WO2019081181A1 - System and method for calculating at least one risk index relating to cybersecurity threats - Google Patents

System and method for calculating at least one risk index relating to cybersecurity threats

Info

Publication number
WO2019081181A1
WO2019081181A1 PCT/EP2018/077174 EP2018077174W WO2019081181A1 WO 2019081181 A1 WO2019081181 A1 WO 2019081181A1 EP 2018077174 W EP2018077174 W EP 2018077174W WO 2019081181 A1 WO2019081181 A1 WO 2019081181A1
Authority
WO
WIPO (PCT)
Prior art keywords
user data
risk index
database
calculating
processing device
Prior art date
Application number
PCT/EP2018/077174
Other languages
French (fr)
Inventor
Antonio DEBIASI
Original Assignee
Beyond S.R.L.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beyond S.R.L. filed Critical Beyond S.R.L.
Priority to EP18779706.3A priority Critical patent/EP3701441A1/en
Publication of WO2019081181A1 publication Critical patent/WO2019081181A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities

Definitions

  • the present invention relates to a system and a method for calculating at least one risk index relating to cybersecurity threats, which is particularly, although not exclusively, useful and practical in the area of estimating the costs of insurance policies, in short insurance premium, for cover against the aforesaid cybersecurity threats.
  • GDPR for data breach i.e. personal information violations.
  • this derives from the combination of a set of operating problems, among which by way of example are: the absence of operating models (processes and solutions to support them) that can be used in this context, for example for managing the claim; the lack of time-series claims history figures on which to build a conjectured insurance premium; the intense variability over time of the risk deriving from cybersecurity threats; the high cost of evaluation of the risk caused by the need to conduct analyses, interviews and documentary collections by experts in cybersecurity; and the scarcity of expert profiles in cybersecurity.
  • Another disadvantage of the conventional solutions consists in the low capacity to control the managing costs of the insurance product against cybersecurity threats in all its stages: evaluation of the risk, definition of the premium, managing the product, and managing the claim.
  • Another disadvantage of the conventional solutions consists in that the current operating models do not take into consideration the actual measurements of the degree of security of the devices and/or of the infrastructure supporting the perimeter to be insured.
  • the aim of the present invention is to overcome the limitations of the known art described above, by devising a system and a method for calculating at least one risk index relating to cybersecurity threats which allow to produce a concise and reliable risk index, which can be used in the definition of the insurance premium for cover against cybersecurity threats, and especially based on the effective control at an operational level of the risk deriving from these cybersecurity threats.
  • an object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which take into consideration the actual measurements of the degree of security of the devices and/or of the infrastructure supporting the perimeter to be insured.
  • Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which allow to contain costs and shorten times in the steps of evaluating the risk and, subsequently, of defining the insurance premium.
  • Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which allow to provide an insurance product for cover against cybersecurity threats which can be offered to all customer segments (for example large, medium, small, retail).
  • Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which enable all the parties involved in the insurance process (i.e. the insured customer, the insurance company or insurer, the reinsurance company or reinsurer, the company that manages the security services, the company that manages the claims appraisals) to monitor the level of risk deriving from cybersecurity threats.
  • the parties involved in the insurance process i.e. the insured customer, the insurance company or insurer, the reinsurance company or reinsurer, the company that manages the security services, the company that manages the claims appraisals
  • Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which allow the reinsurer to assume the risk deriving from these cybersecurity threats in a controlled manner.
  • Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which are highly reliable, easily and practically implemented, and at low cost if compared to the known art.
  • the aim and objects are also achieved by a method for calculating at least one risk index relating to cybersecurity threats according to claim 9.
  • Figure 1 is a block diagram that schematically illustrates the infrastructural context in which an embodiment of the system for calculating at least one risk index relating to cybersecurity threats, according to the present invention is inserted;
  • Figure 2 is a block diagram that schematically illustrates an embodiment of the system for calculating at least one risk index relating to cybersecurity threats, according to the present invention
  • Figures 3A, 3B, 3C and 3D are explanatory diagrams that illustrate the membership functions for calculating risk indicators according to an embodiment of the system and of the method for calculating at least one risk index relating to cybersecurity threats, according to the present invention, where the code NB stands for "negative big”, the code NS stands for “negative small”, the code ZR stands for "zero”, the code PS stands for
  • Figures 4A and 4B are explanatory diagrams that illustrate the membership functions, which are mutually alternative, for calculating the total risk index of an embodiment of the system and of the method for calculating at least one risk index relating to cybersecurity threats, according to the present invention
  • Figure 5 is a flowchart that illustrates an embodiment of the method for calculating at least one risk index relating to cybersecurity threats, according to the present invention.
  • the system for calculating at least one risk index relating to cybersecurity threats comprises substantially a central processing device 10, a plurality of remote data collection devices 14, and a plurality of remote management devices 16.
  • the central processing device 10 of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention is connected and in communication with the plurality of remote data collection devices 14 by way of a telematic communications network 12, preferably the internet.
  • a first portion of the remote data collection devices 14 is configured to collect the direct user data which correspond to the insured customers and are provided directly by the insured customers, preferably by way of questionnaires on paper or online completed by those insured customers, and to transmit or send, optionally following a request or interrogation, these direct user data toward the central processing device 10.
  • the first portion of the remote data collection devices 14 comprises graphical interface means, which are implemented for example within a web app, by way of which the insured customers can complete the above mentioned questionnaires online, comprising for example check boxes, radio buttons or option buttons, list boxes, text boxes and/or the like.
  • a second portion of the remote data collection devices 14 is configured to collect the indirect user data which correspond to the insured customers and are provided by external sources (typically public and managed by third parties, such as for example the media and social networks), preferably by way of interrogating these external sources, and to transmit or send, optionally following a request or interrogation, these indirect user data toward the central processing device 10.
