Blogs
FortifyData: Why accurate cyber risk scoring is critical for insurers?
FortifyData is a partner within the AdvantageGo Ecosystem and offers a cyber risk and threat analysis tool. FortifyData enables AdvantageGo to deliver cyber insights for underwriters. We sat down with Victor Gamra, FortifyData’s founder and CEO, recently to discuss the company’s approach to cyber risk and threat analysis, and what this means for cyber insurance.
Cyber insurers face a dynamic but challenging market environment, selecting and pricing risks amid a changing technology and threat environment. The evidence of that threat landscape is ample on the claims side, with high profile, high severity hacks and outages events, plus a high frequency barrage of ransomware and breach claims.
Munich Re, the world’s largest reinsurer, has observed a surge in cyber-attacks, with ransomware once again on the rise. And according to Chainalysis, the annual ransom crypto payment spiked from $567m in 2022 to $1.1bn in 2023.
Amid these challenges, accurate information is vital to making confident underwriting decisions. FortifyData provides accurate cyber risk data, available through the AdvantageGo underwriting workbench,
FortifyData is a cyber risk and threat analysis tool that identifies and evaluates cyber risk exposures, producing a risk-based vulnerability view of an organisation and security ratings for underwriting purposes. Its security ratings are a best-of-breed insight for risk selection and pricing.
What can you do?
“The data from FortifyData’s next generation cybersecurity risk management solution evaluates direct factors at target clients,” says Victor Gamra, founder and CEO of FortifyData,
“The factors assessed for target clients are external attack surface exposures, cyber threat intelligence activity that is targeted at external assets and services, dark web findings for organisational user credentials, previous breach history, and analysis of questionnaires,” he says.
“All this is done on a continual basis and is more accurate as it’s a direct assessment of the organisation – not a passing analysis of a portion of network assets or IPs that may traverse or connect to specific ISP or analytical sinkholes. FortifyData’s approach yields a more accurate cyber risk profile due to the nature of the factors of assessment.”
Historically, Gamra explains, cybersecurity risk evaluation has posed a challenge for rating company risks due to continuous changes in a few areas.
The first of these is the threat landscape. Threat actors targeting certain industries, exploiting continually changing vulnerabilities with technology hardware and software.
Secondly, he says, is an expanding attack surface.
“Another area is the continuous growth, usually in concert with digitalisation efforts, that expands the attack surface of clients – new services, cloud, new solutions, new vendors,” Gamra says.
Thirdly, he cites questionnaire only evaluation.
“Predecessor assessment tactics, and many still do this, evaluate the risk based on questionnaire completion, which has many shortcomings as a point-in-time data gathering exercise where the incentive is to always answer affirmatively,” Gamra suggests. “You’re always left wondering how can those answers be verified and if a different report validates that answer, how old was the report? What could have changed since then?”
“Going beyond a point in time assessment or passive analysis that relies on partially collected data and being able to directly assess a client, like FortifyData does, in a continuous manner, neutralises those issues as you’re always evaluating the asset inventory, enriching findings with threat intelligence and removing reliance on just a questionnaire,” he says.
“New regulatory directives in Europe are also enforcing a change for companies to evolve to a more continuous monitoring to drive improvements in cybersecurity posture and resilience for a variety of sectors and third-party vendors as realised in NIS 2 and DORA regulations,” Gamra adds.
AdvantageGo & FortifyData
When the two companies announced their Ecosystem partnership AdvantageGo emphasised FortifyData’s forward-looking risk-based vulnerability view and security ratings for underwriting.
“This ensures underwriters have accurate and timely visibility of exposures. The quoting and binding process becomes simpler as cyber risks are identified and considered before finalising the policy,” says Gamra.
These capabilities are considered essential to satisfying the growing demand for cyber insurance policies.
“More organisations will be seeking insurance and having a readily available cyber risk profile helps move through the quote and binding process. Underwriters wanting the most accurate information can get it direct from a client’s public facing assets,” he says.
“This can help revolutionise the way insurers evaluate cyber risks, enabling them to adjust to changing threats and enhance underwriting precision. This partnership with FortifyData, AdvantageGo and additional ecosystem partners strives to enable insurers to offer more accurate, tailored policies and stay ahead of new cyber threats,” adds Gamra.
What the future looks like
Technology has advanced so that gathering all this information about a company now takes hours or days versus weeks or months historically, making “recent and accurate” data available as never before – key qualities that cyber insurance providers are seeking.
“Insurers incorporating the cyber risk view will effectively be making a cyber risk-informed policy decision, which can be realised in lower premiums for the clients and fewer claims payouts by insurance providers,” Gamra says.
“Underwriters don’t have to be cyber experts anymore; they can depend on FortifyData to highlight the crucial information required for precise underwriting. Our platform demystifies the intricate landscape of cyber risks and empowers underwriters to make quicker, more confident decisions,” he says.
“See for yourself the efficiency gains, with timely cyber risk profiles, your underwriting process can have with a demo of AdvantageGo’s underwriting workbench,” Gamra adds.
About the Author
Victor Gamra, CISSP, CISM, is the founder and CEO of FortifyData, a unified cyber risk management and asset intelligence platform that discovers threats and reduces cyber risk. The automated platform collects and unifies security data from existing toolsets, understands your asset criticality and automates assessments to find the most critical risks facing an organisation.
To learn more, please visit www.fortifydata.com.