Thursday, April 2, 2020 at 11 AM ET
What are the chances of experiencing a $10 million cyber loss? Are traditional methodologies for assessing potential costs doing more harm than good? Join Advisen and Cyentia Institute on Thursday, April 2 at 11 a.m. ET for a free, one-hour webinar that will clear the fog of FUD (fear, uncertainty, and doubt) surrounding the true costs of cyber risk. Whether you’re buying, selling, or underwriting cyber insurance, you’ll appreciate this thoughtful new perspective informed by Cyentia’s data-driven loss insight and research. Register today.
David Severski – Data Scientist, Cyentia Institute
Jeff Schermerhorn – Regional Leader, FINEX, Cyber and E&O, Willis Towers Watson
Tony Martin-Vegue – Sr. Security Risk Engineer, Netflix
Jim Blinn – EVP, Client Solutions, Advisen
Erin Ayers – Editor, Cyber Front Page News, Advisen (Moderator)
Also from Cyentia:
“A Clearer Vision for Assessing the Risk of Cyber Incidents”
The Information Risk Insights Study (IRIS) 20/20
By Wade Baker, Jay Jacobs, and David Severski
This free, 26-page IRIS 20/20 paper published by Cyentia Institute aims to help Risk Managers see their way to better data-driven Cyber Risk decisions. This first-of-its-kind study leverages the vast Advisen Cyber Loss Insight dataset spanning almost 100,000 breaches observed over the last decade. Cyentia’s extensive analysis of this dataset yields valuable insights about the frequency and financial impact of cyber incidents to organizations of all types and sizes.
Sample Findings from this IRIS 20/20 report include:
• The traditional method of estimating breach losses—using a flat cost per record—is flat-out harmful. It results in over $3.3 trillion of error between estimated and actual losses. We demonstrate a better method for more accurate cyber risk assessments.
• Over 60% of the Fortune 1000 had at least one public breach over the last decade. On an annual basis, we estimate 1 in 5 F1000 firms will suffer a cyber loss event. That rises even more (2 in 5) for the F250. Moving beyond mega-corporations, the probability of cyber incidents drop substantially. SMBs have breach rates below 2% and are thousands of times less likely to suffer 10 or more in a year.
• The likelihood of breaches also varies by industry. Government agencies, information services, financial firms, and educational institutions have the highest rates.
• Financial losses following a cyber event typically run about $200K but 10% of them exceed $20M. Extreme losses (95th percentile) for mega corporations in the Fortune 250 approach $100M (or more).
• Typical and extreme losses differ substantially among industries. The Information and Retail sectors show abnormally high losses that exceed many other sectors by a factor of 10x.
• Circling back to the first bullet, we can use record count to estimate breach losses—but it’s probabilistic rather than deterministic. An exposure of 1,000 records has a 6% chance of exceeding $10M. By comparison, a massive breach of 100M records has a better than 50% chance of racking up at least $10M in losses.