Marsh develops cyber breach model

Marsh200x200Determining the proper amount of cyber insurance to purchase can be challenging, and to assist clients Marsh has developed a new cyber breach model to predict probability and possible financial outcomes of cyber events.

Marsh’s Cyber IDEAL incorporates data from Advisen’s database (MSCAd), Privacy Rights Clearinghouse’s Chronology of Data Breaches and Marsh’s proprietary cyber database.

Financial outcome predictions include forensic investigations, credit monitoring, regulatory fines and penalties, and lawsuits. Armed with this data, organizations can better assess the appropriate amount of cyber insurance they should purchase. Coupled with probabilities, organizations can better assess the appropriate amount of cyber insurance they should purchase to protect assets, said Marsh.

“In today’s environment, where data breach incidents in the US are occurring more frequently and having a greater impact on firms, risk managers want to be able to better protect their companies against this growing threat,” said Matthew McCabe, a senior vice president within Marsh’s Network Security and Privacy Practice. “With Cyber IDEAL, clients can take a lot of the guesswork out of insurance purchasing decisions and plan cyber security strategies with greater confidence.”

Marsh Global Analytics and Marsh’s FINPRO Practice developed the cyber breach model.

Using US historical breach information dating back to 2005, the model determines the frequency and severity of cyber incidents using a one-year probability of a data-breach event.

The probability of a data-breach event is correlated with a company’s industry and revenue size. Companies with higher revenue tend to face a higher probability of a data breach due to their size and the perception that they have more records. If a company has prior data-breach events, there is a higher likelihood it will have another, said Marsh.