Data Products

Data Products

Once the Data1Qbit data collection engine is fully built and operational, it will collect high quality data 24/7 which it will then extract, mine, and analyze. At that point it can be packaged for sale as a multitude of different cyber security information products and sold into various target markets.

Our detailed Pro-forma identifies numerous such products, but initially the following five product categories will be our focus:

  1. Vendor Assessment as a Service (VAaaS). This is a software-as-a-service (SaaS) application that helps companies, consultants, integrators and others perform correct due-diligence on cyber security products and services. Please see the 3-minute overview or the short demo (on the VAaaS page) or other documents on this site for more information.
  2. Vendor Management. A subscription-based vendor management SaaS module will complement and support the VAaaS application. The goal of a good vendor assessment is a mutually beneficial, long-term relationship with the vendor. Our vendor management tools will help make that happen.
  3. Various cyber security products and company newsletters. These technology newsletters will provide research, news, opinions, sentiment, analysis, comparisons, and testing results related to cyber security products, companies, and other cyber security related matters.
  4. Cyber security investment newsletter. This investment newsletter will provide specialized research into technology and market-dynamic issues affecting investment outlooks for cyber security products, companies, and product categories.
  5. Customized industry specific data. Cyber security data will be mined and packaged to meet various specific industry requirements. Examples include cyber security product and company information related to insurance risk underwriting and financial industry risk audits.

[Please see the Business Plan for more information.]

Cyber Insurance Solution

The cyber insurance market is described by people within the industry as a “soft insurance market,” in that insurers do not have enough data to understand the market, assess the market risk, or be able to confidently predict the future financial performance of the market.

The mature insurance industry is rushing into this new cyber insurance market (55 cyber insurance companies and growing), but they have not yet figured out how to quantify and/or manage their risk. Among other things, they are trying to come to grips with the following issues:

  • How to understand and predict cyber risks for different kinds of businesses
  • How to build insurance products for different kinds, sizes, and (especially) interconnected businesses
  • How to price those various products

Current policies/products, for both large enterprises and SMEs are not priced realistically from an actuarial standpoint with respect to the real underlying cyber risks.  As of Q1 2015, insurance companies are still able to make money from their cyber insurance products.  This is due to a lack of claims and a layered sharing of risk among multiple insurers and re-insurers.  Also, the legal environment is still immature and evolving, and insurance law and litigators are still coming to grips with defining how they will fit into the cyber defense landscape.

This period of quiet and calm is expected to change soon as the threats and losses grow.  

Many of the newer entrants into the cyber marketplace do not have premium reserves built up to protect against larger claims and losses.  When claims start to increase, this will inevitably result in losses, and insurers will respond by raising premiums, denying claims, refusing to renew policies, and increasing security requirements to client businesses.  They will also shift more risk burden to business clients—and possibly the government. 

Currently, the cyber insurance products in the marketplace are not reflective of the cyber threats actually facing businesses.  The reasons for this are:

  • Insurance companies are finding cyber risks very difficult to model because they are not geographically contained and are unusually systemic.  A vulnerability in one insured client can affect many others, potentially putting the insurer on the hook for simultaneous, large payouts.
  • Insurance companies are not yet requiring businesses to “get physicals” or assessments as a condition to being insured.
  • Insurance companies are not able to quantify the quality of companies and products used to defend networks.
  • Insurance companies are not yet sharing loss data.
  • Business leaders overestimate by a factor of five how well they are covered by insurance in general—and probably much more so with respect to cyber insurance.
  • Businesses can still purchase cyber insurance for relatively insignificant sums.
  • Businesses are not yet willing to pay the premiums necessary for services such as forensic investigations and litigation defense.
  • Business leadership is only beginning to understand the seriousness of the threat landscape and, to date, has not been adequately motivated to deploy the resources to protect their networks and intellectual property.

The cyber security risk environment is changing, driven by the following:

  • Government regulation
  •  Continuous media coverage of breaches and hacks
  • Insurance industry pressure
  • Litigation
  • Pressure from large business enterprises on their third-party vendors to bring their security into alignment with their own security postures
  • The expectation of more and larger claims

A core driver of the uncertainty in the cyber insurance market is the lack of data that can be used to define and predict risk.  It is clear that insurance companies will require broader and more sophisticated data related to many aspects of cyber security and the business practices related to it.

Underwriting and actuarial departments will require continuous, current data in the many areas, and Data1Qbit will be in a position to supply a wide range of important cyber security company and product data to underwriting and actuarial departments on an on-going, 24/7 basis.  This data will be collected about ALL defensive and offensive cyber security product manufacturers (over 2,200 thus far) and ALL their products—globally.  That data will include:

  • Cyber security company/vendor data: including financial, legal, security, current user sentiment, and other data
  • Cyber security product data: including product viability, support, specification, security, user sentiment, and other data
  •  Breach data and common vulnerabilities correlated to the full range of cyber security products
  • Product updates and patches correlated to the full range of cyber security products
  • Current breach and hack news correlated with the full range of cyber security products
  • Neutral, anonymous aggregated loss data from insurance companies selling cyber insurance policies
  • Cyber security litigation data

Data1Qbit is positioning itself to provide all the data categories listed above, plus other data as requested by insurance clients that falls within our data collection capabilities.

 

WSJ Article April 13, 2015: Companies, Seeking Common Ground on Cybersecurity, Turn to Insurers
(Excellent article providing additional insight regarding the above subject matter).

Insurance Journal Article May 1, 2015: AIG Annouces Partnerhip with BitSight
(Another article highlighting the growing trend of collaboration between cyber security and cyber insurance industries).

Insurance Journal Article May 18, 2015: Marsh Partners with FireEye on Cyber Risk Management Program
(Another article highlighting the growing trend of collaboration between cyber security and cyber insurance industries).

 

Correct Cyber Security Decisions Start Here