Latest news with #CyberCube
Yahoo
15-07-2025
- Business
- Yahoo
CyberCube and Munich Re: Joint experts publish report to advance the insurance industry's understanding of systemic cyber risks
Cybersecurity experts deem widespread malware incidents and severe impact from cloud outage events to be tangible scenarios, judging the effectiveness of mitigation measures. LONDON, July 15, 2025--(BUSINESS WIRE)--CyberCube and Munich Re, both leading providers in their field of cyber risk, analytics and insurance, have published the main findings of a joint study on severe cyber accumulation events and the relative resiliency of organizations to systemic events due to effective mitigation measures. The survey gathered insights from 93 seasoned cybersecurity professionals. The results provide a nuanced view of how systemic cyber events might unfold and of the factors that drive wide variation in risk exposure across firms: Widespread Malware Risk According to the majority of responding experts, a severe malware event could infect a quarter of all systems worldwide, but they agreed in that case only 15% may be fully compromised. Experts do not see an event where more than 50% of the world's systems are completely compromised. Based on the experts' judgement, another event on the scale of WannaCry and NotPetya would not be seen as surprising. Patch management, network segmentation, and data backups are identified as the most effective mitigations that organizations have against widespread malware attacks. When done effectively, such mitigations can reduce the chance of being affected by a widespread malware attack by 50% to 80% and reduce the financial impacts from such an event by a similar amount. Cloud Risk Cybersecurity experts expect broad cloud outages to last hours to days; outages beyond 72 hours are considered unlikely but not impossible. Findings show at least a medium level of dependency on cloud services across most industries with companies' business-critical operations increasingly reliant on them. Reliance tends to decrease with increasing company size. Financial losses scale with cloud outage duration: Respondents reported that a single-day outage of their most critical Cloud Service Provider (CSP) would likely result in a financial loss equal to 1% of their yearly revenue. Variation in losses reflect differences in dependency on the cloud, based on an organization's size, sector, and contingency planning. The most effective mitigation against cloud outages is to establish a multi-region architecture with the CSPs used for critical business applications. Having multiple CSPs was not found to be effective; the option to transfer service from one CSP to another during an outage was seen as unfeasible. Cyber Experts surveyed rate Azure, AWS and Google as the best prepared to mitigate against a major cloud outage and to recover from such an event. Emerging and Systemic Risks Experts believe that new technologies will begin to affect the threat landscape at about the same pace that they are being adopted in cybersecurity practices. According to cybersecurity experts, in the near term Industrial and Consumer Internet of Things (IoT) devices pose the biggest concern. Large Language Models (LLMs) are regarded as having an impact now while Artificial General Intelligence (AGI) is seen as a greater concern in five or more years. A fundamental challenge in cyber risk modeling is the deficiency of concrete tail-risk events, such as systemic malware or multi-region cloud outages. The joint survey represents the best attempt to parameterize plausible worst-case scenarios and establish expert consensus. Its objective was to advance market understanding, particularly concerning risk mitigation strategies for systemic cyber events. The results add credibility to CyberCube's model forecasts and further improve Munich Re's internal model and accumulation risk understanding. Jon Laux, Vice President of Analytics at CyberCube, said: "By sharing the findings of our study on systemic cyber risks, we aim to provide a more nuanced view of how systemic cyber events might unfold and the factors that drive wide variation in risk exposure across firms." Stephan Brunner, Senior Cyber Actuary at Munich Re, said: "Our ambition is to improve the understanding of possible extreme malware and cloud events alongside the effectiveness of mitigation measures by sharing the insights of our study. In collaboration, Munich Re aims to further strengthen expertise on systemic cyber risks and advance cyber accumulation modeling." The research has contributed to a more refined understanding of the relative resiliency of organizations to systemic events and the key variables that influence an organization's ability to withstand such incidents. These findings represent an important input into CyberCube's and Munich Re's evolving view of cyber risk and help inform ongoing enhancements to their modeling approach. CyberCube has incorporated these insights into Version 6 of its risk aggregation platform, Portfolio Manager. Modeling cyber accumulation is a joint effort across the entire insurance industry. For this reason, the key findings of the survey are being published to foster dialogue in the market. This study is the third of its kind, CyberCube and Munich Re plan to conduct another