Scale your database traffic with Read & Write split using MySQL Router
Cyber Risk Wednesday: October 23, 2013
1. Global Aggregation
of Cyber Risks:
“Finding Cyber Sub-Prime”
Cyber Risk Wednesdays
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
2. Global Aggregation of Cyber Risks
• Push by Martin Senn to be
thought leader in cyber risk
management,
– Understand, not protect, from
cyber risks
– Not necessarily tied to immediate
insurance products
• Funded by Zurich Insurance for
~1-year effort
– Under think tank, not commercial,
agreement
• Result in report on global pools
of cyber risk, understandable to
boards, other executives
• Major launch event in 2Q2014
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
2
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
3. Traditional Cyber Threats
“Cyber” just means interconnected IT, but that increasingly means everything
Common Terms:
• Intrusion, hack
• Cybercrime
• Carders
• Russia, East Europe
• Stolen identity, credit
cards, records
• Extortion
Internet
Criminals
Steal individual
records with
personal info to sell
Corporation X
23 October 2013
Hactivists
Spies
Militaries
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
3
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
4. Traditional Cyber Threats
Common Terms:
• Intrusion, hack
• DDoS (distributed
denial of service)
• Anonymous
• Patriotic hackers
Internet
Criminals
Hactivists
Disrupt network or
steal sensitive or
embarrassing info
Corporation X
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
Spies
Militaries
4
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
5. Traditional Cyber Threats
Common Terms:
• Intrusion, hack
• IP Theft
• China
• Advanced Persistent Threat
Internet
Criminals
Steal R&D, business
plans or negotiating
strategies
Corporation X
23 October 2013
Hactivists
Spies
Militaries
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
5
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
6. Traditional Cyber Threats
Common Terms:
• Stuxnet
• Shamoon
• Iran, US, China
• Cyber war, cyber conflict
Internet
X
Criminals
Disrupt network or
systems or even
upstream Internet
– very rare
Corporation X
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
Hactivists
Spies
Militaries
6
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
7. Non-Traditional Cyber Threats
The Cloud
23 October 2013
7
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
8. But This is All At the Level of
Individual Organization
What About the Systemic
Risks?
Mainstream cyber risk management is markedly
similar to that for financial prior to 2008!
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
8
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
9. Cyber Sub-Prime
• Cyber is in the same place finance was prior
to 2008
• Examination of cyber risk pools
• Analysis of key factors
• Recommendations
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
9
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
10. Cyber Sub-Prime
Cyber is in the same place finance was prior to 2008
• Risk only examined one organization at a time
• Risks passed outside organization into unknown pools
• Little if any governance of the system as a whole and
complex interdependencies ignored
• Led to catastrophic global failure, even for those
organization which handled internal risks correctly!
• We are heading for similar fate with global aggregation of
cyber risk
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
10
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
11. Overlapping Pools of Systemic Cyber Risk
1 A 0 1 1C
0 T 1 0 0
Y
0
0 0 0
1 L 1 1 1B
0A 0 0 0E
1N 1 1 1
R
0
0 0 0
• Electrical, finance
• Conflicts, malware pandemics1
1 T 0 1
• Bandwidth and Internet infrastructure
• States: China, Russia,0US 1 0 0 S
I
like IXPs, submarine cables, security
• Non-states: Activists, 0 C 0 0 0 T
1
1 1
tokens
Anonymous, organized crime 1
A
0
0 0
• Embedded devices: ICS, SCADA
• Intrusion, disruption, theft of 0
1 C 0 1 1T
• Some key companies: MSFT
IP, espionage
0O 1 0 0E
• Networking standards like BGP and DNS
1
0 1 1
• Internet governance
C
0U 0 0 0
1 N 1 1 1R
0 C 0 0 0A
1
1 1 1
F
0 I 0 0 0
1 L 0 1 1T
0 1 1 0 01
1 0 0 1 10
0 1 1 0 01
China
• Desktop, server, data 1 0 0 0
0 1
Counterfeit
centers, networks, 1 0 1 1 1 0
security
components,
• Software: in-house, legacy, 0 1
0 0 1 0
software
custom, commercial,1open 1 1
1
0 1
0 1 1 0 00
Global logistics chain
source,
1 0 0 1 11
• Internet of everything and digital economy
0 1 1 0 00
largely w/o human intervention
1 1 0 1 11
• Embedded medical, human enhancement,
0 1 1 0 00
11
driverless cars, etc
0 1 0 0 01
Upstream
Infrastructure
Outsourced and
Contract
• China, India
• Manufacturing
• Professional: HR, legal,
accounting, consultancy
• Defense industrial base
Supply Chain
Counterparties
and Partner
•
•
•
• Trusted
interconnections
• Dependence
External Shocks
Internal Enterprise
Disruptive Tech
12. Highest Hazard
Notional Quad Chart
Disruptive Tech
Every year, technology and business
processes push us further up and to
the right!
