Cyber Risk Scenario Analysis For Insurance Assignment Sample

Introduction

Get free samples written by our Top-Notch subject experts for taking help from our assignment helper.

Cyber risk is known as a risk of financial information, damage and disruption of organizational reputation which can sort from the failure in a technology system. This damage can deleverage by other breaches and poor security systems. Sometimes this cyber risk can be accidental or for that IT risk. This problem can be manageable for any business. Best management planning and progress reduce or provide a stop button to this. Cyber risk grows in public and private threads for information systems. In this project the Insurance Australia Group limited has been selected to understand the procedure. IAG is the largest Insurance Company in Australia and New Zealand.

Selection of insurance company

• a) This IAG is a very well-known brand. They have a combined business of SGIO, SGIC, NRMA, WFI and CGU insurance. This insurance business accumulated around $ 12.6 billion for each year. IAG is listed in Australian Securities Exchange trading shares. In recent times this business faces distribution in information channels.
• b) IAG Company supports the customers that are impacted by natural disasters, like rain, floods etc. IAG takes a major part of action or support for this type of environmental disaster. Also in recent times in COVIDE-19 pandemic emergency or customer get very reliable service from this business.
• c) This business has changed in their operation to increase business imagination and capability for changing factors. They are looking for high range attributes which can provide them good acumen in finance. Well rounded person who will enjoy staying in a high performing team.
• d) After attack by cyber distribution this IAG business SMES 20% of their portion and other 35% to 70% are short out for cyber insurance to save the data.
• e) The indirect attack pushes this business in a collateral damage way. Where the stakeholder and organizational clients' information get threatened by third parties. Somehow this damage can be accidently but here this has increased the internal operation program. Changing in information nature premises for historical standalone.

Development of the scenario

In Past year the cyber security pandemic remained in this organization. The cyber-attacks provide impact across to the spectrum. In recent development they are trying to demand that the thread has come from public data. IAG considers the data to carry personal information of consumer or third investor parties. After mitigation attacks on internal information, cyber insurance has been occurring for the last few years (Egan et al. 2019). The IAG management said they need to create more denotive and effective mitigation to avoid this type further cyber-attack.

Data theft is the most common cyber risk nowadays, and this IAG Company has a big part of their consumer data. Here the organizational financial data is also included. It was not just a data hefting case, the intellectual property details were also attacked by the cyber risk. If the threads are remaining in the business that can be the cause of mitigation.

Tools and Methods

There are many tools and methods for cyber-attacking and all that is also known as mode of crime. The common tools are, hacking, phishing, service attack, spoofing and piracy of software (Zhang and Zhu, 2019). All of this is very common and some of them can provide big losses in the internal cyber system.

Some common examples have been delivered in the following list.

• Access of unauthorized or data modification or some application.
• Software prophecy included intellectual property.
• Child phonographic digital disrupting.
• Manipulating computer networks which has been done by fraud.

In various ways cybercrime can be attacked.

• Hacking is an act to access the network system of a computer.
• In an illegal way theft the data from organizational data.
• Copying the programmer with spam email and creating disruption in the network system.

There are different types of digital cyber tools which influence cybercrime.

• Ophcrack- Ophcrack is a cracking tool for hashes. This is generated from the same windows file, which allows users to run on different platforms with GUI secure systems.
• Data dumper- This is a forensic tool of computer command-line (Radanliev et al. 2018). It can be found easily in the UNIX operating system, which helps to make the exact same copy of any disc for digital analysis.
• Kali Linux- This is known as open source software, which maintains the offensive security. This thing is of special use to design digital forensic programs and for testing the penetration.
• EnCase- EnCase is a kind of software which allows the investigator to examine hard diske’s data.
• Md5sum- This thing helps to get the proper information that, is the data has been copied successfully or not.
• SafeBack- To copy the image from one disk to another hard disk these tools are used.

Category of the analysis

There are many types of cyber-attack and some of them have been shortened to the common ten attacking category.

• Malware Attack- From to ten information the Malware is the most common cyberattacking process. In this part spyware, adware, software virus or worm and Trojans are included as attacking factors (Lau et al. 2021). Malware breaches the networking system. At the time of downloading email the factor provides some dangerous link with this link the user accidently allows the inflation in their drive.
• Phishing Attack- This is the most widespread promoted cyberattack. This type of thing provides non-trustable means of fake mails to the user. Mainly the social engineering attack by the fraud. From the IAG CEO information, this insurance limited has been attacked by this Phishing Attack.
• Password Attack- This is the most influencing hacking process. With the help of various programs the fraud are succeeds to crack the password and hack the network system. With the help of this the fraud has taken a wide area of customer information from the IAG Company.
• SQL Injection Attack- SQL is denoted the Structure Query Language occurs to the power for driving the data in the website (Mazzoccoli and Naldi, 2020). This factor provides the ability to see all the rights of data administration. In IAG the data has been used in the validation process before hefting function.
• Insider threat- Insider thread does not allow the third party. An individual holds the full access to damage the potential of information structure. In IAG the fraud has been used to break the chain of data technology and has dragged out all private information of their customers.

