New cyber risk assessment tool gives ‘attacker’s eye view’ of weaknesses

11-11-2021

New cyber risk assessment tool gives ‘attacker’s eye view’ of weaknesses

Cyber risk and incident response specialist STORM Guidance is launching a new risk assessment service. From November, reinsurers, insurers, brokers, and clients can utilise STORM’s CyberProfiler tool, gaining an ‘Attacker’s Eye View’ report. With the means to see through the eyes of a cybercriminal, insureds can mitigate all exposed vulnerabilities, lowering their risk profile, and addressing policy uncertainty.

Cybercrime is at pandemic levels, and cyber insurance and renewals have become increasingly difficult to price. With insurers making losses, several have now pulled out of the cyber market, while others seek to better understand and manage the risks. The CyberProfiler service gives a solution to managing risk both specifically and across an entire book, giving insurers and brokers a much more informed picture of risk and a direct path to helping insureds manage and reduce exposures.

QBE European Operations has collaborated with STORM Guidance to offer the CyberProfiler service as part of their risk solutions support. Cyber insureds across QBE’s books will now receive a CyberProfiler assessment, helping them to better understand any potential vulnerabilities in their online cyber risk profiles, giving them a 360-degree approach to effective cyber risk management.

“We recognise that the constant and evolving threats from fraudsters can be challenging for businesses and their IT support teams to manage,” said QBE cyber portfolio manager, Erica Kofie (pictured). “Therefore, QBE is supporting its customers and the wider fight against cybercrime by offering STORM’s CyberProfiler service to its cyber policyholders.”

Cybercriminals seek out weak businesses using a combination of automated scanning and manual analysis. After finding their target, attackers gather vulnerabilities and other data that can be combined and leveraged to perform their scams and attacks. CyberProfiler actively scans for vulnerable technologies, configurations, user accounts, registered domains, third-party links, budgetary spend, and other sensitive details. Armed with the Attacker’s Eye View perspective, organisations can identify their weaknesses, mitigate cyber threats (including the most common ‘blended’ attacks), strengthen their security, and ultimately deter cybercriminals by becoming a hard target.

“This non-invasive Cyber Profiling service can provide businesses with insight into the potential exposures that cybercriminals can exploit, and empowerment to take practical steps to remediate risks,” said QBE senior risk manager, Jaini Gudhka. “We are confident our customers will find this service complements their existing cybersecurity services and contributes to strengthening their cyber resilience.” 

Founded in 2014, STORM Guidance is a cyber risk and incident response service provider dedicated to the cyber insurance markets. STORM’s founder and CEO Neil Hare-Brown formed the first digital forensics company in the UK and later wrote; ‘Information Security Incident Management: A Methodology’ defining the best practices for cyber incident management. Today, STORM leads the way in the world of cyber risk management, offering clarity by using advanced techniques to assess informational risks. Armed with a team of experienced specialists, STORM plans for the management of cyber incidents and the coordination of response to both investigate and recover when incidents occur.

STORM Guidance CEO Neil Hare-Brown said: “We are excited to announce the launch of our new CyberProfiler service, and look forward to working with QBE as leaders in the cyber insurance space. We are constantly seeing the high cost of claims relating to ransomware and other cyber incidents, which ultimately affects multiple pricing factors and it is clear that there is an opportunity for improvements in risk management in this class.

“While underwriting and actuarial approaches are finding different ways to understand the complexities of cyber risk, helping insureds to reduce their exposures ultimately has to be the way to integrate and consolidate insurer, broker, and insured around a common goal of lasting cyber resilience. Many risk vendors misadvise insurers in this regard attempting to oversimplify highly technical controls whilst missing the real picture. CyberProfiler addresses this issue, allowing insurers to understand the true picture of their insureds cyber risk landscape, which both strengthens the insureds defences, and enables more accurate and reliable underwriting.” 

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.

STORM Guidance, QBE, Risk Management, Cyber Risk, Cybercrime, Cyber, Insurance, Reinsurance, Erica Kofie, Jaini Gudhka, Neil Hare-Brown, Europe

Intelligent Insurer