MONTE CARLO, September 9th 2024: – Lockton Re, the reinsurance business of the world’s largest privately held independent insurance broker, is pleased to launch its’ latest Cyber Report – THE ART AND SCIENCE OF CYBER RISK SCORING TECHNOLOGIES that evaluates a selection of vulnerability scanning technologies used by cyber risk (re)insurers. Increased complexity of digital networks brings with it growth in potential exposure for companies. By 2025, it is estimated that 50% of the world’s data will be stored in the cloud1 and with that dramatic change, the vulnerability to attack increases each year for companies both internally and through their downstream suppliers, including indirect reliance on services or technologies used by third parties.
Jacqueline Yeo, lead author of the report and Cyber Analytics Lead, Lockton Re, said, ”The development of this specialist technology illustrates the pace of innovation taking place in the cyber insurance industry. There is still a wide range of techniques deployed, as well as outcomes delivered, and users should be aware of the limitations of these tools. However, when used in conjunction with other underwriting and aggregation methodologies, scanning solutions can provide valuable additional insights. We researched the following emerging scanning tools with an independent data set: Cyberwrite, ISS, Kynd and Orpheus, to create the report”. It's important to remember that scans are not a silver bullet for cyber security, but rather part of a larger set of measures that can be combined to show the overall security position of a company. Vulnerabilities need to be interpreted with care. Not all vulnerabilities are equal, and context remains key to understanding risks.
Oliver Brew, co-author of the report and Cyber Practice Leader, London, Lockton Re, said “Cyber risk data providers play a valuable part in assessing cyber security risk. They can provide sensitivity tests for the exposure data used in the catastrophe models, as well as provide a key second view of risk. However, it’s important to use these tools as part of best practices in portfolio management, like those promoted by regulatory bodies and Lloyd’s of London in their regulatory capability matrix, to promote more than one view of risk”.
In the uncertain world of cyber modelling, incorporating different tools for a more comprehensive view of risk is an important way to benefit from the technological developments in vulnerability scanning, whilst avoiding some of the pitfalls of over-reliance on one model. Historically, the natural catastrophe world has seen several examples where outsized losses have occurred where models were found to be missing potential exposure. Scanning tools can be a useful addition to the modelled view of risk, to help mitigate this pitfall.
Read the full report here (opens a new window)