These common features have been observed to be compatible with information already collected by underwriters, brokers and industry organizations assessing cyber risk, and include:

1. Commonality in collection of geographic information on insured companies using ISO country codes such as:

  • US – United States
  • GB – United Kingdom
  • DE – Germany
  • FR – France

2. Standard Cyber Peril Codes, such as:

  • PCY - Cyber security data and privacy breach
  • PCZ - Cyber security property damage

3. Agreement on key indicators of cyber vulnerability such as:

  • Enterprise Size as captured by revenue and headcount
  • Organization Industry or Business Sector as captured by NAICS codes. Examples of NAICS 2012 codes are:
     NAICS Code: 42: Wholesale Trade
     NAICS Code 524: Insurance
     NAICS Code: 519130 Internet Publishing and Web Search Portals

4. Aligned Cyber Coverages including, but not limited to:

  • Security Breach of Privacy
  • Liability
  • Business Interruption
  • Cyber Extortion
  • Replacement of Lost Data and Software
  • Regulatory fines
  • Physical Damage and Bodily Injury

5. Common cyber risk attributes including:

  • Number and type of records held by an enterprise which could be breached. Identifiable Data Types at risk include but are not limited to:
     Credit Card
     PII (Personally Identifiable Information)
     PHI (Personal Health Information)
     IP (Intellectual Property)
  • Identification of cloud service providers
  • Internet Business Interruption potential

Further information will be available when AIR and Cambridge Centre for Risk Studies publish their more detailed schemas later in January. They will highlight the core information described above.