SCISURE – AI for Cyber Insurance | Develandoo | Blog

SCISURE – AI for Cyber Insurance

As an AI specialist, I am constantly looking for new ways to optimise and help industries in their daily job by using Artificial Intelligence. One of the topics I am passionate about is Cyber Insurance and how to make it accessible to a wide variety of industries.

With a team of AI and Cyber Security specialists, we have decided to launch a new startup within Develandoo Labs called SCISURE which should achieve that mission.

 In this article, we are going to cover the following points to understand what SCISURE is.

  1. CYBER INSURANCE MARKET
  2. PROBLEM
  3. SOLUTION

CYBER INSURANCE MARKET

Cybercrime costs the global economy more than $400 billion a year and the costs will continue to grow in near future with more enterprises switching to Digital Age. 71% of insurance CEOs, 79% of banking CEOs (the highest of any sector) and 61% of business leaders across all industries see cyber-attacks as a threat to growth, ranking it higher than shifts in consumer behaviour, the speed of technological change and supply chain disruption.

This brings to that businesses across all sectors are beginning to recognise the importance of cyber insurance in today’s increasingly complex and high-risk digital landscape. In turn, many insurers and reinsurers are looking to take advantage of what they see as a rare opportunity to secure high margins in an otherwise soft market. Yet many others are still wary of cyber risk. But, how long can they remain on the sideline?

Cyber insurance is a potentially huge, but still largely untapped opportunity for insurers and reinsurers. PWC report estimates that annual gross written premiums are set to grow from around $2.5 billion today to reach $7.5 billion by the end of the decade and reach $20 billion in annual premiums by Q.1 2021.

Cyber insurance could soon become a client expectation and insurers that are unwilling to embrace it risk losing out on other business if cyber products don’t form part of their offering. In the meantime, many insurers face considerable cyber exposures within their technology, errors & omissions, general liability and other existing business lines.

Cyber criminals are constantly probing for weaknesses and adapting their tactics. And while our image of the perpetrators often centres on activists or organised gangs, they could just as easily be employees. The targets are also broadening. A clear example came from the insurance sector itself when a company was hacked for the tracking data they held on cargo shipments.

All these factors make cyber crime a costly, hard to detect and difficult to combat the threat. From an insurance perspective, while analogies are often made with terrorism or catastrophe risks, cyber risk is in many ways a risk like no other.

PROBLEM

While many insurance companies offer Cyber Insurance packages, many of them experience difficulties in providing exact high scalable scoring and risk assessment mechanisms. Currently, the demand for Cyber Insurance grows and Insurance companies need to increase the number of qualified employees who are able to properly assess and score Cyber Security status of the assessed company. Besides hiring new and new employees they constantly need to evolve and train people in their underwriting skills in order to guarantee correct insurance coverage and avoid financial losses both for the insurance company and for the assessed company itself.

Many companies try to solve scalability of their underwriting solutions by hiring third party providers or agencies E.G PWC, Accenture. Though this solves the issue short term, long term this is not the desired solution. Insurance providers have to be charged by third parties in advance, based on the services provided, data and client information is being shared between client, third party provider and insurance company, hiring these agencies is not a scalable solution cause the more demand the more prices will grow and not guaranteed that agencies will handle that amounts of loads.

Underwriting Cyber Insurance is not an easy task even if you have the proper quality and quantity of people. Insurers are still relying on historical data as well as tight policy terms and conditions and conservative pricing strategies in order assess and limit their risk exposures.

The cost of cyber insurance relative to the limit purchased is typically three times the cost of cover for more established general liability risks. Part of the reason for the high prices is the still limited number of insurers offering such coverage, though a much bigger reason is the uncertainty around how much to put aside for potential losses.

While underwriters can estimate the cost of getting IT systems back up and running in the same way as if they were put out of action by earthquake or flood, there simply isn’t enough data to estimate the further losses resulting from the brand impairment or compensation payments to customers, suppliers and other stakeholders. The uncertainty is compounded by the fact that cyber security breaches can remain undetected for several months, even years, which opens up the possibility of accumulated and compounded losses down the line.

SOLUTION

SCISURE is an automated risk assessment and Cyber Security scoring platform that works in conjunction with predictive modelling and human behaviour cognitive system. It provides insurers, reinsurers and underwriters unique ability to assess and score Cyber Security status of the target company in order to decide the type of coverage they should offer as a premium. SCISURE is a cloud-based platform, data is collected on several levels including customer specific data and industry data.  SCISURE is using AWS predictive modelling in order to analyse and structure huge amounts of unstructured data available online, segmenting it into useful information regarding the assessed client and builds prediction on top of it using unique algorithm and machine learning techniques.

There are many sources of cyber risks and they are divided into 3 p-s perimeter, people, and partners. Real time assessment is based upon an evaluation of a company’s resilience against these threats – at a single point-in-time. But as Dynamic threat intelligence scenarios evolve quickly and they are subject to more rapid change, external security scores can get out of sync with reality within weeks or months, for that purpose, SCISURE uses predictive modelling to define likability of breaches and rely on statistical analysis for up to date scoring.

When discussing an organisation’s security posture, “attack surface” is the common term used to describe the aggregate vulnerabilities that the firm exhibits. Prevailing wisdom holds that the attack surface is (at least in theory) a tangible, observable set of vulnerabilities. This is a useful guide for underwriters.  For that purpose, SCISURE analyses the attack surface first, so that it might discover critical weaknesses and enact measures to record those first. But the guidance is incomplete – the attack surface is far greater than the sum of its pieces and here predictive modelling comes to help. So how to Identify Attack surface? The most straightforward way to calculate cyber risk is to multiply the likelihood of a breach event by its probable impact. With proper estimates, of likelihood and impact, one can create a reasonably reliable estimate of the risk that a company or its customers will sustain damages. These damages represent the liability, which in turn heavily influence the expected cost of carrying cyber risk insurance. Now consider that both components of risk – likelihood and impact – can be easily estimated through an understanding of a company’s ability to identify, protect, detect, respond, and recover from a security event. These 5 activities represent the core of the NIST Cybersecurity Framework, widely regarded as the gold standard for gauging cyber breach readiness. SCISURE contains self-assessment wizard based on the above-mentioned framework which is using smart behaviour recording mechanism, combining with data collected during machine learning process one can identify, score and predict the likability of the breach in order to properly assess Cyber Security risks of the client.

A risk-based approach to cybersecurity priorities defence intelligence over threat intelligence. The threat of a cyber-attack does not gain in magnitude on its own – it only does so when it encounters an attack surface unprepared to detect, respond, and recover. Underwriters who seek to assess clients’ cyber-attack readiness will be best equipped to weather a storm if they continually assess and enhance the core values of defence intelligence using SCISURE.

Based on the data available online and self-assessment wizard, AWS prediction will perform statistical analysis and segment data to models in conjunction with IBM Watson’s cognitive analysis of human factor, SCISURE will be able to build predictive models for company assessment and risk scoring in order to identify client’s insurance coverage capacity.

SCISURE is the one and the only solution that combines effectively all these elements in one and uses heavily machine learning and predictive modelling to achieve the best-expected result.

Article published by A.I. Evangelist, Startup Advisor and Entrepreneur Albert Cyberhulk.

  • Topics:
  • Cyber Security

Top Stories

High Five! You just read 2 awesome articles, in row. You may want to subscribe to our blog newsletter for new blog posts.