Latest news with #cyberrisk
Forbes
3 days ago
- Business
- Forbes
Multiplayer AI: The New Operating Model For Identity Security
Dr. John Pritchard is the Chief Product Officer at Radiant Logic, responsible for the company's global product vision. AI-powered deepfakes and credential attacks are rewriting the rules of cyber risk, with identity-related breaches now costing organizations an average of $4.45 million per incident and accounting for over 70% of successful attacks on enterprise infrastructure and supply chains. Despite record investments in detection and response, breaches keep making headlines. Why? I call this the identity security paradox: More technology doesn't equal protection, especially if tools—and the people and AI agents using them—don't work together. Identity is the primary attack surface in the enterprise. Most organizations built their identity security stack on a traditional combination of IAM, IGA and PAM, but the rapid proliferation of cloud apps, machine identities and AI agents outpace these traditional controls. The result? Siloed data, unmanaged privileged accounts and hidden nonhuman identities—each a potential attack vector. Gartner finds that 65% of organizations still lack IAM maturity, weighed down by technical debt and fragmented architectures. Point solutions deployed to 'fix' audit findings or compliance gaps create more complexity, not less. Attackers exploit these seams, moving laterally between systems and identities that aren't monitored holistically. CISA's Silentshield Red Team Assessment demonstrated that decentralized teams and poor communication allowed adversaries to persist undetected, even when individual groups spotted anomalies. The lesson is clear: Solo efforts—whether a lone expert, an isolated AI agent or a disconnected tool—cannot keep pace with adversaries who are increasingly agile, automated and collaborative. To close these gaps, interoperability must become the standard for tools and the people and AI agents using them. Interoperability means more than connecting dashboards or sharing alerts. It's about ensuring that identity security posture management (ISPM) and identity threat detection and response (ITDR) systems share data, context and workflows in real time, across both human and machine identities. Gartner recommends a 'system of systems' approach, built on identity fabric principles, to support zero trust and intelligent automation. This means breaking down technical and organizational silos so prevention and detection teams operate from a unified, continuously updated single source of truth for identity data—a concept Gartner identifies as foundational for modern identity security. This trusted, authoritative data layer enables faster, more accurate decisions and ensures that every team acts on the same intelligence. When ISPM and ITDR interoperate, and when human and AI teammates collaborate based on shared reference points, blind spots shrink and attackers have fewer seams to exploit. I call the next evolution in identity security: multiplayer AI—intelligent systems designed to amplify human capabilities through enhanced teamwork. Gartner predicts by 2027, 90% of successful AI implementations in cybersecurity will focus on tactical task automation and process augmentation, not full autonomy or staff replacement. Multiplayer AI enables human and AI collaboration, breaking down silos and bridging gaps between prevention and detection. AI excels at analyzing vast datasets, detecting patterns humans miss and automating repetitive processes. Critical decisions, like determining whether anomalies are a threat or false positives, still require human judgment and contextual understanding. Studies show organizations using collaborative AI models—human decisions based on AI recommendations—see faster response times, fewer security incidents and improved resilience. The key is not just technology, but teamwork: AI handles the heavy lift of data processing and pattern recognition, while humans provide creativity, ethical oversight and business context. Thankfully, the industry is moving quickly. With the meteoric rise of agentic AI, open standards like Model Context Protocol (MCP) and Agent2Agent (A2A) are enabling AI agents from different vendors, clouds and frameworks to communicate, share context and coordinate tasks securely. Technology partners including OpenAI, Microsoft and Google are already adopting these protocols, breaking down silos that limit automation's impact. For business leaders, agentic AI means specialized agents for threat detection, access management, compliance and user behavior analytics can now form ad hoc teams-automating complex workflows and adapt to new threats. By 2028, Gartner forecasts multiagent AI will account for 70% of threat detection and response implementations, primarily to augment—not replace—staff. Early adopters will see measurable results: Leveraging agent-to-agent collaboration is predicted to cut attacker dwell time in compromised environments by up to 50%, while accelerating response and reducing operational risk. When humans and AI work together, identity security becomes faster, smarter and more resilient. 1. Establish an interoperability baseline. Audit ISPM and ITDR tools for data sharing and workflow integration across human and machine identities. Ensure architectures support agent-to-agent interoperability using open standards like MCP and A2A, so specialized agents can collaborate and automate cross-vendor workflows. Set quarterly targets to reduce IAM tool integration gaps. 2. Pilot tactical AI augmentation. Start with a focused, data-driven use case, such as automated privilege review or anomaly detection. Track improvement in response time and risk reduction. 