Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Silent Cyber: What It Is & How You Can Avoid It](/sites/default/files/styles/4_3_small/public/migration/images/Thumb%2520Silent%2520Cyber%2520What%2520It%2520Is%2520%2520How%2520You%2520Can%2520Avoid%2520It_1.jpg.webp?itok=EqttVLYt)
Companies typically buy several lines of insurance—from property, to general liability, to professional liability. When something goes wrong, it’s common for a company to run to its insurance provider and claim that it has coverage. But many times, companies like this assume that their insurance will cover them—but this may not always be the case.
![The Cost Of Cyber Risk: How Security Ratings Help With Policy Pricing](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-The-Cost-Of-Cyber-Risk-How-Security-Ratings-Help-With-Policy-Pricing_1.jpg.webp?itok=e0JVlLC9)
Policy pricing is something every insurance company and underwriter struggles with at some point. The primary issue is differentiating between the risk an applicant presents and the information you’re given. Let’s take a closer look at how policy pricing is examined in cybersecurity today.
![To Quote Or Decline? Using Security Ratings To Validate Cyber Underwriting Decisions](/sites/default/files/styles/4_3_small/public/migration/images/Cyber%2520Underwriting%2520Decisions%2520-%2520thumb-1_1.jpg.webp?itok=E4Debzzh)
Determining whether you should quote or decline a cyber insurance applicant is an extensive and critical process. Typically, the decision is made after gaining an understanding of what the company does, identifying critical application information, and considering your organization’s risk appetite. But are you able to verify whether the decisions you’ve made are valid?
![How Mature Is Your Cyber Risk Underwriting Strategy?](/sites/default/files/styles/4_3_small/public/migration/images/How-Mature-Is-Your-Cyber-Risk-Underwriting-Strategy_1.jpg.webp?itok=vkjA5Ps4)
If I were to ask you whether your cyber risk underwriting strategy is mature, your first question would likely be: “How do you define mature?” It’s a great question! Here’s the answer: A mature cyber risk underwriting strategy considers all relevant underwriting issues when assessing an applicant's or insured’s risk profile.
![How Security Ratings Can Make Renewals More Effective](/sites/default/files/styles/4_3_small/public/migration/images/-Security%2520Ratings%2520Can%2520Make%2520Renewals%2520More%2520Effective%2520-%2520thumb_1.jpg.webp?itok=OvPWSz0-)
Most insurers find that the cyber insurance renewal process is fairly efficient from a time perspective—but it’s not very effective. In other words, they are able to quickly re-underwrite a company in their portfolio, but don’t have any better understanding about the insured’s security posture to see whether the risk has changed and is still suitable to keep on the books.
![Should You Underwrite A Company That’s Been Breached Before?](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-Should-You-Underwrite-A-Company-Thats-Been-Breached-Before_1.jpg.webp?itok=K0NkBUdz)
In many lines of insurance, claim activity is part of the norm—and it’s expected that you’ll have to underwrite to losses consistently. For example, in casualty lines, it’s common to have workers file for worker’s compensation because of an injury they experienced on a job.
![Why Loss Runs & Trends Alone Are Not Enough To Make Cyber Underwriting Decisions](/sites/default/files/styles/4_3_small/public/migration/images/Cyber%2520Underwriting%2520Decisions%2520-%2520thumb_1.jpg.webp?itok=zgal6r_T)
A loss trend can be defined as a projected loss expectation based on historical data. If you find that past losses might be indicative of potential future losses, you can then use this information to price your services accordingly.
![How To Balance Speed & Quality In Cyber Underwriting Practices](/sites/default/files/styles/4_3_small/public/migration/images/Thumb-balance-speed-quality-in-cyber-underwriting_1.jpg.webp?itok=cUaUPC8M)
As an underwriter who’s constantly trying to balance being both quick and careful, the worst thing you can do is treat every single applicant the same. Doing so can ultimately be setting you up to take on more risk than you’d expect. Of course, the more experience you have, the better you’re able to quickly assess a company’s risk posture.
![How To Combat Security Risks In Cyber Insurance](/sites/default/files/styles/4_3_small/public/migration/images/risk_cyber_insurance_1.jpg.webp?itok=GQPgWJH0)
As an underwriter in the cyber insurance industry, you know that insurance is all about information. You’re responsible for making decisions about your applicants based on the details given to you—but you’re also aware of the potential for asymmetry in this information.
![Using Security Ratings & the NIST Framework for Cybersecurity Maturity](/sites/default/files/styles/4_3_small/public/migration/images/NIST-blog_post_large_4.jpg.webp?itok=x30Jnf4H)
Over the past couple of weeks, a major issue has surfaced affecting numerous companies that use MongoDB to store their data. Those who install MongoDB on a server and use default settings are exposing their data to the internet and allowing anybody to browse the databases, download information, and erase them entirely. Many companies are unaware of the vulnerability and that their information may be exposed to hackers. Criminals are reacting quickly and opportunistically by stealing data, then asking for a ransom. To make matters worse, some criminals asking for a ransom don’t actually have the data, so when the ransom is paid, companies are still left without answers. In addition to MongoDB, it was reported that clusters of Elasticsearch, an enterprise search engine has also been hit with ransomware.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
Written with the assistance of Dan Dahlberg, Ethan Geil, and Ross Penkala.
![Why Cyber Insurance Providers Need Security Ratings](/sites/default/files/styles/4_3_small/public/migration/images/Why_Cyber_Insurance_Providers_Need_Security_Ratings_-_thumb_1.jpg.webp?itok=OEvdPhI7)
While cybersecurity insurance is a relatively new line of service in the industry (it’s only been around for the last 10-15 years), it is currently the fastest-growing form of insurance. And it’s no wonder—today, a data breach at a large company could cost hundreds of millions of dollars. Spurred on by recent increases in breach activity that have resulted in direct consequences and major costs to companies in every industry, more and more organizations are looking to transfer some cyber risk to insurance companies.
What does cyb
What does cyb
![How Different Industries Have Fared In Data Breach Prevention](/sites/default/files/styles/4_3_small/public/migration/images/How_Different_Industries_Have_Fared_In_Data_Breach_Prevention_-_thumb_1.jpg.webp?itok=rO5MIunn)
PwC recently published The Global State of Information Security Survey 2016, which highlights security trends in a number of industries and key themes across all industries.
![Risk Mitigation Services in Cyber Insurance Underwriting](/sites/default/files/styles/4_3_small/public/migration/images/world-stock-thumb_1.jpg.webp?itok=_BtG3hqX)
Last week, Bitsight co-sponsored a webinar with Advisen on the use of risk mitigation services for cyber insurance underwriting. Ira Scharf, GM of Cyber Insurance at Bitsight, joined Tracie Grella of AIG and Neeraj Sanhi of Willis Group to discuss several topics in this emerging field. Here are some of the highlights:
![AIG Partners with BitSight To Provide Cyber Insurance Diligence](/sites/default/files/styles/4_3_small/public/migration/images/handshake-stock-thumbnail_1.jpg.webp?itok=c5Y-LSw5)
Today AIG announced a strategic partnership with Bitsight to recommend Bitsight Security Ratings for Vendor Risk Management to CyberEdge customers. CyberEdge insureds can now benefit from the data-driven insights and continuous monitoring Bitsight can provide and be alerted of potential threats to their network, as well as promote understanding of individual company risks.