Researchers at the Critical Infrastructure Resilience Institute, a Department of Homeland Security Center of Excellence, have developed a new software tool that will provide an assessment of a company’s cyber security risk based on the company’s IT infrastructure. The new tool can be applied to many fields, particularly the ballooning $2.75 billion cyberinsurance market, which currently lacks a technological approach to analyzing the cyber risks of potential policy holders and pricing policies accordingly.

The Cyber Risk Scoring and Mitigation (CRISM) tool measures the security capabilities of the software and hardware that comprise a company’s cloud IT infrastructure. By deploying this tool, insurers will be able to improve risk assessment and create individualized insurance policies tailored to cover cyber losses.

CRISM would provide a more technologically grounded approach aimed at improving underwriting cyberinsurance policies than is used today. Insurers currently determine policy pricing using written questionnaires and interviews with the company seeking cyber insurance, an approach that does not include a hands-on evaluation of the company’s specific IT systems, says CIRI researcher Jay Kesan.

Full story at ciri.illinois.edu