How Active Risk Monitoring Lowers Losses by Keeping Your Business Secure

Cyber criminals do not waste time.  

With newly identified vulnerabilities arising constantly and unpredictably, attackers are continually refining their tactics, techniques, and procedures (TTPs) to exploit any weakness. This means that organizations cannot be passive about their security.  

Yet, staying vigilant amid evolving cybersecurity threats poses a significant challenge to organizations of all sizes — especially considering the speed with which attackers strike. Maintaining a strong security posture can quickly strain resources due to the relentless requirement to react efficiently and effectively to new vulnerabilities.

Cyber insurance is a crucial backstop for modern businesses, but it doesn’t actually do anything to prevent attacks if your insurance provider isn’t actively helping you identify vulnerabilities and mitigate risk throughout your policy period. Active Risk Monitoring (ARM) is a central component of InsurSec — which combines cyber insurance and security to help protect organizations from cyber threats in a way not usually provided by any standalone security service or insurance policy.

Our Risk and Cyber Research teams looked at At-Bay scan data from April 2021 to July 2023 as part of their latest research on the effectiveness of ARM on reducing risk for businesses.

Here are the key takeaways from this data analysis:

• 72% of vulnerabilities were still open for up to 30 days after they were publicly disclosed. (Twice as many claims are made in those first 30 days of a vulnerability being observed compared to day 31 and after.)
• 80% of our policyholders took less than 2.5 months on average to patch flagged vulnerabilities, which is 2X faster than the general population.
• An organization was 25% less likely to experience any type of cyber incident after resolving an active alert.
• Businesses with less than $50 million in revenue had a 77% higher chance of loss with an active alert compared to those with higher revenue.
  

Let’s dive into these findings a bit more.

Speed to Patch Matters

Attackers work quickly as new vulnerabilities are discovered and exploits are published. And yet, 72% of vulnerabilities were still open for up to 30 days after they were publicly disclosed. 

At-Bay sees the speed of attackers reflected in our claims, with almost twice as many claims made in the first 30 days of a vulnerability being observed compared to day 31 and after.

For all policyholders, a critical vulnerability discovered mid-policy significantly increases the chances of an organization experiencing an incident that leads to a claim. Given that new software vulnerabilities emerge constantly, discovering a new critical vulnerability mid-policy is common.

This is why it’s crucial to build a cybersecurity strategy that can keep up with the speed of attacks. Active Risk Monitoring allows At-Bay to scan as soon as new vulnerabilities are made public and provide policyholders with the support needed to resolve vulnerabilities quickly and effectively.

ARM Helps Policyholders Patch Flagged Vulnerabilities Twice as Fast as the Industry Average

This increased patching speed reduces the likelihood of a successful attack. Once a vulnerability is patched, attack via that particular vulnerability becomes impossible to exploit.

Vulnerability Patching Reduces the Likelihood of Any Cyber Attack by 25%

On top of helping At-Bay policyholders patch vulnerabilities to avoid specific attacks, Active Risk Monitoring positively impacts risk mitigation in general.

Closing a vulnerability not only prevents an attack via that particular vulnerability — it also reduces the likelihood of incidents not related to the vulnerability. According to our claims data, an organization is 25% less likely to experience any type of cyber incident after resolving an active alert.

Given the number of vulnerabilities that are made public every day — the U.S. government’s National Vulnerability Database has analyzed over 19,000 new vulnerabilities in the past year alone  — resolving known vulnerabilities can be a force multiplier especially for small and medium-sized businesses (SMBs). This can even help fortify them against unknown issues. By following the vulnerability notifications that come with ARM and resolving active alerts in a timely manner, SMBs can exponentially improve their security posture. 

Small Businesses Get the Biggest Benefit From ARM

Active Risk Monitoring helps organizations of all sizes reduce their cyber risk, but it really pays off for small businesses. 

While financially motivated cyber criminals always want the largest payday possible, they don’t automatically gravitate to organizations with the largest coffers. In 2021, the FBI’s Internet Crime Complaint Center received 847,376 complaints regarding cyber attacks and malicious cyber activity with nearly $7 billion in losses, most of which targeted small businesses.³

Attackers’ emphasis on small businesses correlates with our findings. 2022 At-Bay claims data shows that organizations with less than $50 million in revenue have a 77% higher chance of loss with an active alert when compared to those above that dollar amount in revenue. This underscores the importance of Active Risk Monitoring, which helps At-Bay policyholders expedite vulnerability patching by 2X on average compared to general populations, therefore significantly reducing their risk of cyber attacks that lead to loss.

Overall, our team estimated that policies enrolled in ARM see their ultimate expected losses decreased on average by about $1,600 per policy.

Helping Businesses Bridge the Security Operations Gap with ARM

Active Risk Monitoring helps our policyholders quickly patch vulnerabilities and close attack vectors, which significantly reduces the risk of attacks throughout the policy period. Through a combination of frequent scans to detect vulnerabilities and an in-house Security team to help policyholders resolve issues, At-Bay’s ARM helps organizations become aware of when they’re affected by a vulnerability and patch it before they become a victim.

Active Risk Monitoring vs. One-Time Scans 

Some cyber insurance providers run a one-time scan at the time of underwriting to assess an applicant’s risk before signing a policy. This type of scan can discover vulnerable software if it is running on a publicly-facing server, and a security team can then help affected policyholders understand how to fix the issue. However, because new software vulnerabilities emerge constantly, Active Risk Monitoring is ideal for addressing new issues throughout the life of the policy period. One-time or infrequent security scans simply can’t capture the dynamic nature of cyber threats.

That’s why At-Bay actively and regularly scans for new vulnerabilities throughout the policy period and notifies organizations if issues appear, such as vulnerable software, unprotected email services, exposed system entry points, or missing password protections. ARM allows At-Bay to uncover security issues commonly exploited by attackers throughout the policy period, resulting in fewer attacks and allowing organizations to remain secure as threats emerge and evolve. 

A Comprehensive Security Solution Inside Your Insurance Plan

Staying ahead in cybersecurity requires constant vigilance, but not all organizations have the resources or personnel to keep up. Active Risk Monitoring provides organizations with the opportunity to combat cyber criminals who exploit vulnerabilities as they are made public. Without regular scans, a cyber insurance policy will only provide bare minimum protection. 

This is why At-Bay is dedicated to using data and expertise to help bridge the security operations gap. By leveraging ARM, At-Bay is helping organizations protect themselves from threats and avoid damaging interruptions in their operations.

Footnotes

1. Source: Orange Cyberdefense, Security Navigator 2023
2. Source: Kenna Security 2020, PRIORITIZATION TO PREDICTION Volume 6: The Attacker-Defender Divide
3. Source: CNBC|SurveyMonkey Small Business Index Q4 2022