The expansion of the cyber insurance market is constantly under the threat of an accumulation event that would simultaneously affect a large number of policyholders. Very few experiences exist on such catastrophes, apart from worldwide cyber attacks like Wannacry and NotPetya in 2017 (in a context where cyber insurance coverage was lower).

Nevertheless, the very nature of cyber risk makes the occurrence of such events plausible in the future. There is therefore a need for stress-testing in order to be sure that a portfolio can resist to such a crisis.

In this perspective, the EIOPA recently published methodological guidelines specific to cyber. One of the most concerning scenarios is the potential vulnerability of a cloud outage catastrophe, that is the failure of a cloud provider whose solution is shared by a significant part of the portfolio.

In the present work, we propose a way to model and calibrate such kind of cloud outage scenario. We also provide a way to measure the level of diversification of a cyber insurance portfolio, and how this diversification may protect against such events. A by-product of our methodology is to provide guidelines to underwriters to help reducing the vulnerability of a portfolio to these cloud outage scenarios.

Keywords: Cyber insurance, stress scenarios, cloud outage, portfolio optimization.