Quantifying Ransomware Exposures
March 23, 2020 By Jack Vines
There’s no way around it. Ransomware exposure needs to consider all the costs of a breach – from the ransom payment, to costs of IT recovery and remediation as well as legal, regulatory and customer communications. Companies must understand this risk before they get breached. A mature cyber risk management approach will calculate the amount of loss possible in a potential ransomware attack event, specifically for your company. This loss exposure quantification will give you a view of not just the magnitude of potential loss, but also the likelihood of an event occurring in the first place.
Measured Insurance has an analytics-based approach to quantifying an organization’s specific exposure to ransomware attacks. This allows Measured to structure each of customers’ insurance coverage and premiums in the most efficient and effective manner possible. We believe that the key to delivering superior insurance is combining both “pre-event” exposure assessments with “post-event” loss mitigation services, and making sure customers are covered in full. Only through this approach can companies assure that they have covered and are managing the ransomware risk.
Using Data to Assess Ransomware Exposure
Measured accurately quantifies ransomware event exposure levels through a three-step risk modeling process:
- Exert a cautious view of the worst-case scenario for each cyber-security component in order to protect against rarely observed, extreme ransomware attack events,
- Quantify and test the correlation of cyber-security risk components and incorporate measures of conservatism in situations where one area of coverage has a particularly adverse outcome. While also assuming a similar worst-case likelihood that all related variables will result in corresponding adverse outcomes (to protect against poor independence assumptions in the risk model),
- Perform sensitivity analysis on all model inputs to gauge which assumptions are most critical. These critical-correlation assumptions are then subjected to the highest degree of scrutiny for validation and to ensure additional conservatism.
A “Measured Approach”
Ransomware event risk represents incident exposure that is constantly evolving. And because of this, there’s a high degree of cautious conservatism surrounding a company replying purely on historical loss trends. A comprehensive data analytics methodology is required to be an effective mode of protection.
Here’s where Measured Insurance comes in. Our analytics-based model is built upon an architecture where each part of our insurance coverage consists of its own, individual distribution of outcomes. And within this specificity, each component is further defined to eventually calculate the ultimate, final distribution of possible outcomes.
Boom. Total ransomware disruption risks quantified before your eyes.
How Measured Insurance’s Approach is Different
Here’s where it might get a little complicated. Measured Insurance’s underwriting data analytics and rating algorithms are built in conjunction with data received from both third-party vendors and directly from the Insured, or, you! This data is then digested by Measured Insurance’s online portal and, afterwards, synthesized into our rating methodology. It consists of the following:
- Loss Magnitude: This characteristic consists of decomposition into cost centers that is further distributed into constituent parts. Additional data correlations and relevancies are derived from tested assumptions about revenue, industry, length of interruption, employee counts, existence of cyber tools, volume of data flows, sensitivity variations of data & network information flows, etc.
- Loss Event Frequency: this characteristic is modeled as an exponential proportional hazard with factors and weights derived from iterative data. This data is obtained from various industry sources.
Choose Measured Insurance Ransomware Coverage
Measured Insurance is a specialty insurance facility offering tailored ransomware insurance products that have been specifically designed and tested to enable our clients to efficiently minimize their enterprise ransomware attack event risk exposure. Measured Insurance delivers tailored insurance by understanding your business to make sure your specific ransomware risks are covered.
Cybersecurity insurance doesn’t have to be overwhelming or complicated. It just has to be Measured.