US credit institution cybersecurity is precarious

On September 13, the home of the financial news, last week, America's largest credit rating agencies among was revealed by network attacks, 143 million U.S. residents personal information was leaked danger, total population of 223 million in the United States, that means the hackers events coverage up to 64% in the United States.

It is estimated that the total amount of insurance policy for Equifax is between $1 and $150 million. According to relevant personage, among a network security, crime prevention risks and risks such as insurance, general liability insurance after the accident, the insurance company and they have launched claims related to the negotiations. We don't know the exact amount that Equifax suffered in the event, but based on previous cyber attacks, the number is likely to be much larger than $150 million. This time, the Internet security risk in its infancy failed to help Equifax.

Equifax's valuation plunged 16% after it was revealed last Friday, and has since recovered slightly. But when news of the insurance's inability to cover its losses was released on Monday, Equifax suffered another sharp fall, losing more than 21 percent since Friday.

Among this event is not the first large-scale network security incidents this year, in the past eight months, also occurred by such WannaCry and Petya blackmail virus caused by the global network security incidents. These accidents have caused widespread damage to the global Internet, resulting in serious economic losses. Some of the affected companies are unable to return to normal for weeks or months after being attacked.

If the company is not big enough to build a perfect internal network of its own, most companies will not be able to fend off malicious cyber attacks. Some software companies can provide system design and maintenance services for enterprise customers, and strengthen the security of enterprise system by establishing multiple modules and platforms. But network security technology and hacker technology are the pros and cons of the same coin, and enterprise system maintenance can't be 100 percent safe. At this point, the importance of the emerging danger of cyber security risks is reflected. At the same time, wireless signal jammer, mobile phone jammers, WiFi signal jammers and other jammers are more important. Under the powerful technology development of now, the jammers have some of these functions can be realized only interference, does not affect the normal use of other functions, in order to protect your personal security or company such as information security, I suggest that is in need of corresponding jammer device installed.

The final settlement could not cover all of the company's losses. In among example, do not know because of the network security insurance actuarial model is not yet mature, the insurance company failed to accurately estimate the potential loss of network risk brings, or because among choice when insurance coverage is too little, cause but without the network security risk, is among the loss also increases sharply.

Network risk would be tantamount to enterprise organizations face the other risk categories (such as fire, theft, flood, power outages, responsibility), so by insurance against risk of network and related economic loss is a common sense. The Insurance against network risk is known abroad as Cyber Liability Insurance Coverage, CLIC. In 2014, global economic losses from cybercrime were as high as $375 billion - $575 billion. Each company suffered an average loss of up to $3 million for data breaches. The huge market volume of network security risks can be seen.

Future cybercrime risk will be the third biggest risk for enterprises. However, the market is still large, with traditional insurers covering only $1.3 billion for cybersecurity in 2016. The figure is expected to reach $14 billion by 2022. According to the survey report, small and medium-sized enterprises with annual income of between $10 and $500,000 are in the range of $800 to $1200 per year. Companies making more than $1 million a year will spend more than $100,000 a year on premiums. Allianz expects these companies' premiums to rise in the future and to grow at the fastest rate in 2025. The Insurance Information Institute, an American Insurance industry group, predicts that

For example, the business types of insurance companies, the hidden dangers of the data (for the attractiveness of hackers), the size of the enterprise and the annual revenue of the company. In the current situation, traditional insurance companies have limited resources to meet the growing demand of corporate customers. Insurance companies when calculating the network security risk premium, there are several key factors must be considered, but with standardized processes can be used to evaluate enterprise facing the network exposure, the industry has not yet been determined.

At present, most insurance companies use questionnaires or third-party door-to-door evaluation to estimate the risks of insurance companies, which require a lot of time and money. Because cyber security risks are not mature enough, there is a lack of experienced professionals in the field to carry out effective risk assessment. In most cases, door-to-door evaluations are evaluated by non-standardized methods by insurance companies and security consultants.

Insurance companies may be less sure about the emerging danger, and how it is priced, so the sector is less efficient. There are conflicting opinions about the definition of "security" in the enterprise system and factors that lead to the weaknesses of the system. How to control network risk is also a subject that requires in-depth study.

The network security degree of the insured enterprise is evaluated by means of a network attack that imitates different dimensions and modes. The good news is that there are now research institute is developing advanced simulation system, the simulation system will be according to the result of simulation attack for an enterprise to develop a network risk score, the score of the set is based on such as NIST, CVSS3.0 and DREAD model widely accepted this kind of calculation method of the risk.

This simulation system is expected to greatly enhance the insurance company for network security risk pricing power, they can finish it within a few hours on the analysis of the insurance company, access to the company's network risk score, so as to decide whether to accept insurance, and determine the total amount and premium levels.

In addition, through a unified criteria to evaluate network security risks, insurance company can reduce the exposure level of insurance company, for enterprise customers to provide enough security at the same time, let the insurance company to get enough profits, make the whole network security is planted into the development of a positive feedback.