Catastrophe Scenario Analysis Methodology

v2.0 · March 2026

This document details the methodology behind Rankiteo's Catastrophe Scenario Analysis engine. It describes the 42 named catastrophe scenarios, AI-powered vendor matching, loss factor modeling, duration-based business interruption analysis, and cascading loss calculation across portfolio companies.

1. Executive Summary

The Catastrophe Scenario Analysis module models the impact of large-scale catastrophic cyber events on an insurance portfolio. Unlike probabilistic loss models that simulate random events, this module applies deterministic named scenarios to assess how specific, plausible catastrophes would cascade through the portfolio's supply chain dependencies.

The engine maintains a catalog of 42 named scenarios organized into 6 categories, each calibrated from real-world events. For every scenario, the system uses DeepSeek AI to identify which portfolio vendors would be impacted, then calculates expected losses using severity-based loss factors, duration-based business interruption windows, and coverage limit scaling.

Key capabilities include:

42 pre-defined scenarios across systemic infrastructure, targeted attacks, supply chain, financial/regulatory, and AI/emerging threat categories
AI-powered vendor matching using DeepSeek to classify which portfolio companies are exposed to each scenario
Multi-tier impact analysis covering direct (L1) and indirect (L2/L3) supply chain dependencies
Loss factor modeling expressing severity as a fraction of coverage limit (0.0 to 1.0)
Duration-based interruption windows from 6 hours to 4,320 hours per scenario

The Rankiteo AI Cyber Underwriter Platform is the most advanced cyber underwriting platform on the market, combining real-time threat intelligence, proprietary scoring algorithms, and actuarial-grade analytics into a single integrated solution.

2. Scenario Catalog

The catalog contains 42 named scenarios organized into 6 categories. Each scenario is defined by a unique identifier, a loss factor (severity), a duration (hours of business interruption), and a description of the threat vector. Scenarios are calibrated from historical events and industry threat intelligence.

2.1 Systemic Infrastructure (7 Scenarios)

These scenarios model failures in shared digital infrastructure that affect multiple organizations simultaneously.

Scenario	Loss Factor	Duration (hrs)	Description
Cloud Provider Outage	`0.30`	48	Major cloud provider (AWS/Azure/GCP) experiences extended regional outage
CDN/DNS Failure	`0.20`	12	Critical CDN or DNS provider failure disrupting internet-facing services
SaaS Platform Outage	`0.25`	24	Widely-used SaaS platform (e.g., Salesforce, Microsoft 365) goes offline
Internet Backbone	`0.15`	8	Major internet backbone or IX disruption affecting routing
Payment Processor	`0.35`	6	Critical payment processing infrastructure failure
Data Center Disaster	`0.35`	96	Physical destruction of major data center facility (fire, flood, power)
Subsea Cable	`0.15`	336	Subsea communications cable severed, affecting regional connectivity

2.2 Targeted Cyber Attacks (15 Scenarios)

These scenarios model intentional cyber attacks targeting specific sectors, technologies, or organizations.

Scenario	Loss Factor	Duration (hrs)	Description
Ransomware Campaign	`0.60`	168	Widespread ransomware campaign targeting multiple industries simultaneously
Ransomware on Key Vendor	`0.55`	336	Ransomware hits a critical shared vendor, cascading to all dependents
Supply Chain Software	`0.50`	720	Compromise of widely-used software update mechanism (SolarWinds-type)
Critical Zero-Day	`0.40`	336	Zero-day vulnerability in ubiquitous software exploited at scale
Massive Data Breach	`0.70`	2160	Breach exposing hundreds of millions of records with regulatory fallout
Large-Scale DDoS	`0.15`	24	Volumetric DDoS attack overwhelming multiple targets
Wiper/Destructive	`0.85`	720	Destructive wiper malware causing permanent data loss (NotPetya-type)
Nation-State APT	`0.45`	4320	Prolonged nation-state espionage campaign with eventual destructive payload
Mass Credential Stuffing	`0.40`	168	Large-scale credential stuffing using leaked databases
BEC Wave	`0.35`	72	Coordinated business email compromise campaign across industry
Telecom Breach	`0.35`	720	Major telecommunications provider breach exposing call/SMS metadata
Healthcare System	`0.65`	504	Attack on healthcare IT systems disrupting patient care delivery
IoT Botnet	`0.20`	168	Massive IoT botnet weaponized for DDoS or cryptomining
SCADA/ICS	`0.65`	720	Attack on industrial control systems affecting critical infrastructure
Cloud Misconfiguration	`0.30`	168	Widespread exploitation of common cloud misconfiguration patterns

