Navigating cyber’s rough waters using AI

Cyber risk is more than ever a complex challenge for reinsurance companies. At CCR Group, challenges have become opportunities and the digital transformation strategy undertaken a few years ago with the support of AI initiatives has confirmed this approach. Intelligent Insurer reports.

Cyber risk requires all the attention of reinsurance companies, with numerous sub-issues to face including data access, modelling complexity, and event identification, as well as legal definition, market perspectives, etc.

“Organising the digital transformation and artificial intelligence (AI) capabilities through three main pillars—data, models and tools—allowed us to enhance our business expertise and to manage better priorities, expectations, developments and returns all along the insurance mission: ‘prevent, indemnify and post-crisis management’,” as Laurent Montador, deputy chief executive officer at CCR Group, explains.

This approach seems to be particularly adapted to the cyber risk context (specifically for data and model aspects).

“The digitisation strategy materialised by first successful AI projects related to scraping techniques, natural language processing or deep learning architectures. They have appeared as good triggers to better understand cyber risk, the related expositions and the different possibilities to mitigate it,” reports Hind Mechbal, chief information officer at CCR Group.

From the data perspective, several initiatives that demonstrate benefits to facilitate cyber risk understanding have been developed to collect and to select data.

For instance, CCR Group has developed its own AI web services that aim at understanding, structuring, extracting, anonymising, and controlling textual material related to insurance contents.

“It can be very valuable to interpret external raw data scraped from the web such as social media (which overflows from cyber information) or newspaper websites that usually report cyber events,” says Aurélien Couloumy, head of digital transformation.

“CCR Group benefits from this technology by accelerating considerably the mapping of cyber expositions detailed into wording treaties, which has allowed us to interpret cyber market clauses at sentence level, to classify and to compare legal specifications or to highlight abnormal terms,” he adds.

CCR Group has developed its own AI web services that aim at understanding, structuring, extracting, anonymising, and controlling textual material related to insurance contents.

“It is a plus to get a structured and formalised overview of the cyber portfolio.” CCR also mentions a semantic search engine connected on a knowledge database to facilitate technical or business knowledge management access, which is a specific cyber topic (considering the “newness” of the subject).


According to Montador: “Consequent R&D efforts have been engaged in the different technical departments (actuarial science, natural disaster modelling, data science) of CCR Group to formalise advanced statistical learning approaches that could fit with, among others, cyber particularities.”

Couloumy adds that this modelling effort can serve at least three different purposes for cyber risk. It is first a question of solving cyber data quality issues and getting better data through machine learning model corrections that can handle missing value imputations, dimension reduction or data augmentation, etc.

It is also a question of direct use of these models to detect weak signals (eg, through IT systems) or to customise pricing models to fairly indemnify companies. Finally, some models such as meta or Bayesian deep learning models demonstrate interesting properties to solve the continuous need of model updates due to the irregular occurrence of cyber attack types, targets, properties, consequences, etc.

“Tooling aspects of CCR Group’s digital transformation have not been left behind,” adds Mechbal, “with the improvement of different practices related to independent micro services architectures, advanced authentication systems, cloud services management and constraints or agile and secure coding approaches.”

These can be of great interest to better assist or advise cedants and their customers in their activities and cyber journeys, she says.

Images (from top): Shutterstock / andrey polivanov, m.mphoto