American International Group, Inc. ("AIG") has launched a new cyber benchmarking model that, it said in a statement, quantifies and scores client cyber risk.
According to AIG, its model evaluates a client's cyber security maturity against 10 common attack patterns across 11 commonly used technology devices. The model incorporates critical security data, such as current threat intelligence from multiple sources, effectiveness of an organization's cyber controls, potential impact of a cyber breach on an organization, and insights gained from the thousands of cyber claims handled by AIG.
AIG cyber clients that provide the required information can receive a report detailing security scores, peer benchmarking, and key risk mitigation controls to help quantify cyber risk.
"We developed the model based on historical insights and patterns of how companies experience cyber breaches – the points of entry and the types of attacks and vulnerabilities seen in the vast majority of cyber breach scenarios," said Tracie Grella, head of cyber risk insurance at AIG. "Companies have been demanding a way to benchmark their cyber maturity against these known cyber risks to quantify what they are up against and where they stand."
To further support its model, AIG launched "CyberMatics," a patent pending security approach with AI cyber security companies CrowdStrike and Darktrace. AIG said that CyberMatics verified inputs into AIG's model from clients' cyber security tools, providing greater confidence in underwriting information and ultimately allowing for better tailored terms and conditions in cyber insurance policies.
"As an insurer, we gain a better understanding of the level of risk we are taking on with each client so we can react accordingly," said Ms. Grella. "Our new model combined with CyberMatics can help our clients make informed and quantifiable decisions about their preparedness for cyber security risk events and insurance cover."
Learn more: www.aig.com.