Flexible model enables both portfolio aggregation and attritional loss perspective through consideration of specific ransomware strains

Capsicum Re has launched a dedicated ransomware modelling solution.

Named Gh0st, the proprietary model will help clients and markets quantify diverse and realistic ransomware scenarios and optimise their portfolios in a rapidly changing and challenging cyber claims environment.

The model also enables clients to model portfolio aggregation probable maximum losses (PMLs), attritional losses and some known historical ransomware strains by explicitly modelling all the first party costs arising from a widespread ransomware event, such as business interruption or replacement of affected hardware from ‘bricking’.

Capsicum Re global head of cyber Ian Newman said the new model would help the market respond to the increased risk facing the industry.

“The rising frequency and scale of ransomware attacks poses a clear and present danger to the global insurance industry, which Gh0st addresses head on,” he said. “By allowing clients to calibrate ransomware scenarios to their portfolio size and appetite, it’s a prime example of how our specialist analytics practice is taking proprietary knowledge, extensive market research and threat actor analysis and transforming them into practical solutions that address and inform insurers’ rising cyber exposure.”

Rupert Swallow, Capsicum Re chief executive, said: “Gh0st is yet another future-focused development for Capsicum Re’s award-winning cyber team. Amidst global warnings of businesses’ heightened vulnerability to cyber-attack due to the unprecedented switch to remote working, and Lloyd’s own increased scrutiny of cyber risk – by adding ransomware to its list of realistic disaster scenarios – innovative modelling solutions like this one are clearly needed.

“Thanks to our team’s hard work, Capsicum Re is able to deliver on what is a very real demand.”

Gh0st’s flexible modelling scenarios include:

  • An extreme one in 200 event analogous to a Lloyd’s Realistic Disaster Scenario;
  • A variety of historical ransomware strains that have been observed in the wild, including targeted ‘big game hunting’ ransomwares such as Ryuk and commercialised Ransomware-as-a-Service strains like Sodinokibi frequently sold on the Dark Web;
  • Customizable ransomware events where clients can enter a wide selection of parameters to define their own extreme scenarios; and
  • Aggregations monitored by sector, geography and company size.