study in 2026. Interested cybersecurity experts are invited to participate. Read the report summarising the full study here – Key insights into systemic cyber risk CyberCube is the leading provider of software-as-a-service cyber risk analytics to quantify cyber risk in financial terms. Driven by data and informed by insight, we have harnessed the power of artificial intelligence to supplement our multi-disciplinary team. Our clients rely on our solutions to make informed decisions about managing and transferring cyber risks. We unpack complex cyber threats into clear, actionable strategies, translating cyber risk into financial impact on businesses, markets, and society as a whole. The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company. Our models are built on an unparalleled ecosystem of data and validated by extensive model calibration, internally and externally. CyberCube is the leader in cyber risk quantification for the insurance industry, serving over 100 insurance institutions globally. The company's investors include Forgepoint Capital, HSCM Bermuda and Morgan Stanley Tactical Value. For more information, please visit or email info@ Munich Re is one of the world's leading providers of reinsurance, primary insurance and insurance-related risk solutions. Munich Re is globally active and operates in all lines of the insurance business. Since it was founded in 1880, Munich Re has been known for its unrivalled risk-related expertise and its sound financial position. Munich Re leverages its strengths to promote its clients' business interests and technological progress. Moreover, Munich Re develops covers for new risks such as rocket launches, renewable energies, cyber risks and artificial intelligence. In the 2024 financial year, Munich Re generated insurance revenue of €60.8bn and a net result of €5.7bn. The Munich Re Group employed about 44,000 people worldwide as at 31 December 2024. For more information, please visit View source version on Contacts For media inquiries, please contact: CyberCube: Yvette Essen, Head of Communications & Market Engagement,yvettee@ +44 (0)7956 877 206 Munich Re: Irmgard Joas, Group Media Relations, ijoas@ +49(0)89 3891 6188 Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Wire
15-07-2025
- Business
- Business Wire
CyberCube and Munich Re: Joint experts publish report to advance the insurance industry's understanding of systemic cyber risks
LONDON--(BUSINESS WIRE)--CyberCube and Munich Re, both leading providers in their field of cyber risk, analytics and insurance, have published the main findings of a joint study on severe cyber accumulation events and the relative resiliency of organizations to systemic events due to effective mitigation measures. The survey gathered insights from 93 seasoned cybersecurity professionals. The results provide a nuanced view of how systemic cyber events might unfold and of the factors that drive wide variation in risk exposure across firms: Widespread Malware Risk According to the majority of responding experts, a severe malware event could infect a quarter of all systems worldwide, but they agreed in that case only 15% may be fully compromised. Experts do not see an event where more than 50% of the world's systems are completely compromised. Based on the experts' judgement, another event on the scale of WannaCry and NotPetya would not be seen as surprising. Patch management, network segmentation, and data backups are identified as the most effective mitigations that organizations have against widespread malware attacks. When done effectively, such mitigations can reduce the chance of being affected by a widespread malware attack by 50% to 80% and reduce the financial impacts from such an event by a similar amount. Cloud Risk Cybersecurity experts expect broad cloud outages to last hours to days; outages beyond 72 hours are considered unlikely but not impossible. Findings show at least a medium level of dependency on cloud services across most industries with companies' business-critical operations increasingly reliant on them. Reliance tends to decrease with increasing company size. Financial losses scale with cloud outage duration: Respondents reported that a single-day outage of their most critical Cloud Service Provider (CSP) would likely result in a financial loss equal to 1% of their yearly revenue. Variation in losses reflect differences in dependency on the cloud, based on an organization's size, sector, and contingency planning. The most effective mitigation against cloud outages is to establish a multi-region architecture with the CSPs used for critical business applications. Having multiple CSPs was not found to be effective; the option to transfer service from one CSP to another during an outage was seen as unfeasible. Cyber Experts surveyed rate Azure, AWS and Google as the best prepared to mitigate against a major cloud outage and to recover from such an event. Emerging and Systemic Risks Experts believe that new technologies will begin to affect the threat landscape at about the same pace that they are being adopted in cybersecurity practices. According to cybersecurity experts, in the near term Industrial and Consumer Internet of Things (IoT) devices pose the biggest concern. Large Language Models (LLMs) are regarded as having an impact now