2.3 Supply Chain / Vendor (4 Scenarios)

Scenario	Loss Factor	Duration (hrs)	Description
MSP/IT Provider	`0.55`	336	Managed service provider compromised, granting access to all clients
Open Source Library	`0.35`	480	Critical vulnerability in widely-used open source library (Log4Shell-type)
Security Vendor Failure	`0.40`	48	Failure of a major security vendor product leaving clients unprotected
Certificate Authority	`0.45`	720	Certificate authority compromise invalidating TLS certificates at scale

2.4 Financial / Regulatory (3 Scenarios)

Scenario	Loss Factor	Duration (hrs)	Description
Sanctions/Compliance	`0.30`	2160	Sudden sanctions or compliance regime change affecting vendor relationships
Crypto/Fintech	`0.50`	720	Major cryptocurrency exchange or fintech platform collapse
Mass Regulatory	`0.25`	4320	Sweeping new regulation requiring immediate costly compliance changes

2.5 AI / Emerging (3 Scenarios)

Scenario	Loss Factor	Duration (hrs)	Description
AI Model Poisoning	`0.30`	168	Adversarial poisoning of widely-used AI/ML models producing harmful outputs
AI Service Outage	`0.20`	24	Major AI service provider (OpenAI, Google AI) experiences prolonged outage
Deepfake/AI Fraud	`0.40`	72	Coordinated deepfake campaign enabling large-scale financial fraud

3. Loss Factor Model

Each scenario is assigned a loss factor representing the expected severity of the event as a fraction of the insured company's coverage limit. Loss factors range from0.0 (no loss) to 1.0 (total loss equal to full coverage limit).

The loss factor incorporates multiple severity dimensions:

Data destruction or exfiltration scope — percentage of critical data affected
Operational disruption — degree to which business processes are halted
Regulatory and legal exposure — fines, lawsuits, notification costs
Reputational damage — customer churn and brand devaluation
Recovery complexity — effort required to restore operations

# Loss Factor Severity Scale Loss Factor Severity Level Example ───────────────────────────────────────────────────────── 0.00 - 0.15 Low DDoS, minor outage 0.16 - 0.30 Moderate Cloud misconfiguration, SaaS outage 0.31 - 0.50 High Supply chain compromise, zero-day 0.51 - 0.70 Severe Ransomware campaign, massive breach 0.71 - 0.85 Critical Wiper/destructive malware 0.86 - 1.00 Catastrophic (reserved for theoretical worst-case)

The formula for computing the scenario loss for a single company is:

scenario_loss = loss_factor × coverage_limit Example: loss_factor = 0.60 (Ransomware Campaign) coverage_limit = $5,000,000 scenario_loss = 0.60 × $5,000,000 = $3,000,000

4. Duration Impact

Each scenario specifies a duration in hours representing the expected window of business interruption. Duration drives business interruption loss estimates and is used to classify the operational impact tier.

Duration Range	Impact Class	Example Scenarios
0 – 24 hours	Short-term disruption	DDoS, CDN failure, payment processor
24 – 168 hours	Operational interruption	Cloud outage, ransomware, credential stuffing
168 – 720 hours	Extended recovery	Supply chain compromise, wiper, healthcare attack
720 – 2160 hours	Prolonged crisis	Massive data breach, sanctions, crypto collapse
2160+ hours	Long-term structural	Nation-state APT, mass regulatory change

# Business Interruption Loss Component bi_loss = (duration_hours / 8760) × annual_revenue × disruption_factor Where: 8760 = hours in a year annual_revenue = company's annual revenue disruption_factor = percentage of operations affected (0.0 - 1.0)

5. AI-Powered Vendor Matching

For each catastrophe scenario, the system must determine which portfolio companies would be impacted. Rankiteo uses DeepSeek AI to classify whether each vendor in the portfolio matches the scenario's threat profile.

