What is elanev Cyber Risk Model? The elanev Cyber Risk Model is an online tool designed to help you assess the capital associated with low frequency – high impact Information, Communication and Technology (ICT) risks. Cyber risk is intrinsic in any modern-day business. It can give rise to loss through the actions of ICT staff as well as manifesting itself through weaknesses in ICT systems and ICT processes and through external events such as cyber security related attacks and physical ICT asset damage.
How is it accessed? The elanev Cyber Risk Model is accessed via our secure online portal. We provide you with a simple template to capture model inputs and settings. Upload the template and get a detailed report returned in real-time. The report contains capital estimates, commentary and insights. Repeat the process as often as you like as the model is available 24x7x365.
What type of inputs does the model use? The model can be run using the results of your scenario analysis or from fitting to real data. A variety of modelling options can be selected within the template too. These are explained within an easy to understand technical document. We will support you with your initial set up and provide ongoing support. We also provide training and wider consultancy services as required.
What about our data? We do not store or back-up your data. It is only used to run the model.
Why should we use a model? The ability to manage, quantify and capitalise for cyber risk is important when demonstrating that your business is operationally resilient. Recognising that most firms have not experienced such large losses, regulation allows for the application of scenario analysis to assess the possible impact from cyber risk events. Unfortunately, scenario analysis can be prone to uncertainty especially when assessing capital at the required low frequency but high impact levels. Typically, expert judgements overestimate more frequent risks and underestimate remote risk. Modelling scenario analysis outputs helps firms reduce uncertainty in their capital assessments. It provides a very effective mechanism for Risk teams to review and challenge judgements made.
What is the regulatory view on such models? Using the right scenario model to help in the assessment of Pillar 2 capital is viewed extremely positively by Regulators and meets their increasing regulatory expectations.
Is the model validated? Yes, the model is validated according:
1. The technical document contains a set of test batteries that detail the test we perform on the model and the corresponding results
2. The model results have been compared to those from an independent third-party model as part of a client take on process.
3. The underlying model has been presented to regulators and has been party to numerous regulatory ICAAPs and SREPs. All returned successful.
4. The model methodology is similar to that suggested by the IMF.
That all sounds expensive. Is it? We base our pricing on a fraction of a single risk modelling FTE which would be required to maintain an internal model. What’s more, our pricing is substantially less than that of a Big-4 Professional Services firm whilst our cyber risk modelling insights are more extensive.
Do you provide cyber risk consultancy? Yes, and we can provide wider consultancy services as required.