当前位置:首页 > 报告详情

数字多米诺骨牌:扫描互联网以揭露系统性网络风险.pdf

上传人: 竿*** 编号:981909 2025-11-29 33页 10.66MB

1、#BHUSA BlackHatEventsDigital Dominoes:Scanning the Internet to Expose Systemic Cyber RiskMorgan Herv-Mignucci#BHUSA BlackHatEventsMorgan Herv-Mignucci PhD,CFA,CISSP Lead Cyber Catastrophe Modeling at Coalition,Inc.Pioneered cyber risk models adopted by global insurers&reinsurers Previously featured

2、in Financial Times/New York Times for research on systemic infrastructure&climate risk#BHUSA BlackHatEvents3 Large-scale Cyber Events in 2024#BHUSA BlackHatEventsSystemic Cyber Risk(SCR)Broader than insurance Economy-/industry-wide impact Ad hoc impact assessment Interventions:public policy,regulati

3、on,public-private sector collaborationCyber Catastrophe Risk(CAT)Insurance-specific Portfolio losses quantification Commercial CAT models Risk Management:underwriting,coverage,capitalization,reinsurance#BHUSA BlackHatEventsSame Root Cause Accelerated Interconnectedness in our Increasingly Digital Ec

4、onomies#BHUSA BlackHatEventsDissecting Past Cyber Events#BHUSA BlackHatEventsCategorizing Landmark Cyber Events2017 2018 2019 2020 2021 2022 2023 2024 2025WannaCryNotPetya2014 2015 20162013Ukraine Power GridTargetSonyEquifaxSolarWinds OrionColonial PipelineKaseyaMS ExchangeLog4JChange HealthcareCDK

5、GlobalCrowdStrikeMOVEit3CXSupply Chain Compromise3rdparty access vectorSoftware update vectorTrusted Security Tool FailuresSecurity ToolShared Technology VulnerabilitiesOSS DependenciesPlatform VulnerabilitiesProtocol VulnerabilitiesDirect Targeted AttacksNation-State OperationsRansomware Operations

6、Destructive Attacks#BHUSA BlackHatEvents(More or Less)Common Cyber Insurance LeversFrom“Silent Cyber”to Affirmative CyberCoverage Expansion&ExclusionSub-Limits IntroductionPremium AdjustmentUnderwriting Scrutiny+Formal ControlsMore Robust Data CollectionReinsurance/Risk Capital#B

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Digital Dominoes: Scanning the Internet to Expose Systemic Cyber Risk》一文,主要内容如下: - **系统化网络风险(SCR)**:比保险更广泛,对经济和行业有影响,需要非传统的风险评估和干预措施。 - **网络灾难风险(CAT)**:特定于保险,用于量化投资组合损失,涉及承保、覆盖和再保险。 - **共同原因**:数字经济的加速互联。 - **历史事件分析**:列举了多个重大网络事件,如WannaCry、NotPetya、SolarWinds等。 - **网络保险杠杆**:从“无声网络”到积极的网络保险覆盖。 - **数据驱动模型**:利用网络数据来识别聚合技术和供应商,提高对SCR的理解。 - **关键点**: - 2024年有3次大规模网络事件。 - WannaCry事件的经济损失估计为3-4亿美元。 - NotPetya事件的经济损失估计为8-10亿美元。 - CrowdStrike事件的经济损失估计为5-10亿美元。
2024年三大网络事件" 从静态到动态" 应对系统性网络风险"
客服
商务合作
小程序
服务号
折叠