Cloud Outage Scenario in Cyber Insurance

The expansion of the cyber insurance market is constantly under the threat of an accumulation event that would affect simultaneously a large number of policyholders. Very few experience exist on such catastrophes, apart from worldwide cyber attacks like Wannacry and NotPetya in 2017 (in a context where cyber insurance coverage was lower). Nevertheless, the very nature of cyber risk makes the occurrence of such events plausible in the future. There is therefore a need for stress-testing in order to be sure that a portfolio can resist to such a crisis. In this perspective, the EIOPA recently published methodological guidelines specific to cyber. One of the most concerning scenarios is the potential vulnerability of a cloud outage catastrophe, that is the failure of a cloud provider whose solution is shared by a significant part of the portfolio. In the present work, we propose a way to model and calibrate such kind of cloud outage scenario. We also provide way to measure the level of diversification of a cyber insurance portfolio, and how this diversification may protect against such events. A by-product of our methodology is to provide guidelines to underwriters to help reducing the vulnerability of a portfolio to these cloud outage scenarios.