Lockton Re has released a new report assessing the use of vulnerability scanning technologies in cyber risk underwriting.

The report examines a range of scanning tools used by insurers and reinsurers to address cyber risks. As digital networks become increasingly complex, companies face increased exposure to potential cyber attacks.

Get the latest reinsurance news straight to your inbox twice a week. Sign up here

By 2025, nearly 50% of the world’s data is expected to be stored in the cloud, increasing companies’ vulnerability to attacks, both internally and through their supply chains.

The development of vulnerability scanning technologies reflects rapid innovation in the cyber insurance industry, noted Jacqueline Yeo, lead author of the report and cyber analytics lead at Loction Re.

“However, when used in conjunction with other underwriting and aggregation methodologies, scanning solutions can provide valuable additional insights,” said Yiu. “We looked at the following emerging scanning tools using an independent dataset: Cyberwrite, ISS, Kynd, and Orpheus, to create the report.”

The report stresses that vulnerability scanning is not a standalone cybersecurity solution, but should be considered part of a broader strategy that provides a comprehensive picture of a company’s security posture.

Yiu stressed that vulnerabilities need to be carefully interpreted, as not all carry the same level of risk, and context remains crucial in understanding a company’s exposure to risk.

Read more: Lockton Re strengthens its agricultural business with key hires in Bermuda

Cyber ​​risk data providers play an important role in assessing security risks, said Oliver Brough (pictured above), co-author of the report and head of cyber practice at Lockton Re in London. These tools can provide sensitivity checks on exposure data used in disaster models and act as a secondary lens on risk.

“However, it is important to use these tools as part of best practice in portfolio management, such as those promoted by regulators and Lloyd’s of London in their Regulatory Capabilities Matrix, to enhance more than one view of risk,” said Bro.

In the report, Lockton Re argues that in the uncertain landscape of cyber risk modeling, using multiple tools provides a more comprehensive understanding of exposure. This approach helps insurers leverage technological advances in vulnerability scanning while avoiding over-reliance on any single model.

Compared to natural disaster models, the report cites past instances where models underestimated risks, resulting in massive losses. By integrating scanning tools with traditional models, cyber insurers can work to mitigate such risks.

What do you think of this story? Feel free to share your comments below.

Get the latest reinsurance news straight to your inbox twice a week. Sign up here