structured’ data on insured cyber losses can hamper cyber models' development

The limited volume of ‘categorized and structured’ data relating to insured cyber losses may also hamper the development of cyber models. While there are many sources for information on well-documented cyber incidents, the report notes, these have not translated into a similar volume of useful data that insurers and modelers can utiltize.

Cyber risk analytics expert

CyberCube delivers renowned cyber risk analytics for the financial and insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s Software-as-a-Service platform helps insurance companies make better decisions when underwriting cyber risk and managing cyber risk aggregation.

CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modeling on over 1,000 single points of technology failure. Drawing from the Experience of Nat Cat Modeling is published online and available from CyberCube on the official company website.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

In case you missed it

How To Use Threat Intelligence Data To Manage Security In The Age Of COVID-19
How To Use Threat Intelligence Data To Manage Security In The Age Of COVID-19

COVID-19 has already had a huge impact on the global economy. According to Statista, GDP growth globally will drop from around 3% to 2.4% - equivalent to a drop of around $35 trillion worldwide. In sectors like oil and gas, the impact is particularly acute: IHS Markit predicted that the reduction in oil consumption due to COVID-19 has led to a first-half surplus of 1.8 billion barrels of crude oil. The macroeconomic trends around these worldwide sectors point to harsher economic conditions and recession. For companies in the oil and gas sector running complex operations around the world, this will lead directly to tougher trading environments and a lot of necessary belt-tightening when it comes to costs around operations. Indirectly, the potential recession could cause more civil unrest and security threats for them as well. To cope with these potential challenges, companies will have to look at how they can maintain security for their operations and prevent risks as much as possible. Taking a contextual approach to physical security With these two goals in mind, looking at threat intelligence data should be considered. Threat intelligence refers to a set of data that can be used to judge current and future trends around risks, from everyday crime or political changes through to larger events like civil unrest, terrorism or the current pandemic. Based on data around these issues, companies can make better decisions on how they invest and manage their security posture in advance. Behind this overall approach, however, there are a significant number of moving parts that have to be considered. This includes where the data comes from, how it is used, and who is using the data. Companies can make better decisions on how they invest and manage their security posture The first consideration for threat intelligence is where data comes from. Typically, companies with large oilfields or refinery operations will have large investments in physical security to protect these environments, and part of this spend will include intelligence on local market, political and security conditions. Using this forecast data, your security leadership team can ensure that they have the right resources available in advance of any particular problem. This data can come from multiple sources, from social media data and crowdsourced information through to government, police and private company feeds. This mass of information can then be used to inform your planning and decision making around security, and how best to respond. However, one issue for oil and gas companies with distributed operations is how much data they have to manage over time. With so many potential sources of information all feeding back in real time, it’s hard to make sense of what comes in. Similarly, companies with international teams may have different sets and sources of data available to different parts of their organizations - while each team has its own view of what is going on, they may be missing out on contextual data from other sources held by neighbouring teams or by the central security department. Without a complete picture, it is easy to miss out on important information. Making threat intelligence smarter To solve this problem - and to reduce the costs around managing threat intelligence data - centralizing your approach can make it easier to provide that context to all your teams and stakeholders. Rather than letting each team set up and run their own threat intelligence approach, centralizing the data and letting each team use this can reduce costs. More importantly, it can improve the quality of your threat intelligence approach overall. By applying a combination of algorithms and security analysts to evaluate threat intelligence centrally, you can improve the quality of the data that you have coming into the organization in the first place. This approach provides higher quality data for decision making. However, a centralized approach is not enough on its own. Local knowledge and analysis is always useful. Consequently, alongside any centralization approach you have to have better filtering and search capabilities, otherwise you risk teams not being able to get the information that is particularly relevant and timely to them. This approach of bringing together centralized management of data feeds with more powerful tools for local teams to find what they want and get that access in real time represents the best of both worlds. Planning ahead Scenarios vary from a best case return to pre-crisis revenues of $50 to $60 per barrel by 2021 or 2022 According to consultancy firm McKinsey, the oil and gas sector faces an enormous challenge over the next few years. Scenarios vary from a best case return to pre-crisis revenues of $50 to $60 per barrel by 2021 or 2022, through to a worst case scenario where demand never returns and the industry has to undertake managed decline around some assets and look for new market opportunities in others. Whatever scenario plays out in the real world, security for existing assets will be a continued requirement. Planning ahead using threat intelligence data will be essential whatever happens. To help reduce costs and improve data quality, centralizing this approach will help. Without this mix of global oversight and local detail, companies will find their operations hampered and wrong decisions are made. It’s only by applying threat intelligence data in the right context that security teams will be able to keep up with the challenges of the future.

