Most actuarial models use easily accessible authoritative sources of attribute and loss data. These risk models are relatively simple to create because the data is abundant and it hardly changes.
In cyber however, there is no authoritative source of data. That’s because of a complex regulatory environment, inaccessible data, and the challenge of identifying the cause of an event or even whether an event has occurred. Furthermore, there are a wide variety of vectors for cybercrime, each of which must be considered to determine a company’s cyber risk. Add to this the fact that cyber risk is so dynamic that loss data and models must be regularly updated, and you have a sector desperate for reliable data and models.
Many elements must be considered to determine a company’s cyber risk profile. These include its user profiles; web traffic; technology stack; malware protection; processes for protecting sensitive information and responding to cybercrime; and employee behavior, expertise, and training.
While some of this information is accessible through surveys, the data may be unreliable because of reporting accuracy and scale issues. That’s why Cyence created a diverse and scalable data factory to accurately and non-invasively collect human and machine data. This behavioral and technical data drives the Cyence risk models.