Root Cause Analysis (RCA method)

In the following part the cause of this type of cyber-attack has been described. Cyber risk also depends on the firm size. The fraud or hacker mainly searches for the assets of the firm and assets in digital form. Most of the cyber-attack are attempt by the raider are,

• To get the all client list. In past year attacks the IAG has lost their client list details.
• Find out the sensitive data, which is personal of the firm and customer.
• In every firm the customer details are accessed individually which is important to keep the record securely (Xu and Hua, 2019). But if the firm lost that information then it would be a big loss for them. Every company's most important thing is the customer.
• The IT structure of this IAG organization is very protective but the fraud wants some internal information which plays a very important role in business.
• Customer financial data is also very attractive to the fraud which can provide a big data set and with them they can analyze the business structure. Also with this factor they can create distribution in technology structure.

The roots can be insider or outsider. The insider factors are,

• Company’s trustable employee can misplace the information accidentally. This can be the cause of entering the criminal in data structure (Orlando, 2021).
• A careless employee can be the supporting factor to proceed in business structure with legal policies in an illegal way.
• Experienced Ex-employees can become a threat to the business inside the security system.
• Legitimate access and a malicious system also help the criminal.

Some outsider factors have been found out in IAG.

• There has been found a group of criminals, those who enter the business internal structure and have proceeded the data criminal working process to theft the information.
• Management information has been dragged out by some professional hackers. It can be malicious or Phishing (Pal et al. 2021).
• Script kiddies or amateur hackers have been involved in this cybercrime.

Identification and description of root

Computer cybercrime has an impact in Insurance Australia Group Company and a big risk has been found in their financial statement. Mainly the root identification needs some different planning or strategy. The planned strategy has to be reliable for every working person and also must be a good result provider. Thai Australia Insurance Company has followed some steps to identify the cybercrime root, those described in the following list (Malavasi et al. 2022). Basic step was before the starting step was planned by the management.

• They have isolated all their files and after searching the IAG has found there was some file without any user ID. Also some consumer files search out as disability files that have been copied by some backup media.
• After tracking the website cookies said about the user person detail. The web history was buffering and compared with the registry file there was some illicit software which has been installed by some internal program.
• After capturing all the data and files and after analysis they need to check the downloaded data to survive from the attack (Falco et al. 2019).
• The target area is intently measured and provides focus to address all cover black information.
• IAG should create a large scale for examination and concept representation of crime data, this principle must be an overarching concept according to the business orientation. A different technique should be used for examining technology.

Chronology

After starting the networking connection with the fraud the CFO of this IAG business was forged about to drop down the information of their business. From this the attacker composed he forgot mail and got all the details about future investment. The fraud has created phishing mail with some rough account or link (Welburn and Strong, 2019). The CEO of IAG has used Malware. They have found the attacker sent a Phishing mail to him through the ransom software. After tracking all details by the attacker, the technology structure of security has gone through the glitch. Security locks are broken in a complicated way that anybody cannot find the way. After using the forget mail the attacker has transferred all the investment into a rogue bank account. Which cannot be easily tracked. It has been understood that the fraud is closely related to credit card crime.

Differentiation of the cause

In recent times online gaming has become most popular to attack and this is also easy for the fraud to get the details by hacking. Phishing attack methods have different and huge backgrounds all can provide detail very easily, but getting them detail is not so easy. For this part the management should build a strategy to track the Root (Pavlík, 2018). Here in IAG Company occurred strategy has implied the details about Phishing mail hacking strategy. The business auditing information was hacked in the first step. In that case the detail said Audit information IDS hacked to logging inside the networking structure.

Analysis

The phishing mail has provided threads on the detail of sensitive data area, credential logging portfolio, audit logging detail and financial data of the company. This also impacted on the graph of the IAG business (Zhang et al. 2020). This factor hampers the analysis factor of internal processes and creates distribution in other nal structures. For that the internal information has leaked in the outside of business which impacts on the consumer trust.

Threat Actors of Email Phishing Attack

Phishing mail is the oldest method or process for cyber criminals. But this process can still have a deep impact on business or network structure. There are a variety of attackers for the leverage and tactics where the emails are in the main target position.

