The average ransomware loss hit $353,000 this year 📈
Cyber Incident? Get Help

Powered by the Active Data Graph

Powered by Active Data Graph

If there’s one thing the insurance industry can agree upon, it’s that cyber risk is unlike other risks. Where opinions diverge is on the topic of data.

Critics say that not enough historical data exists to predict future risk. Some assert the cyber insurance industry is still too nascent to be trusted; others go as far as to say that the dynamic nature of cyber risk makes it “uninsurable.”

In reality, there has never been more data in history to understand cyber risk than there is right now, which makes cyber risk one of the most knowable risks in the modern world. How that data is collected and applied to insurance, on the other hand, is what separates Coalition from stubborn legacy insurers and overpromising insurtechs.

Cyber insurance providers that operate with limited data — data that does not include real-time analysis of threat actor activities, for example — often fail to recognize and address the factors that are more likely to result in claims. This is true of both traditional insurers that rely on historical data to predict future risk, as well as insurtechs that make promises and predictions without an equal emphasis on data collection and analysis. 

So, we decided to set the record straight about many fallacies surrounding cyber insurance and solve the problem of limited data ourselves.

Explore the Active Data Graph - 2

Coalition's Active Data Graph is built upon a foundation of continuous, internet-wide data collection, artificial intelligence-enabled threat detection capabilities, and real-world security and insurance expertise. 

Introducing the Active Data Graph

Coalition’s Active Data Graph is our purpose-built data collection and analysis engine. It allows us to unearth the newest and most pressing cyber threats, determine which threats are most likely to result in losses, and then distill the information into actionable insights for businesses, brokers, and security professionals — and it powers everything we do. 

The Active Data Graph informs our Active Insurance in numerous ways, such as:

The Active Data Graph is built upon a foundation of continuous, internet-wide data collection, artificial intelligence-enabled threat detection capabilities, and real-world security and insurance expertise. 

Continuous, internet-wide data collection

“Cyber insurance is immature. We don’t have enough historical data to predict future risk.”

This is the first of many common fallacies in our industry. Historical data is necessary, but not sufficient, for understanding cyber risk. Looking in the rearview mirror to try to predict the future of cyber risk is not effective. Technology evolves so rapidly that related potential exposures and their mitigations are constantly evolving, too. 

Not having a deep understanding of technology, network architectures, and cybersecurity can even result in missing the warning signs of emerging threats. Instead, the goal should be to look ahead: monitor and understand developing risks and attacker behaviors to help avoid surprises from new and novel threats. While historical data is essential in other lines of insurance, real-time data is more useful to understand threat actor behaviors and make informed decisions about cyber risk selection and insurability.

Unlike other cyber insurance providers that buy data from third parties, Coalition is a root collector of cyber data. This means we define the cadence and depth at which the data is collected and are not beholden to decisions outside our control.

We collect data in two distinct ways. First, we continuously scan the entire IPv4 space and parts of the IPv6 space; we essentially “ask” every computer that’s directly exposed to the internet which software it runs and for what purpose. Second, we maintain a geographically distributed network of honeypots and sensors to help discover new vulnerabilities before they’re published. These are machines we’ve connected to the internet that emulate incorrectly configured software to lure threat actors into revealing their attack tactics when a new vulnerability emerges. 

Coalition doesn’t need to rely on historical or third-party data to understand threat actor behaviors. As a root data collector of data, we can look at our honeypots and see, in real-time, which types of software are getting attacked most often.

Coalition doesn’t need to rely on historical or third-party data to understand threat actor behaviors. As a root data collector of data, we can look at our honeypots and see, in real-time, which types of software are getting attacked most often. Then, we scan our policyholders for the same softwares, identify those at risk, and notify them so they can quickly remediate the risk. 

Consider this: A computer exposed to the public internet can have 65,535 ports running different types of software. When we conduct our internet-wide scans, we look at the 461 ports most commonly targeted by threat actors. But when we scan our policyholder base, we look at all 65,535 because we need to fully understand all of our policyholders' potential risks. 

Any business can go from secure to exposed at a moment’s notice, which is why speed is of the essence for Coalition. Continuous, internet-wide data collection allows us to identify new threats and alert policyholders before an attack to help them avoid costly claims. 

AI-enabled threat detection capabilities

“Cyber insurance can’t keep pace with the dynamic nature of cyber risk.”

This fallacy represents a misunderstanding (or misapplication) of the technology at our disposal. Cyber insurance and cybersecurity are “big data” problems, which means it’s impossible for humans alone to scour through the petabytes of data we collect and find the needle in this immense haystack.