3. Build AI literacy and human oversight. Train teams on both the benefits and limits of AI, including where human verification is required in critical workflows. 4. Continuously review identity hygiene. Use AI-driven discovery to identify unused or risky accounts, but require human validation before making changes. Aim to reduce privileged account sprawl and remediate orphaned accounts as they are detected. 5. Measure what matters. Track outcome-driven metrics such as percentage reduction in excessive permissions, improvement in MFA deployment rates and decreased incident response times. For example, reducing excessive permissions by 20% and increasing MFA coverage to 95% of privileged accounts within one year. The next breach won't be stopped by just another dashboard or a new AI agent. Organizations that have achieved true interoperability across tools, teams and AI will be able to respond more accurately to security issues. Multiplayer AI and agent-to-agent collaboration will lead the blueprints for resilience in the age of AI turbulence. Start by assessing your current environment for interoperability gaps, unify your tools and teams and empower your people with AI that amplifies—not replaces—their expertise. In the high-stakes game of identity security, victory belongs to those who play as a team. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
4 days ago
- Business
- Yahoo
Aon's 2025 Global Cyber Risk Report Reveals Reputation Risk Events Can Reduce Shareholder Value by 27 percent
DUBLIN, June 17, 2025 /PRNewswire/ -- Aon plc (NYSE: AON), a leading global professional services firm, today released its 2025 Cyber Risk Report, revealing that cyber events that cause reputation risks can result in an average of 27 percent drop in shareholder value, highlighting the growing financial and reputational stakes of cyber risk. The findings build on Aon's 2023 research, which showed that major cyber incidents led to an average 9 percent decline in shareholder value over the following year. This year's report goes further, analyzing more than 1,400 global cyber events and identifying which types of attacks are most likely to evolve into reputation risk events and which can be the most damaging when they do. "Cyber risk is no longer just a technology issue — it's a boardroom issue," said Brent Rieth, global cyber leader at Aon. "Our latest research underscores the importance of proactive risk mitigation. Organizations that invest in preparedness and resilience are far better positioned to avoid the reputational and financial fallout that can follow a cyber event." Among the report's key findings: Of the 1,414 cyber events analysed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant media attention and lead to a measurable decline in share price. Companies affected by these reputation risk events experienced an average shareholder value decline of 27 percent. Malware and Ransomware attacks were the most likely to trigger reputational damage, accounting for 60 percent of all reputation risk events, despite making up only 45 percent of total cyber incidents. Five drivers of value recovery — preparedness, leadership, swift action, communication and change — were identified as critical levers for mitigating reputational fallout. The report also highlights the growing challenge of managing uninsurable risks. While cyber insurance can help transfer some financial exposure, reputation risk remains largely nontransferable, making proactive risk management and crisis response essential. "As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cybersecurity and insurance strategies, and the tools to make better, data-driven decisions. Aon is uniquely positioned to support clients through these challenges," added Rieth. Aon's 2025 Cyber Risk Report draws on proprietary data from the firm's Cyber Quotient Evaluation, a patented global e-submission platform that streamlines the cyber insurance intake process and empowers organizations with actionable insights into their cyber exposures and insurability — helping to strengthen both underwriting outcomes and cyber risk management strategies. About AonAon plc (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that protect and grow their businesses. Follow Aon on LinkedIn, X, Facebook and Instagram. Stay up-to-date by visiting Aon's newsroom and sign up for news alerts here. Media Contactmediainquiries@ (U.S., Canada and Puerto Rico): +1 833 751 8114International: +1 312 381 3024 SOURCE Aon plc
Yahoo
04-06-2025
- Business
- Yahoo
Markel expands tie-up with Cyberwrite for cyber risk modelling
Cyberwrite, a provider of cyber risk modelling, has expanded its partnership with Markel Insurance to enhance underwriting, broker enablement and cyber risk modelling across Europe. Markel Europe uses Cyberwrite's AI-driven technology to help underwriters model exposures and share findings with brokers and clients. The integration provides predictive cyber risk analytics for businesses worldwide, reducing loss ratios and enabling data-driven underwriting in seconds. The technology also supports advanced cyber catastrophe modelling. Cyberwrite's patented AI transforms complex cyber risk data into actionable insights, allowing professionals to quickly communicate breach probabilities and economic impacts. The platform offers benchmarking against industry peers and supports Cyberwrite's next-generation catastrophe modelling solution. Cyberwrite CEO and founder Nir Perry said: 'This expanded partnership demonstrates how our patented AI-driven cyber insurance underwriting technology specifically addresses the gaps that have historically complicated cyber insurance underwriting and modelling.' Markel Europe CEO Frederik Wulff stated: 'Cyberwrite's platform has transformed how we evaluate cyber risk across diverse markets and industries for small and mid-size businesses. 