Verisk , a leading data analytics provider, today announced the latest release of ARC (Analytics of Risk from Cyber)®, a state-of-the-art cyber risk modeling platform that informs risk selection, portfolio management, and risk transfer.

This release of ARC hosts a comprehensive set of models powered by AIR, including individual risk models, aggregation risk models, and the newly available probabilistic systemic ransomware model, to help companies analyze systemic ransomware events by simulating aggregated losses from global-scale ransomware attacks, such as WannaCry (2017) and NotPetya (2017).

The economic loss from a major systemic ransomware attack can exceed 15 billion USD, causing significant damage to the global economy, thereby making modeling such attacks critical to the insurance industry.

“Cyber risk is constantly evolving and growing, especially with the digital acceleration driven by the COVID-19 pandemic,” said Prashant Pai, vice president of Verisk Cyber Solutions.

“Likewise, we, as the insurance industry are recognizing that this growing risk impacts many of the cyber coverages; both affirmative and non-affirmative. In addition to the unique systemic ransomware model that is now available in ARC, this release features a number of innovations including a significantly enhanced web user interface that provides efficient workflows coupled with a powerful new financial model that more accurately models insurance terms specific to cyber.”

Other enhancements in ARC include access to a breadth of loss breakdowns by a range of event vectors and more than a dozen coverages; and the ability to automate workflows and integrate ARC’s analytics into a client’s internal applications by leveraging public APIs.

The 50,000-year stochastic catalog of systemic ransomware events includes tens of thousands of events of varying severities. The model focuses on points of aggregation (including operating system, geocoded internet infrastructure location, poor cyber hygiene, and industry), stochastic probability of infection, and downtime duration to understand the potential spread and severity of these events. Clients can use ARC to look at the financial impact and understand potential losses across four key cyber coverages triggered by these events, including business interruption, data and asset recovery and remediation, cyber forensics/incident remediation, and extortion (ransom payments). Overall, the updated cyber model has more than six million simulated events between those that impact individual risks, points of aggregation, and systemic ransomware attacks.

“The probabilistic ransomware model covers systemic ransomware events, that is, widescale events that affect more than one organization at a time,” said Scott Stransky, vice president & director of emerging risk modeling at AIR Worldwide.

“However, unlike an event that takes an entire cloud provider down and all the companies using that cloud with it, these ‘partial’ aggregation events only impact a percentage of organizations that are vulnerable to that particular method of attack, a problem that is particularly well-suited to stochastic modeling.

For example, NotPetya impacted only a small fraction of the companies that had the necessary vulnerability – older, unpatched versions of SMB (Server Message Block), a protocol used to communicate between nodes on a network. By modeling many potential points of aggregation, we can capture a wide range of ransomware scenarios.”