while Artificial General Intelligence (AGI) is seen as a greater concern in five or more years. A fundamental challenge in cyber risk modeling is the deficiency of concrete tail-risk events, such as systemic malware or multi-region cloud outages. The joint survey represents the best attempt to parameterize plausible worst-case scenarios and establish expert consensus. Its objective was to advance market understanding, particularly concerning risk mitigation strategies for systemic cyber events. The results add credibility to CyberCube's model forecasts and further improve Munich Re's internal model and accumulation risk understanding. Jon Laux, Vice President of Analytics at CyberCube, said: "By sharing the findings of our study on systemic cyber risks, we aim to provide a more nuanced view of how systemic cyber events might unfold and the factors that drive wide variation in risk exposure across firms.' Stephan Brunner, Senior Cyber Actuary at Munich Re, said: 'Our ambition is to improve the understanding of possible extreme malware and cloud events alongside the effectiveness of mitigation measures by sharing the insights of our study. In collaboration, Munich Re aims to further strengthen expertise on systemic cyber risks and advance cyber accumulation modeling." The research has contributed to a more refined understanding of the relative resiliency of organizations to systemic events and the key variables that influence an organization's ability to withstand such incidents. These findings represent an important input into CyberCube's and Munich Re's evolving view of cyber risk and help inform ongoing enhancements to their modeling approach. CyberCube has incorporated these insights into Version 6 of its risk aggregation platform, Portfolio Manager. Modeling cyber accumulation is a joint effort across the entire insurance industry. For this reason, the key findings of the survey are being published to foster dialogue in the market. This study is the third of its kind, CyberCube and Munich Re plan to conduct another study in 2026. Interested cybersecurity experts are invited to participate. Read the report summarising the full study here – Key insights into systemic cyber risk CyberCube is the leading provider of software-as-a-service cyber risk analytics to quantify cyber risk in financial terms. Driven by data and informed by insight, we have harnessed the power of artificial intelligence to supplement our multi-disciplinary team. Our clients rely on our solutions to make informed decisions about managing and transferring cyber risks. We unpack complex cyber threats into clear, actionable strategies, translating cyber risk into financial impact on businesses, markets, and society as a whole. T he CyberCube platform was established in 2015 within Symantec and now operates as a standalone company. Our models are built on an unparalleled ecosystem of data and validated by extensive model calibration, internally and externally. CyberCube is the leader in cyber risk quantification for the insurance industry, serving over 100 insurance institutions globally. The company's investors include Forgepoint Capital, HSCM Bermuda and Morgan Stanley Tactical Value. For more information, please visit or email info@ Munich Re is one of the world's leading providers of reinsurance, primary insurance and insurance-related risk solutions. Munich Re is globally active and operates in all lines of the insurance business. Since it was founded in 1880, Munich Re has been known for its unrivalled risk-related expertise and its sound financial position. Munich Re leverages its strengths to promote its clients' business interests and technological progress. Moreover, Munich Re develops covers for new risks such as rocket launches, renewable energies, cyber risks and artificial intelligence. In the 2024 financial year, Munich Re generated insurance revenue of €60.8bn and a net result of €5.7bn. The Munich Re Group employed about 44,000 people worldwide as at 31 December 2024. For more information, please visit
Yahoo
14-07-2025
- Business
- Yahoo
CyberCube Launches Portfolio Manager Version 6: Unveiling a New Era of Specific, Actionable Cyber Cat Modeling
LONDON, July 14, 2025--(BUSINESS WIRE)--CyberCube, the leading cyber risk modeling and analytics business, has released the latest version of Portfolio Manager, its catastrophe model that empowers portfolio-level insights. CyberCube's advanced analytics are used by 75% of the top 40 US and European cyber insurance carriers. Key changes made in Portfolio Manager Version 6 (PMv6) reflect: The evolution of the cyber insurance market from a primarily U.S.