数字多米诺骨牌：扫描互联网以揭露系统性网络风险.pdf

1、#BHUSA BlackHatEventsDigital Dominoes:Scanning the Internet to Expose Systemic Cyber RiskMorgan Herv-Mignucci#BHUSA BlackHatEventsMorgan Herv-Mignucci PhD,CFA,CISSP Lead Cyber Catastrophe Modeling at Coalition,Inc.Pioneered cyber risk models adopted by global insurers&reinsurers Previously featured

2、in Financial Times/New York Times for research on systemic infrastructure&climate risk#BHUSA BlackHatEvents3 Large-scale Cyber Events in 2024#BHUSA BlackHatEventsSystemic Cyber Risk(SCR)Broader than insurance Economy-/industry-wide impact Ad hoc impact assessment Interventions:public policy,regulati

3、on,public-private sector collaborationCyber Catastrophe Risk(CAT)Insurance-specific Portfolio losses quantification Commercial CAT models Risk Management:underwriting,coverage,capitalization,reinsurance#BHUSA BlackHatEventsSame Root Cause Accelerated Interconnectedness in our Increasingly Digital Ec

4、onomies#BHUSA BlackHatEventsDissecting Past Cyber Events#BHUSA BlackHatEventsCategorizing Landmark Cyber Events2017 2018 2019 2020 2021 2022 2023 2024 2025WannaCryNotPetya2014 2015 20162013Ukraine Power GridTargetSonyEquifaxSolarWinds OrionColonial PipelineKaseyaMS ExchangeLog4JChange HealthcareCDK

5、GlobalCrowdStrikeMOVEit3CXSupply Chain Compromise3rdparty access vectorSoftware update vectorTrusted Security Tool FailuresSecurity ToolShared Technology VulnerabilitiesOSS DependenciesPlatform VulnerabilitiesProtocol VulnerabilitiesDirect Targeted AttacksNation-State OperationsRansomware Operations

6、Destructive Attacks#BHUSA BlackHatEvents(More or Less)Common Cyber Insurance LeversFrom“Silent Cyber”to Affirmative CyberCoverage Expansion&ExclusionSub-Limits IntroductionPremium AdjustmentUnderwriting Scrutiny+Formal ControlsMore Robust Data CollectionReinsurance/Risk Capital#B