What Are the Security Challenges of the Oil and Gas Market?
What Are the Security Challenges of the Oil and Gas Market?

Protecting the oil and gas market is key to a thriving economy. The list of security challenges for oil and gas requires the best technology solutions our industry has to offer, from physical barriers to video systems to cybersecurity. We asked this week’s Expert Panel Roundtable: What are the security challenges of the oil and gas market?

Lessons Learned With AxxonSoft: How Have You Adapted To The COVID-19 Pandemic?
Lessons Learned With AxxonSoft: How Have You Adapted To The COVID-19 Pandemic?

The coronavirus pandemic has brought about an unprecedented crisis for businesses and individuals. It has also created a new normal, notwithstanding the disruption to our lives, ultimately changing life as we knew it. However, our resilience as humans will ensure that we survive and become better, stronger, and more determined than ever before. As I mentioned, both businesses and individuals have struggled significantly to balance the need for safety versus survival. But at AxxonSoft, we remain committed to keeping our people safe, while ensuring that our support and commitment to our clients are not compromised. Ensuring business continuity At AxxonSoft, our vision has always been to ensure business continuity through enhanced safety and video surveillance offerings. Adhering to the COVID-19 regulations, we are prescribing to social distancing to slow the spread of the virus. As such, we are utilising this time to ensure that our service offering is optimized to afford our clients the ability to repurpose and extend their remote working viabilities. As an essential service provider, we have ensured that we are providing the right tools to our clients to comply with regulations. Our video analytics and face recognition services have no reliance on on-site control rooms and, therefore, clients’ security solutions and personal safety are not compromised. Innovation reimagined During these precarious times, our focus remains on support and service. Our development team continues to work tirelessly to ensure that you can use our software during the lockdown and have accelerated innovation to this end. While we must maintain social distancing, we can and will still be of service to our community Therefore, we are proud to present version 4.11 of the Intellect PSIM, which offers our clients a neural network-based analytical tracker which recognises specific types of objects, such as humans and vehicles. We have also equipped this version with video wall management interface, automatic object tracking and a web reporting subsystem. Behavioral analytics generates data by detecting specific postures, like crouching, shooting or any potentially dangerous scenario. Our surveillance software operates on a three-pronged approach: calibration, detection and measurement, offering a comprehensive bird’s-eye view to clients. This upgrade also upholds mandated social distancing measures and keeps any face-to-face meetings to a minimal. The silver lining is that you can even use this technology when the pandemic is over. Now that’s what I call experiencing the next with AxxonSoft! Finding solutions to the challenges Our specialist technology and frontline technical support staff will ensure that your business is protected during and post-lockdown. We will continue to ensure that we provide solutions to the new challenges that the coronavirus brings, ensuring that our clients can emerge stronger and more responsive to any changes in the future. Our surveillance software operates on a three-pronged approach: calibration, detection and measurement While we must maintain social distancing, we can and will still be of service to our community. After all, change is not just about technology but about mastering mindsets. The COVID-19 disaster has demanded that businesses embrace tech disruptions as early as possible and apply technology in imaginative ways to define the new world of work. Until next time, stay safe!