reflections from rsa 2016 and advisen cyber risk insights conferences

Reflections from RSA 2016 and Advisen Cyber Risk Insights ConferencesMarch 15, 2016

2

“Uncertainty is an uncomfortable

position. But certainty

is an absurd one.” Voltaire

3

March 2016 – Two Major Cybersecurity Conferences in San Francisco

4

Reflections from the two conferences from

Evolver VP and Cybersecurity Expert Chip Block

5

RSA ConferenceThe technology world likes to live in certainty

2016 buzz word:

“machine learning”

Products are built that learn expected behavior over time

Then look for anomalous activity to alert that a cyber attack may have, or is, occurring

6

Machine learning approaches work well:In a relatively static operational environment that can be modeled and refined over time.

BUTHighly dynamic and flexible environments are not good candidates for a machine learning approach

Because the models never refine and defining expected behavior with confidence is never achieved.

Many vendors/speakers said:Machine learning is a “solution” to cybersecurity

7

Does have a role in a total cyber solution But machine learning is clearly not the “certain” solution that was being presented at the RSA conference

Machine learning

8

• The Advisen Cyber Risk Insights Conference was attended by risk managers, insurance underwriters and brokers.

• From weather to auto accidents to randomly falling trees, the insurance world looks to find ways to support very uncertain areas.

Advisen – the insurance industry operates in a very UNcertain world

Advisen presented the

specific costs for over 18,000

cybersecurity events

Advisen Cyber Risk Insights Conference 2016

Litigation Cases

Economic Loss

Response Cost

Fines and Penalties

10

Advisen Cyber Risk Insights Conference 2016

Predictable Risk Non-Predictable Risk

• Insurance companies such as Chubb, Beazley and CNA presented on the trends in cyber insurance claims

• Discussions: what they believed were predictable risks and what were not

11

More data has been collected and analyzed about cyber attacks than most of the people who attended the RSA conference realize.

Insights from Advisen Conference

How many attacks

Nature of attacks

Cost of attacks

Specific numbers about cybersecurity events are being collected at an impressive rate.

12

Technology and insurance need to come closer together. Major takeaway

Insurance IndustryDevelop quantified cyber risk models

based on company and market profiles.

Technology MarketPresent products in terms of

reducing cybersecurity risk for specific markets

and specific challenges.

13

• The risks to an online retail company are significantly different than the risks to a power company.

• Insurance companies recognize this (premiums for retail and healthcare are higher than other markets) and the technology world needs to adjust as well.

For Example: Different technology and different insurance coverage for

each vertical market

14

By next year’s cyber conferences, we will see if these two worlds

have moved any closer together.

Cybersecurity Technology

Cyber Insurance

15

Evolver is a technology company headquartered in Reston, VA.

Our cybersecurity solutions move businesses away from reactive activities

and directs them into a logical risk-based cybersecurity posture.

Click here to read more on our website. Or inquire: info@evolverinc.com