Our analysis predicted that nearly 35,000 Common Vulnerabilities and Exposures (CVEs) will be published in 2024. That means security practitioners must review, assess, and triage an estimated 2,900 new vulnerabilities every single month. Complicating matters further, only 5% of CVEs are actually exploited — this puts the onus on IT teams to prioritize the right vulnerabilities and avoid wasting precious time and resources on less significant risks.

Cyber insurance and cybersecurity are “big data” problems, which means it’s impossible for humans alone to scour through the petabytes of data we collect and find the needle in this immense haystack.

Coalition built an AI-based risk scoring system, the Coalition Exploit Scoring System (ESS), to help risk managers and security professionals cut through the noise surrounding new CVEs. Coalition ESS assigns dynamic scores so they can make better decisions about which vulnerabilities warrant the most attention.

Every time a new CVE is published, our AI is trained to look at its characteristics, identify similar vulnerabilities that attackers may have previously exploited, and score it accordingly. Coalition ESS scores create a hierarchy of priority based on the probability of exploitation.

Keeping pace with a dynamic cyber threat landscape requires speed and accuracy. Coalition strategically deploys AI with human oversight to enhance the expertise of our team, allowing us to move faster, scale our analysis, detect flaws in data, and dynamically prioritize new exposures so we can help businesses stay one step ahead of cyber threats.

Explore the Active Data Graph - 3

Real-world security and insurance expertise 

“Cyber underwriting is outdated because it relies on point-in-time questionnaires, revenue, and industry for risk selection.” 

The idea that a cyber insurer can proclaim to understand a business’ risk based on industry, revenue, and PII count is not only outdated but also detrimental to our industry.

When actuaries work with limited data, they wind up making decisions based on an incomplete view of risk. Reliance on historical data and rigid actuarial models creates conditions in which actuaries confuse what they see in their traditional insurance models with what actually happens in the real world.

This is precisely what’s prompted some to say cyber is “uninsurable,” and it’s why Coalition was built from the ground up to approach cyber insurance differently. The vast amounts of data we collect from all corners of the internet, the incorporation of AI to organize threats based on the likelihood of an attack — it all comes to life through collaboration between Coalition’s actuarial science and security research teams.

Reliance on historical data and rigid actuarial models creates conditions in which actuaries confuse what they see in their traditional insurance models with what actually happens in the real world.

Organizationally, our actuaries are embedded with security researchers so they can extract the most relevant security insights from our data. This cooperation helps insulate us from much of the volatility across the broader cyber insurance market and allows us to accelerate the detection of new threats, policyholder risk, and likelihood of claims.

By pairing real-world security and insurance expertise, Coalition brings clarity to what otherwise might be unstructured and insignificant threat intelligence data. This data informs everything from policy language and risk selection to security alerts and incident response — and it’s how we avoided $141 million in potential cyber claims losses in 2023.

The future of cyber insurance is driven by data

The long-term stability of our industry depends on insurers’ ability to accurately assess, underwrite, and price cyber risk. But with cyber threats constantly evolving in ways no one could have even imagined 10 years ago, Coalition’s job is to stay ahead of the curve. 

Cyber risks may differ from other types of risks, but they’re both insurable and manageable with the right data — and this is where Active Insurance comes into play. Coalition strives to deliver the most accurate and actionable view of cyber risk by continuously collecting real-time data, using AI technology to ensure speed and accuracy of analysis, and leveraging actuarial expertise to improve risk selection.

We're not here to say we are able to simplify the cyber threat landscape or predict the future. Instead, Active Insurance is built to help make cyber risk look and feel like other risks brokers are used to helping their clients manage.

To learn more about the Active Data Graph, visit coalitioninc.com/data-graph or talk to a Coalition representative about scheduling a live demonstration.


*Coalition Security Services MDR services are provided by Coalition Incident Response, Inc., an affiliate of Coalition.
Insurance products referenced herein are offered by Coalition Insurance Solutions, Inc. (“CIS”), a licensed insurance producer with its principal place of business in San Francisco, CA (Cal. license #0L76155), acting on behalf of a number of unaffiliated insurance companies and on an admitted basis through Coalition Insurance Company (“CIC”) a licensed insurance underwriter (NAIC # 29530). A list of our admitted carriers is available here. Complete license information is available here. Insurance products offered through CIS may not be available in all states. All insurance products are governed by the terms and conditions set forth in the applicable insurance policy. Please see a copy of your policy for the full terms and conditions. Any information on this communication does not in any way alter, supplement, or amend the terms and conditions of the applicable insurance policy and is intended only as a brief summary of such insurance products. Policy obligations are the sole responsibility of the issuing insurance carrier. The descriptions provided herein are solely for informational purposes and are not to be construed as advice of any kind or the rendering of consulting, financial, legal, or other professional services from Coalition. Any action you take upon the information contained herein is strictly at your own risk. Coalition will not be liable for any losses and damages in connection with your use or reliance upon the information.