Cyence combines data science, cybersecurity, and economics into a unique analytics platform that quantifies the financial impact of cyber risk. Cyence is used by leaders across the financial services industry to prospect and select risks, assess and price risks, manage portfolio risk accumulations, and bring new insurance products to market.
Business leaders worldwide recognize that cybersecurity is not just a technical problem but a business risk—according to Marsh, the world’s leading insurance broker, the $3 billion market for cyber insurance is expected to double in the next few years.
Cybersecurity is managed with risk prevention and mitigation (through technology products and services) and risk transfer (through insurance). Building an effective cyber risk model means addressing three challenges:
The second challenge in building a cyber risk model is understanding how people and processes influence technology. In cybersecurity, it makes sense to focus on technology and technical indicators. But most cyber events also involve humans and what they do.
An example of human involvement might be a disgruntled employee who embezzles through his company’s internal systems. This person is intentionally exploiting their legitimate access to their company data. Other human sources of cyber events are mistakes—someone leaves a laptop unattended, clicks on a malicious link, or naively provides information that can lead to unauthorized access. Technology itself is not the main culprit in any of these.
A cyber risk model therefore must involve data on both technology and human behavior to understand the client’s holistic risk.
The cybersecurity industry is awash in metrics, benchmarks, scores, and ratings. But these are somewhat tangential to the critical question: how much damage could a cyber event do?
To answer this question, insurers consider not only overall probability but also severity (how bad could the event be?), financial loss (how much could it cost?), and recurrence (what is the chance a company could have more than one event?).
Additionally, since insurers are focused on performance across their portfolio, a cyber risk model must also address widespread systemic events. This requires considering risk accumulations, aggregate events, and disaster scenarios to quantify exposures. These calculations enable insurers to deploy capital in an informed manner and justify their decisions to shareholders, regulators, and rating agencies.
The first challenge in building a cyber risk model is gathering good data. For natural catastrophe events, the hazards are relatively unchanging and the same risk models can be used for years. But this is not the case with cyber risk because the internet is so dynamic.
Because the threat landscape for cyber risk is constantly changing, data must be collected in real-time and constantly integrated into an updated risk model. This is a challenge when data gathering and risk-modeling are kept in their traditional silos.
Join our team to get involved in work that genuinely matters, and meet friends from around the globe (20 countries now represented). We’re based in San Mateo near the Caltrain stop and across the street from a gorgeous 16-acre urban park complete with Japanese tea garden.
We’re a fast moving company always seeking talented engineers, data scientists, and other talent to fuel our growth. Feel free to send a resume if you think you have what it takes to be a Cyentist.