Most cyber insurance policies include a form of value-added service meant to help policyholders avoid cyber incidents. These services create differentiation in the market for insurers and help the bottom line. In fact, a recent survey of cyber insurers found that risk engineering services are a bigger driver of profitability than underwriting accuracy. Yet, we know that the dynamic nature of cyber risk has insurers struggling to keep up and new approaches to evaluating that risk are needed.

SecurityScorecard joined U.S. cybersecurity leaders and the cybersecurity community at the 2022 RSA Conference in San Francisco, California from June 5-9. The RSA Conference is one of the world’s leading cybersecurity events, and SecurityScorecard was proud to join our community in-person at San Francisco’s Moscone Center.

From small school districts and not-for-profit organizations with limited cyber defense budgets to major Fortune 500 companies with sophisticated cyber defense teams, understanding what to do in the first 48 hours following a significant cyber event is essential in protecting your organization and limiting the potential damage.

One of the most critical factors to effective cybersecurity is time. The longer a vulnerability remains unaddressed, the more opportunity you give hackers to get into your system and wreak havoc. Think about it like this: imagine that you leave your laptop bag sitting on the passenger seat of your car. If you run into the store to get milk but forget to lock the door, the odds are that the laptop bag will still be there when you get back.

I was listening to a recording of some colleagues speaking with a customer about security ratings and cyber insurance and there were some confusions in the discussion that troubled me and I wish that I had been there to help clear them up. Or at least try. So this little musing is meant to do that..

Nowadays, Wi-Fi networks are among the most commonly used networks, making them a go-to target for cyber attacks. An attacker with basic tools and knowledge can crack 70% of Wi-Fi networks.

During the course of 2022, SecurityScorecard has been tracking multiple DDoS campaigns that have been targeting entities within the Ukrainian government, as well as other European government targets that are perceived to be allied with Ukraine government interests. One of the groups at the forefront of these DDoS attacks is the hacking collective known as KillNet.

Nowadays, it’s common to hear about yet another high-profile security breach in which critical data is leaked, resulting in damage to the organization’s reputation and bottom line. Unfortunately, it's impossible to remove all risks in your organization but there are ways to best protect against them and improve your security posture.

In today’s digitally-connected world, cyber risk is no longer a matter of probabilities, but certainties. This requires CISOs to rethink their reactive risk management program by evolving to embrace a proactive risk intelligence approach. With a risk intelligence-informed program, CISOs and their teams can continuously collect insights in a way that enables proactive, holistic, and data-driven decisions about security.

On May 5, 2022, the National Institutes of Standards and Technology (NIST) formally recognized outside-in third party security ratings and vendor risk assessment in their update to Special Publication 800-161. This update to federal standards specifically cites security ratings as a “foundational capability that "provide 14028." NIST SP 800-161 was designed to standardize supply chain risk management best practices for federal agencies and industry.