SecurityScorecard has teamed with cyber insurance provider Measured Analytics and Insurance to develop a premium discount schedule based on an organization's risk and security rating.
The alliance between SecurityScorecard and Measured equips organizations with cyber risk insights to check their defenses, prioritize investments, and strengthen cybersecurity strategies. The point is to maximize cyber insurance investments while minimizing risk, the companies said.
How the Plan Works
- Through monitoring an organization's attack surface, SecurityScorecard assigns a standardized score based on threat exposure as correlated to cyber incidents.
- That enables organizations to incorporate cyber insurance into their risk management strategy, even as insurance costs soar or at least remain uncertain. (e.g., in Q4, 2022, cyber insurance premiums spiked by 28% based on a report by Marsh, a cyber insurance broker.)
- This approach will enable the procurement of cyber insurance as part of a broader program of corporate investment and enterprise risk management.
- Security Ratings are transparent and actionable, meaning organizations can clearly understand what they need to do to qualify for the premium incentives.
“Together with SecurityScorecard, Measured is reimagining how organizations manage cybersecurity as a business risk,” said Jack Vines, Measured's chief executive. “The dynamic threat landscape requires real-time risk assessment, best-in-class cybersecurity tools seamlessly integrated with comprehensive cyber insurance. SecurityScorecard sees what a threat actor sees, which allows us to deliver more accurate and responsive cyber insurance coverage and rates.”
7 Paths to a Security Breach
SecurityScorecard and the Marsh McLennan Global Cyber Risk Analytics Center have identified seven factors that can predict a security breach:
- Endpoint security tracks identification points that are extracted from metadata related to the operating system, web browser, and related active plugins.
- Patching cadence analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.
- Ransomware score measures how susceptible the organization is to a ransomware attack.
- Network security checks public datasets for evidence of high-risk or insecure open ports within the organization network.
- DNS health measures the health and configuration of an organization’s DNS setting. It validates that no malicious events occurred in the passive DNS history of the organization’s network.
- IP reputation makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.
- Cubit score measures a variety of security issues that an organization might have, e.g., checks public threat intelligence databases for IP addresses that have been flagged.
Here are the features of the SecurityScorecard and Measured deal, per the partners:
- The partners can identify security gaps and factors that determine premium cost.
- A data-driven, comprehensive action plan details a roadmap for customers to qualify for the cyber insurance premium discount.
- The most impactful security issues based on an organization’s unique attack surface prioritizes cybersecurity investments.
- Customers will be able to monitor their threat exposure and premium incentive eligibility ahead of renewal and during the policy period free of charge.
“History shows that a cyber insurance policy alone is insufficient for mitigating threat exposure. Strong cybersecurity hygiene and cyber insurance must go hand in hand,” said Sachin Bansal, SecurityScorecard chief business officer. “We are proud to partner with Measured Analytics and Insurance to change how organizations, brokers, and carriers calculate and communicate cyber risk through a common operating picture of risk.”