What’s the Value of a Cyber Risk Score?
Cyber security ratings, otherwise known as cyber risk scores, are making headlines in the world of insurance and risk management.
Like credit scores, cyber security ratings are an attempt to measure risk. A cyber risk score, in theory at least, allows cyber risk to be quantified, compared and priced. In other words, cyber risk scores should facilitate cyber insurance transactions.
The multifaceted nature of cyber risk creates a need for a consistent unit of measurement. However, the shape shifting nature of both threats and defense make rating standardization a challenge.
So what is the true value of a cyber risk score, and why are brokers and carriers using them?
Overcoming Common Cyber Insurance Purchase Objections
Regardless of whether a cyber risk score is rated on a 1-1000 scale or simply a bad/average/good, insurance brokers are beginning to use them as a quick way to gather intelligence for lead generation, prospecting and cyber insurance sales. Brokers need defensible metrics on an organization’s digital footprint. Correlating those metrics to actual breach and business interruption events creates a powerful body of compelling purchase case evidence.
When it comes to building the persona of an ideal customer, using a cyber risk score makes sense. As well as filtering by industry type, size and geography, brokers can use a cyber risk score to look beyond the basic characteristics of a given company and, to some extent, focus on its cyber exposure.
Brokers are also using cyber risk scores as a way of overcoming some of the common objections prospects have when considering a cyber insurance purchase.
Many small to medium sized organizations often feel like they don’t have a cyber exposure or that a cyber event won’t happen to them and therefore insurance would be a waste of money. While cyber risk scores can help overcome these objections, they really only make sense as part of arsenal of other metrics. Without context, raw scores are unable to provide calibrated insight into the likelihood and cost of cyber events.
Cyber Risk Scores: Right here, right now
Like them or not, cyber risk scores are here to stay so there’s a real case for getting on board and making use of the metrics at hand.
However, cyber risk scores are only the tip of the iceberg. Understanding the constituent parts of the scoring model, consistently using the same scoring methodology and knowing the correlation between the score, likelihood and impact are key to answering the “so what” question.
For more information on the value of cyber risk scores in overcoming the most common objections to buying cyber insurance, sign up for our March 1st webinar.