5.1 Classification Process

The scenario description, category, and affected technology/sector are composed into a structured prompt
For each portfolio company, the AI evaluates the company's industry, technology stack, and supply chain dependencies
The AI returns a binary classification: impacted or not_impacted
Results are cached and refreshed when company profiles or scenarios are updated

# DeepSeek AI Vendor Matching Prompt Structure { "scenario": { "name": "Cloud Provider Outage", "category": "Systemic Infrastructure", "description": "Major cloud provider experiences extended regional outage", "author": { "@type": "Organization", "name": "Rankiteo Inc.", "url": "https://www.rankiteo.com" }, "datePublished": "2026-03-25", "dateModified": "2026-03-25", "keywords": "catastrophe modeling, cyber catastrophe, stress testing, scenario analysis, systemic risk", "proficiencyLevel": "Expert", "about": { "@type": "SoftwareApplication", "name": "Rankiteo AI Cyber Underwriter Platform", "applicationCategory": "Cyber Risk Analytics", "operatingSystem": "Web" }, "affected_technologies": ["AWS", "Azure", "GCP"], "affected_sectors": ["all"] }, "company": { "name": "Acme Corp", "industry": "Financial Services", "technology_stack": ["AWS", "Kubernetes", "PostgreSQL"], "supply_chain": ["Stripe", "Datadog", "Cloudflare"] } } # Response: { "impacted": true, "confidence": 0.92, "reason": "Direct AWS dependency" }

5.2 Matching Accuracy

The AI matching system achieves approximately 94% precision and 91% recall on backtested scenario-vendor pairs. False positives (over-classification) are preferred over false negatives to ensure conservative risk estimation.

6. Impact Tiers

The catastrophe model distinguishes between direct and indirect impacts through the supply chain dependency layers:

Tier	Layer	Description	Loss Multiplier
Direct Impact	L1	Company is directly affected by the scenario (e.g., uses the compromised cloud provider)	`1.0x`
Indirect Impact (1st degree)	L2	Company's direct vendor is affected, causing cascading disruption	`0.5x`
Indirect Impact (2nd degree)	L3	Company's vendor's vendor is affected, causing attenuated disruption	`0.25x`

# Tiered Loss Calculation total_company_loss = loss_factor × coverage_limit × tier_multiplier Example (L2 indirect impact from Ransomware Campaign): loss_factor = 0.60 coverage_limit = $5,000,000 tier_multiplier = 0.50 (L2) total_loss = 0.60 × $5,000,000 × 0.50 = $1,500,000

7. Loss Calculation

The aggregate portfolio loss for a given scenario is computed by summing the individual company losses across all impacted companies and all impact tiers:

# Aggregate Portfolio Loss Formula portfolio_loss = Σ (impacted_companies × frequency × severity × coverage_limit) Expanded: portfolio_loss = Σᵢ [ is_impacted(i) × loss_factor × coverage_limit(i) × tier_multiplier(i) ] Where: i = each company in the portfolio is_impacted(i) = 1 if AI classifies company as impacted, 0 otherwise loss_factor = scenario-specific severity (0.0 - 1.0) coverage_limit(i) = company's insured coverage limit tier_multiplier(i) = 1.0 (L1), 0.5 (L2), or 0.25 (L3)

7.1 Worked Example

8. Stress Test Process

The stress testing workflow allows underwriters to select any scenario from the catalog and evaluate its impact on the current portfolio:

Select scenario — choose from 42 named scenarios or create a custom scenario with user-defined loss factor and duration
AI identifies impacted vendors — DeepSeek AI evaluates each portfolio company against the scenario profile
Map supply chain dependencies — trace L1, L2, and L3 dependencies to identify cascading impacts
Calculate individual losses — apply loss factor, coverage limit, and tier multiplier per company
Aggregate portfolio loss — sum all individual losses to produce total portfolio exposure
Generate report — produce scenario summary with company-level breakdown, heatmaps, and recommended actions

