Impact due to FAIR-MAM at Group Level
- 3 Minutes to read
- Print
- PDF
Impact due to FAIR-MAM at Group Level
- 3 Minutes to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Group Level FAIR MAM
In order to allow simpler management of FAIR MAM, the loss categories and drivers will now be available at the Group level and apply to all the risk scenarios of the Group. This will make it easier to manage any overrides of loss drivers at the group level instead of doing that for each risk scenario. Note that the ability to tune cost drivers at a Risk scenario will remain available.
With this change, 7 loss drivers have been split into scenario specific loss drivers and their benchmarks values updated to reflect current industry data. This allows end users to use leverage more specific benchmarks SAFE provides for risk scenario outcomes, as well as allowing end users to tune those benchmarks. This allows more accurate loss magnitudes to be calculated. As a result of these more specific benchmark values, this may result in overall Loss magnitude and ALE change for some risk scenarios that use these benchmark values.
The loss drivers have been removed and replaced with split drivers two modules as these drivers showed a high coherence with risk scenario parameters. They are under:
Business Interruption
Network Security
The following tables detail the categories that have been modified:
1. Business Interruption
Deleted | Added |
|---|---|
Number of days (direct BI gross profit loss) |
|
Number of days (direct BI revenue delayed) |
|
Number of days (direct BI OpCost) |
|
Number of hours (direct BI PR revenue) |
|
Number of days (revenue generated for 3P) |
|
Impact
The addition or deletion of these drivers should have no default impact. However, if any deleted drivers were tuned in the existing model, their tuned effect would be removed, and the replacement driver’s default effect would apply.
Exceptions being
The default max value in old model for Number of days (direct BI gross profit loss) is 21 when the revenue is greater than 5B, whereas it 10 for Number of days (direct BI gross profit loss) - [Ransomware] in the new model
The default max value in old model for Number of days (direct BI revenue delayed) is 21 when the revenue is greater than 5B, whereas it 10 for Number of days (direct BI revenue delayed) - [Ransomware] in the new model
The default max value in old model for Number of days (direct BI OpCost) is 21 when the revenue is greater than 5B, whereas it 10 for Number of days (direct BI OpCost) - [Ransomware]
The default max value in old model for Number of days (revenue generated for 3P) is 21 when the revenue is greater than 5B, whereas it 10 for Number of days (revenue generated for 3P) - [Ransomware] and Number of days (revenue generated for 3P) - [Wiper] in the new model
At a high level, the above driver’s max value gets impacted when the revenue is greater than 5 Billion.
2. Network Security
Deleted | Added |
|---|---|
Number of hours (IR forensic) |
|
Number of hours (Network IR legal) |
|
Impact
The addition or deletion of these drivers should have no default impact. However, if any deleted drivers were tuned in the existing model, their tuned effect would be removed, and the replacement driver’s default effect would apply.
Exceptions being
Defaults for old model - Number of hours (IR forensic) - [0,0,0] System Outage scenarios. New model - the defaults for DDoS and System Outage-Malicious has been updated to [15, 40, 85]
Defaults for old model - Number of hours (Network IR legal) - [0,0,0] System Outage scenarios. New model - the defaults for DDoS and System Outage-Malicious has been updated to [15, 40, 85]
At a high level, System Outage - Malicious will have an increase in loss numbers, on enabling this feature.
Note - The newly added Loss drivers listed above should be reviewed for their new values, when they are applicable in a risk scenario.
Was this article helpful?