Sixty percent of small businesses will go out of business within six months of a cyber attack. According to IBM's 2021 Data Breach report, the average business loss suffered from a data breach is $4.24 million, that's an increase of 10% from 2020.

For insurance companies underwriting cyber risk, knowing the risk level of a small business ahead of time matters, especially when you consider 51% of people use the same passwords for both work and personal accounts. The risk a business's employees pose to the first line of defense is an important factor.

In this 15-minute Sip and Solve session, the team from Experian will unpack the challenge of accurately scoring the risk of small businesses using a new dimension for insurers. Bring your favorite morning beverage and snack for this illuminating talk.

Session Transcript and Slides

Heath Foley: Hello, everyone, and welcome to another Sip and Solve. My name is Heath Foley, and I lead our insurance sales team within Experian's Business Information Services group. I'm joined here by Dan Mullooly. Dan leads our insurance product team. We'll be walking through our new cyber solution. I have a cup of coffee here that I'll be sipping through the session. So, since we only have 15 minutes, let's go ahead and get started.

Dan Mullooly: Thank you, Heath. As Heath mentioned, my name is Dan Mullooly, Director of Product here for BIS within Experian. I lead the strategy and roadmap for our insurance solutions, including our predictive cyber model.

We took a very different approach to cyber risk. We see many solutions trying to identify infrastructure vulnerabilities - assessing how strong the "front door" is. We saw an opportunity to address the human element - the risk employees pose to a business. We did this because cyber risk continues growing and causing havoc. Last year, 2022, the average cost of a data breach was about $9.4 million. The rising employee cyber risk is an issue we can help with, using our data assets.

Cyber Risk Market Trends

We assess employee cyber risk behaviors - work life, personal life - to determine if people are reusing passwords, using complex passwords, and other factors that affect risk. Our model predicts the risk employees of a business pose over the next 12 months.

The model helps underwriters identify high-risk businesses - search for a business and see if it exceeds your risk tolerance. If the score is too high, scrutinize the company further before automatically approving.

Experian Cyber Risk Model

The model works like this: You input the business name and address, e.g. "Bob's Bikes." First, we connect individuals working there by scanning our data. Next, we connect employee data - emails, credentials, etc. Finally, we search 11+ years of dark web records for compromise patterns. We derive an overall risk score for Bob's Bikes employees. In this case, Bob's Bikes has a high 877 risk score on our 1-999 scale.

Experian Cyber Risk Model Overview

We've done retrospectives to validate the model. For one healthcare organization that suffered a breach, we scored them a year prior. They already had a high 877 score before the attack. The model identified the top risks: high employee email exposure on the dark web, high percentage of compromised emails excluding large breaches, and weak average password complexity. Over time their score increased until the breach.

Large Healthcare Organization Cyber Risk Case Study

Benefits include identifying high risk applicants, forward looking insights over 12 months, proven attributes validated with claims data, and a complement to other cyber tools by addressing the human element. It can also help assess supply chain/vendor risk.

Experian Cyber Risk Model Benefits

Heath Foley: We're seeing this used as an underwriting tool. Underwriters review the scores and attributes to provide that human risk perspective along with technical controls. Clients are evaluating their whole cyber book to understand overall portfolio risk and manage appropriately.

It's an advisory tool to make clients aware of potential risks. For prospecting, it helps identify companies that meet your risk tolerance for new business. And it enables supply chain risk management by assessing vendor exposures.

Use cases for the Experian Cyber Risk Model

In summary, Experian's model provides the human risk dimension versus other technical controls. Our predictive score estimates likelihood of a breach in 12 months. Just the company name and address generates a score to pinpoint high risks for further review. Use it with other tools to get a comprehensive view.

A summary of benefits for the Experian Cyber Risk Model

Dan and I want to thank you for your time. We'd be happy to analyze your book of business and demonstrate the predictive power of our data. Or we can discuss data delivery so you can evaluate internally. Either way, we invite you to test our cyber data on your portfolio. Thank you again.

Presenters

Heath Foley

Health Foley

Director of Sales

Heath Foley works in Experian’s Business Information Services Group, supporting insurance clients. In this role, Heath leads a sales team that enables insurance organizations to manage risk and drive profitable growth more effectively.

Heath has spent the past 25 years working in the Data and Analytics Industry, providing solutions that help organizations manage risk, streamline processes, and grow top-line revenue with insights provided through data.

Dan Mullooly

Dan Mullooly

Director of Product Management

Dan Mullooly is a Director of Product Management at Experian, where he works in the Business Information Services Group. In this role, Dan is responsible for driving new and innovative solutions for commercial insurance clients.

With a robust background working within the insurance industry, Dan brings a wealth of experience conceptualizing, building, and launching innovative insurance platforms and products.

Before joining Experian, he held a variety of leadership and product development positions that allowed him to gain broad expertise across in the industry. Dan is passionate about working with clients to understand their challenges, which ultimately help influence the product roadmap.

Webinar graphic for Uncovering a New Dimension of Cyber Risk for Insurers

Sign up to be notified for the next live session

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.