'Our underwriters can now quantify factors that were previously difficult to measure in real-time for any business in local language, enabling brokers to easily explain cyber risks, and giving clients a clearer picture of their specific cyber risks so they know how much cyber coverage to buy, and how to reduce the risk of a breach.' This partnership expansion follows a similar initiative by Samsung Fire & Marine Insurance, which recently joined forces with Cyberwrite to enhance its cyber insurance processes. Founded in 2017 by cybersecurity and insurance veterans, Cyberwrite is a leader in AI-driven cyber risk quantification. Its solutions are used by insurers, reinsurers and brokers to streamline cyber insurance distribution and reduce costs. "Markel expands tie-up with Cyberwrite for cyber risk modelling " was originally created and published by Life Insurance International, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Sign in to access your portfolio
National Post
03-06-2025
- Business
- National Post
HSB Canada Marks its 150th Anniversary
Article content Article content TORONTO — HSB Canada is celebrating its 150th anniversary as the specialty insurer looks ahead to its continuing evolution from the age of steam to cyber risks and high-tech equipment in a connected world. Article content In a world powered by steam boilers, HSB Canada was founded in 1875, taking a scientific approach to the perils of the day, when explosions were commonplace and deadly. The company combined inspections, engineering, and insurance to help prevent accidents and provide the coverage and services customers needed to recover and get back in business. Article content Over the years, HSB Canada has been at the forefront of new technologies, offering products and services that protect businesses and individuals, helping prevent losses and advancing energy sustainability. Article content 'It is in HSB's DNA to leverage its technical expertise to manage risks and develop market-oriented solutions for emerging exposures,' said Barbara Bellissimo, president and chief executive officer of HSB Canada. 'HSB Canada's founders showed remarkable foresight in aligning accident prevention with insurance coverage. We have remained true to this principle and today operate with a startup mindset.' Article content HSB Canada provides cyber risk, equipment breakdown, and service line insurance for homes and businesses, and renewable energy all-risk, and specialty liability coverage. Article content HSB Group, part of Munich Re, is a leading provider of equipment breakdown and other specialty insurance, inspections, engineering, and technology services. Article content HSB Canada HSB Canada, part of Munich Re, is a multi-line specialty insurer and provider of inspection and risk management. HSB Canada's insurance offerings include equipment breakdown, cyber risk, and other coverages. HSB blends its engineering expertise, technology and data to craft inventive insurance and service solutions for existing and emerging risks posed by technological change. Throughout its 150-year history HSB's mission has been to help clients prevent loss, advance sustainable use of energy and build deeper relationships that benefit business, public institutions, and consumers. HSB holds A.M. Best Company's highest financial rating, A++ (Superior). For more information, visit and connect on LinkedIn and Facebook. Article content Munich Re Munich Re is one of the world's leading providers of reinsurance, primary insurance and insurance-related risk solutions. The group consists of the reinsurance and ERGO business segments, as well as the asset management company MEAG. Munich Re is globally active and operates in all lines of the insurance business. Since it was founded in 1880, Munich Re has been known for its unrivalled risk-related expertise and its sound financial position. Munich Re leverages its strengths to promote its clients' business interests and technological progress. Moreover, Munich Re develops covers for new risks such as rocket launches, renewable energies, cyber risks and artificial intelligence. In the 2024 financial year, Munich Re generated insurance revenue of €60.8bn and a net result of €5.7bn. The Munich Re Group employed about 44,000 people worldwide as of 31 December 2024. Article content Article content Article content Article content Contacts Article content Article content Article content
Forbes
23-05-2025
- Business
- Forbes
Having Clarity On Cyber Risk Is Power
Zach Fuller - Founding Partner of Silent Sector - an Expertise-Driven Cybersecurity services firm protecting companies across the U.S. getty "We don't know what we don't know." If you've ever said this when it comes to cybersecurity, you're not alone. That uncertainty is one of the biggest threats mid-market and smaller companies face today. Too many organizations operate without a clear cyber risk management strategy. It's not because they don't care but because they're unsure where to begin. Fortunately, organizations can discover and address most cyber risks with two complementary activities: • Cyber Risk Assessment: A structured, organization-wide review of the company's policies, procedures and technical controls. • Penetration Testing: A real-world exercise where ethical hackers simulate attacks to uncover technical vulnerabilities. The Blind Spot Crisis: The Greatest Security Threat The vast majority of breaches stem from vulnerabilities companies didn't know existed. Risk assessments provide a holistic overview of cyber risk across the organization. Penetration