About – CATIS Center

The Cyber and Terrorism Insurance Studies (CATIS) Center is a proposed National Science Foundation (NSF) Industry–University Cooperative Research Center (IUCRC) focused on advancing the understanding, modeling, and insurability of catastrophic cyber and terrorism risks.

Jointly led by the University at Albany, SUNY and the University of Michigan, CATIS brings together academia, industry, and policy stakeholders to address some of the most complex and systemic risks facing today’s insurance ecosystem.

Our Mission

Today’s most complex risks cannot be addressed in isolation.

CATIS is dedicated to developing new tools, methodologies, and insights that improve how catastrophic cyber and terrorism risks are quantified, managed, and insured. Our mission is to:

Improve the accuracy and transparency of risk estimation
Align insurance pricing with real-world risk and resilience measures
Strengthen collaboration across the insurance, cybersecurity, and policy ecosystem
Support the development of sustainable and scalable risk transfer solutions

Why CATIS

Catastrophic cyber and terrorism risks are increasingly:

Systemic and interconnected
Influenced by emerging technologies such as AI
Dependent on complex infrastructure and global supply chains
Shaped by regulatory, economic, and geopolitical factors

These risks cut across traditional boundaries, requiring collaboration between insurers, reinsurers, infrastructure operators, modelers, cybersecurity experts, and policymakers.

CATIS provides a structured platform to bring these perspectives together and develop solutions that no single organization can address alone.

An Industry-Driven Research Model

CATIS follows the NSF IUCRC model, where industry members play a central role in shaping the research agenda.

Research priorities are defined by industry partners
Projects are selected collaboratively through the Industry Advisory Board
Academic researchers develop solutions aligned with real-world needs

This model ensures that research is practical, actionable, and directly relevant to the evolving challenges of the insurance ecosystem.

A Collaborative Ecosystem Approach

CATIS brings together a broad set of stakeholders across the cyber and terrorism insurance ecosystem.

This includes insurers, reinsurers, brokers, risk modeling firms, data analytics companies, cybersecurity vendors, incident response and law firms, policy and regulatory stakeholders, and critical infrastructure owners and operators.

Rather than focusing on a single segment of the market, CATIS is intentionally designed to operate across the full ecosystem.

Catastrophic cyber and terrorism risks do not sit within one sector. They cut across underwriting, modeling, cybersecurity practices, regulation, national security, resilience planning, and capital markets. Addressing these risks effectively requires coordination across all of these domains.

To reflect this, CATIS adopts a systems-level perspective. The figure below illustrates the interconnected stakeholders that shape the cyber and terrorism insurance landscape.

Cyber and Terrorism Insurance Ecosystem Overview

By engaging across this entire ecosystem, CATIS aims to improve alignment, reduce information gaps, and develop solutions that are practical, scalable, and relevant to all participants.

Focus Areas

CATIS focuses on advancing research and solutions in areas such as:

Catastrophic cyber risk modeling and scenario analysis
Terrorism risk quantification and simulation
AI-related risk and insurance frameworks
Capital market solutions for cyber risk
Policy and regulatory approaches, including potential federal backstops
Cybersecurity controls, resilience, and their impact on risk

Building the Future of Risk Resilience

CATIS is designed to serve as a national platform for innovation, collaboration, and impact.

By bringing together expertise across disciplines and sectors, the center aims to strengthen the foundations of cyber and terrorism risk insurance and support the development of more resilient, informed, and sustainable systems.