Information Shield Enables Cyber Insurance Portfolio Risk Measurement

Share Article

ComplianceShield platform enables insurance providers to measure and improve Cyber Risk Scoring and benchmarking for NYDFS Cyber Insurance Risk Framework

Cyber Risk Scoring from Information Shield
Using our Cyber Risk Score ™ insurers can gain unprecedented visibility into the cyber practices of their covered clients, including possible weaknesses that are common among the insured companies.

Information Shield - a leading provider of cyber security compliance software – today announced support for the new Cyber Insurance Risk Framework. Using the ComplianceShield ™ platform and Cyber Risk Score ™ methodology, insurance providers can gain measurable insight into the cyber posture and inherent risk of their insured base. The new framework was created by the New York Department of Financial Service (NYDFS) to help reduce systematic cyber risk across the insurance industry.

"Insurance providers are being required to assess the cyber maturity of their covered clients." said David Lineman, CEO of Information Shield. “Cyber risk assessment across a large portfolio of clients is a very time-consuming and inconsistent process. Using our ComplianceShield platform and Cyber Risk Score ™ method, insurance companies can quickly measure the cyber maturity of their covered client, including possible weaknesses that are common among the insured companies. Unlike other solutions, this same platform can also be used to help clients understand and improve their cyber risk profile.”

NYDFS Model for Cyber Risk Management

In February, 2021, DFS issued a letter to all authorized property and casualty insurers warning of increased cyber portfolio risk and upcoming legislation. Analysis of breach and claims data from multiple years has raised concerns about "hidden" cyber risk due to lack of visibility into the entire market.    The Framework recommends seven core cyber risk management practices.

According a press release from the NYDFS “Without an effective ability to measure risk, cyber insurance can therefore have the perverse effect of increasing cyber risk – risk that will be borne by the insurer.”

Cyber Risk Scoring for Covered Clients

One of the key requirements of the new framework is that insurance providers "rigorously" monitor cyber risk of their insured organizations. This creates a significant burden on insurance providers who may have hundreds or even thousands of clients. In addition, the current methods for measuring cyber program maturity are largely manual procedures and can produce very inconsistent results.

Using ComplianceShield and our Cyber Risk Score ™ assessment, insurance provides can automate the entire process, and gain real-time visibility into the cyber program readiness of any insured client. After a simple registration process, any covered client can immediately begin to benchmark their program and begin measuring their cyber program maturity against key leading cyber security practices. The Cyber Risk Score inherent risk gives key insights into the business structure and potential cyber risk based on key business factors. The Cyber Risk Score maturity score is based on the organizations progress toward a mature, defensible cyber security program.

“Unlike other systems that simply measure cyber risk," said Lineman, "the ComplianceShield platform actually helps covered clients gain visibility into key leading practices and provides key tools, policies, and education to enable the client to proactively improve their posture.    Updates to the clients Cyber Risk Score can be reflected in real-time to the insured organization in a simple dashboard.”

Key Features of ComplianceShield

The following key elements of the NYDFS framework are enabled by the ComplianceShield platform:

Measure Insured Cyber Security Programs – Using the Cyber Risk Score methodology, insurance companies can quickly measure the cyber program maturity of covered clients across the entire portfolio. The Cyber Risk Score ™ method is based on the Information Shield Common Compliance Engine, and evaluates organizations against key cyber best practices culled from leading frameworks such as ISO 27002, NIST CSF, and NYS-DFS.

Evaluate Systematic Risk – ComplianceShield can be used to identify areas of program weaknesses across a variety of inherent risk and control factors, identifying key dependencies and potential systematic weaknesses across the entire portfolio.

Educate Insured and Insurance Producers – Using the Cyber Risk Score methods, insured organizations can quickly benchmark their organization against key leading cyber security practices. Covered organizations that are low on cyber maturity, can use the ComplianceShield platform itself to improve their cyber insurance programs.

In addition to visibility across the portfolio of covered clients, the cyber insurance companies can also use ComplianceShield to help track and manage their own internal cyber security programs. This integrated approach saves time and money and improves overall cyber risk management.

About Information Shield™

Information Shield enables organizations to quickly build a defensible information security program based on industry best-practices. Our ComplianceShield platform enables a common approach with multiple laws and cyber security frameworks including ISO 27002, NIST CSF, HIPAA, NY-DFS, GDPR and many others. Our ComplianceShield platform includes the Cyber Risk Score metrics for benchmarking and measuring program maturity.

A free trial of ComplianceShield is available from the Information Shield web site.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

David MI Lineman
Visit website


Cyber Maturity Report