Increasing need for improved cyber CAT models for SMBs: Guy Carpenter

An increasing number of small and medium-sized businesses (SMBs) are seeking cyber coverage, but current cyber catastrophe (CAT) models still struggle to accurately assess SMB risk aggregation, according to a recent report by Guy Carpenter.

The report, developed with At-Bay, highlights the rapid growth of the cyber insurance market and the growing importance of cyber CAT modelling for re/insurers. These models are becoming crucial for understanding cyber risk and determining appropriate levels of exposure.

Initially, cyber insurance was focused on large businesses with complex networks, as they were major targets for cyberattacks. However, today, no business is immune to such threats. In fact, 98% of cyber claims over the past five years have come from companies with less than $2 billion in revenue.

Currently, SMBs represent 45% of the total cyber market exposure, reflecting a significant 45% increase over the past five years. This substantial share makes accurate assessment of SMB risk essential for effective risk and capacity management.

Despite improvements in cyber CAT modelling over the past decade, assessing SMB risk remains challenging due to their vastly different risk profiles compared to larger businesses.

One key issue is the lack of publicly available historical data, as attacks on SMBs have only recently become more common. Without detailed and reliable data, creating accurate risk models is difficult.

The report underscores that a better understanding of cyber CAT risk is crucial for attracting significant capital in the SMB segment.

Guy Carpenter explained, “Adjusting CAT model outputs to reflect the impacts of fundamental security controls allows for more accurate and precise differentiation of SMB risks. Model adjustment is therefore a crucial step in establishing a robust view of modelled loss potential to support the growth in a market segment poised for continued expansion.

“An example of CAT model adjustment for SMB risks using At-Bay data shows a 17% reduction in CATonly tail losses on the 250-year return period when multi-factor authentication (MFA) and endpoint detection and response (EDR) security controls are accounted for in the model.”

This website states: The content on this site is sourced from the internet. If there is any infringement, please contact us and we will handle it promptly.