Enterprise-wide cyber risk assessment tool hits the market

Enterprise-wide cyber risk assessment tool hits the market | Insurance Business

Enterprise-wide cyber risk assessment tool hits the market

A cyber risk assessment tool that could help risk managers form a business case for greater investment in cyber defenses has hit the market.

FM Global has launched Cyber Risk Assessment, which it says helps clients measure their overall cyber security resilience, taking into account inherent cyber risk, mitigating security controls and the ability to respond to and recover from a cyber incident.

The new tool is underpinned by the need for organizations to understand their “enterprise-wide cyber risk” – including the potential of resulting physical damage.

“Many people think of cyber risk solely as theft of information, but there is a very real physical property component that businesses need to consider,” said Jeff Tilley, FM Global vice president and manager of cyber hazards, in a statement.

Read more: When cyber risks become physical

“This comprehensive tool assesses the potential impact of cyber risk beyond an IT perspective, and provides recommendations to mitigate against that cyber threat with an overall outcome of improved resilience to protect business revenue, reputation, market share and ultimate viability,” Tilley said.

The tool gives a “comprehensive review” of a client’s cyber exposures, at both the location and enterprise levels, done by assessing a client’s ability to prevent unauthorized physical access to its facilities and information technology networks as well as its preparedness, response capability and resilience in the event of a cyberattack, the firm said at launch.

Beginning in 2019, it will also assess industrial control systems and the client’s ability to defend against malicious attacks on building systems, process control and equipment due to their increased network connectivity.

“This assessment can identify areas of cyber risk that the policyholder is not currently aware of and validate areas they’ve already identified as gaps,” said Tilley.

“Risk managers can use the result to support the business case for additional security investments and to help improve relationships between information security and other areas in their organization,” he added.

The assessment tool received a patent from the United States Patent and Trademark Office in 2018, and patents are pending in other countries, according to FM Global.