As the saying goes, there are two certainties in life: death and taxes. As we all look ahead to 2016, it’s clear that a third certainty has entered the mix: breaches.
While they might have once been the exception, breaches are now by and large the rule; hardly a week goes by without a major corporation making an embarrassing (and costly) admission that their systems have been compromised. In 2015, there were no less than 160 successful cyber attacks during an average week, resulting in companies and consumers suffering hundreds of billions of dollars in combined losses. The scale and frequency of breach events suggest companies face issues that are hard to define and understand, and therefore nearly impossible to prevent. But the truth is much less dramatic.
Companies are suffering through a seemingly endless hangover following a period of incredible growth in technology. True, systems are better connected and more scalable than ever before, but we also have less visibility into their inner workings, and therefore less understanding of behavior and associated activity. And as a result, mistakes are more common. In short? Businesses have lost their ability to withstand pressures from breaches, misconfigurations and more – their digital resilience, as McKinsey once dubbed it – and there have subsequently been huge ramifications for companies and consumers alike.
As this trend called “digital transformation” has continued to top CIO priority lists, our team has been on the frontlines of technology’s inexorable growth across all industries – and also working to cure the debilitating hangover hindering businesses. While working with companies to streamline DevOps, our technology platform also granted us a unique, under-the-hood glimpse into how IT departments struggled to wrangle infrastructure, and just how little visibility they had into their systems. We also quickly realized that the way customers used ScriptRock had shifted alongside the rising tide of breaches – our customers were doing a whole lot more than we'd imagined. They’d started using ScriptRock to create visibility, strengthen compliance monitoring, bolster security, aid troubleshooting, and heighten validation.
In sum, we saw an opportunity to make companies digitally resilient again, while also augmenting the market for cyber insurance, one in clear need of standardization to scale fully and widen its impact.
With that in mind, we’ve expanded ScriptRock from a platform for IT and DevOps professionals to become a top-to-bottom platform for digital resilience that tracks the state of a company's IT assets as changes happen. To reflect that change, we’re also going by a new name: UpGuard.
We believe that our new brand identity will be key to enabling all companies to navigate critical moments in their trajectories. This is the “moment” in which the tech market, either continues its haphazard and unpredictable path, with snowballing implications for businesses and consumers alike, or matures into a steady force that’s implementing the essential precautions for its customers – a thriving cyber insurance market.
To allow companies to rebuild their digital resilience – and guide companies to their next phase of maturation – we’ve added another layer to ScriptRock: the Cybersecurity Threat Assessment Report (Or CSTAR for short). Think of CSTAR like a credit score for risk that indicates to every CFO, CRO and CEO their company's potential for service outages and data breaches due to misconfigurations and software vulnerabilities.
Creating the defacto standard for the cyber insurance market
Executives are already using CSTAR to understand how their digital resilience stacks up against breaches and confidently make business decisions. Fast-moving businesses, such as travel software company Amadeus, have already begun to make use of UpGuard to ascertain where their internal risks are and patch holes as needed.
On the flip side, major insurers and underwriters – like CRC Insurance and Corona Underwriters – are already using UpGuard’s CSTAR score to assess and measure cybersecurity risk when creating policies for companies. This operational intelligence enables insurers to move away from making ballpark estimates on cyber insurance policies, and instead implement precise recommendations; a win-win for businesses and insurers alike.
In the digital economy, you can’t prevent breaches, but you can manage them, and this degree of standardization marks a pivotal opportunity for the soon-to-be $7.5 billion field of cyber insurance to make its industry consistent, and safer, for all of those involved.
And just as the ubiquitous credit score became a global standard for measuring risk in the financial industry through establishing an accurate and reliable number lenders trust to make credit decisions, we envision a similar path for CSTAR to be the single score for measuring risk that insurance providers and businesses alike rely on to make cyber risk decisions. The breakneck speed required by this new digital economy shouldn’t sacrifice the safety and stability of a company and its employees, partners and consumers. As UpGuard, we intend to provide companies the level of assurance they need for digital resilience, so they can focus on what matters – propelling their business, and the larger industry, forward.
ScriptRock UpGuard Team
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >