Cyber risk is more than ever a complex challenge for reinsurance companies that requires all their attention considering numerous sub-issues to face with including data access, modelling complexity, event identification, as well as legal definition, market perspectives, etc.
At CCR Group, challenges used to become opportunities and the digital transformation strategy engaged few years ago with the support of new artificial intelligence (AI) initiatives has confirmed this adage. “Organizing the digital transformation and AI capabilities through three main pillars [which are data, models and tools] allowed us to enhance our business expertise and to manage better priorities, expectations, developments and returns all along the insurance tryptic ‘prevent, indemnify and post crisis management’ ” explained Laurent Montador, Deputy CEO at CCR Group.
This approach seems to be particularly adapted to the cyber context (specifically for data and model aspects) where the digitalization strategy materialized by “first successful AI projects related to scrapping techniques, natural language processing or deep learning architectures have appeared as good triggers to better understand cyber risk, the related expositions and the different possibilities to mitigate it” reports Hind Mechbal, CIO at CCR Group.
From the data perspective, several initiatives, that already demonstrate benefits to facilitate cyber risk understanding, have been developed to collect and to select data. For instance, CCR Group recently developed its own AI web services that aim at understanding, structuring, extracting, anonymizing, and controlling whatever textual material related to insurance contents.
“It can be very valuable to interpret external raw data scrapped from the web such as social media (which overflow from cyber info) or newspaper websites that usually report cyber events” explained Aurelien Couloumy Head of Digital Transformation. He also said “CCR Group benefits from this technology by accelerating considerably the mapping of cyber expositions detailed into wording treaties, which has allowed us to interpret cyber market clauses at sentence level, to classify and to compare legal specifications or to highlight abnormal terms. It is a plus to get a structured and formalized overview of cyber portfolio”.
CCR also mentions a semantic search engine connected on knowledge data base to facilitate technical or business knowledge management access which is as known also a specific cyber topic (considering the “newness” of the subject).
Regarding models, Laurent Montador insists on the fact that “consequent R&D efforts have been engaged in the different technical departments (actuarial science, natural disaster modelling, data science) of CCR Group to formalize advanced statistical learning approaches that could suit, among other, with the cyber particularities”.
According to Aurelien Couloumy, this modelling effort can serve at least three different purposes for cyber risk. It is first a question of solving cyber data quality issues and getting better data through machine learning model corrections that can handle missing value imputations, dimension reduction or data augmentation, etc. Then, it is also a question of direct use of these models to detect weak signals (for instance through IT systems) or to precise and to customize pricing models to fairly indemnify companies. Finally, some models such as meta or Bayesian deep learning models demonstrate interesting properties to solve the continuous need of model updates (involved by the irregular renewal of cyber-attack types, targets, properties, consequences, etc.)
Tooling aspects of CCR Group Digital transformation have not been left behind mentions Hind Mechbal with the improvement of “different practices related to independent micro services architectures, advanced authentication systems, cloud services management and constraints or agile and secure coding approaches.” that can be of a great interest to better assist or advice cedants and their customers in their activities and cyber journey.