Human factor hampers modelling certainty

The ability to model the impact of future pandemics or cyber risk will depend on how successfully the human impact on the risks can be understood according to new research.

A new report from CyberCube said understanding and predicting human behaviour is one of the biggest challenges facing modellers of both pandemics and cyber risk.

The report, which includes contributions by experts from Munich Re and pandemic modelling firm Metabiota, found that the ways in which modelers represent the complex interactions between human-created risks will be key to building effective models. Even though pandemics originate from pathogens, the report noted, the challenge is how models can illustrate the range of outcomes based on individual and societal reactions that impact on the spread of the disease or cyber threat.

The report, Viruses, contagion and tail-risk: Modeling cyber risk in the age of pandemics, also found that lack of data is a brake on progress for both types of modellers. Since the start of the twentieth century, there have been fewer than twelve major global pandemics. There have also been very few significant systemic cyber events, although there have been thousands of cyber incidents, since the emergence of the Internet and connected technology. This has not provided a wealth of data to assess the potential impact of such events.

Oli Brew, CyberCube’s Head of Client Success, said: “It’s clear that lessons can be learnt and applied to cyber risk modeling from understanding how pandemic models have evolved. As the COVID-19 pandemic continues, even though there are differences between computer and human viruses, parallels are emerging in the modelling, the methodologies and the data challenges.”

He added: “There is real value in learning from interdisciplinary teams in how to balance the needs of accuracy and precision in developing models to meet the market needs. At a minimum, the need for a creative, but reality-based imagination to represent forward-looking risks is critical.”

Dr Hjalmar Böhm, Senior Actuary, Epidemic Risk Solutions, a dedicated epidemic risk solutions business unit at Munich Re, added: “In both cyber risk and pandemics, there is a need to consider accumulation risk. For example, a pandemic is a key consideration for life insurers and a high mortality event could create significant economic loss. A solid approach to controlling accumulation risk exposure needs to be the basis for every business model for epidemic risk insurance.”

Nita Madhav, CEO of Metabiota, explained the report highlighted the similarities in approach between the modelling of cyber and pandemic threats.

“There are parallels with modelling the global spread of a disease and how cyber systems are connected – both are network issues,” he said. “The impact of mitigation risk and early action can potentially make a difference. Furthermore, you can be asymptomatic with COVID-19; similarly, you may not know if a cyber intruder has already infiltrated your network.”