Case Study: Risk Quantification Informs Cyber Insurance For City Government
Monetary Risk Quantification enables more informed cyber insurance decisions
Due to their ever growing cybersecurity concerns, the client requested quantitative risk assessments on two of their systems: credit card processing and an annuity fund. The assessments would help them make cyber insurance purchasing decisions.
Converged Security Solutions (CSS) utilized a systematic approach that involved interviews with corporate staff combined with data and tools provided by CSS. The FAIR (Factor Analysis of Information Risk) model was chosen to analyze and report quantitative risk exposure. Evolver then made recommendations on cyber insurance and overall risk reduction.
BENEFITS TO CLIENT
» Clarity through quantitative results, real dollar amounts instead of colors and numbers
» Better informed decision points when purchasing cyber insurance
» Greater visualization into third-party vendors on how events are detected and reported to the client
» Better informed consumer of cyber insurance
Successful Risk Quantification Highlights
- Performed a baseline to determine risk exposure for data breach and service disruption via a Ransomware or a Distributed Denial of Service (DDoS) attack. Assessed current risk associated with these two applications.
- Modeled a single catastrophic event for both applications that the client would want to insure against. Modeled a 100% probability of them happening and 100% security control failure to stop or protect the data breach.
- Credit card processing: modeled a data breach where all record (credit card information) was taken/accessed/stolen.
- Pension fund: modeled a data breach where all PII of members and beneficiaries were stolen. The client hadn’t been protecting against PII.
- Outlined a possible risk impact reduction solution by running a risk exposure reduction scenario of having credit card vendors provide a direct feed of their logs and sensor alerts directly the city’s SOC. This reduces risk by over $20 million.
- Provided reports on insurance and cyber improvements that included: – Cyber improvement methods to reduce the baseline risk – Numerous decision points to be considered when purchasing cyber insurance including dollar amounts, case law, conditions, etc
Click here to schedule a free risk consultation and ask questions about how risk quantification be applied to your business.
Converged Security Solutions, along with Evolver and eVigilant, provide a full suite of technology services that span cybersecurity, physical security, and IT management. We are ISO 27001 and ISO 9001 certified, as well as CMMI Level 3 appraised.