testing identifies technical gaps a cybercriminal can use while conducting an attack. Together, they provide unmatched clarity and a direct path to fortify defenses. However, many companies focus on shiny tools while overlooking the fundamentals like incident response planning or operational continuity after a breach. That's like buying a high-end alarm system while leaving the front door wide open. Organizations serious about resilience need a proactive, comprehensive strategy that protects not just their data but their ability to operate. Conducting Cyber Risk Assessments: The Proactive Method A well-run cyber risk assessment sets the stage for everything else. Measuring Against A Cybersecurity Framework Cybersecurity isn't a "make it up as you go" type of matter. Organizations can't just throw tools at the problem and hope it works out. It's critical to follow an industry-recognized cybersecurity framework. This is a structured set of controls that guides security posture in alignment with proven best practices. Industry-backed frameworks provide a reliable benchmark. A few of the most respected options include: • NIST CSF 2.0: Widely adopted across industries, especially in the U.S. • CIS Controls: Prioritized into "implementation groups" for different organizational sizes. • ISO 27001: A global standard, particularly for international or compliance-heavy businesses. These frameworks are starting points rather than rigid rules. Every company is different, and each must tailor its assessment to its business, industry and risk tolerance. A good cybersecurity partner can help prioritize the controls that matter most and cut through the noise. The Three Pillars Of Security Strong security isn't just about tech. It's about building strength across three areas that cybersecurity frameworks cover: • People: The first line of defense—and often the weakest link. • Processes: Defined, repeatable methods for doing things securely. • Technologies: Important, but only as good as the strategy and configurations. Companies love buying new security tools, but I find that most don't need more tech to strengthen security. They need better implementation of what they already own. They don't solve complexity by adding more complexity. They solve it with clarity, discipline and alignment across their people, processes and technologies. Security Road Map: Getting Everyone On The Same Page Once organizations have completed a cyber risk assessment, they'll see where the gaps are and what needs to happen next. That's the road map. This isn't about pie-in-the-sky "initiatives." It's about practical, prioritized actions: • What reduces the most risk the fastest? • What aligns with business priorities? • What can be done within the team's capacity and budget? Balance quick wins with longer-term projects. Show progress, build momentum and always tie every security initiative back to business goals. Security for the sake of security doesn't resonate. Security that supports growth, continuity and reputation does. Penetration Testing: See What The Enemy Sees Risk assessments show where security controls fall short across the organization. Penetration tests provide a technical vantage point, showing organizations where an attacker could get through. Ethical hackers use the same tools and tactics as malicious actors to uncover weaknesses that organizations might not even know exist. A pen test isn't just a scan—it's a hands-on simulation of a breach attempt. A comprehensive test includes real cybersecurity experts (humans, not just automation) using the latest tools, technologies and methodologies to identify exploitable attack surfaces. Pen Test Scope Pen tests should focus on what matters most to the business. Depending on the environment, that could include the external network, internal network, cloud platforms, web applications, wireless networks, operational technology (OT) and even the people inside the organization through social engineering. The Three "Boxes" Of Pen Testing Pen tests come in a few flavors, each with a different perspective: • White-Box: Full access and information. Thorough, but not as realistic. • Black-Box: Simulates an outsider's view. Realistic but limited. • Gray-Box: The sweet spot. Enough access to be efficient, enough realism to simulate an attacker's perspective. Think of pen testing as an organization's chance to "fight the enemy before the enemy fights them." Just like risk assessments, it's not one-and-done. It should be a regular part of the cybersecurity strategy. Gaining Clarity: Knowing And Understanding Risks This is the goal. A proper cyber risk assessment, guided by an industry framework, tells organizations where their defenses are strong and where they're lacking. A penetration test shows how an attacker would exploit those weaknesses. Together, they provide full-spectrum clarity—technical and strategic. That clarity is power. It allows companies to direct resources where they're needed most. It gives leadership teams real answers, not guesswork. It transforms cybersecurity from a cost center into a strategic enabler. The Bottom Line Organizational leaders don't need to be cybersecurity experts, but they do need to know where their risks are and what to do about them. Companies that thrive in this new threat landscape aren't the ones that buy the most tools or shout the loudest about compliance. They're the ones who understand their vulnerabilities, prioritize wisely and take consistent, confident action. Start with visibility, build the road map, test defenses and move forward with clarity. "We don't know what we don't know" cannot be left unsolved in today's environment. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