-focused market to a truly global one, with modeling capabilities supporting international exposures. Explicit factoring for geographic variation in cloud service provider outages, as well as differences in the origin and spread patterns of global ransomware and wiper malware attacks. The advancement of mitigation as a key consideration in modeling cyber catastrophe risk, recognizing the need to evaluate how protective measures can reduce the impact of large-scale events – an area that has seen less focus compared to resilience against attritional losses. For this release, CyberCube conducted extensive research with internal and external cyber experts to understand what will best prepare organizations to avoid the consequences of catastrophic events, if possible, and to recover as smoothly as possible if they cannot avoid it. The v6 release makes greater use of companies' security scores and introduces several new risk modifiers that users may enter based on underwriting information aligned with NIST and CIS security control frameworks. Jon Laux, CyberCube's VP of Analytics, said: "This release marks an important step forward for our industry. We expect that over time, the new functionality introduced in this model will inform how (re)insurers understand the primary characteristics of cyber risk during underwriting and exposure management." Diversification is also a key theme of the v6 release. The cyber insurance market in 2025 remains highly concentrated in the United States, both in terms of the percentage of insureds based in America and the prevalence of American technologies and data centers that act as Single Points of Failure (SPoFs) for organizations worldwide. However, CyberCube anticipates that future market growth will come largely from new geographies across Europe and Asia, and has consequently enhanced and expanded its Enterprise Intelligence Layer (EIL). The EIL is a proprietary dataset representing millions of companies worldwide, built by collecting, curating, and fusing data from multiple public, proprietary, and partner sources. Changes to the EIL reflect the development of the cyber market internationally, with strong growth in data collection focused on countries such as Germany, France, Australia, Spain, Canada, the UK, and Japan. Building on these enhancements to the EIL, PMv6 also captures the geographic variation possible among cloud service provider outages as well as variation in the epicenters and spread patterns of global ransomware and wiper malware attacks. Taken together with CyberCube's updated Exposure Databases, released in 2024, PMv6 equips (re)insurers with actionable intelligence to grow their global cyber exposure with awareness about the potential consequences on their catastrophe exposure. Ashwin Kashyap, CyberCube's Co-founder and Chief Product Officer, said: "PMv6 represents a major step forward for cyber catastrophe modeling. We have made significant progress in addressing the drivers of diversification and risk mitigation for the benefit of the cyber insurance market. As the market leader in cyber insurance analytics, CyberCube is proud to be the industry's partner as insurers look to expand thoughtfully into new geographies." For more information about Portfolio Manager, please visit About CyberCube CyberCube is the leading provider of software-as-a-service cyber risk analytics to quantify cyber risk in financial terms. Driven by data and informed by insight, we have harnessed the power of artificial intelligence to supplement our multi-disciplinary team. Our clients rely on our solutions to make informed decisions about managing and transferring cyber risks. We unpack complex cyber threats into clear, actionable strategies, translating cyber risk into financial impact on businesses, markets, and society as a whole. The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company. Our models are built on an unparalleled ecosystem of data and validated by extensive model calibration, internally and externally. CyberCube is the leader in cyber risk quantification for the insurance industry, serving over 100 insurance institutions globally. The company's investors include Forgepoint Capital, HSCM Bermuda and Morgan Stanley Tactical Value. View source version on Contacts For media enquiries, please contact: CyberCube: Yvette Essen, Head of Communications & Market Engagement, yvettee@ +44 (0)7956 877 206
Business Wire
14-07-2025
- Business
- Business Wire
CyberCube Launches Portfolio Manager Version 6: Unveiling a New Era of Specific, Actionable Cyber Cat Modeling
LONDON--(BUSINESS WIRE)--CyberCube, the leading cyber risk modeling and analytics business, has released the latest version of Portfolio Manager, its catastrophe model that empowers portfolio-level insights. CyberCube's advanced analytics are used by 75% of the top 40 US and European cyber insurance carriers. Key changes made in Portfolio Manager Version 6 (PMv6) reflect: The evolution of the cyber insurance market from a primarily U.S.-focused market to a truly global one, with modeling capabilities supporting international exposures. Explicit factoring for geographic variation in cloud service provider outages, as well as differences in the origin and spread patterns of global ransomware and wiper malware attacks. The advancement of mitigation as a key consideration in modeling cyber catastrophe risk, recognizing the need to evaluate how protective measures can reduce the impact of large-scale events – an area that has seen less focus compared to resilience against attritional losses. For this release, CyberCube conducted extensive research with internal and external cyber experts to understand what will best prepare organizations to avoid the consequences of catastrophic events, if possible, and to recover as smoothly as possible if they cannot avoid it. The v6 release makes greater use of companies' security scores and introduces several new risk modifiers that users may enter based on underwriting