Professional Documents
Culture Documents
TradeCat
HateCat
Geopolitical
WarCat
FinCat
Financial
Violence
Political
Dispute
Conflict
Shock
Trade
Market Sovereign Bank Cartel Nationalization Tariff External Civil Nuclear Organized Assassina Civil
Crash Default Run Pressure War Force War War Crime tion Disorder
WeatherCat
Environmental
Technological
Earthquake Drought Sea Level Rise Nuclear Meltdown
Catastrophe
TechCat
Catastrophe
Catastrophe
Catastrophe
EcoCat
NatCat
Climatic
Natural
Volcanic Flood Tsunami Tornado & Electric Heatwave Wildfire Pollution Atmospheric System Cyber Technological Infrastructure
Eruption Hail Storm Event Change Catastrophe Accident Failure
HealthCat
Human Epidemic
Humanitarian
Famine Meteorite
SpaceCat
NextCat
AidCat
Externality
Outbreak
Disease
Other
Crisis
Waterborne Zoonosis Plant Child Welfare Refugee Space Ozone Layer Satellite System
Epidemic Epidemic Poverty Failure Crisis Threat Collapse Failure 2
Cambridge Center for Risk Studies: Taxonomy of Business Risks
TradeCat
HateCat
Geopolitical
WarCat
FinCat
Financial
Violence
Political
Dispute
Conflict
Shock
Trade
Market Sovereign Bank Cartel Nationalization Tariff External Civil Nuclear Organized Assassina Civil
Crash Default Run Pressure War Force War War Crime tion Disorder
WeatherCat
Environmental
Technological
Earthquake Drought Sea Level Rise Nuclear Meltdown
Catastrophe
TechCat
Catastrophe
Catastrophe
Catastrophe
EcoCat
NatCat
Climatic
Natural
Volcanic Flood Tsunami Tornado & Electric Heatwave Wildfire Pollution Atmospheric System Cyber
Cyber Technological Infrastructure
Eruption Hail Storm Event Change Catastrophe
Catastrophe Accident Failure
HealthCat
Human Epidemic
Humanitarian
Famine Meteorite
SpaceCat
NextCat
AidCat
Externality
Outbreak
Disease
Other
Crisis
Waterborne Zoonosis Plant Child Welfare Refugee Space Ozone Layer Satellite System
Epidemic Epidemic Poverty Failure Crisis Threat Collapse Failure 3
Cyber as a Systemic Risk
▪ In 2012 identified the potential for
cyber to pose a systemic risk
▪ ‘Systemically Important
Technology Enterprises’ (SITEs)
‒ Industry standard software
platforms providing common failure
pathways
▪ Key issue for managing
accumulation risk in cyber
insurance portfolios
4
NotPetya
A Real World Example of Systemic Cyber Risk
Oschadbank
Rosneft
Gazprom GlaxoSmithKline
Pfizer
Shell Berkshire Hathaway
Aerospace Merck
BP Energy
Wal-Mart Mondelez
Chevron ExxonMobil
Maersk
General
Sinopec ME.Doc (UK) Consumer
Beiersdorf
Motors Kelloggs
DHL WPP
Volkswagen Dell
TNT Saint Gobain Tesco
FedEx TNT
Toyota Nestlé
Apple
Nuance
Auto
Amazon AT&T
Source: ESET Petya Blog Samsung
▪
Goldman Sachs
27 June 2017, contagious malware attack caused $10 Bn loss Allianz Financial Sony
Technology
Lenovo
▪
HP
5
Nodes of Aggregation: Organization Attack Surface
12 Principal Classes 32 Sub-Classes Primary Vendors Products
Several thousands Multiple thousands
A Compute above 1% market share
B Storage Versions
Tens of thousands
C Network Security C.1 Firewall
D Network & Content Delivery C.2 Antivirus Market share
6
An Extensive Programme of Cyber Risk Research
7
Annual Updates of Our Cyber Risk Outlooks
Occurrence of Data Exfiltration Events by Size
P8 (100M-3B records)
P7 (10M-100M records)
P6 (1M-10M records)
P5 (100K-1M records)
P4 (10K-100K records)
P3 (1K-10K records)
8
The Changing Face of Cyber Loss
9
CCRS Role in Growth of Cyber Insurance Market
▪
Rest of the World
CCRS scenarios adopted by Lloyd’s for regulatory
accumulation reporting 3
0
2012 2013 2014 2015 2016 2017 2018 2019
10
Lloyd’s Business Blackout Scenario: Cyber Attack on US Power Grid
11
Cyber Terrorism Feasibility in Scenarios
$ 12
Awards and Recognition for CCRS
Cambridge Centre for Risk Studies was honoured to be nominated for awards and invited to be involved in data standards activities, including:
2018 Cyber Risk Awards Pool Re and CCRS shortlisted for Cyber Risk Innovation
of the Year for work on developing the Pool Re Cyber Terrorism Extension 2018
ACORD selected the Cambridge Cyber Exposure Data Schema (published 2016)
to provide to all 4,000+ ACORD members.
13
The Future of Cyber Risk
Security Critical
Companies Infrastructure
Business
Organizations
The
Individual
Software Law
Vendors Enforcement
Cyber Risk Landscape Cyber Threat Actors Future Technology and Tools
Chair Chair Chair
Tom Harvey Maria Bada Vincent Gilcreest
Risk Management Solutions Cambridge Cybercrime Centre Tenable.io
Software Liability, Hackbacks, and Deep Fakes Trends in Hacker Business Models Red on Blue: Infinity War
Erin Burns Winston Krone Sille Laks
Concinnity Risks Kivu Europe Clarified Security
War Games, Simulations, and Scenarios Game Theory Approaches Lessons from Telematics: Future Technology & Tools
Justin Clarke-Salt Dr Gordon Woo Jasson Casey
Aon Cyber Solution Risk Management Solutions SecurityScorecard
Cybergeddon vs. Cybertopia Journey from Black Hat to White Hat The Only Limit is Your Imagination
Dr Jennifer Daffron Mike Jones Timothy Olsen
Cambridge Centre for Risk Studies Security Researcher Symantec
Managing Cyber Risk in Digital Transformation The Changing Face of Privacy Law Cyber Insurance in 2025
Stephen Boyer James Clark Sarah Stephens
BitSight DLA Piper FINPRO Cyber, Media & Technology Practice Leader
Cyber Risk Quantification Changing Workplace Behaviour The Cyber Market's Present and Future Challenges
Prof MingYan Liu Stephen Burke Eric Durand
University of Michigan Cyber Risk Aware Swiss Re
Interdisciplinary Approaches to Cyber Security The Future of Cyber Risk Management in Organisations Future Analytics of Cyber Risk Quantification
Dr Jason Nurse Domenico del Re Dr Christos Mitas
University of Kent PwC UK Risk Management Solutions
15
Potential Game-Changers in Future Technologies and Tools
16
Changes in the Business Models of Threat Actors
17
The Gloves Come Off Nation-State Cyber Teams
18
Advances in Security and Corporate Risk Management
19
Radical Upgrade of Global Cyber Law Enforcement
20
Conclusions: The Future of Cyber Risk
▪ Many factors will determine the future of cyber risk – the level of future loss
▪ This conference brings together many different disciplines and areas of expertise to
explore the factors that will determine the future of cyber risk
▪ Our intention is to use these contributions to set out the issues and help
organizations plan for the coming years ahead
▪ The Cambridge Centre for Risk Studies has contributed to the thought leadership in
the understanding of cyber risk over the past decade
▪ The Cambridge Centre for Risk Studies intends to contribute to the understanding of
cyber risk as it changes over the next decade
21