Corvus: Insurers Must Understand Cyber Aggregation Before They Can Control It
Before insurers can choose to retain, reduce or transfer cyber risk on their balance sheet, they need to understand the complexity and interconnectivity of the cyber risk, said Lori Bailey, chief insurance officer, Corvus.
“Managing cyber risk aggregation is key to cyber insurers writing profitable business in the face of growing claims frequency and severity,” Bailey said.
She explains, “It's important to remember that cyber is a very interconnected risk. Unlike other aspects of insurance, where you have a physical property or location, or a very finite set of risks that is very easy to kind of manage that exposure, cyber is a very different type of insurance.”
The Corvus CIO believes that it’s this interconnectivity that makes it difficult for insurers to manage risk aggregation. “For example,” she explains, “the SolarWinds attack demonstrated a significant downstream impact.”
Bailey’s team developed the Corvus Risk Aggregation Platform to confront this difficulty. She tells us that the tool “strives to provide transparency around cyber risk by combining exposure and software data to give reinsurers and program managers a real time view on the points of aggregation so they can manage that risk.” .
“One of the greater challenges right now is just even beginning to identify that it's not only understanding our insurers’ or our policyholders’ supply chains, but the supply chains within the supply chain, and really understanding how everything is connected,” Bailey said.
“Once you have a handle on that, then there are three different ways you can manage that risk: you can either maintain it, you can mitigate it or you can transfer it.”