information aligned with NIST and CIS security control frameworks. Jon Laux, CyberCube's VP of Analytics, said: 'This release marks an important step forward for our industry. We expect that over time, the new functionality introduced in this model will inform how (re)insurers understand the primary characteristics of cyber risk during underwriting and exposure management.' Diversification is also a key theme of the v6 release. The cyber insurance market in 2025 remains highly concentrated in the United States, both in terms of the percentage of insureds based in America and the prevalence of American technologies and data centers that act as Single Points of Failure (SPoFs) for organizations worldwide. However, CyberCube anticipates that future market growth will come largely from new geographies across Europe and Asia, and has consequently enhanced and expanded its Enterprise Intelligence Layer (EIL). The EIL is a proprietary dataset representing millions of companies worldwide, built by collecting, curating, and fusing data from multiple public, proprietary, and partner sources. Changes to the EIL reflect the development of the cyber market internationally, with strong growth in data collection focused on countries such as Germany, France, Australia, Spain, Canada, the UK, and Japan. Building on these enhancements to the EIL, PMv6 also captures the geographic variation possible among cloud service provider outages as well as variation in the epicenters and spread patterns of global ransomware and wiper malware attacks. Taken together with CyberCube's updated Exposure Databases, released in 2024, PMv6 equips (re)insurers with actionable intelligence to grow their global cyber exposure with awareness about the potential consequences on their catastrophe exposure. Ashwin Kashyap, CyberCube's Co-founder and Chief Product Officer, said: 'PMv6 represents a major step forward for cyber catastrophe modeling. We have made significant progress in addressing the drivers of diversification and risk mitigation for the benefit of the cyber insurance market. As the market leader in cyber insurance analytics, CyberCube is proud to be the industry's partner as insurers look to expand thoughtfully into new geographies.' For more information about Portfolio Manager, please visit About CyberCube CyberCube is the leading provider of software-as-a-service cyber risk analytics to quantify cyber risk in financial terms. Driven by data and informed by insight, we have harnessed the power of artificial intelligence to supplement our multi-disciplinary team. Our clients rely on our solutions to make informed decisions about managing and transferring cyber risks. We unpack complex cyber threats into clear, actionable strategies, translating cyber risk into financial impact on businesses, markets, and society as a whole. The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company. Our models are built on an unparalleled ecosystem of data and validated by extensive model calibration, internally and externally. CyberCube is the leader in cyber risk quantification for the insurance industry, serving over 100 insurance institutions globally. The company's investors include Forgepoint Capital, HSCM Bermuda and Morgan Stanley Tactical Value.
Yahoo
09-07-2025
- Business
- Yahoo
Scattered Spider poses serious risk to several hundred major companies
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. The cybercrime group Scattered Spider's tactics put a group of roughly 300 major companies at heightened risk of attack, according to a new report from security firm CyberCube. The 287 firms represent approximately 2% of organizations with revenues above $500 million, according to CyberCube's analysis of more than 15,000 companies in key global markets. The analysis covers eight regions, including the U.S., the U.K., Canada, Australia, Germany, France, Japan and Singapore. Each company uses at least three technologies that Scattered Spider is known to target and has security conditions that are ripe for the group's attacks. 'The high-risk designation is primarily based on the presence of technologies Scattered Spider has exploited in past attacks,' William Altman, cyber threat intelligence lead at CyberCube, said via email. Scattered Spider has abused Microsoft Active Directory, Okta and multiple remote-management and help-desk tools. Since emerging in 2022, Scattered Spider has frequently used sophisticated voice phishing and other social-engineering methods to trick IT help desks into providing credentials or bypassing multifactor authentication. The group recently launched a new wave of attacks, first targeting American and British retailers in April, before switching to insurance companies in June and later airlines and other transportation companies. The hackers first achieved global prominence in 2023 after crippling attacks on the hospitality industry, including MGM Resorts in Las Vegas. CyberCube said that manufacturing, retail, education and IT are the sectors most at risk from the threat group. The company's report is designed to give some early guidance to the insurance sector about how to potentially mitigate risk. Recommended Reading Okta CEO pushes for passwordless future in wake of phishing attacks Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
