CyberCube has recently published a report examining the French cyber insurance market. I'm Yvette Essen, Head of Content, Communications, and Creative for CyberCube. Joining me to talk about the report is Brittany Baker, Vice President of Solution Consulting for CyberCube.
Yvette Essen:
"Brittany, thank you for joining me."
Brittany Baker:
"Absolutely."
Yvette Essen:
"Can you tell me a little bit about the premise of this report? What kind of data and methodology did we use?"
Brittany Baker:
"Absolutely. We created a portfolio of around 17,000 mid-to-large French companies, really looking to observe the presence of two different security signals. One of these signals is software vulnerabilities, and the other is the use of end-of-life products. Just to clarify, an end-of-life product is one that is no longer supported by the original developers of that software package."
Yvette Essen:
"And what were the key findings?"
Brittany Baker:
"We observed that across 10% of this portfolio, around 1,700 companies had at least one software vulnerability. When we looked at end-of-life products, we saw around 200 instances of their use across 127 different company networks. Interestingly, when we examined the convergence of these two signals—companies that had both software vulnerabilities and the use of end-of-life products—there were only 31 companies that had both."
Yvette Essen:
"Why was it important to focus on these particular vulnerabilities?"
Brittany Baker:
"CyberCube has conducted research on different security signals that represent an increased probability of experiencing a cyber event. Out of about 60 security signals we analyzed, 10 really stood out, and these two—software vulnerabilities and end-of-life products—are among them. They interplay in an interesting way. Software vulnerabilities are essentially like an unlocked door that an attacker can exploit to access a company's network, making their work easier. An end-of-life product, as I mentioned earlier, is no longer supported, so the patches or updates that could fix or eliminate a software vulnerability are no longer being issued. When you observe both of these at the same time, it compounds the increased probability of experiencing a cyber event."
Yvette Essen:
"So, why are the findings in this report so important to the insurance market, particularly for those working in the French insurance market?"
Brittany Baker:
"If you're able to observe these vulnerabilities before or during the underwriting process, you can give the company a chance to address them and eliminate that risk. This should result in a decrease in the expected frequency of a cyber event and, hopefully, a decrease in the expected loss as well. Proactively addressing these issues before underwriting the policy can make a significant difference."
Yvette Essen:
"Brittany, thanks for explaining that. A copy of the report, in both English and French, can be found on our website, www.cybcube.com."
For CyberCube, I'm Yvette Essen.