Cyber risks are constantly evolving and rogue operators are always thinking of new ways to ransom companies, block web access, hack emails etc. More knowledge and training for staff is forward thinking and could save your company reputation. Here’s some new data from Gallagher Re;
A new study conducted by Gallagher Re, a leading global reinsurance broker, evaluated Bitsight analytics of security performance data of 62,000 organizations across 67 countries and its own proprietary database containing cybersecurity incidents and claims. The study concluded that poor performance in certain key areas increased an organization’s risk of experiencing a cybersecurity incident and subsequent claim, while strong performance implied a lower risk of incident.
Key predictors of cybersecurity risk – valuable information for enterprise cybersecurity leaders and the cyber insurers that offer policies to cover that risk – include:
- External scanning data could improve insurance loss ratios: By using targeted external scanning data in addition to firmographics to identify and remove the most damaging 20% of risks, insurers could see a loss ratio reduction of up to 16.4%.
- “Cyber footprint” is a strong predictor of claims: The size of an organization’s attack surface – as measured by the number of IP addresses a company maintains – was found to be a strong predictor of claims. This is a significant finding for insurers, who traditionally have focused on firmographics to underwrite policies, like employee count, industry, or revenue rather than using technographic data.
- Single Point of Failure data and third-party dependencies are highly predictive of claims: As the enterprise tech stack grows, so too does the potential attack surface. Observed use of certain technology products materially increased the likelihood of a claim. This data holds great promise for the insurance industry and future risk modeling approaches.
- Cyber hygiene remains critical: From patching speed to the use of HTTP headers, proper deployment of SSL certificates, DNS security, proper endpoint management and more, nine Bitsight risk vectors measuring essential cybersecurity practices were found to be correlated with cybersecurity incidents. Taking care of the basics can measurably reduce risk of incidents.
“This study provides clear, actionable insights for both insurance companies and enterprises on the efficacy of security controls,” Ed Pocock, Global Head of Cyber Security at Gallagher Re. “Leveraging Bitsight’s data, we’ve not only established a direct link between weak cybersecurity controls and higher insurance claims, but also highlighted additional strategies for insurers to more effectively assess an organization’s cyber risk and potentially improve loss ratios.”
Additionally, enterprise cybersecurity leaders will be able to use these insights and analyses to prioritize their program investments, lower the probability of experiencing an incident, and make critical risk decisions.
“For years, Bitsight analytics have been independently proven to have strong correlation with security incidents,” said Derek Vadala, Chief Risk Officer at Bitsight. “Gallagher Re’s analysis demonstrates that there is even more to the story – that meaningful, new insights, such as assessing the risk of Business Email Compromise (BEC), can be created through analyzing different parts of our massive trove of data. We are excited by these findings and will continue to explore the incredible opportunities ahead of us.”
Download the full study here.
Be the first to comment