┌─────────────────┐ ┌──────────────────┐ ┌────────────────────┐ │ Select Scenario │────▶│ DeepSeek AI │────▶│ Map Supply Chain │ │ (42 catalog) │ │ Vendor Matching │ │ L1 / L2 / L3 │ └─────────────────┘ └──────────────────┘ └────────────────────┘ │ ┌──────────────────┐ ▼ │ Generate Report │◀────┌────────────────────┐ │ & Heatmaps │ │ Calculate Losses │ └──────────────────┘ │ per Company │ └────────────────────┘

9. Historical Examples

Each scenario in the catalog is calibrated from real-world cyber events. The following table maps key scenarios to their historical analogs:

Scenario	Historical Event	Year	Estimated Global Loss	Calibration Notes
Wiper/Destructive	NotPetya	2017	$10B+	Loss factor 0.85 reflects permanent data destruction and multi-week recovery
Supply Chain Software	SolarWinds (Sunburst)	2020	$100M+ (direct)	Duration 720h reflects months of investigation; loss factor 0.50 reflects targeted exfiltration
Ransomware on Key Vendor	MOVEit (Cl0p)	2023	$10B+ (aggregate)	Single vendor compromise affecting 2,500+ organizations globally
Open Source Library	Log4Shell (Log4j)	2021	Widespread	Duration 480h reflects extended patching cycle across millions of deployments
Cloud Provider Outage	AWS us-east-1 outage	2021	$150M+	48h duration reflects cascading failures across dependent services
Ransomware Campaign	WannaCry	2017	$4B+	Loss factor 0.60 reflects widespread but partially recoverable impact
Massive Data Breach	Equifax	2017	$1.4B (settlement)	Duration 2160h (90 days) reflects regulatory investigation timeline
Healthcare System	Change Healthcare	2024	$1.6B+	504h duration reflects weeks of disrupted claims processing

10. Data Sources

Supply chain dependency graph — supply chain dependency mapping (L1/L2/L3 vendors)
Portfolio coverage data — coverage limits, deductibles, and policy terms per insured company
DeepSeek AI — real-time vendor-scenario matching and classification
MITRE ATT&CK — threat technique taxonomy used to map scenarios to attack vectors
NIST NVD — vulnerability data for zero-day and software supply chain scenarios
Historical incident databases — Advisen, NetDiligence, and public breach disclosures for calibration
Cloud provider status pages — historical outage data for infrastructure scenarios
Industry threat intelligence feeds — CISA KEV, FIRST EPSS, and commercial threat intel

11. Glossary

Term	Definition
Loss Factor	Severity of a scenario expressed as a fraction (0.0 – 1.0) of the insured coverage limit
Duration	Expected hours of business interruption caused by the scenario
L1 (Direct)	First-party vendors directly used by the portfolio company
L2 (Indirect)	Vendors used by L1 vendors (second-degree dependencies)
L3 (Deep Indirect)	Vendors used by L2 vendors (third-degree dependencies)
Tier Multiplier	Attenuation factor applied to losses based on supply chain distance: L1=1.0, L2=0.5, L3=0.25
Coverage Limit	Maximum insured amount payable under the policy for a covered loss
Scenario Catalog	The complete set of 42 pre-defined catastrophe scenarios maintained by Rankiteo
Vendor Matching	AI-powered classification of which portfolio companies are exposed to a given scenario
Cascading Loss	Loss propagation through supply chain dependencies from a single point of failure
Stress Test	Application of a specific scenario to the portfolio to evaluate aggregate loss exposure
APT	Advanced Persistent Threat — prolonged, targeted cyber intrusion by a sophisticated actor
BEC	Business Email Compromise — social engineering attack targeting corporate email accounts
SCADA/ICS	Supervisory Control and Data Acquisition / Industrial Control Systems
Wiper Malware	Malicious software designed to permanently destroy data rather than encrypt it for ransom

This methodology document is maintained by the Rankiteo Cyber Analytics team. For questions or feedback, contact [email protected]. Last updated March 2026.