©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 1 1 The Next Frontier of Cyber Modeling

Scott Stransky Pamela Eck Vijay Raman ©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 2 2 Agenda

Recent Cyber Events

Individual Risk Events Still Drive the Majority of Claims

Systemic Ransomware

Aggregation Beyond the Cloud

Cyber as a Peril (aka Silent Cyber)

Cyber Modeling Platform – Key Enhancements

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 3 3 Recent Events: Marriott and Continued Data Breaches

Estimated insurance loss: USD 350 million

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 4 4 Recent Events: Norsk Hydro and the Targeted Ransomware

Estimated insurance loss: GBP 75 million

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 5 5 Recent Events: NotPetya and the Rise of Systemic Ransomware

Estimated insurance loss: USD 320 million (to traditional affirmative cyber policies)

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 6 6 Cyber Regulatory Environment Is Ramping Up

GDPR fines Continue to Ramp Up New regulations in the U.S. Amountof Fines(Euros)

month Counts of fines

Counts of fines Source: enforcementtracker.com

month

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 7 7 Individual Risk Events Still Drive the Majority of Claims

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 8 8 Individual Risk Modeling: The Next Generation of Data Compromise

Business By Country Interruption Frequency

Predictors Correlation by Attack by Attack Vector Vector

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 9 9 Business Interruption Continues to Drive Losses

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 10 10 Costs of Data Compromises Vary by Country

Source: IBM/Ponemon

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 11 11 Different Predictors for Different Modes of Attack

Machine learning helps us understand which potential cyber predictors lead to incidents

Separate predictors for each attack vector scenario

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 12 12 Data Compromise Correlation: The Impact of a Common Vulnerability Being Exploited

The Local Bakery The Food truck The Coffee Shop

Correlation specific to each attack vector – lost device events have no correlation, while phishing has stronger correlation

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 13 13 Understanding Risk from Systemic Ransomware

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 14 14 Ransomware Science: Hierarchy of Ransomware

•Yes Systemic •No

•Windows Operating system •Mac •Android

•Ukraine Geotargeting •Bosnia •Etc.

•Email Delivery mechanism •Trojan •Database

•Particular vulnerable programs (Adobe, Java, Flash, etc.) Other characteristics •Does it destroy data or just encrypt it? •Has the encryption already been broken?

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 15 15 Ransomware Science: What Happens in a Ransomware Event

Vulnerability

Email Downloads Messaging Method Delivery Exploitation

Windows MAC Android Linux

System Operating

Compromised Backups Scareware Payment Destruction

Type Encryption Remediation

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 16 16 Ransomware Modeling: The Stochastic Catalog

Point of Infection Severity (BI) aggregation rate

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 17 17 Ransomware Modeling: Loss Calculation

BI cost experienced SMB V1 Vulnerable 1 Computers (2017): 1 billion 0.8 0.6 NotPeyta impacts: 12.5K 0.4 devices 0.2 Infection rate: 1/80,000 0 0 1 2 3 4 5 6 Day

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 18 18 Aggregation Beyond the Cloud

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 19 19 Sources of Aggregation Cloud

Manufacturers Browsers Managed Services Operating Systems CDN …are numerous! VPN Providers Email Payment Processors DNS SSL Certificates Infrastructure providers ISP Ad

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 20 20 Sources of Aggregation Cloud

Manufacturers Browsers Managed Services Operating Systems CDN How severe would an event be?

Email Payment Processors VPN Providers DNS SSL Certificates Infrastructure providers ISP Ad

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 21 21 Sources of Aggregation Cloud

Manufacturers Browsers Managed Services Operating Systems CDN How frequent would an event be?

Email

DNS SSL Certificates Infrastructure providers ISP

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 22 22 Sources of Aggregation Cloud Browsers

Managed Services CDN How much aggregation would the event have?

Email

DNS

Infrastructure providers ISP

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 23 23 Sources of Aggregation Cloud

CDN What’s left? Email DNS Infrastructure providers ISP

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 24 24 Email Provider Model

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 25 25 How Does a Content Delivery Network (CDN) Work?

