In the before-times, we had a full day of presentations, panel discussions, break out sessions, drinks, cakes and more drinks. Foresight is a CyberCube community event where clients, partners and other stakeholders can get together to learn and share insightful commentary on the biggest cyber risk challenges of the day. Of course, we have had to adapt the regular CyberCube Foresight format, and for 2021, we are running a two-hour virtual event once per quarter in order to stay connected with the hottest topics. A full agenda of content was delivered focusing on cyber accumulation, and modelling. The theme of the day was “super-spreader technologies and cyber cat modeling”.
Pascal Millaire, our CEO, kicked off the event with a pertinent reminder of how significant accumulation events can be, given that the Colonial Pipeline ransomware attack, and subsequent shutdown was still playing out on the day of the event. The importance of individually identified company-specific security signals are critical as bellwethers for the status of the company relative to the overall security posture. As an example of the impact of the CyberCube Account Manager underwriting application, not one but two measures of poor cyber hygiene were identified prior to the attack - open RDP TCP Port 3389, as well as a malware infection within their network.
William Altman, our resident expert cyber security consultant, was then able to take us further into the murky world of criminal hacking gangs, and the complicit involvement of various nation states, as he walked us through the context and consequences of the SolarWinds attack, as well as the MS Exchange accumulation event. Given the number of headline grabbing cyber attacks, many of which have had thousands of victims, William appropriately described the current situation, “we are dancing on the edge of a major accumulation event”. He clearly demonstrated that this is not a bolt from the blue, but rather a steady escalation of the capabilities of highly motivated bad actors.
Charlotte Anderson, senior Cyber Risk Analyst, was up next, in discussion with Yvette Essen, our Head of Content and Communications. Charlotte provided a more technical perspective on the role that single points of failure (SPoF) play in supply chain risk management, outlining some of the key findings of her recent report on the topic. She described in detail the way in which SPoFs can be identified, connections assessed, and how potential impact on accumulation can be understood.
I was fortunate to be joined in conversation by Gareth Wharton, Cyber CEO of Hiscox, and Justyna Pikinska, Head of Analytics at Gallagher Re to discuss the challenges they face in identifying and measuring potential sources of accumulation within a cyber insurance portfolio. We compared notes on the issues surrounding data quality relating to the technology dependencies and the difficulties in comparing the management of accumulation of physical perils, which are geographically limited, against the high potential of concentration of risk within digital environments. This is particularly relevant when considering that key technologies are dominated by a few companies. While both the challenges were acknowledged, Justyna highlighted that the industry should “work together to pin down the key scenarios which support our understanding of accumulation”. Gareth made the point that “the close working relationship we have established with CyberCube has really helped us on the journey, and we see it as a partnership, and have challenged our team in how we think about accumulation”.
Mohammad Al Boni, our Lead Data Scientist, followed up by lifting the hood on how we approach data sourcing, and the complexities of mapping specific visible technologies to individual companies. After a minor (some might say inevitable!) connectivity issue, the program was closed out with an enjoyable discussion regarding the Cyber Accumulation Technical User Group, a CyberCube hosted group of mature users, in which ideas and candid feedback can be shared, specifically about our Portfolio Manager software and also the wider priorities for us to address as an industry. Jon Laux, Head of Cyber Analytics for Aon’s Reinsurance Solutions, said that the user group shows a “willingness to listen to the industry”, and that “transparency is really important, so it’s great to see us being able to get into those detailed discussions”.
The next (virtual) events will be on September 16th and November 11th. We very much hope to be back in person shortly, where fewer technological issues are at stake!