Cyber Meteorology: The identification, prediction, and assessment of cyber security risk

by | Jun 16, 2021

Finding the right words for complex ideas can be so tricky. Like many organizations looking to solve a hard and nuanced problem, we often find ourselves referring to challenges, approaches, and projects with familiar analogies—using common concepts for quick and easy explanations for how things work. Such is the case with “Cyber Meteorology.”

Meteorology is the “scientific study of the atmosphere that focuses on weather processes and forecasting.” We’re in the business of studying cybersecurity, and we focus on cyber incident risk and forecasting. Et voilà: Cyber Meteorology. It’s cute and catchy. And, in fact, the analogy holds even beyond a surface level. I’m here to unpack this analogy and demystify the ”cloudiness” of our analytics and shed some “sunlight” on the actual work we’re doing.

In simple terms, meteorology makes specific, high-confidence weather predictions using two types of information: climate trends (climatology) and the current state of the atmosphere. In making predictions five years out, only climate trends are relevant. In a 10-day forecast, both climate trends and the current state of the atmosphere are relevant. As the prediction time horizon narrows, the current state of the atmosphere matters even more, and the weather prediction confidence increases. That is, when I’m planning a trip that’s months away, I check the climate records. When I’m packing for the weekend, I look at weather forecasts. If I’m wondering if it’ll rain in the next hour, I just check the radar app on my phone.

In the cybersecurity context, we make specific, high-confidence cyber risk predictions for given organizations by combining two types of information: security trends and the current state of the organization. Security trends are not organization-specific. If we don’t have access to organizational details, we depend fully on general or sector-based trends about attack types and frequencies. In contrast, if we have full visibility into the status of an organization’s network, employee practices, and valuable assets, we can measure the probability of a very near-term cyber event with the precision of a radar app rather than that of the local weatherman.

Resilience’s approach lives somewhere in between, more akin to the 10-day forecast: we use our expertise to combine general cyber security trends and threats with lightweight but organization-specific information about security controls and configuration, organizational health, and assets. Cyber Meteorology is our patented approach to cyber risk analysis and does not correspond to any particular product nor any particular dataset or algorithm.

As we continue to refine our approach to producing lightweight, organization-specific risk assessments, our underlying goal is to identify the equivalents of construction standards, minimum first floor elevations, and evacuation plans in order to help companies prevent cyber losses as effectively and simply as architects can now prevent losses from flooding. We hope and believe that such lightweight indicators and controls exist. We will, nevertheless, continue to take advantage of Cyber Climatology because knowledge of general security trends is what will allow us to make high-confidence predictions in a rapidly changing attack landscape and without the need for intrusive data collection from each organization. Additionally, as is the case with flooding, we believe that we’ll never fully prevent all cyber losses, and insurance is an important part of risk mitigation.

Below is a simple visualization of the spectrum from long-term trends to in-depth analyses for both security and weather:Visualization of the spectrum from long-term trends to in-depth analyses for both security and weather

Written by:

Dr. Ann Irvine, Chief Data Scientist

ann@resilienceinsurance.com

About Resilience

Resilience Cyber Insurance Solutions provides comprehensive insurance coverage and patented cybersecurity tools to protect mid-market companies. By bringing together security, insurance, and recovery, Resilience goes beyond risk transfer to help clients become cyber resilient. Resilience insurance, the cyber program manager of Intact Insurance Specialty Solutions –which is backed by the financial strength of Intact Financial Corporation  – leverages Cyber Meteorology, a proprietary data-driven risk analytics platform, to provide highly targeted coverage and allowing for a superior claims experience. Resilience is backed by Lightspeed Venture Partners, Founders Fund, CRV, Intact Ventures, UL Ventures, and John Thompson, Chairman of Microsoft. For more information, visit www.resilienceinsurance.com and follow us on Twitter and LinkedIn.