Understanding Evolving Cyber Risks: Insights from Gallagher Re’s Latest Study

In an era where digital transformation is at the forefront of business strategy, the importance of cybersecurity cannot be overstated. Cyber risks are constantly evolving, with rogue operators continuously devising new methods to ransom companies, block web access, and hack emails. As organizations navigate this perilous landscape, enhancing knowledge and training among staff emerges as a proactive strategy that could safeguard a company’s reputation. Recent findings from Gallagher Re shed light on the critical factors influencing cybersecurity risks and offer actionable insights for enterprises and insurers alike.

The Study: A Comprehensive Analysis

Gallagher Re, a leading global reinsurance broker, recently conducted a study utilizing Bitsight analytics to evaluate the security performance data of 62,000 organizations across 67 countries. This extensive analysis, which also incorporated Gallagher Re’s proprietary database of cybersecurity incidents and claims, revealed that poor performance in specific key areas significantly increases an organization’s risk of experiencing a cybersecurity incident and subsequent claims. Conversely, strong performance in these areas correlates with a lower risk of incidents.

Key Predictors of Cybersecurity Risk

The study identified several key predictors of cybersecurity risk that are invaluable for enterprise cybersecurity leaders and cyber insurers. These predictors include:

1. External Scanning Data: The research highlighted that by leveraging targeted external scanning data alongside firmographics, insurers could identify and mitigate the most damaging 20% of risks, potentially reducing loss ratios by up to 16.4%. This approach emphasizes the importance of proactive risk management in the insurance sector.

2. Cyber Footprint: The size of an organization’s attack surface, as indicated by the number of IP addresses it maintains, emerged as a strong predictor of claims. This finding is particularly significant for insurers, who have traditionally focused on firmographics such as employee count, industry, or revenue. The inclusion of technographic data allows for a more nuanced understanding of risk.

3. Single Point of Failure and Third-Party Dependencies: As enterprises expand their technology stacks, the potential attack surface also grows. The study found that the use of certain technology products significantly increased the likelihood of a claim. This insight is crucial for insurers and organizations alike, as it underscores the need for comprehensive risk assessments that account for third-party dependencies.

4. Cyber Hygiene: The study reaffirmed the critical importance of maintaining robust cyber hygiene practices. Nine Bitsight risk vectors, which measure essential cybersecurity practices such as patching speed, proper SSL certificate deployment, and DNS security, were correlated with cybersecurity incidents. Organizations that prioritize these foundational practices can measurably reduce their risk of incidents.

Actionable Insights for Cybersecurity Leaders

Ed Pocock, Global Head of Cyber Security at Gallagher Re, emphasized the study’s implications for both insurance companies and enterprises. He stated, “This study provides clear, actionable insights for both insurance companies and enterprises on the efficacy of security controls.” By leveraging Bitsight’s data, organizations can establish a direct link between weak cybersecurity controls and higher insurance claims, allowing them to make informed decisions about risk management and investment in cybersecurity measures.

Derek Vadala, Chief Risk Officer at Bitsight, echoed this sentiment, noting that the analysis reveals new opportunities for assessing risks, such as Business Email Compromise (BEC). The findings encourage enterprises to utilize data-driven insights to prioritize their cybersecurity investments and lower the probability of experiencing incidents.

Conclusion: A Call to Action

As cyber threats continue to evolve, organizations must remain vigilant and proactive in their cybersecurity efforts. The insights from Gallagher Re’s study serve as a crucial reminder of the importance of understanding and managing cyber risks. By focusing on key predictors of risk, enhancing cyber hygiene, and leveraging data analytics, enterprises can not only protect their assets but also bolster their reputation in an increasingly digital world.

For those interested in delving deeper into the findings, the full study is available for download here. In a landscape where the stakes are higher than ever, knowledge and preparedness are the best defenses against the ever-evolving threats of cybercrime.