By its nature, cyber risk is dynamic. New events happen and evolve all the time, making it difficult for enterprises to financially quantify their financial exposure to cyber attacks. Around two years ago, for example, distributed denial-of-service (DDoS) attacks were making headlines, and now ransomware has come into heightened focus. It's reasonable to believe that other types of attacks will emerge in another two years and continue to change thereafter.

Yet even though cyber risk evolves, it’s possible to understand what the financial implications of an attack might be by using what’s known as a cyber risk quantification (CRQ) model. These models analyze past events to predict what the financial impacts of future cyber events might be.

But not just any model will do. Enterprises need insurance-validated risk models, meaning the model is strong enough and has both the breadth and depth of data to be trusted to quantify cyber risk across an insurer’s large portfolio. Enterprises need this level of sophisticated models, which are continuously validated at scale, if they want to be prepared. Otherwise, they may be using a stagnant quantification method that limits their ability to account for their financial cyber exposure to current and future new threats.