  • external sources typically public and managed by third parties, such as for example the media and social networks
  • the central processing device 10 of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention is connected and in communication with the plurality of remote management devices 16 by way of a telematic communications network 12, preferably the internet.
  • the remote management devices 16 are configured to receive, optionally following a request or interrogation, the total risk index originating from the central processing device 10.
  • the remote management devices 16 are part of legacy systems managed by parties involved in the insurance process, except for the insured customers, such as for example the insurance company or the insurer, the reinsurance company or the reinsurer, and any third parties.
  • the central processing device 10 of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention typically belongs to, and is managed by, an insurance company or intermediary specialized in the evaluation of the insurance risk.
  • the central processing device 10 of the system 5 for calculating at least one risk index related to cybersecurity threats comprises an input interface 22, a database for storing direct user data 24, a database for storing indirect user data 26, a calculation engine 28, a database for storing membership functions 29, a database for storing control rules 30, a database for storing total risk indices 32, and an output interface 34.
  • the central processing device 10 of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention is a system of the server type, preferably a web server.
  • the central processing device 10 comprises an input interface, or input data feed interface, 22.
  • the input interface 22 is configured to receive, optionally following a request or interrogation, the direct and/or indirect user data originating from the plurality of remote data collection devices 14.
  • the input interface 22 is connected both to the database for storing direct user data 24 and to the database for storing indirect user data 26.
  • the input interface 22 is configured to route these direct and/or indirect user data toward the respective storage databases, in particular the database for storing direct user data 24 and the database for storing indirect user data 26.
  • the central processing device 10 comprises a database for storing direct user data 24, which comprises suitably dimensioned memory banks, and is configured to store the direct user data originating from the plurality of remote data collection devices 14, in particular from the first portion of remote data collection devices 14, and routed by the input interface 22.
  • the direct user data are collected preferably by way of questionnaires on paper or online which are completed by the insured customers.
  • the direct user data are selected from the group consisting in:
  • production implies greater problems of continuity and data integrity, while services are more impacted by confidentiality issues;
  • the system 5 for calculating at least one risk index relating to cybersecurity threats can entail the gathering and routing of direct user data other than those indicated above, such as for example the presence of security certifications or quality certifications, or compliance with specific stringent cybersecurity regulations, such as for example PCI-DSS (Payment Card Industry Data Security Standard) or other sector regulations.
  • PCI-DSS Payment Card Industry Data Security Standard
  • the central processing device 10 comprises a database for storing indirect user data 26, which comprises suitably dimensioned memory banks, and is configured to store the indirect user data originating from the plurality of remote data collection devices 14, in particular from the second portion of remote data collection devices 14, and routed by the input interface 22.
  • the indirect user data are collected preferably by way of interrogations of external sources managed by third parties.
  • the indirect user data are weighted to the size of the customer.
  • the indirect user data are selected from the group consisting in:
  • - intelligence data [scale of values 0 - 10000]: evidence related to infrastructural footprint, i.e. data associated with the company infrastructure and with its vulnerabilities, and contributions associated with credentials belonging to the company which were stolen or taken or available;
  • system 5 for calculating at least one risk index relating to cybersecurity threats can entail the gathering and routing of indirect user data other than those indicated above.
  • the central processing device 10 comprises a calculation engine 28.
  • the calculation engine 28 carries out the function of aggregating the direct and indirect user data, which are first detected and collected by part of the remote data collection devices 14 and then stored in the database for storing direct user data 24 and in the database for storing indirect user data 26, and also the function of calculating the total risk index (TRI) relating to cybersecurity threats.
  • TRI total risk index
  • the calculation engine 28 is connected to the database for storing direct user data 24, and is configured to retrieve the direct user data from that database for storing direct user data 24.
  • the calculation engine 28 is connected to the database for storing indirect user data 26, and is configured to retrieve the indirect user data from that database for storing indirect user data 26.
  • the calculation engine 28 comprises a module for retrieving direct and/or indirect user data.
  • the calculation engine 28 and as a consequence the evaluation of the overall risk, is based on fuzzy logic. Fuzzy logic was chosen by virtue of the capacity to model situations that lack linear or pre-defmable models, therefore characterized by strong non-linearity and erratic oscillations. The calculation process occurs by way of a fuzzification algorithm based on barycenters.
  • the calculation engine 28 of the central processing device 10 is configured to define a membership function for each class of indirect user data, in particular the above mentioned reputation data, intelligence data, social data, and IT detection results, and to calibrate this membership function on the basis of the direct user data.
  • Each membership function is adapted to calculate the respective risk indicator.
  • the calculation engine 28 comprises a module for defining and calibrating membership functions.
  • Figure 3A shows the membership function for calculating reputation risk indicators
  • Figure 3B shows the membership function for calculating intelligence risk indicators
  • Figure 3C shows the membership function for calculating social risk indicators
  • Figure 3D shows the membership function for calculating IT risk indicators.
  • the central processing device 10 comprises a database for storing membership functions 29, which comprises suitably dimensioned memory banks and is configured to store the membership functions defined by and originating from the calculation engine 28.
  • the calculation engine 28 is connected to the database for storing membership functions 29, and is configured to deposit the membership functions defined by it in this database for storing membership functions 29.
  • the calculation engine 28 of the central processing device 10 comprises a module for deriving control rules.
  • the calculation engine 28 is configured to derive control rules from the direct and indirect user data.
  • the central processing device 10 comprises a database for storing control rules 30, which comprises suitably dimensioned memory banks and is configured to store the control rules derived by and originating from the calculation engine 28.
  • the calculation engine 28 is connected to the database for storing control rules 30, and is configured to deposit the control rules derived by it in this database for storing control rules 30.
