Determining how much or how little coverage to offer potential insureds is critical to success in the cyber insurance industry and is based on their customer’s real risk. However, if the amount is not reflective of the customer’s real risk, the annual premium could be too high and the customer will pass on coverage altogether. If the coverage is too low, the insurance company could potentially be accepting more risk than it can tolerate – particularly if an insured’s susceptibility to experiencing a cyber event is high, resulting in an insurance claim.
It’s a risky dilemma that Cybeta has solved with its proprietary Threat Beta service.
Traditional approaches used by retail insurance to quote cyber coverage have typically involved ‘back-of-the-envelope’ calculations and rough estimates. These have been based primarily on basic commercial details about the business seeking coverage: total revenues; industry sector; the number of employees; types of records kept and whether these include protected health information (PHI) or meet payment card industry (PCI) data security standards; and the regulatory fine or cost per record in the event of a successful breach.
This approach has its limitations. For example, one company operating within one industry experienced a cyber-attack that cost millions of dollars. It’s wrong to assume that a peer competitor will suffer the same fate in terms of cost if it’s attacked in the future.
Not only are threats and methodologies constantly changing, but assumptions like these also ignore individual cybersecurity cultures and the technologies used in these environments.
Threat actors target technologies, not companies.
If one company experienced an attack based using a specific product and version of a vulnerable protocol server that was exploited, it does not mean the same result will occur at a second company, particularly if similar services or infrastructure or controls are not in place.
Determine Cyber Insurance based on Real Risk
A better way to calculate the accuracy of a potential insured’s real risk, in other words, a more precise way to quantify threats, is found in data science. Cybeta’s data scientists have found that using their Threat Beta predictive indicator will do two things: ensure the insured is receiving adequate cyber insurance relative to their unique threat landscape, and ensure the insurance carrier is taking on a risk they can tolerate.
Threat βeta™ – A Predictive Indicator of Risk
Threat Beta is a forward-looking predictive indicator of risk rooted in advanced machine learning and statistical data analysis that aims to better define threat quantification using three fundamental analytical inputs:
Discoverable Network Footprint: Mimicking an external view used by today’s threat actors, we leverage our national security expertise to better understand an organization’s attack surface using specialized reconnaissance techniques.
Weighted Vulnerability Record: Depth and breadth of discoverable technologies are mapped and compared against thousands of other companies with similar network characteristics, and weighted based on a variety of factors, such as vulnerabilities and exposures tied to those technologies.
Attack Likelihood: Proprietary scoring is assigned to each technology based on attack likelihood, frequency, and severity using a combination of open-source and real-time threat metrics derived from advanced machine learning and automatically mined deep and dark web sources
These three elements are considered and augmented with more than 120 other data feeds to derive a Threat Beta rating. The rating is used as a predictive cyber threat barometer and designed like a stock beta, normalized on a 0-2 scale.
Using Threat Beta, customers can understand their score relative to an industry average and can compare against any subset of data, technologies, and benchmarks. It allows cyber insurance and insureds alike to better understand the overall susceptibility of their network environment to a cyber event. Through these calculations, Threat Beta offers a more precise estimation of the maximum probable cyber loss.
Cybeta Improves Cyber Risk Accuracy
Cybeta empowers insurance brokers to uncover strengths and weaknesses in clients’ cybersecurity capabilities, detect emerging cyber threats, evaluate clients’ threat levels against that of their competition, and make real-time decisions on coverage limits. Threat quantification also considers the likelihood of various attack categories, such as distributed denial of service (DDoS), malware, or phishing, among many others, providing obvious intelligence on how network defenders should provide resources and defenses against the highest probability of exposure.
Cybeta lets insurance companies and their clients think in terms of over-the-horizon visibility coupled with enhanced peripheral vision. This improves the accuracy of cyber risk estimation, provides a solid basis for insurers to set limits and premiums, and allows insured companies to obtain appropriate coverage for their actual risks.
https://www.cybeta.io/wp-content/uploads/threat-quantification.jpg8001200Armond Caglarhttp://www.cybeta.io/wp-content/uploads/logo-transparent.svgArmond Caglar2022-04-02 04:50:532022-12-15 17:21:39Threat Quantification: Determining the Right Cyber Insurance Coverage
Cybeta generates predictive analytics about the likelihood of future cyber events while delivering actionable intelligence focused on pre-attack infrastructure, supply chain risk, and metric-driven technology intelligence.We are comprised of former national security professionals and data science experts who do not believe you can automate human expertise.
Chicago: 30 South Wacker Drive Floor 22 Chicago, IL 60606
Indianapolis: 12175 Visionary Way Suite 880 Fishers, IN 46038