Risk Based Security: PreBreach Risk Reduction Through Data Analytics

The insurance industry has a rich tradition of leveraging data to improve performance, with entire actuarial departments tasked with this mission. The tradition is stronger than ever and has expanded well beyond claim analysis into all aspects of insurance operations. However, when it comes to information security management, cyber insurance companies and their IT departments often lack the type of structured data that actuaries rely on for informed decision making. Answering the need for meaningful data, Risk Based Security provides expansive and actionable security threat intelligence feeds. By focusing on the drivers of data breach activity and comprehensive vulnerability intelligence, RBS delivers solutions that meet the needs of both IT security professionals and the underwriting departments providing cyber security insurance products.

The Cyber Risk Analytics (CRA) service forms the cornerstone of RBS’ insurance practice. Built on a comprehensive database of over 20,000 data breach events, CRA offers an immediate snapshot of an organization’s security posture by combining data breach experience with externally observable indicators of an organization’s security posture. With easy to consume five-star ratings, CRA gives vendor management teams a quick and unbiased picture of the security practices of their suppliers without the time and expense of detailed audits. For cyber insurance underwriting, the same tool can be used for understanding any applicant’s security posture and gaining visibility into the use of popular cloud services and applications that can drive systemic risk across an entire portfolio. The ability for one tool to deliver actionable intelligence across multiple units makes Cyber Risk Analytics a breakthrough product for the insurance industry.

“Our primary focus is listening to and working with our customers, ensuring that we are supplying the most timely, highest quality and most comprehensive intelligence,” describes Inga Goddijn, Executive Vice President, Insurance Products. “That means understanding both the type of information customers need and making it accessible via multiple options. Data breach intelligence as well as the security posture analysis reports we provide, known as PreBreach, can be downloaded from the Cyber Risk Analytics portal or accessed via API.”