  • the calculation engine 28 of the central processing device 10 is configured to recalculate the total risk index TRI upon each variation of the indirect user data.
  • the calculation engine 28 is calibrated on the basis of the requirements of the insurer or of the reinsurer.
  • the calculation engine 28 is configured to calculate the total risk index TRI [scale of values 0 - 10,000] relating to cybersecurity threats, by applying a fuzzy logic based on barycenters.
  • This total risk index TRI can be correlated to the pricing model used by the insurer or by the reinsurer for the estimation of the insurance premium.
  • the calculation engine 28 is configured to calculate the total risk index TRI by combining the risk indicators calculated by way of the respective membership functions defined for each class of indirect user data, for example as shown in Figure 4A.
  • TRI XRR, INR, SR, ITR), where the risk indicators are:
  • IT Risk calculated by way of the membership function defined by the IT detections, i.e. public scans and infrastructure scans (if present).
  • the calculation engine 28 is configured to calculate a risk indicator for each class of indirect user data, by way of the respective membership functions and on the basis of the values of the respective indirect user data that belong to the class.
  • the calculation engine 28 is configured to calibrate each membership function on the basis of the direct user data, and also the model adopted at implementation time, which will be oriented by the requirements of the insurer or of the reinsurer.
  • Each event belonging to a class of indirect user data is evaluated on the basis of the corresponding membership function and summed with the events of that class.
  • the insurer or the reinsurer should use a pricing model that applies increases.
  • the central processing device 10 comprises a database for storing the total risk indices 32, which comprises suitably dimensioned memory banks and is configured to store the total risk indices 32, i.e. the current value of the total risk index TRI as well as the progression over time of the total risk index TRI for a customer, all calculated by and originating from the calculation engine 28.
  • the calculation engine 28 is connected to the database for storing the total risk indices 32, and is configured to deposit the total risk index TRI, calculated by it in each instance, in this database for storing the total risk indices 32.
  • the calculation engine 28 is further configured to deposit the risk indicators, calculated by it in each instance, in the database for storing the total risk indices 32.
  • the central processing device 10 comprises an output interface, or outbound data feed interface, 34.
  • the output interface 34 is configured to retrieve the total risk index TRI, in particular its current value or its progression over time, stored in the database for storing the total risk indices 32, and to transmit or send, optionally following a request or interrogation, this total risk index TRI toward the plurality of remote management devices 16.
  • the central processing device 10 comprises graphical interface means, which are implemented for example within a web app, by way of which the parties involved in the insurance process can monitor the level of risk deriving from cybersecurity threats, optionally following a registration by way of completing some fields corresponding to the party's personal identification information and/or the like.
  • a first portion of the remote data collection devices 14 collects the direct user data, preferably by way of questionnaires on paper or online completed by the insured customers, and transmits or sends them, optionally following a request or interrogation, to the central processing device 10.
  • a second portion of the remote data collection devices 14 collects the indirect user data, preferably by interrogating external sources (typically public, such as for example the media and social networks) which are managed by third parties, and transmits or sends them, optionally following a request or interrogation, toward the central processing device 10.
  • external sources typically public, such as for example the media and social networks
  • step 43 the input interface 22 of the central processing device 10 receives, optionally following a request or interrogation, the direct and/or indirect user data originating from the plurality of remote data collection devices 14, and sends them toward the respective storage databases, in particular the database for storing direct user data 24 and the database for storing indirect user data 26.
  • step 44 the calculation engine 28 of the central processing device 10 defines a membership function for each class of indirect user data, and calibrates it on the basis of the direct user data. Furthermore, the calculation engine 28 of the central processing device 10 deposits these membership functions defined by it in the database for storing membership functions 29.
  • step 45 the calculation engine 28 of the central processing device 10 calculates a risk indicator for each class of indirect user data, by way of the respective membership functions and on the basis of the values of the respective indirect user data that belong to the class. Furthermore, in an embodiment, the calculation engine 28 of the central processing device 10 deposits these risk indicators calculated by it in the database for storing the total risk indices 32.
  • step 46 the calculation engine 28 of the central processing device 10 calculates the total risk index TRI by combining the risk indicators calculated by way of the respective membership functions for each class of indirect user data. Furthermore, the calculation engine 28 of the central processing device 10 deposits this total risk index TRI calculated by it in the database for storing the total risk indices 32.
  • step 47 the output interface 34 of the central processing device 10 retrieves the total risk index TRI, in particular its current value or its progression over time, which is stored in the database for storing the total risk indices 32, and transmits or sends it, optionally following a request or interrogation, toward the plurality of remote management devices 16.
  • the system and the method for calculating at least one risk index relating to cybersecurity threats allow to overcome the qualitative limitations of the known art, in that they allow to produce a concise and reliable risk index, which can be used in the definition of the insurance premium for cover against cybersecurity threats, and especially based on the effective control at an operational level of the risk deriving from these cybersecurity threats.
  • An advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they take into consideration the actual measurements of the degree of security of the devices and/or of the infrastructure supporting the perimeter to be insured.
  • Another advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they allow to contain costs and shorten times in the stages of evaluating the risk and, subsequently, of defining the insurance premium.
  • Another advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they allow to compose an insurance product for cover against cybersecurity threats which can be offered to all customer segments (for example large, medium, small, retail).
  • Another advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they enable all the parties involved in the insurance process (i.e. the insured customer, the insurance company or insurer, the reinsurance company or reinsurer, the company that manages the security services, the company that manages the claims appraisals) to monitor the level of risk deriving from cybersecurity threats.
  • an advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they allow the reinsurer to assume the risk deriving from these cybersecurity threats in a controlled manner.