CDN server

Original server

User

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 26 26 How Do DNS, CDN, and Cloud Work Together?

Dynamic Content Region of the Cloud

CDN Routed to nearest Edge Location

User

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 27 27 Cyber as a Peril (aka Silent Cyber)

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 28 28 Silent Cyber: The Continually Evolving Definition

Cyber Event

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 29 29 What Modeling Solutions Are Currently Available?

Blackout *NEW* Commercial

Fire Depth

Breadth

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 30 30 Overview of the Commercial Fire Model

Fire/No Fire Fire Alarm Control Panel σ 푆푐푒푛푎푟푖표 푁푢푚푏푒푟 (1 - 8)

Damage Function P-factor Building Characteristics

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 31 31 What Modeling Solutions Are Coming Soon?

Blackout *NEW* Commercial

Fire Depth

Area of Focus

Breadth

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 33 33 Cyber Risk Continues to Evolve

Bad actors are a step ahead

Business interruption continues to be a driver of major losses

Systemic ransomware is a concern

Aggregation risk extends beyond the cloud

Cyber as a peril is here to stay

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 34 34 Cyber Risk Modeling Platform: Analytics of Risk from Cyber (ARC)

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 35 35 The Cyber Risk Modeling Platform

Flexibility and Comprehensive Cyber Risk Data Transparency Risk Modeling Augmentation

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 36 36 Manage Your Cyber Risk Program from Start to Finish

User Data Management Data Enhancement

Includes Cyber Exposure Database

Includes technographic and firmographic data

Reporting Analytics Verisk Cyber Data Standard

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 37 37 What’s Inside Our Cyber Risk Platform Today?

Cyber Analytics Cyber Analytics Monitoring and Industry Exposure Database (IED) Loss Engine Reporting

Data Import and Selective Probabilistic Loss Deterministic Validation Backfilling Analytics Loss Analytics

Matching

Cyber Data Sources Data Cyber Algorithms for Exposure Data Augmentation management Scenarios

Server and Database User Interface

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 38 38 Roadmap and Key Enhancements

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 39 39 A Comprehensive Roadmap Ahead

Workflow Enhancements Systemic Ransomware Reinsurance Policy Workflows (Web based Interface) (Using Detailed Data) (Support for Single Risk & CAT Treaty)

Loss Reporting by Coverages Global Industry Exposure (Enhanced Financial Modeling for support Database Cyber-as-a-Peril up to 14 business coverages) (Support for 300M+ organizations) (Ability to analyze affirmative & silent cyber exposure for Property, D&O, E&O Loss Breakdown by Attack Vectors Complete Aggregation Models and other Lines) (Single Risk Ransomware, Phishing, Physical (Complete aggregation support for new Tampering etc.) scenarios with catalogs)

Public API Support Enhanced Individual Risk (Loss Analysis workflow support via RESTful Models API’s) (Enhanced GDPR, BI losses & attack Systemic Ransomware vector correlation) (Using Market Share Data)

Summer 2020 (v3.0) Q1 2021 (v4.0) Q4 2021 (v5.0)

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 40 40 You Will Experience Rich Configurable Graphics

Upload Exposures Validate Exposures Configure workflows for company Run Loss Analytics match & data enhancements

Exposure Summary Dashboard Loss Metrics Dashboard Workflow Manager

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 41 41 Leveraging Cloud-Native Platform Services AIR Cloud / Public Cloud ARC Platform (Servers and DB) Functions Application UI and API’s Cloud Services Data Management • Identity management • API management

Loss Analytics • Serverless processing Cloud Cloud • Batch processing Cloud Data

Platform Services Platform • Data Warehousing as Platform Services Service (DWaaS) • BI & reporting Elastic Auto-Scaling

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 42 42 Providing You With the Most Comprehensive View of Your Cyber Risk

©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 43 43 ©2020 Verisk Analytics, Inc. CONFIDENTIAL: For Seminar Attendees Only 44 44