RMS Launches New Data Standard for Managing Cyber Insurance

Ahead of the February launch of its new suite of cyber-risk management tools, RMS today released its recently developed Cyber Exposure Data Schema. The ‘open standard’ data schema will provide the insurance industry with a systematic and uniform way to capture cyber exposure data and manage cyber accumulation risk.

The Cyber Exposure Data Schema, developed in collaboration with the Centre for Risk Studies at Cambridge University and with support from eight leading insurance and reinsurance companies, provides firms with a standardized approach to identify, quantify, and report cyber insurance exposure.

The schema is both model agnostic and compatible with any exposure management system and will enable firms to:

Share and transfer information about exposures in a consistent and standardized format for risk transfer transactions, benchmarking exercises, and regulatory reporting;

Report exposure aggregates by different types of coverage and potential loss characteristics to a level of granularity that can inform risk appetite decisions;?

Assess and monitor an insurer’s risk appetite, by estimating losses from accumulation scenarios or other types of risk models to the exposure recorded; and

Clarify silent or affirmative covers by identifying insurance policies that may have ambiguity in whether they would pay out in the event of a cyber incident.

To develop the Cyber Exposure Data Schema, the Cambridge Centre of Risk Studies consulted with a broad range of organizations seeking to harmonize cyber exposure reporting, including cyber risk experts, cyber insurance writers, and industry organizations such as the Lloyd’s Market Association, U.S. rating agencies, the Reinsurance Association of America, and the Chief Risk Officers Forum.

In addition to making its Cyber Exposure Data Schema available to all industry participants, RMS has also collaborated with Lloyd’s of London and AIR Worldwide to help the growing cyber insurance market quickly establish the core data requirements for managing cyber risk common to both modeling firms. By using similar terminology and precise definitions, in addition to highlighting the common elements across their data schemas, the initiative will make it easier for companies to code existing account data to identify their potential cyber accumulations.