AIG launches new cyber threat analysis to gauge companies' risks
By Suzanne Barlyn
(Reuters) - American International Group Inc (NYSE: AIG) has ramped up its analysis for insuring against cyber attacks, using a system that scores a company's risk of having a breach along with safeguards it has in place, the insurer said on Tuesday.
AIG's underwriters have been using the computerized analysis since November, which combines information from a new insurance application designed for the process and data about current cyber threats to generate scores on various related factors, said Tracie Grella, AIG's global head of Cyber Risk Insurance, in an interview.
The analysis scores companies on the degree to which a cyber attack may affect their businesses and the potential costs of various cyber incidents, among other issues, according to a sample report seen by Reuters.
Cyber coverage is a mounting concern worldwide as hackers increasingly target companies' technology systems. Insurers are also struggling to estimate their potential exposure as cyber risks and interest in coverage increase.
In October, AIG said it would review all coverage types to better gauge its exposure to cyber risk. Other policies, such as for property and commercial vehicles, are often silent on whether cyber events are covered, leaving insurers without a clear picture of their total financial exposure.
AIG on Tuesday also announced a partnership with cybersecurity companies CrowdStrike Inc and Darktrace to launch CyberMatics, a service that verifies information AIG receives from customers' cyber security tools.
The service uses artificial intelligence, or the ability of machines to carry out tasks normally associated with human intelligence, to look inside an insured company's network for strengths and vulnerabilities, said Darktrace Chief Executive Nicole Eagan in an interview.
"They may be good at identifying spear phishing attacks but not internal threats," said Eagan, referring to email attacks against organizations and individuals in which perpetrators try to gain access to sensitive information.
Companies need not use the service, but those who do may be able to negotiate more favorable policy terms, Grella said.
AIG's new analysis does not change cyber insurance rates, but could affect how it calculates a company's premium because of added insights it has into risks and mitigation efforts, Grella said.
AIG's analysis also generates cyber-risk reports for customers that include the same information its underwriters use. Companies can also compare their scores with those for their industries.
(This version of the story has been refiled to corrects typo in 8th paragraph)
(Reporting by Suzanne Barlyn; Editing by Richard Chang)