Your policy includes an automated Coalition Cyber Risk Assessment (CRA). In this article, we’ll discuss how to read your CRA.
Risk Summary: Shows a summary of your key risks. Risk Score shows the likelihood of your organization to get compromised based on the security detections we have found from your externally exposed attack surface. A lower risk score is better. The Risk Summary also shows the number of critical security findings (impacts insurability or premium) followed by expected loss and suggested limits for your organization.
Security Findings: Security Findings (previously vulnerabilities) are detections that determine exposures for your company that pose threat. Critical security findings are the only ones that impact insurability and are typically contingencies- these must be remediated/resolved to be insured. For your information high, medium, low security finding counts are also included along with a brief snapshot of the attack surface we have analyzed (your assets)
Critical Security Findings: The next section shows each individual security finding that needs to be remediated along with clear instructions on which asset the finding is on, how to remediate it and how to resolve it in Control. You can login to Control and find these under Security Findings>All Findings section and use resolution action to resolve the finding or create an exception. In Control you can get more details on each finding including risk evidence.
Non-Critical Security Findings: The next section lists the non-critical security findings (High, Medium, Low). Note these do not have details in the CRA and we encourage you to login to Coalition Control to learn about and resolve these. Note these do not need to be remediated to get an insurance quote or renewal BUT do impact your risk score and hence should be fixed to maintain a good security posture.
Complete Risk Posture: In addition to security findings Coalition offers a complete risk posture report that includes details on data leaks, potential malicious events and email security posture. Note these DO NOT impact your risk score or insurability but are highly encouraged to be fixed over time.
The CRA is provided to help our insures proactively improve their security. The details in the CRA report are updated over time as we improve and add to our analyses processes.
Data Breaches/Leaks: Coalition searches the internet and dark web for data leaks from your company and highlights the passwords, emails, phone numbers etc compromised on different sites. Note these DO NOT impact risk score or insurability. You can log into Control to get the full data set for these.
The other sections highlight potential malicious activity on assets (malware, spam, torrents, blocklisted domains etc). These are for your investigation.
If you believe some of the assets do not belong to you login to Control and 'Remove Asset'.
Cyber Insurance Coverage: This section shows coverage for cyber insurance
FAQ and Glossary: The CRA wraps up with FAQ and Glossary
For more information on this topic please reach out to us; we’re here to help!