IP address counts are a strong predictor of cyber claims

Gallagher Re has published a new report which explores cyber datasets and external scanning, saying these can help insurers predict claims and materially reduce loss ratios.

Entitled Scanning the Horizon: How broadening our use of cybersecurity data can help insurers, the report advocates for insurers to make use of the data being generated by cybersecurity firms – much of which has developed quickly in recent years.

Huge potential 

Uncertainty over which data points are really predictive of claims has hindered this effort, however, “yet with further research, this rich dataset has huge potential and could be transformative for the cyber insurance industry,” they state.

The study also includes a look at single point of failure data, which highlights the dependencies that companies have on third-party systems and services.

Overall, it found that external scanning data can be used to materially reduce loss ratios – the model, they say, excels at identifying the weakest cybersecurity controls. “The worst 20 per cent of risks are 3.17 times more likely to suffer a loss,” they write. “By removing these from the portfolio, we estimate insurers could achieve a reduction in loss ratios of up to 16.4 per cent.” 

Attack surface size 

Another notable finding is that the number of Internet Protocol (IP) addresses a company maintains is a strong predictor of claims. “This is significant, as IP count is not a widely used metric, even among cyber insurers at present. Despite being a strong indicator for company attack surface size, it also has surprisingly little correlation to company revenue, a metric that is commonly used.” 

A 2022 study conducted by the reinsurer found that revenue was the strongest predictor of claims when considering all factors together. IP address numbers today rank as the second highest predictor.