Abstract

A system (5) for calculating at least one risk index relating to cybersecurity threats, which comprises a central processing device (10) which comprises a database for storing direct user data (24), a database for storing indirect user data (26), and a calculation engine (28). The calculation engine (28) comprises a module for retrieving direct and/or indirect user data, and a module for defining and calibrating membership functions. The calculation engine (28) is configured to calculate a risk indicator for each class of indirect user data by way of the respective membership function and on the basis of the indirect user data that belong to the class, and to calculate a total risk index by combining the risk indicators calculated by way of the respective membership functions for each class of indirect user data.

Description

SYSTEM AND METHOD FOR CALCULATING AT LEAST ONE RISK
INDEX RELATING TO CYBERSECURITY THREATS
The present invention relates to a system and a method for calculating at least one risk index relating to cybersecurity threats, which is particularly, although not exclusively, useful and practical in the area of estimating the costs of insurance policies, in short insurance premium, for cover against the aforesaid cybersecurity threats.
Nowadays, the growing threat to cybersecurity and the highly punitive regulatory framework defined by the GDPR (General Data Protection Regulation, EU Regulation 2016/679) generate new opportunities, but also new needs, in the insurance market.
In particular, these cybersecurity threats create the conditions for two distinct needs to arise in users, in particular in insured customers. There is of course the need for cover against the traditional risks (for example fire, theft, civil responsibility etc.) deriving from cybersecurity threats (for example malware, ransomware, theft of credentials etc.). But there is also the need for cover against the risks deriving from the need to transfer the residual risks from operations to mitigate against sanctions imposed by the
GDPR for data breach, i.e. personal information violations.
Currently, in this context, insurance companies adopt a traditional approach, which consists in defining the insurance premium on the basis of evaluation of the risk as the principal indicator.
However, the conventional solutions are not devoid of drawbacks, among which is the fact that both the evaluation of the risk deriving from cybersecurity threats, and the definition of the corresponding insurance premium, are relatively unreliable in addition to being expensive.
In particular, this derives from the combination of a set of operating problems, among which by way of example are: the absence of operating models (processes and solutions to support them) that can be used in this context, for example for managing the claim; the lack of time-series claims history figures on which to build a conjectured insurance premium; the intense variability over time of the risk deriving from cybersecurity threats; the high cost of evaluation of the risk caused by the need to conduct analyses, interviews and documentary collections by experts in cybersecurity; and the scarcity of expert profiles in cybersecurity.
Another disadvantage of the conventional solutions consists in the low capacity to control the managing costs of the insurance product against cybersecurity threats in all its stages: evaluation of the risk, definition of the premium, managing the product, and managing the claim.
Another disadvantage of the conventional solutions consists in that the current operating models do not take into consideration the actual measurements of the degree of security of the devices and/or of the infrastructure supporting the perimeter to be insured.
An additional disadvantage of the conventional solutions consists in the low possibility of completely or partially reinsuring the insurance premium. In fact, in the absence of time-series claims history figures, the insurance premiums collected by an insurance company should be fully reinsured. However, the reinsurer would have exactly the same problems described above, who therefore would be extremely reluctant to assume the risk deriving from these cybersecurity threats.
The aim of the present invention is to overcome the limitations of the known art described above, by devising a system and a method for calculating at least one risk index relating to cybersecurity threats which allow to produce a concise and reliable risk index, which can be used in the definition of the insurance premium for cover against cybersecurity threats, and especially based on the effective control at an operational level of the risk deriving from these cybersecurity threats.
Within this aim, an object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which take into consideration the actual measurements of the degree of security of the devices and/or of the infrastructure supporting the perimeter to be insured.
Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which allow to contain costs and shorten times in the steps of evaluating the risk and, subsequently, of defining the insurance premium.
Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which allow to provide an insurance product for cover against cybersecurity threats which can be offered to all customer segments (for example large, medium, small, retail).
Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which enable all the parties involved in the insurance process (i.e. the insured customer, the insurance company or insurer, the reinsurance company or reinsurer, the company that manages the security services, the company that manages the claims appraisals) to monitor the level of risk deriving from cybersecurity threats.
Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which allow the reinsurer to assume the risk deriving from these cybersecurity threats in a controlled manner.
Another object of the present invention is to provide a system and a method for calculating at least one risk index relating to cybersecurity threats which are highly reliable, easily and practically implemented, and at low cost if compared to the known art.
This aim and these and other objects which will become better apparent hereinafter are achieved by a system for calculating at least one risk index relating to cybersecurity threats according to claim 1.
The aim and objects are also achieved by a method for calculating at least one risk index relating to cybersecurity threats according to claim 9.
Further characteristics and advantages of the invention will become better apparent from the detailed description of a preferred, but not exclusive, embodiment of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the invention, which is illustrated by way of non-limiting example with the aid of the accompanying drawings wherein:
Figure 1 is a block diagram that schematically illustrates the infrastructural context in which an embodiment of the system for calculating at least one risk index relating to cybersecurity threats, according to the present invention is inserted;
Figure 2 is a block diagram that schematically illustrates an embodiment of the system for calculating at least one risk index relating to cybersecurity threats, according to the present invention;
Figures 3A, 3B, 3C and 3D are explanatory diagrams that illustrate the membership functions for calculating risk indicators according to an embodiment of the system and of the method for calculating at least one risk index relating to cybersecurity threats, according to the present invention, where the code NB stands for "negative big", the code NS stands for "negative small", the code ZR stands for "zero", the code PS stands for
"positive small", and the code PB stands for "positive big";
Figures 4A and 4B are explanatory diagrams that illustrate the membership functions, which are mutually alternative, for calculating the total risk index of an embodiment of the system and of the method for calculating at least one risk index relating to cybersecurity threats, according to the present invention;
Figure 5 is a flowchart that illustrates an embodiment of the method for calculating at least one risk index relating to cybersecurity threats, according to the present invention.
With reference to the figures, the system for calculating at least one risk index relating to cybersecurity threats according to the invention, generally designated by the reference numeral 5, comprises substantially a central processing device 10, a plurality of remote data collection devices 14, and a plurality of remote management devices 16.
The central processing device 10 of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention is connected and in communication with the plurality of remote data collection devices 14 by way of a telematic communications network 12, preferably the internet.
A first portion of the remote data collection devices 14 is configured to collect the direct user data which correspond to the insured customers and are provided directly by the insured customers, preferably by way of questionnaires on paper or online completed by those insured customers, and to transmit or send, optionally following a request or interrogation, these direct user data toward the central processing device 10.
In an embodiment of the system 10 for calculating at least one risk index relating to cybersecurity threats according to the invention, the first portion of the remote data collection devices 14 comprises graphical interface means, which are implemented for example within a web app, by way of which the insured customers can complete the above mentioned questionnaires online, comprising for example check boxes, radio buttons or option buttons, list boxes, text boxes and/or the like.
A second portion of the remote data collection devices 14 is configured to collect the indirect user data which correspond to the insured customers and are provided by external sources (typically public and managed by third parties, such as for example the media and social networks), preferably by way of interrogating these external sources, and to transmit or send, optionally following a request or interrogation, these indirect user data toward the central processing device 10.
