Global study of 62,000 organizations, 589 million IP addresses identifies correlated predictors of cybersecurity risk
BOSTON – Oct. 22, 2024 – A new study conducted by Gallagher Re, a leading global reinsurance broker, evaluated Bitsight analytics of security performance data of 62,000 organizations across 67 countries and its own proprietary database containing cybersecurity incidents and claims. The study concluded that poor performance in certain key areas increased an organization’s risk of experiencing a cybersecurity incident and subsequent claim, while strong performance implied a lower risk of incident.
Key predictors of cybersecurity risk – valuable information for enterprise cybersecurity leaders and the cyber insurers that offer policies to cover that risk – include:
- External scanning data could improve insurance loss ratios: By using targeted external scanning data in addition to firmographics to identify and remove the most damaging 20% of risks, insurers could see a loss ratio reduction of up to 16.4%.
- “Cyber footprint” is a strong predictor of claims: The size of an organization's attack surface – as measured by the number of IP addresses a company maintains – was found to be a strong predictor of claims. This is a significant finding for insurers, who traditionally have focused on firmographics to underwrite policies, like employee count, industry, or revenue rather than using technographic data.
- Single Point of Failure data and third-party dependencies are highly predictive of claims: As the enterprise tech stack grows, so too does the potential attack surface. Observed use of certain technology products materially increased the likelihood of a claim. This data holds great promise for the insurance industry and future risk modeling approaches.
- Cyber hygiene remains critical: From patching speed to the use of HTTP headers, proper deployment of SSL certificates, DNS security, proper endpoint management and more, nine Bitsight risk vectors measuring essential cybersecurity practices were found to be correlated with cybersecurity incidents. Taking care of the basics can measurably reduce risk of incidents.
"This study provides clear, actionable insights for both insurance companies and enterprises on the efficacy of security controls,” Ed Pocock, Global Head of Cyber Security at Gallagher Re. “Leveraging Bitsight's data, we've not only established a direct link between weak cybersecurity controls and higher insurance claims, but also highlighted additional strategies for insurers to more effectively assess an organization's cyber risk and potentially improve loss ratios."
Additionally, enterprise cybersecurity leaders will be able to use these insights and analyses to prioritize their program investments, lower the probability of experiencing an incident, and make critical risk decisions.
“For years, Bitsight analytics have been independently proven to have strong correlation with security incidents,” said Derek Vadala, Chief Risk Officer at Bitsight. “Gallagher Re’s analysis demonstrates that there is even more to the story – that meaningful, new insights, such as assessing the risk of Business Email Compromise (BEC), can be created through analyzing different parts of our massive trove of data. We are excited by these findings and will continue to explore the incredible opportunities ahead of us.”
Download the full study here.
About Bitsight
Bitsight is a global cyber risk management leader transforming how organizations manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. Built on over a decade of market-leading innovation, Bitsight’s integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance and data analysis. For more information, visit bitsight.com or connect with us on LinkedIn.
About Gallagher Re
Gallagher Re is a full-service global reinsurance broking and advisory firm operating across the risk and capital spectrum. By combining analytics capabilities with reinsurance expertise, strategic advisory services and transactional excellence, Gallagher Re helps clients drive greater value from their businesses, negotiate optimum terms and achieve your risk transfer objectives. Its global client base includes all of the world’s top insurance and reinsurance carriers as well as national catastrophe schemes in many countries around the world. Backed by Gallagher, one of the world’s largest insurance brokerage, risk management and benefits consulting companies, we’re more connected to the places you do business. Whether your operations are global, national or local, we have the talent, market position and trusted relationships to build the best solutions possible. gallagherre.com