Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. 

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. 

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

 
Perspectives

The Shifting World of Cyber Insurance

Randy-Streu
By Randy Streu
SVP, Global Channels & Alliances
January 5, 2022

Joe Uchill from SC Media shared a critical insight in this article on how the cyber insurance market bubble is bursting. Over the last 16 months, the statistics show a consistent increase in breaches and a rise in insurance payouts and loss ratios. The cyber insurance industry urgently needs to adopt practices that align with the reality of cybercrime.

Keeping up with the reality of cybercrime

Historically, insurance risk models have been based and trained on massive sets of historical data, which are modified minimally over time. And the overall direction of the data does not change radically year over year. Historic data is interesting for behavioral patterns but insufficient for predictive breach prevention that changes direction continuously. A company that has been relatively secure and unbreached for the past five years could be breached through an unknown attack vector tomorrow.

Cyber security is unlike any other industry model that cyber insurers have faced before. As a fast-paced and relatively new industry, it challenges insurance companies with the prospect of rapidly changing tactics and models. Digitization has swept over every organization, accelerating technology adoption and fuelling a growing external attack surface. Combine this with skilled attackers who continuously scan the internet for new attack vectors and security weaknesses, and you have an ever-changing IT ecosystem with an evolving threat landscape.

Add to that an over-reliance on outdated tools, increasing ransomware payouts and more avenues for cybercrime and it leaves an organization alarmingly exposed. To combat this apparent rise in risk and the pace of change in cybersecurity, there have been some insurance companies choosing to “opt-out” of the cyber business, while others are raising their rates and lowering their coverage, which is unsustainable. If insurance companies want to stay in the cyber security market and remain profitable, there needs to be a new and agile approach based on modern technology. 

Cyber Insurance industry needs to think like an attacker

Approaches that mimic attacker behaviors to assess risk not only during underwriting but also continuously throughout the policy will see more success.

The smaller, tech-centric insurance vendors have demonstrated an understanding of this already. Now, it is time for the heavyweights in the industry to adapt or opt-out. Cyber insurers can utilize external attack surface management solutions and look at their top insured organizations and assess their attack surface and associated risks. The CyCognito platform automates the process and combines guidance on the assessment so that users of the platform can clearly understand how much risk is associated. Insurers can immediately determine the real risk associated with an organization and decide whether or not to insure them.

Managing risk won’t be a one-off task, it can be an ongoing process of discerning risk due to the real-time data being fed into the platform. The data can be shared with the insured organizations in order to inform them about what they need to fix in order to potentially get a lower premium. Implementing an attack surface management program that provides external visibility, risk assessment of internet-exposed issues, and guidance to remediate is a strategy that benefits both insurers and the insured.


Topics



Search the Blog



Recent Posts






Tim Matthews
How to Budget for EASM
By Tim Matthews
November 18, 2024


Top Tags



CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.