Blog: Threat intelligence – the new battleground for cyber

I’m sure many of you reading this will have had some tough conversations with clients about cyber insurance over the past year or so as the market has gone through a period of rate correction in response to the evolving threat environment and the increasing severity of ransomware claims.

The truth is that despite the significant efforts being made by law enforcement, government agencies, cybersecurity experts and cyber insurers, ransomware remains the single biggest online threat to UK businesses today.

And while most threat actors are industry-agnostic and large enterprises continue to be impacted, ransomware remains a small to medium sized business problem. The simple reason for this is that SMEs typically don’t have the resources to invest in cybersecurity and are easier targets.

Investment

But there is light on the horizon. As cyber insurers have invested in building in their own incident response, claims, security and data capabilities, we’re seeing a shift from the cyber proposition being a reactive policy to delivering a proactive service with goal of stopping ransomware attacks from occurring. And the weapon that lies at the heart of this is threat intelligence.

So what is threat intelligence?

It shouldn’t be confused with vulnerability scanning, which is the technology that underpins most of the cyber risk rating reports that have become increasingly available to brokers to get view of a client’s security posture.

Vulnerability scanning is essentially like looking for an open door or window to an organisation’s property – in this case the organisation’s internet-facing assets. The problem is that ‘point in time’ risk reports more often than not cannot provide a full picture as the scanning technology used may not be able to access the company’s entire network – particularly if, as is the case with many SMEs, it outsources a large part to a cloud provider.

Vulnerability scanning and risk reports are not necessarily predictive of a cyber claim – but threat intelligence is.

Threat intelligence combines vulnerability scanning with a host of other data from a combination of internal and external sources to pinpoint companies who are compromised and on a threat actor’s attack list, making them almost certain to fall victim to a cyber event. Cyber insurers using threat intelligence can get to their insureds before the criminals do, help remediate the issue and stop an attack from taking place. It’s even possible to step in as an attack is taking place and thwart the criminals before they can fully deploy their malware.

Posture

Threat intelligence means that a cyber insurance policy can protect an insured from the moment they become a customer. It helps improve the insured’s cybersecurity posture. It helps prevent claims which helps to prevent losses and equally important, prevents the stress and damage that a cyber event can cause. It ultimately means they are at less risk of a cyber event than if they are uninsured.

This proactive approach isn’t market-wide yet, but this has to be the direction of travel in order to create a healthy, affordable market.

Going forward, I would encourage you to scrutinise the threat intelligence and proactive services that a cyber insurer offers with the same level of rigour that you have scrutinised policy wordings in the past. Get under the skin of whether they are simply scanning for vulnerabilities or if they are actively identifying those insureds at risk, alerting them and helping them to mitigate the issue and stop an attack.

One simple question could be to ask how many claims an insurer has prevented and benchmark that against how many they have handled. If the insurer is truly invested in delivering a proactive service, this should arm you with an incredibly powerful statistic to demonstrate the real value of cyber insurance to your clients.

Cybercrime isn’t going to go away and the threat actors have proved themselves time and again to be incredibly adaptable in what can seem a sophisticated cat and mouse game. However, I truly believe that the ability that threat intelligence gives cyber insurers to stop attacks represents the most powerful development in the fight to date.

It’s the new battleground which will determine who wins and who loses.

James Burns is head of cyber at CFC Underwriting