• In IAG the hacker was executed for spoofing the mail and making a malicious URL for the user. If the user is not experienced then in this part they take advantage of similar looking characters (Sheehan et al. 2021). This is also the cause of reduction of the human visual inspection or detection power.
• Phishing kits are offered from the dark black web markets. The kits are some kind of software program. With this kit the hacker need not have any kind of different technology skill. This type of software will provide all kinds of services to fraud in technology detail.
• Here like is not the only item which can be used in the attacking process. The spoofing created a site, which became so trustable for the user.

Description of framework

Cyber risk analysis and justification

For the cyber risk analysis the data collection should be followed at the first time and it should be kept in mind that the data must be admitted to the market or industry. Previous prospective goal detail should be analyzed and after a cyber-attack the detail is incurable to conduct in goal determination that must be evaluated by the management team. Development of the code provides the analysis of the thematic process (Dambra, Bilge and Balzarotti, 2020). Each of the insurance dockets will consist of a different zipped file.

Every additional supporting detail provides the document for exams every investigation principle.

The main motive for hacking is to gain money but the way or process is different for every fraud. In IAG the fraud has gained important detail and which can proceed to have a bad impact in the market. This IAG Company needs cyber security which can protect their network connection from threads of cyberspace. IAG has taken cyber insurance; this was the strategy of their business manager (Evans, 2019). A business cyber-attack just does not provide theft to the business process it also impacts every individual those are attached with the business.

NIST Framework

NIST is a framework of cyber security which provides a powerful tool to the organization. This is the best practice to improve in business. This framework has five functions all are going to describe as per the IAG Company in the following part.

• Identity- This IAG Company has provided training to the employee for identifying the phishing mail. The IT structure has been developed at a strengthened level which will provide best security and with this the assets will be manageable for this insurance business. This company generally provided insurance to the consumer and because of that they had to deal with a lot of sensitive information.

• Protect- Every employee needs to be aware about the training program. They will be able to identify the suspicious mail which can affect their business network system. To maintain the accessing control system the IAG needs to follow all the steps to track every business acquisition (Zhang et al. 2019). IAG really needs data security because they have a very wide range of customer personal details.
• Detect- At the time of the phishing attack the anonymous email was already included in suspicious mail which were delivered from an unknown email sector. All this provided spear content which needed to be determined carefully.
• Respond- This part is a planning section for security of open hyperlink and IAG has started a verification system of downloading information so many spam things cannot enter in their network system.
• Recover- After cyber-attack they have plans for recovery, in this part they also create another device to filter the information which are coming from outside. They want to build a communication system against the phishing attack.

Mathematical Computation in Excel

For this project there are many different parts of evaluation, one is cost calculation of business risk. For this their frequency and severity has been evaluated. All these factors provide details about the business cost and risk. After getting the details the CEO of this firm will be held full. In excel the risks are evaluated properly with a regression method. Total cyber risk will be implicated in this mathematical section.

The chart has implications for every different factor impact. Also sensibility analysis has been done in excel this helps to understand how different cost and loss input impact on cyber cost output.

Recommendation for the CEO

Pros of the Framework

Here IAG business will get different and strong benefits which will increase the security system.

• They will be able to have unbiased and superior cybersecurity (Mazzoccoli and Naldi, 2021).
• IAG has enabled the long-term risk management system and cyber security.
• The future regulation will be recreated and new requirements of compliance will come to the IAG business.
• Newly builder ripple will affect the supply chain.
• This business has a wide gap between the business and the stakeholder of the business, which will be reduced by the bridge of technology.
• NIST is a very powerful framework of assets system and this business assets is the consumer, every customer detail will be secure in this business.
• Here the cyber security makes a path of forward thinking in IAG with frame working program.

Cons of the Framework

The NIFT framework also provides some disruption in business which can be despite the business structure.

• There are always limited objectives to support the business structure.
• Vendor side gets locked several times which can be problematic for the user.
• Memory leak is common in every frame work so here in this NIFT framework the memory leak also plays the role for disruption.
• At the time of NET core transition it became difficult.

Recommendations

IAG businesses need strong protection and for that the CEO of the business should consider all the benefits and problem factors of their business.

• The CEO needs to provide better training to the employee and for the Attacking of cybercrime.
• A responsible strategy needs to be built for phishing mail or other cyber-attack methods.
• He should make a decision to acquire new tools for browser safety.
• Strong networking system needs to develop in IAG business, which cannot easily break for any third party.
• Cyber insurance is good which has been conducted by the business after cyber-attacks but more security is needed to keep away further cybercrime.

