Willis Re launches PRISM-Re to combat the leading cause of cyber losses

Cyber network

Willis Re, the reinsurance division of Willis Group, has launched the insurance industry’s first cyber risk modelling tool − PRISM-Re™.

According to the reinsurer, the new tool will enable insurers to quantify and manage their portfolio exposure to data breaches − the leading cause of cyber losses − and ultimately offer wider protection to clients.

Willis Re executive vice-president Mark Synnott said: “Until PRISM-Re no model existed that could quantify the exposure across an insurer’s portfolio. This lack of a ‘holistic model’ has hindered the industry’s ability to offer wider protection because without clarity of the potential total exposure faced, insurers have been constrained when underwriting this risk class owing to the uncertainty of the potential financial impact. 

“Our model helps provide greater objectivity and will allow insurers to underwrite this risk with more confidence and to therefore write more and/or higher limits. It may also give those not currently providing coverage the confidence to enter into this line. We at Willis Re can then assist our clients in evaluating and then executing the most effective reinsurance strategy.” 

PRISM-Re was developed in collaboration with Willis Retail’s cyber team and actuaries from Willis Risk & Analytics, whose Privacy Risk Insurance Strategy Model (PRISM™) enables a single insured to assess their exposure to data breach losses. 

Similarly, PRISM-Re provides an objective analysis of the susceptibility to data breach events across the insurer’s portfolio. Based upon the latest exposure data, the tool estimates the frequency of data breaches and the potential severity of insured losses arising from those events.

The model also employs a ‘common shock’ methodology to encompass the possibility of contagion behaviour, whereby numerous breaches could take place systemically across a single industry sector or related sectors. PRISM-Re therefore offers a way of simulating the data breach impact of a so-called ‘cyber hurricane’ or ‘cyber tsunami’.