A Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era

EuropeH2020PresentationSECONDOH2020Systems Security Laboratory (SSL)UPRC

Cyber ​​Insurance: A New Business Trend

An article by Mr. Christos Xenakis, Professor of the Department of Digital Systems at the University of Piraeus and Coordinator of the European Research Program SECONDO, was hosted on the website of the Institute of Financial Literacy.

In terms of cyber insurance, the professor mentioned the constantly emerging need of companies for cyber insurance as well as the important role in calculating the extra risk in order to insure the digital assets of a company.

“A key feature of the times we live in is the ever-increasing use of advanced Information and Communication Technologies, both personally and professionally, with the ultimate goal of facilitating work, information, communication, and transactions. Undoubtedly, every new technology, on the one hand, is accompanied by a number of advantages, both for businesses and ordinary users, on the other hand, is followed by a number of vulnerabilities. Experienced hackers, taking advantage of the vulnerabilities of new Technologies, endanger the service offered, as well as the integrity and confidentiality of the data that this service has collected during its proper operation.

Most of the cyber attacks that companies face today come from social engineering, payment of fake invoices, and ransomware that require ransomware. The goal of companies is to maintain and not jeopardize their smooth operation, as well as the trust of their customers. To avoid a scenario, it is necessary for the company to focus on: i) upgrading the processes being developed to include the risks of cyber security attacks, ii) designing, developing, and maintaining secure digital systems and services, and iii) in Cyber ​​Insurance, which, in the end, in combination with the business restructuring, will ensure that there are the least possible losses.

Cyber ​​Insurance aims to address the consequences and consequences of a cyber attack. An important role in Cyber ​​Insurance is played by the calculation of the risk for the assets of a company. A key factor in calculating risk is the pricing of assets, which can be people, processes, data, software, and hardware. There are many different ways to price assets, but they are all based on common elements which are: a) the impact on business continuity, b) the impact on the company’s reputation, c) the importance of the asset to and (d) the total cost of purchasing, maintaining, adjusting and operating costs of each asset. The end result is expressed in monetary units (eg euros) and is the most important part of the equation for calculating risk in quantitative terms. Proper pricing of a company’s assets requires a very good knowledge of the business’s operations and objectives, combined with a function that will contain the aforementioned variables.

As Piraeus University, we participate in the European   Project, which proposes the “Economics-of-Security-as-a-Service” platform, following the framework of the General Data Protection Regulation (GDPR). This platform focuses on the assessment of cyber risks, where, with a quantified approach, exposure to it can be measured. For optimal risk calculation, it contains a section that deals exclusively with the pricing of a company’s assets, using a state-of-the-art function with variables, which cover parameters that have not been used by the community so far.

Read the entire article here