The central processing device 10 of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention is connected and in communication with the plurality of remote management devices 16 by way of a telematic communications network 12, preferably the internet.
The remote management devices 16 are configured to receive, optionally following a request or interrogation, the total risk index originating from the central processing device 10. The remote management devices 16 are part of legacy systems managed by parties involved in the insurance process, except for the insured customers, such as for example the insurance company or the insurer, the reinsurance company or the reinsurer, and any third parties.
The central processing device 10 of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention typically belongs to, and is managed by, an insurance company or intermediary specialized in the evaluation of the insurance risk.
The central processing device 10 of the system 5 for calculating at least one risk index related to cybersecurity threats according to the invention comprises an input interface 22, a database for storing direct user data 24, a database for storing indirect user data 26, a calculation engine 28, a database for storing membership functions 29, a database for storing control rules 30, a database for storing total risk indices 32, and an output interface 34.
In an embodiment, the central processing device 10 of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention is a system of the server type, preferably a web server.
The central processing device 10 comprises an input interface, or input data feed interface, 22. The input interface 22 is configured to receive, optionally following a request or interrogation, the direct and/or indirect user data originating from the plurality of remote data collection devices 14. The input interface 22 is connected both to the database for storing direct user data 24 and to the database for storing indirect user data 26. The input interface 22 is configured to route these direct and/or indirect user data toward the respective storage databases, in particular the database for storing direct user data 24 and the database for storing indirect user data 26.
The central processing device 10 comprises a database for storing direct user data 24, which comprises suitably dimensioned memory banks, and is configured to store the direct user data originating from the plurality of remote data collection devices 14, in particular from the first portion of remote data collection devices 14, and routed by the input interface 22.
As mentioned, the direct user data are collected preferably by way of questionnaires on paper or online which are completed by the insured customers. In an embodiment, the direct user data are selected from the group consisting in:
- size [S,M,L,XL,XXL,XXXL]: the size of the customer can be configured with respect to the requirements of the insurer, on the basis of his/her segmentation: number of employees, turnover, area of activity;
- market membership [production, services]: production implies greater problems of continuity and data integrity, while services are more impacted by confidentiality issues;
- geographic presence [local, international]: indicates whether the customer operates only in his/her home country or he/she has administrative offices and/or operating premises in other countries as well;
- contacts with foreign business partner [Yes, No];
- website presence [Yes, No], if yes [Informative, Device];
- e-commerce presence [Yes, No];
- coverage perimeter [All of activity, Specific critical processes];
- number of devices (for example computers) to be included [Number].
Obviuosly, in another embodiment, the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention can entail the gathering and routing of direct user data other than those indicated above, such as for example the presence of security certifications or quality certifications, or compliance with specific stringent cybersecurity regulations, such as for example PCI-DSS (Payment Card Industry Data Security Standard) or other sector regulations.
The central processing device 10 comprises a database for storing indirect user data 26, which comprises suitably dimensioned memory banks, and is configured to store the indirect user data originating from the plurality of remote data collection devices 14, in particular from the second portion of remote data collection devices 14, and routed by the input interface 22.
As mentioned, the indirect user data are collected preferably by way of interrogations of external sources managed by third parties. Preferably, the indirect user data are weighted to the size of the customer. In an embodiment, the indirect user data are selected from the group consisting in:
- reputation data [scale of values 0 - 10000]: evidence derived from public information sources;
- intelligence data [scale of values 0 - 10000]: evidence related to infrastructural footprint, i.e. data associated with the company infrastructure and with its vulnerabilities, and contributions associated with credentials belonging to the company which were stolen or taken or available;
- social data [scale of values 0 - 10000]: presence of negative contributions in the media or on social networks;
- IT detections [scale of values 0 - 10000]: result of scans on the internet perimeter (public scans), and result of scans on endpoints indicated by the customer (infrastructure scans).
Obviously, in another embodiment, the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention can entail the gathering and routing of indirect user data other than those indicated above.
The central processing device 10 comprises a calculation engine 28. In practice, the calculation engine 28 carries out the function of aggregating the direct and indirect user data, which are first detected and collected by part of the remote data collection devices 14 and then stored in the database for storing direct user data 24 and in the database for storing indirect user data 26, and also the function of calculating the total risk index (TRI) relating to cybersecurity threats.
The calculation engine 28 is connected to the database for storing direct user data 24, and is configured to retrieve the direct user data from that database for storing direct user data 24. The calculation engine 28 is connected to the database for storing indirect user data 26, and is configured to retrieve the indirect user data from that database for storing indirect user data 26. The calculation engine 28 comprises a module for retrieving direct and/or indirect user data.
The calculation engine 28, and as a consequence the evaluation of the overall risk, is based on fuzzy logic. Fuzzy logic was chosen by virtue of the capacity to model situations that lack linear or pre-defmable models, therefore characterized by strong non-linearity and erratic oscillations. The calculation process occurs by way of a fuzzification algorithm based on barycenters.
The calculation engine 28 of the central processing device 10 is configured to define a membership function for each class of indirect user data, in particular the above mentioned reputation data, intelligence data, social data, and IT detection results, and to calibrate this membership function on the basis of the direct user data. Each membership function is adapted to calculate the respective risk indicator. The calculation engine 28 comprises a module for defining and calibrating membership functions.
By way of example, Figure 3A shows the membership function for calculating reputation risk indicators, Figure 3B shows the membership function for calculating intelligence risk indicators, Figure 3C shows the membership function for calculating social risk indicators, and Figure 3D shows the membership function for calculating IT risk indicators.
It is to be noted that the forms of the membership functions shown in Figures 3A-3D derive from an initial digital simulation and therefore they must be calibrated on the basis of the model adopted at implementation time, which will be oriented by the requirements of the insurer or of the reinsurer.
The central processing device 10 comprises a database for storing membership functions 29, which comprises suitably dimensioned memory banks and is configured to store the membership functions defined by and originating from the calculation engine 28.
The calculation engine 28 is connected to the database for storing membership functions 29, and is configured to deposit the membership functions defined by it in this database for storing membership functions 29.
In an embodiment, the calculation engine 28 of the central processing device 10 comprises a module for deriving control rules. The calculation engine 28 is configured to derive control rules from the direct and indirect user data.
In an embodiment, the central processing device 10 comprises a database for storing control rules 30, which comprises suitably dimensioned memory banks and is configured to store the control rules derived by and originating from the calculation engine 28.
The calculation engine 28 is connected to the database for storing control rules 30, and is configured to deposit the control rules derived by it in this database for storing control rules 30.
In a preferred embodiment of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention, the calculation engine 28 of the central processing device 10 is configured to recalculate the total risk index TRI upon each variation of the indirect user data.
In an embodiment of the system 5 for calculating at least one risk index relating to cybersecurity threats according to the invention, the calculation engine 28 is calibrated on the basis of the requirements of the insurer or of the reinsurer.
As mentioned, the calculation engine 28 is configured to calculate the total risk index TRI [scale of values 0 - 10,000] relating to cybersecurity threats, by applying a fuzzy logic based on barycenters. This total risk index TRI can be correlated to the pricing model used by the insurer or by the reinsurer for the estimation of the insurance premium.
