Hypothetical hacking of a cloud service provider, as well as cyber attacks on computer operating systems worldwide, could result in losses of $120 billion. This is a report by Lloyds of London in conjunction with Cyence, a risk modelling company. Cyence has raised $40 million to help insurers understand the impact of cyber risk.
Insurers are struggling to obtain accurate estimates, however, the problem is that they lack historical data. Many companies have yet to purchase cyber policies. By October 2016 only 29 percent of U. S. businesses had done so.
Cyence allows the insurance industry to figure out the impact of cyber risk in terms of dollars and likely incidents. The available platform combines risk modelling, cyber risks and big data. It assists the insurance industry in devising transformational insurance products. Cyber risk accountability and hazards are basic in comparison to other insurance options.
The software community accepts that code is not released without error. It is estimated that for every 1000 lines of code, there will be approximately 15 – 20 bugs. (McConnell 2004). These bugs lead to weaknesses through which malicious actors bypass safeguards or misuse systems.
Code volume and complexity is growing. The original Apollo 11 mission, i. e. the mission that landed people on the moon, consisted of 145,000 lines of code (Johnson 2012). Today’s cars run more than 100 million lines of code.
The ageing of software over time is another problem. Companies run risks by running older operating systems. Not only are they at risk but also companies they deal with outside the network.
The recent “Wannacry” attack showed that the longer software is out in the market, the more vulnerable it becomes. Cyence wants to assist the insurance industry in this regard when the company is promoting cyber risk insurance products.
Netcraft reported that “More than 600,000 web-facing computers which host millions of websites are still running Windows Server 2003, despite it no longer being supported.
Cyence is bringing these facts to the attention of the cyber risk insurance community.