PRECISE AND RELEVANT CYBER RISK INSURANCE SCORE

Assessment of cyber risk based on de-facto cyber standing of a prospective client

Go beyond official business reports to establish a thorough understanding of actual risk one online company is exposed to.
Problem
Companies own growing amount of confidential user data
While this is an inevitable effect of a general shift towards digitalisation and growth of e-commerce sites, a persistent increase of data breaches mean businesses need to take cybersecurity onboard, seriously and systematically.In 2018, the European Union issued GDPR, legal regulation in the field of data privacy which prescribes high fines for user data breaches. As a result, all the industries made a push towards the adoption of a higher standard of security measures, but the need for a more comprehensive solution to potential damage and fines emerged.This opened the door for the insurance industry - Cyber Risk Insurance policies were established by all major insurers, to provide financial cover for the damage caused by a cyber attack and fines imposed by the EU.
All of a sudden, cyber risk insurance without proper investment in the improvement of cybersecurity posture seemed like an easy fix for many: once inevitable data breach happens, the insurer covers the cost, and business continues as usual. But there’s a flip side to this model: fines are often exceeding the policy coverage limits and user trust and reputation loss are hard to compensate for.On the insurer side, offering cyber risk policies to companies that are highly exposed to risk, either through their lack of security measures or via 3rd parties, means shooting oneself in the foot.
Challenge
Risk assessment of real cyber standings
To establish correct premiums for Cyber risk policies that reflect the real cybersecurity status of a client, comprehensive and precise cyber risk score has to be calculated. Since Cyber risk insurance is a fairly new product, the industry hasn't developed assessment methodology that takes the real status of a website in account - at the current state, it relies on industry averages and number of users on the platform as only available metrics.
That this is not enough is not hard to foresee - two companies can operate in the same industries with a similar number of users, and yet have completely different risk status, due to one’s lack of cybersecurity measures, bad security practices or 3rd party provider that is highly vulnerable.
Understanding the complete picture of one’ cyber posture, including risk one is exposed through 3rd parties, and scoring it accordingly is critical for insurers to establish correct premiums and protect its business.
Solution
Scoring one’s assets and network for best results
Abstract algorithm checks a company’s cyber status form technical perspective, looking for key vulnerabilities, open ports, server misconfigurations, existing breaches and much more. What Abstract offers, in addition to the above-mentioned target risk assessment, is a complete and thorough cyber mapping, that relies on our Connected Entities feature. Our tool is able to unveil target company’s cybersecurity landscape, including all dependencies and 3rd parties, their status and cyber risk, and calculate an accurate coefficient of risk associated with the use of their services or other forms of co-operation.
This enables us to provide to insurers much more accurate and reliable risk score that reflects real cyber standings of both potential clients and their 3rd parties, that are being increasingly recognised as a major cause of data breaches and other cybersecurity issues.
Read more about Brand Protection on our Blog