In particular, the calculation engine 28 is configured to calculate the total risk index TRI by combining the risk indicators calculated by way of the respective membership functions defined for each class of indirect user data, for example as shown in Figure 4A.
TRI =XRR, INR, SR, ITR), where the risk indicators are:
- RR: Reputation Risk, calculated by way of the membership function defined by the indirect reputation data;
- INR: Intelligence Risk, calculated by way of the membership function defined by the indirect intelligence data;
- SR: Social Risk, calculated by way of the membership function defined by the indirect social data;
- ITR: IT Risk, calculated by way of the membership function defined by the IT detections, i.e. public scans and infrastructure scans (if present).
In general, the calculation engine 28 is configured to calculate a risk indicator for each class of indirect user data, by way of the respective membership functions and on the basis of the values of the respective indirect user data that belong to the class.
As mentioned, the calculation engine 28 is configured to calibrate each membership function on the basis of the direct user data, and also the model adopted at implementation time, which will be oriented by the requirements of the insurer or of the reinsurer. Each event belonging to a class of indirect user data is evaluated on the basis of the corresponding membership function and summed with the events of that class.
In an embodiment, if there are no public scans and infrastructure scans of the devices included by the customer, and therefore if there is no ITR risk indicator, the calculation engine 28 is configured as a consequence to recalibrate the calculation of the total risk index TRI, which becomes TRI = RR, INR, SR), for example as shown in Figure 4B. In this case, the insurer or the reinsurer should use a pricing model that applies increases.
The central processing device 10 comprises a database for storing the total risk indices 32, which comprises suitably dimensioned memory banks and is configured to store the total risk indices 32, i.e. the current value of the total risk index TRI as well as the progression over time of the total risk index TRI for a customer, all calculated by and originating from the calculation engine 28.
The calculation engine 28 is connected to the database for storing the total risk indices 32, and is configured to deposit the total risk index TRI, calculated by it in each instance, in this database for storing the total risk indices 32.
In an embodiment, the calculation engine 28 is further configured to deposit the risk indicators, calculated by it in each instance, in the database for storing the total risk indices 32.
The central processing device 10 comprises an output interface, or outbound data feed interface, 34. The output interface 34 is configured to retrieve the total risk index TRI, in particular its current value or its progression over time, stored in the database for storing the total risk indices 32, and to transmit or send, optionally following a request or interrogation, this total risk index TRI toward the plurality of remote management devices 16.
In an embodiment of the system 10 for calculating at least one risk index relating to cybersecurity threats according to the invention, the central processing device 10 comprises graphical interface means, which are implemented for example within a web app, by way of which the parties involved in the insurance process can monitor the level of risk deriving from cybersecurity threats, optionally following a registration by way of completing some fields corresponding to the party's personal identification information and/or the like.
Operation of an embodiment of the system 5 for calculating at least one risk index relating to cybersecurity threats, i.e. an embodiment of the method for calculating at least one risk index relating to cybersecurity threats, according to the present invention is described below.
Initially, in step 41 a first portion of the remote data collection devices 14 collects the direct user data, preferably by way of questionnaires on paper or online completed by the insured customers, and transmits or sends them, optionally following a request or interrogation, to the central processing device 10.
At the same time, in step 42 a second portion of the remote data collection devices 14 collects the indirect user data, preferably by interrogating external sources (typically public, such as for example the media and social networks) which are managed by third parties, and transmits or sends them, optionally following a request or interrogation, toward the central processing device 10.
In step 43, the input interface 22 of the central processing device 10 receives, optionally following a request or interrogation, the direct and/or indirect user data originating from the plurality of remote data collection devices 14, and sends them toward the respective storage databases, in particular the database for storing direct user data 24 and the database for storing indirect user data 26.
In step 44, the calculation engine 28 of the central processing device 10 defines a membership function for each class of indirect user data, and calibrates it on the basis of the direct user data. Furthermore, the calculation engine 28 of the central processing device 10 deposits these membership functions defined by it in the database for storing membership functions 29.
In step 45, the calculation engine 28 of the central processing device 10 calculates a risk indicator for each class of indirect user data, by way of the respective membership functions and on the basis of the values of the respective indirect user data that belong to the class. Furthermore, in an embodiment, the calculation engine 28 of the central processing device 10 deposits these risk indicators calculated by it in the database for storing the total risk indices 32.
In step 46, the calculation engine 28 of the central processing device 10 calculates the total risk index TRI by combining the risk indicators calculated by way of the respective membership functions for each class of indirect user data. Furthermore, the calculation engine 28 of the central processing device 10 deposits this total risk index TRI calculated by it in the database for storing the total risk indices 32.
Finally, in step 47 the output interface 34 of the central processing device 10 retrieves the total risk index TRI, in particular its current value or its progression over time, which is stored in the database for storing the total risk indices 32, and transmits or sends it, optionally following a request or interrogation, toward the plurality of remote management devices 16.
In practice it has been found that the invention fully achieves the set aim and objects. In particular, it has been seen that the system and the method for calculating at least one risk index relating to cybersecurity threats, thus conceived, allow to overcome the qualitative limitations of the known art, in that they allow to produce a concise and reliable risk index, which can be used in the definition of the insurance premium for cover against cybersecurity threats, and especially based on the effective control at an operational level of the risk deriving from these cybersecurity threats.
An advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they take into consideration the actual measurements of the degree of security of the devices and/or of the infrastructure supporting the perimeter to be insured.
Another advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they allow to contain costs and shorten times in the stages of evaluating the risk and, subsequently, of defining the insurance premium.
Another advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they allow to compose an insurance product for cover against cybersecurity threats which can be offered to all customer segments (for example large, medium, small, retail).
Another advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they enable all the parties involved in the insurance process (i.e. the insured customer, the insurance company or insurer, the reinsurance company or reinsurer, the company that manages the security services, the company that manages the claims appraisals) to monitor the level of risk deriving from cybersecurity threats.
Also, an advantage of the system and of the method for calculating at least one risk index relating to cybersecurity threats according to the present invention consists in that they allow the reinsurer to assume the risk deriving from these cybersecurity threats in a controlled manner.
The invention, thus conceived, is susceptible of numerous modifications and variations, all of which are within the scope of the appended claims. Moreover, all the details may be substituted by other, technically equivalent elements.
In practice the materials employed, provided they are compatible with the specific use, and the contingent dimensions and shapes, may be any according to requirements and to the state of the art.
In conclusion, the scope of protection of the claims shall not be limited by the explanations or by the preferred embodiments illustrated in the description by way of examples, but rather the claims shall comprise all the patentable characteristics of novelty that reside in the present invention, including all the characteristics that would be considered as equivalent by the person skilled in the art.
The disclosures in Italian Patent Application No. 102017000119531 from which this application claims priority are incorporated herein by reference.
Where technical features mentioned in any claim are followed by reference signs, those reference signs have been included for the sole purpose of increasing the intelligibility of the claims and accordingly, such reference signs do not have any limiting effect on the interpretation of each element identified by way of example by such reference signs.