Conclusion

According to this project here the cybercrime has been analyzed with various factors in various ways. Cyber-crime is very effective in present days, this makes distribution between networking systems. Only the firm and business are affected by this. It is not true that the individual person is also affected by this crime. Here in this project the Insurance Australia Group has been chosen to understand the project. Before a few years this business has faced a cyber-attack, in which they have lost a big portion of their business detail and information. At first the types of cybercrime have been described and the source of the attackers also described here. For this type of attack how the business can be affected has been said and how the problem can be accessed or be solved all detail has been provided. From this project it has been understood that every business and individual needs to be aware about cybercrime.

Reference List

Journal

Dambra, S., Bilge, L. and Balzarotti, D., 2020, May. SoK: Cyber insurance–technical challenges and a system security roadmap. In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 1367-1383). IEEE.

Egan, R., Cartagena, S., Mohamed, R., Gosrani, V., Grewal, J., Acharyya, M., Dee, A., Bajaj, R., Jaeger, V.J., Katz, D. and Meghen, P., 2019. Cyber operational risk scenarios for insurance companies. British Actuarial Journal, 24.

Evans, A., 2019. Managing cyber risk. Routledge.

Falco, G., Eling, M., Jablanski, D., Miller, V., Gordon, L.A., Wang, S.S., Schmit, J., Thomas, R., Elvedi, M., Maillart, T. and Donavan, E., 2019, June. A research agenda for cyber risk and cyber insurance. In Workshop on the Economics of Information Security (WEIS).

Lau, P., Wang, L., Liu, Z., Wei, W. and Ten, C.W., 2021. A coalitional cyber-insurance design considering power system reliability and cyber vulnerability. IEEE Transactions on Power Systems, 36(6), pp.5512-5524.

Malavasi, M., Peters, G.W., Shevchenko, P.V., Trück, S., Jang, J. and Sofronov, G., 2022. Cyber risk frequency, severity and insurance viability. Insurance: Mathematics and Economics.

Mazzoccoli, A. and Naldi, M., 2020. Robustness of optimal investment decisions in mixed insurance/investment cyber risk management. Risk Analysis, 40(3), pp.550-564.

Mazzoccoli, A. and Naldi, M., 2021. Optimal investment in cyber-security under cyber insurance for a multi-branch firm. Risks, 9(1), p.24.

Nolan, C. and Fixler, A., 2021. The economic costs of cyber risk. Foundation for Defense of Democracies.

Orlando, A., 2021. Cyber risk quantification: Investigating the role of cyber value at risk. Risks, 9(10), p.184.

Pal, R., Huang, Z., Lototsky, S., Yin, X., Liu, M., Crowcroft, J., Sastry, N., De, S. and Nag, B., 2021. Will catastrophic cyber-risk aggregation thrive in the IoT age? A cautionary economics tale for (re-) insurers and likes. ACM Transactions on Management Information Systems (TMIS), 12(2), pp.1-36.

Pavlík, L., 2018. Possibilities of modelling the impact of cyber threats in cyber risk insurance. In MATEC Web of Conferences. EDP Sciences.

Radanliev, P., De Roure, D., Cannady, S., Montalvo, R.M., Nicolescu, R. and Huth, M., 2018. Economic impact of IoT cyber risk-analysing past and present to predict the future developments in IoT risk analysis and IoT cyber insurance.

Sheehan, B., Murphy, F., Kia, A.N. and Kiely, R., 2021. A quantitative bow-tie cyber risk classification and assessment framework. Journal of Risk Research, 24(12), pp.1619-1638.

Welburn, J.W. and Strong, A.M., 2019. Systemic cyber risk and aggregate impacts. Risk Analysis.

Xu, M. and Hua, L., 2019. Cybersecurity insurance: Modeling and pricing. North American Actuarial Journal, 23(2), pp.220-249.

Zhang, R. and Zhu, Q., 2019. $\mathtt {FlipIn} $: A Game-Theoretic Cyber Insurance Framework for Incentive-Compatible Cyber Risk Management of Internet of Things. IEEE Transactions on Information Forensics and Security, 15, pp.2026-2041.

Zhang, X., Lashkari, A.H., Maleki, N., Mudge, J. and Ghorbani, A.A., 2019. Probabilistic classification for industrial cyber risk using deep neural network. In Proceedings of the 2019 International Conference on Security and Management, Las Vegas (Vol. 2, pp. 208-215).

Zhang, Y., Wang, L., Liu, Z. and Wei, W., 2020. A cyber-insurance scheme for water distribution systems considering malicious cyberattacks. IEEE Transactions on Information Forensics and Security, 16, pp.1855-1867.