Portfolioanalysis

At the beginning of March, a vulnerability was discovered in the MS Exchange Servers. Many companies from different industries and of different sizes were affected by the vulnerability. The damage potential was incalculable and it was difficult to get an approximate idea of how many companies in the portfolio even had a vulnerable MS Exchange Server in operation. Predictions/estimates were impossible at that stage.

The correct processes regarding the update and any downstream forensic investigations were also not sufficiently clear.

Insurance companies had already faced these challenges with attacks such as WannaCry or NotPetya.

Only one day after the vulnerability became known, the cyber risk assessment tool cysmo had gathered technical data on the vulnerability of individual systems. It was not only possible to check which of the companies was affected by the attack at the current time, but additionally who had had a vulnerable server in use at the beginning (2021/04/03).

By means of the automated approach, thousands of companies from insurance companies' portfolios could be evaluated within a few hours, so that the insurance companies could get an overview of the approximate extent of the damage.

Two weeks later, it was also possible to evaluate data from companies where a so-called backdoor had been installed. Once again, the portfolios could be assessed within a few hours.

The rapid availability of the data made it possible for the insurance companies to explicitly point out the vulnerabilities to the affected customers. Some of the customers had not even known they had been affected until that point. At the same time, insurance companies were able to get a picture of a percentage distribution within the portfolio and use this to calculate potential damage levels, which resulted in improved reporting.