Claims

1. A system (5) for calculating at least one risk index related to cybersecurity threats, which comprises a central processing device (10), said central processing device (10) comprising a database for storing direct user data (24) and a database for storing indirect user data (26), characterized in that said central processing device (10) further comprises a calculation engine (28), said calculation engine (28) comprising:
- a module for retrieving direct and/or indirect user data, which is configured to retrieve said direct user data from said database for storing direct user data (24), and to retrieve said indirect user data from said database for storing indirect user data (26); and
- a module for defining and calibrating membership functions, which is configured to define a membership function for each class of indirect user data, to calibrate said membership function on the basis of direct user data, and to deposit said membership function in a database for storing membership functions (29);
said calculation engine (28) being configured to calculate a risk indicator for each class of indirect user data by way of said respective membership function and on the basis of said indirect user data that belong to said class; and
said calculation engine (28) being configured to calculate (46) a total risk index by combining said risk indicators calculated by way of said respective membership functions for each class of indirect user data, and to store said total risk index in a database for storing total risk indices (32).
2. The system (5) for calculating at least one risk index related to cybersecurity threats according to claim 1 , characterized in that said central processing device (10) further comprises an input interface (22) which is configured to receive said direct and/or indirect user data, and to route said direct and/or indirect user data toward said database for storing direct user data (24) and said database for storing indirect user data (26), respectively.
3. The system (5) for calculating at least one risk index related to cybersecurity threats according to claim 1 or 2, characterized in that said central processing device (10) further comprises an output interface (34) which is configured to retrieve said total risk index stored in said database for storing total risk indices (32) and to transmit said total risk index.
4. The system (5) for calculating at least one risk index related to cybersecurity threats according to any one of the preceding claims, characterized in that said calculation engine (28) further comprises a module for deriving control rules, which is configured to derive control rules from the direct and indirect user data, and to deposit said control rules in a database for storing control rules (30).
5. The system (5) for calculating at least one risk index related to cybersecurity threats according to any one of the preceding claims, characterized in that it further comprises a plurality of remote data collection devices (14) which are connected to and in communication with said central processing device (10) by way of a telematic communications network (12), said remote data collection devices (14) being configured to collect said direct and/or indirect user data and to transmit said direct and/or indirect user data toward the said central processing device (10).
6. The system (5) for calculating at least one risk index related to cybersecurity threats according to any one of the preceding claims, characterized in that it further comprises a plurality of remote management devices (16) which are connected to and in communication with said central processing device (10) by way of a telematic communications network (12), said remote management devices (16) being configured to receive said total risk index arriving from said central processing device (10).
7. The system (5) for calculating at least one risk index related to cybersecurity threats according to any one of the preceding claims, characterized in that said direct user data are selected from the group constituted by: size, market membership, geographical presence, contacts with foreign business partners, website presence, e-commerce presence, coverage perimeter, number of devices to be included, and a combination thereof.
8. The system (5) for calculating at least one risk index related to cybersecurity threats according to any one of the preceding claims, characterized in that said indirect user data are selected from the group constituted by: reputation data, intelligence data, social data, IT detections, and a combination thereof.
9. A method for calculating at least one risk index related to cybersecurity threats, which comprises the steps of:
- defining (44) a membership function for each class of indirect user data, calibrating said membership function on the basis of direct user data, and depositing said membership function in a database for storing membership functions (29), by way of a calculation engine (28) of a central processing device (10);
- calculating (45) a risk indicator for each class of indirect user data by way of said respective membership function and on the basis of said indirect user data that belong to said class, by way of said calculation engine (28) of said central processing device (10);
- calculating (46) a total risk index by combining said risk indicators calculated by way of said respective membership functions for each class of indirect user data, and depositing said total risk index in a database for storing total risk indices (32), by way of said calculation engine (28) of said central processing device (10).
10. The method for calculating at least one risk index related to cybersecurity threats according to claim 9, characterized in that it further comprises the steps of:
- receiving (43) said direct and/or indirect user data arriving from a plurality of remote data collection devices (14), and routing said direct and/or indirect user data toward a database for storing direct user data (24) and a database for storing indirect user data (26), respectively, by way of an input interface (22) of said central processing device (10);
- retrieving (47) said total risk index stored in said database for storing total risk indices (32) and transmitting said total risk index toward a plurality of remote management devices (16), by way of an output interface
(34) of said central processing device (10).
11. The method for calculating at least one risk index related to cybersecurity threats according to claim 9 or 10, characterized in that it further comprises the steps of:
- collecting (41) said direct user data and transmitting said direct user data toward said central processing device (10), by way of a first portion of said remote data collection devices (14);
- collecting (42) said indirect user data and transmitting said indirect user data toward said central processing device (10), by way of a second portion of said remote data collection devices (14).
PCT/EP2018/077174 2017-10-23 2018-10-05 System and method for calculating at least one risk index relating to cybersecurity threats WO2019081181A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP18779706.3A EP3701441A1 (en) 2017-10-23 2018-10-05 System and method for calculating at least one risk index relating to cybersecurity threats

