to warn and protect its customers.
“Different levels of coverage are
unlocked by different levels of software
and hardware deployment,” Soubra
explained, revealing that the insurer
is offering users “broad terms and
conditions not currently available in
the marketplace,” with deductibles in
some cases reduced to zero.
Over time, this kind of arrangement
is likely to become more prevalent, and
machine learning tools will have a big
impact on cyber insurance terms and
pricing — not only by reducing the risk
of insureds suffering breaches but also
generating invaluable data to help refine
One key challenge: risk aggregation.
These tools could help identify
vulnerabilities within supply chains,
allowing users to suggest security
improvements to suppliers and clients.
COSTS AND CONSIDERATIONS
Uptake is limited. Asked if machine
learning is being translated into
meaningful risk mitigation, Griffin
said, “We haven’t seen that yet on
the client side. As an industry, we’re
kidding ourselves that we’re going
to change the behavior of complex
insureds who have invested millions
of dollars into an infrastructure and a
Costs, which vary significantly, may
be prohibitive to smaller organizations.
“These programs can be expensive,”
said Peters, noting annual prices on a
per-user or per-instance basis can range
from $1,000 to $20,000 and upwards.
“It’s not for the faint of heart.”
And while the range of machine
learning tools continues to grow and
improve, they do not offer a silver-
bullet solution: “These platforms
are only as good as the person
administering them,” Peters said.
“It takes a lot of time and effort to
fine-tune them to fit your business
needs and day-to-day processes.
Increasing network traffic may be
statistically interesting, but it rarely
represents an attack, and systems that
look for generic anomalies can often
misclassify a threat. You have to know
how to apply machine learning in order
for it to reveal true insight,” he added.
Newman agrees that false positive
or negative signals are possible, such
as spotting vulnerabilities in assets that
may be disconnected from key services
or are of little value or importance.
Barbican’s approach, he said, is to use
the signals as the starting point for risk
Machine learning is still young,
and these tools will only become
more accurate and effective. However,
warned Griffin, “as technology evolves,
so does the threat.”
Sophisticated cyber criminals will
soon harness the power of machine
learning to make their attacks more
effective. This could make smaller
firms without intelligent security
systems particularly vulnerable — not
only for the assets they possess but also
as routes into larger organizations.
Cernak hopes machine learning
programs will become easier to deploy,
improving smaller companies’ access
to these powerful tools. However, even
the adoption of high-end software
is pointless if the human principles
of cyber security are not adhered to.
Adequately training staff remains
vital as human error is almost always
present in the event of a breach.
“You have to treat machine learning
like any other tool in your toolbox. You
can’t become overly dependent on any
one solution,” said Cernak.
“It’s important to build a culture of
risk awareness and prevention. Cyber
security starts and ends with people,
and the tools you deploy need to be
complementary to that strategy.” &
ANTONY IRELAND is a freelance writer
based in the UK. He can be reached at
Risk Insiders are an unrivaled group of leading executives
focused on the topic of Risk. They share their insights and
opinions - and from time to time, their pet peeves and gripes.
Each Risk Insider is invited to publish based on their
expertise, passion and/or the quality of their writing. The
only rules are no selling and no competitor put-downs.
The topic of Risk is very broad and complex. By inviting risk
professionals and leading industry experts to share their
insights, we hope to provide a more complete perspective
to our readers.
Recent Contributors Include:
Articles from over 50 Risk Insiders are available at RiskandInsurance.com
Mary Ann Cook
Senior Vice President
President and CEO
Senior Director, Disability Benefits
Vice President, Operational Risk
Chief Underwriting Officer, Global Crime
Chief Executive Officer
Steel City Re
George Browne, CFPS
Manager of Training Services
Global Risk Consultants