The U.S. Department of the Treasury's Federal Insurance Office (FIO) announced a major new initiative this week to improve the insurance industry's capabilities around modeling and underwriting terrorism and catastrophic cyber risks.
At the 2024 International Forum of Terrorism Risk (Re)Insurance Pools (IFTRIP) Annual Conference, where the FIO began its chairmanship, the office unveiled a partnership with the National Science Foundation (NSF) to establish an Industry-University Cooperative Research Center (IUCRC).
This new IUCRC will unite insurers, academic researchers, government agencies, and other stakeholders to collaborate on cutting-edge analysis aimed at strengthening financial sector resilience against catastrophic risks like terrorism and severe cyberattacks.
Key goals of the research center include:
- Helping insurers estimate these risks with greater certainty to improve pricing, coverage, and policyholder adoption
- Contributing to potential expansion of reinsurance and capital markets to better support terrorism and cyber risk transfer
- Informing the treatment and mitigation of these risks in government insurance programs
We asked some leaders at cybersecurity vendors what they think of this latest move.
Omri Weinberg, Co-founder and CRO at DoControl, said:
"This recent announcement is a step in the right direction to reinsure against potential impacts caused by cyber related incidents and create better resilience throughout the financial industry.
While the FIO and the NSF are looking to establish a new center, focused on the creation of innovative risk models to make better policy recommendations that are based on various data resources. The next step of this partnership would be to enlist the help of cybersecurity platform vendors, especially those that are using AI technology that consider behavioral analytics, as well as the correlation of data points to identify and detect potential patterns of cybercriminals. Having a clear insight into potential targets would provide the insurance industry with realistic and timely risk models."
Narayana Pappu, CEO at Zendata, said:
"Although the profit margins on cyber insurance have stabilized over the past year, after going down substantially during the pandemic, the cost per incident, premiums, number of claims, and number of businesses insured have experienced an upward trend. A program like this goes beyond better price modeling by helping identify risky trends (more data) and sharing information cross-agency and public-private entities."
Jose Seara, CEO and Founder at DeNexus, said:
"It's prime time for AI-driven innovations on cyber risk—quantification, priorities, insurance underwriting. Pooling together resources from research universities, the public sector, and enterprises facing those risks daily is paramount to architecting effective, practical, and forward-looking solutions in a timely manner. Translating granular, technically oriented cyber risk signals into evidence-based business-level insights that inform the decision-making process is a fast-growing market with significant potential to change the cybersecurity market forever."
By tapping into the R&D capabilities of universities alongside industry partners, the IUCRC model allows focused research driven by the needs of major industries like insurance.
Nathan Abir, Risk Engineer at Cowbell, offered this perspective: "IUCRCs involves faculty teams interviewing members of a targeted sector to: (1) identify the most important and high priority challenges facing the sector; (2) converge on a theme of high sector and university faculty interest; and (3) identify companies and other entities willing to participate in a center on the proposed topic."
The FIO and the NSF have issued a request for proposals to establish and manage the new center, which aims to produce innovative risk models, data resources, and policy recommendations.
The initiative comes as the (re)insurance sector seeks to enhance modeling capabilities for extreme risks that can have systemic financial impacts. Insurers have cited challenges around scarcity of data and uncertainty in modeling cyber risks in particular.
Improving quantification of these risks could open up more comprehensive insurance coverage options while bolstering the overall resilience of the financial system and national economy.
The U.S. NSF submitted a request for proposals for research and
thought leadership on insurance risk modeling and
underwriting related to terrorism and catastrophic cyber risks.