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT102017000119531A IT201700119531A1 (en) 2017-10-23 2017-10-23 System and method for the calculation of at least one risk index related to IT threats.
IT102017000119531 2017-10-23

Publications (1)

Publication Number Publication Date
WO2019081181A1 true WO2019081181A1 (en) 2019-05-02

Family

ID=61581406

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/077174 WO2019081181A1 (en) 2017-10-23 2018-10-05 System and method for calculating at least one risk index relating to cybersecurity threats

Country Status (3)

Country Link
EP (1) EP3701441A1 (en)
IT (1) IT201700119531A1 (en)
WO (1) WO2019081181A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210334386A1 (en) * 2020-04-27 2021-10-28 Saudi Arabian Oil Company Method and system for assessing effectiveness of cybersecurity controls in an ot environment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090150191A1 (en) * 2003-12-30 2009-06-11 Hartford Fire Insurance Company System and method for computerized insurance rating
US20130030844A1 (en) * 2007-10-17 2013-01-31 Hartford Fire Insurance Company System and method for processing payroll-related employee and insurance data
US8793151B2 (en) * 2009-08-28 2014-07-29 Src, Inc. System and method for organizational risk analysis and reporting by mapping detected risk patterns onto a risk ontology
US20140278583A1 (en) * 2013-03-14 2014-09-18 Wendell D. Brown Method and apparatus for insurance and calculation of premiums for firearms and related equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090150191A1 (en) * 2003-12-30 2009-06-11 Hartford Fire Insurance Company System and method for computerized insurance rating
US20130030844A1 (en) * 2007-10-17 2013-01-31 Hartford Fire Insurance Company System and method for processing payroll-related employee and insurance data
US8793151B2 (en) * 2009-08-28 2014-07-29 Src, Inc. System and method for organizational risk analysis and reporting by mapping detected risk patterns onto a risk ontology
US20140278583A1 (en) * 2013-03-14 2014-09-18 Wendell D. Brown Method and apparatus for insurance and calculation of premiums for firearms and related equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210334386A1 (en) * 2020-04-27 2021-10-28 Saudi Arabian Oil Company Method and system for assessing effectiveness of cybersecurity controls in an ot environment
US11734431B2 (en) * 2020-04-27 2023-08-22 Saudi Arabian Oil Company Method and system for assessing effectiveness of cybersecurity controls in an OT environment

Also Published As

Publication number Publication date
EP3701441A1 (en) 2020-09-02
IT201700119531A1 (en) 2019-04-23

Similar Documents

Publication Publication Date Title
US20190303831A1 (en) Method for determining and providing analysis of impact severity of event on a network
US8731978B2 (en) Methods and systems for providing customized risk mitigation/recovery to an insurance customer
Das et al. Risk readiness and resiliency planning for a supply chain
Amin A practical road map for assessing cyber risk
US20150142509A1 (en) Standardized Technology and Operations Risk Management (STORM)
US20130275176A1 (en) Risk assessment of a supplier of an organization
US20140358811A1 (en) Illegal Activity Detection through Interpersonal Relationship Resolution
US10803181B2 (en) Data security and protection system using uniqueness factor classification and analysis
US20230351396A1 (en) Systems and methods for outlier detection of transactions
US20200394605A1 (en) Dynamic risk-based package delivery
WO2004079539A2 (en) System and method for generating and using a pooled knowledge base
Asgary et al. Modelling the adaptation of business continuity planning by businesses using neural networks
Orhan The role of lifeline losses in business continuity in the case of Adapazari, Turkey
US10061833B2 (en) Data insight and intuition system for tank storage
KR102366233B1 (en) Mobile phone inventory management system supporting mobile phone retail business of seller
US20210073693A1 (en) Systems and methods of dynamically presenting datasets in a graphical user interface
KR101604073B1 (en) Method and apparatus for providing insurance information using big data and computer-readable medium thereof
WO2019081181A1 (en) System and method for calculating at least one risk index relating to cybersecurity threats
US20200294154A1 (en) Apparatus, systems, and methods for weather event mobilization and response
JP6385603B1 (en) Risk assessment analysis system
JP3215589U (en) Risk assessment analyzer
US20100131317A1 (en) Organization assessment and representation system and method
Agrawal et al. Disaster Risk Evaluation–Other Quantitative Methods
Dobie Insurance fraud
US20240078492A1 (en) Systems and methods for generating dynamic real-time analysis of carbon credits and offsets

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18779706

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018779706

Country of ref document: EP

Effective date: 20200525