CyberCube has recently updated Portfolio Manager, one of our flagship products. I'm Yvette Essen, Head of Content, Communications, and Creative for CyberCube. Joining me to talk about Portfolio Manager and the changes we've made in Version 5 is Jon Laux, Vice President of Analytics.
Yvette Essen:
"First of all, can you tell me a little bit about Portfolio Manager? What kinds of companies use this product and why?"
Jon Laux:
"Sure. Portfolio Manager is our cyber accumulation model, or account model, and it's used by a wide array of companies across the insurance and reinsurance industry. We're fortunate to count many leading companies as our clients, and they use Portfolio Manager for a variety of reasons. One of the core uses is for catastrophe modeling, which helps them understand tail risk. It can be used for stress testing, setting capital levels, determining risk tolerance, reinsurance purchasing decisions, financial reporting to regulators, and understanding the implications for pricing—like what kind of catastrophe load should be applied to the business.
Actually, we did some research with the V5 release around the importance of wordings. You can also use Portfolio Manager to sensitivity test the business impact and tail impact of different kinds of financial decisions that the underwriting team is making as well."
Yvette Essen:
"We've made some changes to the model. Why have we made those changes, and can you highlight a few of them?"
Jon Laux:
"We're always looking to update the model to better reflect the environment, or 'threat landscape,' as we say, as well as the theory of risk that it puts out into the market. We’re not always looking to make significant changes to the model—stability is important to clients, as well as being responsive—but there were some changes we thought were important to make with Version 5. We wanted to reflect where the market is today.
The questions we get from our clients indicate that accumulations in the industry continue to grow, and the scrutiny on models and concerns about the tail in cyber have never been higher. Version 5 gave us an opportunity to think about the level of rigor, the data sources, and the story our model helps convey to clients. We want to do that with as much confidence and clarity in the results as possible.
To give a few specific examples, one area we focused on was frequency. We spent quite a bit of time updating a couple of our methodologies, bringing in new data sets, and looking at about 150 historical events—how they happened and how they could have happened. This shaped how events play out in the model.
From a footprint perspective, or what you might think of as the blast radius from events, we updated the reliance on technologies—what we call 'single points of failure.' The reliance on technologies has only increased over the pandemic years as business has become more digital. An event today versus a few years ago could potentially affect more organizations, so we wanted to reflect that. We also made targeted changes on the severity side, especially as we've seen more ransomware events in recent years. We thought about the balance between true tail risk and more near-miss type events that didn’t lead to significant financial damage."
Yvette Essen:
"Another area we focused on in PMV5 was the event families and the expansion of that. Can you tell me a little bit about that?"
Jon Laux:
"Sure. In our model today, there are 33 different event classes that clients can work with. That’s a lot. One of our goals with Version 5 was to make the model simpler and easier to use, both for novice users who aren’t used to dealing with the model and for experienced users, making it easier to digest the results and identify trends. We also wanted to make reporting easier for senior decision-makers who may not be as well-versed in cyber as the people using the model.
So, we grouped those 33 event classes into a smaller number of 'event families.' These families are defined by two things: the impact type of the event—such as a widespread ransomware attack versus a widespread outage or breach—and the source of accumulation, or the type of single point of failure that makes the event a true accumulation event rather than just a targeted attack. You can think of those as the 'insurance axis' of the event family and the 'cybersecurity axis' of the family.
Within those families, you have a set of permutations that represent different ways things could play out. For example, within the ransomware family, there’s true widespread ransomware, where you have data encryption along with an extortion demand. But more recently, we’ve seen attacks where there’s data exfiltration and an extortion demand, but no encryption. We also have scenarios that look more like NotPetya, where it’s a wiper malware attack with data destruction and no financial motivation. This allows our customers to understand the variation that can occur within a family and to educate them on what those different variations might look like."
Yvette Essen:
"I know you've just put PMV5 to bed, but are we likely to expect any more changes in the near future?"
Jon Laux:
"In the near future, we’re going to focus on functionality updates for our clients to improve the usability of the tool. Some of these ideas are new, and some have been on our minds for a while. Thinking further ahead, we’re always looking to update the model to ensure it reflects the threat environment and to be responsive to the needs of the market. What that will look like in the future is probably a bit early to say, but we do have several ideas on how we could enhance the product further, based on what didn’t make it into this current version. We’re excited to work with our clients on what that will look like over time.
In the meantime, it’s important to give clients a chance to digest what we’ve done and get used to the new features and functionality. We’re really excited about what the model can do, and we think our clients will be too."
Yvette Essen:
"Great. Thank you, Jon. More information about Portfolio Manager can be found on our website, www.cybcube.com."
For CyberCube, I’m Yvette Essen.