American International Group, Inc. has launched a new cyber benchmarking model that quantifies and scores client cyber risk.
The AIG model evaluates a client’s cyber security maturity against 10 common attack patterns across 11 commonly used technology devices. The model incorporates critical security data, such as current threat intelligence from multiple sources, effectiveness of an organization’s cyber controls, potential impact of a cyber breach on an organization, and insights gained from the thousands of cyber claims handled by AIG.
AIG cyber clients, who provide the required information, can receive a report detailing security scores, peer benchmarking, and key risk mitigation controls to help quantify cyber risk.
“We developed the model based on historical insights and patterns of how companies experience cyber breaches – the points of entry and the types of attacks and vulnerabilities seen in the vast majority of cyber breach scenarios,” says Tracie Grella, Head of Cyber Risk Insurance, AIG. “Companies have been demanding a way to benchmark their cyber maturity against these known cyber risks to quantify what they are up against and where they stand.”
To further support its model, AIG is launching CyberMatics, a patent pending security approach with cyber security companies CrowdStrike and Darktrace. CyberMatics verifies inputs into AIG’s model from clients’ cyber security tools. The company said this will allow greater confidence in underwriting information, and allow for better tailored terms and conditions in cyber insurance policies.
“As an insurer, we gain a better understanding of the level of risk we are taking on with each client so we can react accordingly,” said Grella.
AIG’s Cyber Risk consultants, part of AIG Client Risk Solutions, can work with clients to act on risk scoring and evaluate data for system vulnerabilities and negative risk trends.