---
title: "Guidewire Cyence Identifies Hundreds of Companies Impacted by Cyber Vulnerabilities"
url: "https://www.guidewire.com/fr/resources/blog/technology/guidewire-cyence-identifies-hundreds-companies-impacted-cyber-vulnerabilities.md"
language: "fr"
locale: "fr"
---

# Guidewire Cyence Identifies Hundreds of Companies Impacted by Cyber Vulnerabilities

2020-03-13T21:30:15Z

Our aspiration at Guidewire Cyence is to enable insurers to establish themselves as the ultimate cyber risk transfer destinations for their clients. Guidewire Cyence Risk Analytics is the most advanced cyber solution available—an economic cyber risk modeling solution that adjusts as the cyber landscape shifts. Guidewire Cyence continuously gathers data and updates economic models based on changing circumstances, delivering tangible benefits to insurers and their customers as they face the volatility generated from evolving 21st-century risks.

## Guidewire Cyence Identifies Hundreds of Companies Impacted by Cyber Vulnerabilities

### Conseiller Principal

George Ng est le Directeur de la technologie pour la division analyse et services de données de Guidewire, au sein de laquelle il dirige les produits et l’ingénierie, pour créer des solutions et des produits analytiques. Il a rejoint Guidewire après l’acquisition par l’entreprise de Cyence, dont il était cofondateur et directeur technique. Chez Cyence, George a conçu une plateforme d’évaluation des cyber-risques, qui associe la collecte de données internet, le machine learning et la modélisation financière, afin d’évaluer les risques issus des technologies.

![](https://edge.sitecorecloud.io/guidewiresodb06-guidewire0f2e-productioncd91-5186/media/project/guidewire/guidewire/people/gw-blog-authorsp2detail0029george-ng.jpeg?h=380&iar=0&w=505)

[LinkedIn](http://)

George Ng est le Directeur de la technologie pour la division analyse et services de données de Guidewire, au sein de laquelle il dirige les produits et l’ingénierie, pour créer des solutions et des produits analytiques. Il a rejoint Guidewire après l’acquisition par l’entreprise de Cyence, dont il était cofondateur et directeur technique. Chez Cyence, George a conçu une plateforme d’évaluation des cyber-risques, qui associe la collecte de données internet, le machine learning et la modélisation financière, afin d’évaluer les risques issus des technologies.

""

[Facebook](http://)

George Ng

""

[Twitter](http://)

### Technology

Our aspiration at Guidewire Cyence is to enable insurers to establish themselves as the ultimate cyber risk transfer destinations for their clients.[Guidewire Cyence Risk Analytics](https://www.guidewire.com/products/cyence/) is the most advanced cyber solution available—an economic cyber risk modeling solution that adjusts as the cyber landscape shifts. Guidewire Cyence continuously gathers data and updates economic models based on changing circumstances, delivering tangible benefits to insurers and their customers as they face the volatility generated from evolving 21st-century risks.

![](https://edge.sitecorecloud.io/guidewiresodb06-guidewire0f2e-productioncd91-5186/media/project/guidewire/guidewire/blog/images/blog-20200313-cyber-vulnerabilities.png)

To further our commitment, we’ve adopted a proactive approach to help insurers understand their exposures and craft strategies to mitigate losses.

**Guidewire Cyence Takes Action**

When a cyber vulnerability is identified by a credible source (such as [NIST](https://www.nist.gov/)), the Guidewire Cyence team works to reverse-engineer the identified vulnerability, but for a different reason from the hackers. By understanding the mechanism, our engineers isolate the publicly observable characteristics of a firm’s cyber profile that suggest its susceptibility to such a vulnerability. We leverage a custom assessment tool that collates these characteristics from our data collection engine and identifies the affected firms.

In a recent Cyber Bulletin, we informed our customers of the following vulnerabilities that were recently discovered in commonly used hardware and software. Guidewire Cyence customers could then determine if these vulnerabilities impacted the companies in their portfolios and contact their affected policyholders to inform them of the patches and other safety workarounds.

### [Zyxel NAS and Firewall Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2020-9054)

A [vulnerability](https://www.kb.cert.org/vuls/id/498544/) was discovered on Zyxel NAS (Network Attached Storage) and firewall products. This vulnerability could allow attackers to remotely execute code on a vulnerable device.

Zyxel released [patches](https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml) for devices that are in their warranty and support period, but the vulnerability also affects unpatched devices that are no longer under warranty. *Guidewire Cyence identified* *126 companies* in the Guidewire Cyence database that could be impacted for this reason.

### [Microsoft Exchange Server Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2020-0688)

A vulnerability was discovered in Microsoft Exchange Server that could allow an attacker to run arbitrary code on the server, thereby fully compromising the server.

The vulnerability exists in Microsoft Exchange Server 2010, 2013, 2016, and 2019. Although Microsoft has released program [updates](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688) that eliminate the vulnerability, *Guidewire Cyence has identified* *591 companies* in the Guidewire Cyence database that use this software and could be vulnerable.

### [Apache Tomcat Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2020-1938)

A vulnerability was discovered in Apache Tomcat that could allow an attacker to perform the following actions:

- Install and execute programs
- View, change, and delete files
- Create new accounts with full user rights

The vulnerability exists in all supported versions of Tomcat. The Apache Software Foundation has released [updated versions](https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31) that eliminate the vulnerability. *Guidewire Cyence identified* *619 companies* in the Guidewire Cyence database that use this software and could be vulnerable.

**Guidewire Cyence Support**

Guidewire Cyence products provide meaningful benefits to insurance companies and their customers. Not only can insurers proactively guide their customers to avoid the pain and cost of a cyberattack, but insurers can better manage their business over the long run. Guidewire Cyence products enable insurers to apply their expertise and capital more confidently.

If you are an existing Guidewire Cyence customer, our team can examine the companies in your portfolio and identify those that might be vulnerable to the described issues. To request this service or to ask a question, contact us at cy-support  guidewire.com.

A special shout out to Andy Zhang, Principal SecOps Engineer for Guidewire Cyence, for evaluating the vulnerabilities and architecting the assessment scans.

![](https://edge.sitecorecloud.io/guidewiresodb06-guidewire0f2e-productioncd91-5186/media/project/guidewire/guidewire/blog/thumbnails/guidewire-cyence-identifies-hundreds-companies-impacted-cyber-vulnerabilities.png?h=337&iar=0&w=590)

[See More Articles](/fr/resources/blog)

## ""

[See All](/fr/)