Risk Based Security: Actionable Threat Intelligence for Insurance Providers

Inga Goddijn, EVP, Insurance products
Every now and then, a high-profile cyberattack involving a prominent company hits the headlines. In addition to the millions of dollars they pay as fines and for recovery measures, there is significant brand damage and loss of trust. Financial organizations, especially insurance companies are often targets of backdoor cyber activities, as they handle billions of bytes worth of PII, ranging from credit card data for premium payment to medical records for claim handling. In recent times, the insurance sector has turned more to data analyticsfor risk assessment and decision-making – not only to to counter attacks on their own organization but also to assess their customer’s cyber risk. Catering to the unique needs of the insurance sector is Risk Based Security (RBS), a Richmond, VA-based company that offers customized solutions for turning security data into insights for competitive advantage.

According to Inga Goddijn, EVP, Insurance Services at RBS, understanding the security posture of vendors, business partners and the entire supply chain is essential for identifying and managing third party risk. To that end, RBS provides clients with an array of solutions that focus on identifying the most vulnerable vendors and help with improving their security posture. To do this, RBS delivers three unique services, VulnDB for monitoring of vulnerabilities in software and hardware, Cyber Risk Analytics for five-star security ratings on third parties and YourCISO for building and improving information security risk management programs.

What makes the RBS solutions especially well suited for the insurance industry is their flexibility. Take Cyber Risk Analytics (CRA) as an example. The CRA platform was born out of data breach research conducted by RBS researchers. In addition to capturing information on over 36,000 data breach events, the tool also gathers hundreds of data points for generating 5-star security ratings.
Practically any entity with an internet-facing presence can be assessed for things like server configuration, certificate analysis, indicators or compromise and much more. This data is rolled up into easy to understand security ratings, which can be used for both managing vendor risk as well as underwriting cyber liabilityexposures. This is a real win for insurers as it means one tool can be used across different teams, which ultimately saves on subscription costs and can help improve underwriting results.


Better data matters when it comes to effective security management

In addition to that, the company also rates software offered by third-party technology vendors. As a part of the VulnDB service, this enterprise solution not only provides exceptional vulnerability intelligence to clients but also significant information about the cost of ownership for that technology. Smart managers know up-front licensing fees are only a part of the story when it comes to the “cost” of new software. Technology that requires constant patching or updates is a drain on resources and can pose a substantial risk to the organization. With the cost of ownership metrics in VulnDB, clients gain insight into which vendors will keep security teams scrambling to keep systems up to date long after the initial implementation is complete.

Inga explains the methodology that RBS adopts while working with clients, “We understand there are challenges when it comes to using threat intelligence like ours” she says. That’s why RBS works with clients to deliver information in a way that is most effective and efficient for them. To this end RBS offers different integration options for feeding data into existing tools. She added, “what really matters is delivering the very best data available regardless of platform used.”

Company
Risk Based Security

Headquarters
Richmond, VA

Management
Inga Goddijn, EVP, Insurance products

Description
Provides detailed information and analysis on data breaches and vulnerability intelligence

Risk Based Security