One Article Review
| Source |  Kovrr |
|---|---|
| Identifiant | 8393597 |
| Date de publication | 2022-10-25 00:00:00 (vue: 2023-10-10 07:25:34) |
| Titre | Importance des modèles de risque validés par l'assurance pour quantifier le temps de cyber-risque, les modèles de risque de haute qualité deviennent de plus en plus précis en raison de la validation et de l'étalonnage continus. Importance of Insurance-Validated Risk Models to Quantify Cyber RiskOver time, high-quality risk models become increasingly accurate due to continuous validation and calibration.Read More |
| Texte | By its nature, cyber risk is dynamic. New events happen and evolve all the time, making it difficult for enterprises to financially quantify their financial exposure to cyber attacks. Around two years ago, for example, distributed denial-of-service (DDoS) attacks were making headlines, and now ransomware has come into heightened focus. It\'s reasonable to believe that other types of attacks will emerge in another two years and continue to change thereafter.Yet even though cyber risk evolves, itâs possible to understand what the financial implications of an attack might be by using whatâs known as a cyber risk quantification (CRQ) model. These models analyze past events to predict what the financial impacts of future cyber events might be.But not just any model will do. Enterprises need insurance-validated risk models, meaning the model is strong enough and has both the breadth and depth of data to be trusted to quantify cyber risk across an insurerâs large portfolio. Enterprises need this level of sophisticated models, which are continuously validated at scale, if they want to be prepared. Otherwise, they may be using a stagnant quantification method that limits their ability to account for their financial cyber exposure to current and future new threats.Modeling the UnknownPart of quantifying something dynamic like cyber risk means having a robust modeling framework. Using whatâs known as impact-based modeling allows for quantifying âknown unknowns.â In other words, a modeling framework that can reflect new emerging threats and utilize risk models that tie together multiple areas of risk â for example, certain events affecting an enterprise, the severity of past attacks, the frequency of events, etc. â can come to a conclusion about the financial impact of future events. Even if the specific type of attack remains unknown, enterprises can at least have a sense of what their exposure would look like by relying on impact-based modeling, which provides an estimation for potential financial losses that will be driven by cyber events. âContinuous Validation and Calibration Over time, high-quality risk models become increasingly accurate due to continuous validation and calibration. As new cyber threats emerge, so too does a deeper understanding of event footprints, the technology or third party service provider involved, and the propagation pattern of the infection. While itâs important for companies to be aware of evolving cyber threats and types of attacks from a risk management perspective, such as to educate employees and mitigate attacks, putting a financial quantification on cyber risk is the most efficient way to understand âhowâ the attack landscape can affect a specific company. A $1 million loss, for example, is still $1 million whether it came from ransomware or a DDoS attack. By focusing on an impact-based approach, the emphasis is still on quantifying the loss, rather than trying to predict exactly how cyber events may evolve. A cyber risk quantification model can also be calibrated by looking at what the model projected and seeing how that aligns with events that actually occur over time. Doing so requires data at scale. If you only know the financial implications of events that occurred at, say, three companies, then that doesnât give much information to feed and calibrate the model. Yet if there are thousands of events to analyze, such as by looking across an insurerâs entire portfolio, that provides a much better view into whatâs happening across the cyber risk landscape. From there, this data can be used to improve the model. âBreadth and Depth of Data SourcesAs alluded to, a robust cyber risk quantification model requires data scale. Yet itâs important to have both a significant breadth and depth of data sources. Doing so enables a model to understand whatâs happening across indust |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | ability able about account accuracy accurate achieved acquired across actually addition advantage affect affecting aforementioned ago aligns all allows alluded also amounts analyze anonymized another any approach are areas around assess attack attacks available aware back based beauty become believe benefit better both breadth bring broad but calibrate calibrated calibration calibrationâ over came can canât carriers certain change circumstances collected collection come companies company conclusion continual continue continuous continuously crq current cyber cybersecurity data ddos deep deeper denial depth detail difference difficult digesting distributed does doesnât doing driven due dynamic educate effect efficient emerge emerging emphasis employees enables enough enterprise enterprises entire entities: especially essentially estimation etc even event events evolve evolves evolving exactly example exposure feed feeds financial financially flow flywheel flywheelthe focus focusing footprints framework frequency from future gain geographic get give going handle happen happening has have having headlines heightened help high how however huge impact impacts implications importance important improve improvement improvements increasingly industries industry infection information insurance insurers insurerâs involved its itâs just know known kovrr kovrras kovrrâs landscape large leads least level leveraging like likely limits look looking loops loss losses makes making management many may meaning meaningful means method might million mitigate model modeling models more most much multiple nature need new not now obligated occur occurred only opt other otherwise over own partners party past pattern perspective platform portfolio portfolios possible potential power precision predict prepared professional projected propagation proprietary provide provider provides publicly pulling putting quality quantification quantify quantifying ransomware rather read reasonable reflect relying remains report requires risk riskover robust say scale see seeing sense serves service set severity sifting significant solid something sophisticated sources sourcesas specialized specific stagnant strengthen strengthening strengthens strong success such tapping technology than thatâs themselves then thereafter these third thoroughly though thousands threats three through tie time today together too touch train trusted trying two type types understand understanding unique unknown unknownpart unknowns use used using utilize validated validation vendors very view want way well what whatâs where whether which wide will words would years yet âleverage âready ââlikewise â âhowâ âknown ââ in â a â even â having â insurance â âbreadth â âcontinuous â âtapping |
| Tags | Ransomware Prediction |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.