Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
Determining whether you should quote or decline a cyber insurance applicant is an extensive and critical process. Typically, the decision is made after gaining an understanding of what the company does, identifying critical application information, and considering your organization’s risk appetite. But are you able to verify whether the decisions you’ve made are valid?
If I were to ask you whether your cyber risk underwriting strategy is mature, your first question would likely be: “How do you define mature?” It’s a great question! Here’s the answer: A mature cyber risk underwriting strategy considers all relevant underwriting issues when assessing an applicant's or insured’s risk profile.
Most insurers find that the cyber insurance renewal process is fairly efficient from a time perspective—but it’s not very effective. In other words, they are able to quickly re-underwrite a company in their portfolio, but don’t have any better understanding about the insured’s security posture to see whether the risk has changed and is still suitable to keep on the books.
In many lines of insurance, claim activity is part of the norm—and it’s expected that you’ll have to underwrite to losses consistently. For example, in casualty lines, it’s common to have workers file for worker’s compensation because of an injury they experienced on a job.
A loss trend can be defined as a projected loss expectation based on historical data. If you find that past losses might be indicative of potential future losses, you can then use this information to price your services accordingly.
As an underwriter who’s constantly trying to balance being both quick and careful, the worst thing you can do is treat every single applicant the same. Doing so can ultimately be setting you up to take on more risk than you’d expect. Of course, the more experience you have, the better you’re able to quickly assess a company’s risk posture.
Considering aggregate portfolio risk is critical for insurance companies—which means it’s important to differentiate between concentration risk and aggregation risk.
If you’re involved in the cyber insurance underwriting process—from the transaction to the ongoing operations—you’re constantly looking for things to help you (and your team) select better risks. Here are three specific ways Bitsight’s Security Ratings platform can play an integral role in the underwriting process.
As an underwriter in the cyber insurance industry, you know that insurance is all about information. You’re responsible for making decisions about your applicants based on the details given to you—but you’re also aware of the potential for asymmetry in this information.
Over the past couple of weeks, a major issue has surfaced affecting numerous companies that use MongoDB to store their data. Those who install MongoDB on a server and use default settings are exposing their data to the internet and allowing anybody to browse the databases, download information, and erase them entirely. Many companies are unaware of the vulnerability and that their information may be exposed to hackers. Criminals are reacting quickly and opportunistically by stealing data, then asking for a ransom. To make matters worse, some criminals asking for a ransom don’t actually have the data, so when the ransom is paid, companies are still left without answers. In addition to MongoDB, it was reported that clusters of Elasticsearch, an enterprise search engine has also been hit with ransomware.
As insurers underwrite their book of business, they must have a good grasp on what potential losses could look like for each of their applicants. To better understand this, they evaluate hundreds of metrics—including those related to cybersecurity. But understanding an applicant's cyber risk is much more complex than it was 20 years ago.
Written with the assistance of Dan Dahlberg, Ethan Geil, and Ross Penkala.
While cybersecurity insurance is a relatively new line of service in the industry (it’s only been around for the last 10-15 years), it is currently the fastest-growing form of insurance. And it’s no wonder—today, a data breach at a large company could cost hundreds of millions of dollars. Spurred on by recent increases in breach activity that have resulted in direct consequences and major costs to companies in every industry, more and more organizations are looking to transfer some cyber risk to insurance companies.
What does cyb
What does cyb
PwC recently published The Global State of Information Security Survey 2016, which highlights security trends in a number of industries and key themes across all industries.
Organizations have come to depend on cloud service providers for key services - from email and domain registrars, to payment processors and certificate authorities. According to the 2015 Cloud Computing Survey by IDG, 72% of organizations had at least one application in the cloud or a portion of their computing infrastructure in the cloud. As companies move key business processes to a SaaS environment, it is becoming increasingly difficult to monitor and protect sensitive data. Your organization may have excellent data security programs in place, but are your vendors -- and their own vendors -- following similar standards? Do you know exactly where your data lives and can you measure how effectively your information is being protected? Furthermore, what impact does a cloud service disruption have on your business operations?