The Lloyd’s syndicate partnered with Oxford Univeristy to produce groundbreaking white paper
Novae yesterday launched its white paper on the relative effectiveness of widely used cyber risk controls, which assesses the true value of compliance.
According to Novae, more needs to be done to “understand the risk environment and halt the potential damage to organisations” that cyber risk can inflict.
The white paper states that “as the volume of cyber-attacks continues to rise and also the levels of harm suffered from them, it is becoming critical that organisations can demonstrate that reasonable efforts are being undertaken to reduce cyber risk.
At the launch event, held at Lloyd’s, Novae Group chief innovation officer and head of cyber Dan Trueman said that “cyber insurance on its own is not enough” to combat cyber risk, and stressed that it was “only one tool” of many needed to tackle this risk.
Collaborating on the project with Oxford University, Novae examined existing risk controls through a number of lenses, namely:
- assets and their attack-surface (which are determined through a number of risk dimensions, with the most important being the Bespoke or Common dimension) and the ability of controls to protect them;
- controls in the context of inherent and known vulnerabilities;
- the capability of threats in compromising the effectiveness of controls;
- the role controls play in how cyber-harm manifests and propagate.
Trueman spoke with Global Reinsurance about the scope of the research carried out for the white paper from a geographical standpoint. While 78% of UK organisations are still not fully confident in their ability to recover after a disruption, and the vast majority of cyber insureds are based in the US, Trueman makes it clear that this is a global model for a global problem.
Trueman said: “We have an ever-growing proportion of non-US [cyber insureds] – particularly large non-US institutions. They’re the first to buy, they’re the ones that are the most sophisticated and actually they’re the ones who are most willing to look at that broader contexts.”
He added that the model frame was laid over various geographies, and pointed out that “motivation versus susceptibility is different in a global context” and that this difference has been considered in the findings.