Lowest Hazard
Supply Chain
External Shocks
Upstream
Infrastructure
Mitigated government action, resilience, standards, regulations
Outsourced and
Contract
Counterparties
and Partner
Internal Enterprise
Mitigated by risk management, resilience contracts, SLAs, MOUs
Most Control
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
Least Control
12
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
13. Analysis: The Upside
• Few if any single shocks could affect cyberspace in
any way that could transfer into a strategic shock
to the global economy
• Defenders are excellent at responding
• System has been extremely resilient day-to-day and
year-to-year
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
13
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
14. Analysis: The Downside
• Three separate vulnerabilities: interconnectedness and
complexity, lack of transparency, and lack of either local
control or system-wide governance
– Everything increasingly interdependent in unknowable
ways
– Tech and business models continue to push major risks
away from management understanding and control
– No system-wide governance
– In the face of catastrophic failures, not clear who
would be in charge or what levers they could use
– Few backup paths for crisis communication or manual
workarounds
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
14
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
15. Therefore
• Main concern is a failure of key multiple key
elements could lead to cascading failures
– Where is the next Lehman? The next subprime?
Expected future: Organizations will suffer ever
more frequent shocks like natural disasters … too
severe to ever be able to sufficiently protect
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
15
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
16. How?
• Either one shock that cascades completely
out of control or multiple shocks which
cascade and reinforce one another
• Examples: California earthquake, large cloud provider goes bust
(Enron-style fraud, Lehman-style misunderstanding of risk, etc), major
routing protocol failure or attack, slow deterioration of resilience and
defenses over time, major GPS outage takes out global precision
navigation and time signals
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
16
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
17. Three Recommendations for
Companies
1. Organizations can take basic and advanced
mitigations, depending on their maturity and
resources
2. However, since so much risk is external,
complex, and interdependent then resilience is
the main hope for companies
3. Board-level risk management including
insurance and other risk transfer options
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
17
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
18. Two Recommendations for
Governments and System-Wide Organizations
1. Far more focus on systemic rather than
organizational risk
2. Eventual goal for defense to be better
than offense
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
18
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
19. Notional Chart of Upstream Risks
Mitigated by
• SLAs
• Contracts
• MOAs/MOUs
• Resilience
23 October 2013
Upstream
Infrastructure
Disruptive Tech
Tight linkages
More so over time
Least Control
Causal
Upstream of all else
Telco/Internet
Energy
Finance
Supply Chain
Outsourced
and Contract
Counterparties
and Partner
Info only
Internal
Enterprise
Cascades farther downstream
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
19
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
Over time, more business critical functions move upstream….
Mitigated by
• Standards
• Regulations
• Governance
• Resilience
External Shocks
A
T
L
A
N
T
I
C
Limited Control
Mitigated by
• Government actions
• Resilience
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
Most Control
Near
Everywhere
Distant
Three Zones of Risk (?)
20. Cyber Risk Wednesdays
Events and social receptions are scheduled every
THIRD Wednesday of every month.
•
•
•
•
•
November 20
December 18
January 15
February 19
March 19
23 October 2013
Global Aggregation of Cyber Risk
Zurich and Atlantic Council
20
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01
21. Global Aggregation
of Cyber Risks:
“Finding Cyber Sub-Prime”
Cyber Risk Wednesdays
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
A
T
L
A
N
T
I
C
C
O
U
N
C
I
L
1
0
1
1
0
0
1
1
0
1
1
1
1
0
1
0
1
0
1
0
0
1
0
1
0
0
1
0
0
1
0
1
0
0
1
0
1
1
1
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
0
1
0
0
1
0
1
0
1
0
1
0
0
1C
0
Y
0
1B
0E
1
R
0
1
0S
0
T
1
A
0
1T
0E
1
C
0
1R
0A
1
F
0
1T
01
10
01
00
10
01
11
00
11
00
11
00
01