Sergey Nivens - Fotolia

Singapore university taps Verizon’s cyber security knowhow

Nanyang Technological University will use the Veris Community Database in a research project to enable more accurate cyber risk assessment

Singapore’s Nanyang Technological University (NTU) is tapping on Verizon’s cyber breach database and risk management expertise for a cyber security research project.

Called Cyber Risk Management Project (CyRiM), the research initiative, spearheaded by NTU’s Insurance Risk and Finance Research Centre (IRFRC) and supported by Singapore’s central bank and Cyber Security Agency, is aimed at shoring up the data analytics and cyber risk assessment capabilities of Singapore’s insurance industry.

“Getting access to real cyber crime data is a huge boon to the insurance industry,” said Shaun Wang, director at IRFRC. “Calculating the cost and the impact of a breach is a complex task at best, and one that demands the availability of huge amounts of data if it is to be accurate.”

To that, Wang said Verizon’s Veris Community Database (VCDB), which contains anonymised data on more than 7,000 security incidents, such as indicators of compromise and victim demographics, will enable researchers to create more accurate assessment tools and methodologies.

This will, in turn, allow for more accurate underwriting by insurance companies, which have traditionally assessed an organisation’s risk profile based on snapshots in time. Industry experts say such static approaches will not work in a more dynamic cyber security landscape.

With better access to data, the NTU researchers hope to lower the cost of cyber insurance and improve adoption of cyber insurance among Singapore businesses.

According to global insurance firm AIG, less than 10% of Singapore businesses have cyber insurance, though it expects this number to rise to 40% by 2020.

AIG has already seen a seven-fold increase in inquiries about cyber insurance policies since 2013, while the cyber insurance business of insurance broker Aon reportedly grew at a compound annual growth rate of 70% between 2009 and 2015.

More than just risk transfer

Speaking at the RSA Asia-Pacific conference in Singapore in July 2016, Mark Weatherford, chief cyber security strategist at datacentre and cloud security company vArmour, said more companies are turning to cyber security insurance as a financial instrument for transferring risk.

The underwriting process, as well as comprehensive risk assessments that identify threats and vulnerabilities to satisfy the demands of cyber security insurance, can also be a catalyst for better security, he added.

While demand for cyber security insurance is growing, Marsh, a global insurance broking and risk management firm, said risk transfer is only part of the solution.

Read more about cyber security in ASEAN

The firm noted in a research report that information sharing between industry and government should also be part of a comprehensive risk mitigation strategy.

“Insurers and brokers are expanding the availability of loss prevention and risk mitigation services such as risk assessment tools, breach preparation counseling and breach response assistance,” it added. “The expanded roster of services and enhanced coverage can provide additional value from policies, usually without a specific added premium.”

Read more on IT risk management