Cyber attacks have become the most prominent threat or disruption to business entities in recent years. Corporate entities are concerned about damages to their brands, the stability of revenues, and the safety and privacy for their employees and customers because criminals have become more sophisticated at figuring out standardized security and evading defenses. Specifically, cyber attacks present unprecedented challenges to 21st century enterprises because of the speed of occurrence and severity of damage, along with the enterprise’s vulnerability to keep up with the evolving complexity and volume of cyber threats.
Unprecedented Challenges in the Industry Landscape
When reading into the numbers, we see that the implications are beyond shocking and are particularly evident in the following areas:
Speed of occurrence – 82% of breaches happened in minutes. Most of the perimeter and encryption defenses that organizations employed and spent millions of dollars on can be penetrated within minutes. To put things into perspective, an average large-sized company generates more than 100,000 alerts each day. Let’s hypothesize that there is one intruder in that pool. Detecting that single attack is like finding a needle in a haystack—with the added urgency to find that needle in minutes or even seconds. Before you know it, the intruder is sitting in the system for eight months and much harder to be discovered.
Enterprise vulnerability – In the Cisco 2018 Security Capabilities Benchmark Study that involved more than 3,600 respondents across 26 countries, 93% of organizations received security alerts daily, among which 44% of security alerts were not investigated. Of the 56% of security alerts investigated, 34% were deemed legitimate threats in which nearly half (49%) were not remediated. This means a shocking total of 49.6% of respondents in this study were exposed to cyber risk on a daily basis.
Severity of damage – In the same Cisco study, data breaches were proven to cause serious economic damage to organizations. Among the respondents, 53% of cyber-attacks resulted in damages over $500,000, and nearly 20% resulted in damages over $2.5 million dollars, including (but not limited to) lost revenue, customers, opportunities, and out-of-pocket costs.
Take a Proactive Approach with Cyber Insurance
Unfortunately, building a sound enterprise-wide cybersecurity mechanism for protection is easier said than done. With the proliferation of connected devices, the cloud, and Internet of Things (IoT) deployments, the expanding exploitation and attack opportunities cause threat levels to rise at an exponential rate, outpacing traditional security tools and defensive capabilities. This trend creates an urgency that extends the narrow focus on standard IT defensive mechanisms—such as firewalls, endpoint security, and anti-virus software—to a broader vision that uses new means of added protection. Shifting from “reactive” to “proactive” cybersecurity strategy, cyber insurance shines a light on the dark age of widespread cyber crimes for enterprises. It also ensures business continuity.
Advanced Cyber Risk Modeling Overcomes the Technology Gap
Unlike natural catastrophes like hurricanes or earthquakes, cyber risk involves active adversaries: malicious actors who can quickly alter their attack vectors and potentially affect clients in a systemic manner. Therefore, potential insureds are wary of the value of innovations in the complex area of cyber insurance. Underwriters themselves are facing the daunting task of addressing risk selection and accumulation management challenges in a world of limited authoritative data sources and standardized analytics solutions.
To overcome this technology gap, Guidewire Cyence™ Risk Analytics (Cyence) was created as an analytical tool to help insurers, reinsurers, regulators, and brokers better understand the impact of 21st century cybersecurity risks in dollars and probabilities. The Cyence development team believes that relying on technical risk associated with cyber attacks alone is insufficient to arrive at an accurate assessment of enterprise cyber risk. For this reason, Cyence further leverages a variety of econometric risk models and real breach data aggregated from multiple sources, incorporating data that:
Measures companies’ cyber posture from the perspective of people and processes
Reflects adversary motivation
Examines attack capabilities and tools
Indicates the impact of a well-timed attack—in the past, present, and future.
Through a process called “data listening,” vast amounts of technical and behavioral data are collected at petabyte scale, including those that are public, open source, proprietary, and belonging to third parties. The solution then curates the data and applies sophisticated machine-learning techniques to find the signal through all of the noise. This unique approach combines economic/risk modeling, cybersecurity, and big data analytics to create an economic, cloud-based, cyber-risk modeling platform to help prospect and select risks, assess and price risks, manage portfolio risk accumulations, and develop new insurance products with confidence.
Closing Remarks
For things that are dearest, most important, and valuable to us, we come up with ways to protect them. Insurance policies, laws, safe deposit boxes, and security guards are all ways to safeguard whatever is precious to us. Cyence Risk Analytics was created for the same purpose by providing an analytical foundation to reinforce the fledgling but critical cyber insurance marketplace. As a result, Cyence enables insurers to deliver accurate cyber insurance coverage to assure digital assets, reputation, business continuity, and the privacy of employees and customers—all of which are deemed indispensable to modern enterprises.
To learn more about Guidewire Cyence Risk Analytics:
Data sheet: Guidewire Cyence Risk Analytics
Video: Allianz Customer Testimonial
Video: Quantifying Cyber Risk