Vendor Cyber Risk Management

Perhaps you remember Fazio Mechanical, the unfortunate HVAC contractor that was the access point to Target for its massive 2013 data breach. Using network credentials stolen from Fazio, attackers broke into the retailer’s network in November, 2013. Data containing the names, mailing addresses, phone numbers, email addresses and payment card information for up to 70 million people was compromised.

Fazzio Mechanical was far from an anomaly. Hackers often look for vulnerabilities in vendors’ security systems as a way into a target company’s network. Supplier networks are often more vulnerable than those of the target enterprise, which may have more resources devoted to security. Home Depot and Boston Medical Center are other examples of organizations that were breached as a result of compromised third parties. Recently an Indiana hospital paid hackers to unencrypt patient records that were targeted in an attack launched through an outside vendor’s account.

Network security is increasingly as a key consideration in vendor risk assessment, and companies are starting to integrate cybersecurity into their supplier qualification criteria. A number of cybersecurity software companies offer tools to assess vendor cyber hygiene, and many do a good job of identifying security flaws and summarizing exposures through scoring systems or in easy-to-understand reports.

Dave Bradford. (2018, February 20). Vendor Cyber Risk Management [Blog].

This blog post in an excerpt of the original. The content originally appeared in Advisen Blog.

Equifax Breach Renews Calls for National Data Breach Standards

A series of congressional hearings focused on the Equifax data breach came with a call for a national data breach notification from the head of the US House of Representatives Financial Services Committee.

“If you are hearing my voice, you are either the victim of the breach or you know someone who is. That`s how massive this breach was,” said Rep. Jeb Hensarling (R-TX). “The criminals got basically everything they need to steal your identity, open credit card accounts in your name and cause you untold frustration and financial calamity.

Erin Ayers, Equifax breach renews calls for national data breach standards (October 9, 2017), available with subscription at Advisen Cyber Front Page News.

Economic Cyber Risk Modeler Cyence Names Advisory Board

Out from operating under the radar earlier this month, Cyence has now announced its advisory board of cybersecurity and insurance professionals.

The board is comprised of Richard Booth, Vincent “VJ” Dowling, Marc Goodman, Tom Hutton, Sean Kanuck and Barney Schauble.

Cyence said it has developed the industry’s first economic cyber risk modeling platform, quantifying cyber risk in probabilities and dollars. The company, based in San Francisco, launched from stealth on September 8.

Chad Hemenway, Economic cyber risk modeler Cyence names advisory board (October 17, 2016), available with subscription at Advisen Cyber Front Page News.

Giving Numbers a Voice: Making Use of Cyber Data in Insurance

July 06, 2016
11:00 am – 12:00 pm EDT

On Thursday, July 6 at 11am ET, Advisen will host a webinar that will look into cyber data trends and the role data plays in developing products used by insurers.

For more info and registration visit the link: http://www.advisenltd.com/events/webinars/2016/07/06/giving-numbers-a-voice-making-use-of-cyber-data-in-insurance/

Advisen Ltd. (2016, July 6). Giving Numbers a Voice: Making Use of Cyber Data in Insurance [Webinar]. In Advisen Events Webinar. Retrieved from http://www.advisenltd.com/

Cyber Risk Data Methodology for Insurance & Risk Analysis

Advisen’s Cyber Database is a proprietary relational database of information about various events which have or could have resulted in significant financial judgments or financial loss to corporate entities. Cyber events are particularly relevant to our clients, as cyber is a newly-emerging risk with evolving coverages and parameters.

Cyber Risk Data Methodology

This 10-page methodology document describes the principles and methodology of how cyber data is organized for Advisen’s clients.

This content originally appeared in Advisen Ltd. To read the full story, you must download the Cyber Risk Data Methodology for Insurance & Risk Analysis Report

Unlocking the Value in Cyber Data: Getting a Clearer View of Risk

January 2016

Advisen wrote a white paper that discusses the importance of evaluating the cyber risk of an organization, as well as underwriting and pricing cyber liability coverage. It looks at the importance of combining technology and insurance to improve chances that an organization can more quickly recover from a cyber attack. The free, 8-page paper is sponsored by PivotPoint.

Mitigating Cybersecurity Risks

Cyber risks have become a major threat that many organizations are wondering whether or not their cybersecurity investments are properly deployed and their insurance programs are as effective as possible.

This content originally appeared in Advisen Ltd. To read the paper, you must download the Unlocking the Value in Cyber Data: Getting a Clearer View of Risk Report.

Unlocking the Value in Cyber Data

December 02, 2015
11:00 am – 12:00 pm ET

Received wisdom in the cyber marketplace says historical data on the frequency and severity of cyber risk events is not sufficient to fully quantify the financial risk of cyber exposures.

But is this true? After all, the insurance industry typically refines models. It does not wait to have the perfect data. Rather than waiting decades, do we now have enough information for organizations to understand cyber vulnerabilities—and for insurers to build the marketplace and strengthen its role in improving cyber resilience?

On December 2, Advisen will host a webinar to explore what data the industry actually has today and uncover the value of this data for quantifying cyber risk.

This free, one-hour webinar is sponsored by PivotPoint Risk Analytics.