Real Time Cyber Threat Intelligence

Real Time Cyber Threat Intelligence
Petra Wildemann, SAV, DAV, IFoA (Affiliate)
30 April 2019

Remembering the early days of the Internet and mass accessibility of data, it’s hard to believe how much things have changed – and where wide-scale access to data has brought us. It’s important not to lose sight of the fact that, from a historical perspective, “personal data” as a hot-button topic is a very new phenomenon.

As hard as it might be for the younger generation to believe this, there was a time when medical reports usually didn’t go beyond doctors, patients and their families. Intimate photos were the exclusive province of family and trusted friends.

View Full article       ->

IT governance is an important factor in securing data and information. More and better governance is needed. Boards of directors, management and security leadership must forge a strong working relationship in order to create and implement a secure strategy to protect business and private data, “inside” and “outside”, in order to mitigate risk as well as to meet compliance and regulatory requirements.

Petra Wildemann, SAV, DAV, IFoA (Affiliate) – Chair and Founder of Swiss Cyber Think Tank / Talent Search at Dorigo AG

What if there is an interconnection between GDPR and CyberSecurity?

Is there any interconnection between GDPR and cybersecurity?

By Monika Wehr, Cert. Data Protection Officer / CyberWehr RMS GmbH

We know that in about 80% of the big known cases like Maersk, Not Petya, Equifax Data Breach, Emotet, etc., technical measures such as uploading a sufficient data security update could have avoided the damage caused by the ransomware. Today, among the TOP TOPICS OF SWISS COMPANIES, the trio “digitization – robotics – automation” takes the first place in the rankings. The digital transformation brings a decisive competitive advantage. But, with the rapidly growing number of IoT devices, also consumer insecurity in terms of data protection, data security, and data protection is increasing dramatically.

Who guarantees that all data recorded by the Internet of Things (IOT) will be encrypted and used for analysis? Data is threatened by various dangers, including in the production chain: “….We believe that we are safe when we control our infrastructure and that all systems function flawlessly. BUT WE ONLY HAVE RESTRICTED OR NO CONTROLS THROUGH THE SUPPLY CHAIN OF DAILY (CRITICAL) COMPONENTS, SUCH AS COMPRESSED HARDWARE, FIRMWORKS OR CHIPS, THAT ARE THE CORE OF PROCESSING AND CONNECTING”, mentioned Dr. Stefan Frei, ETH Zürich.

Switzerland – a developing country in the domain protection?? According to the Switch Survey Foundation, only 12% of companies have sufficient protection with regard to internet security; in comparison: Macedonia 40% and Scandinavian countries do show already 80%! in Switzerland there is no legal regulation, such as banks should protect their website in terms of cyber security. Is the Swiss financial center not an object which is very worth being protected? 

This list goes on forever: cyber risks are abstract, have developed slowly, but now faster and faster; they have been ignored for a long time. The human being is still n no.1 of all risk factors! 

The General Data Protection Regulation (GDPR) ensures uniform data protection requirements, but it doesn’t mean that the data protection measures are equally required in all areas. With regard to the safety of processing (Article 32 GDPR), measures should be selected taking into account the state of the art, implementation costs and the nature, scope, circumstances, purposes of the processing, the probability of occurrence, the severity of the rights and risks freedoms of natural persons ».

Thus, if there are any special risks for data protection, special protection must be implemented too. A data protection impact assessment (DSFA / Article 35 GDPR) shall be carried out; it analyzes concrete consequences for data protection and names measures for the planned implementation of the IoT project. The IoT usually meets the requirements for the required DSFA: a form of processing, in particular when using new technologies, is likely to be a high risk to the rights and freedoms of individuals due to the nature, scope, circumstances and purposes of the processing. Consequently, the person responsible must first carry out an assessment of all consequences of the intended processing operations for the protection of personal data.

So why not identifying weak points by means of a risk analysis in order to prevent them with appropriate technical and organizational measures at a low cost? Thus, compliance with the GDPR could also be achieved in one step.

Monika Wehr – Cert. Data Protection Officer / CyberWehr RMS GmbH –

debate on “Managing Accumulation Risk in Cyber Insurance”

Managing Accumulation Risk in Cyber Insurance

11 January 2019
Moderated by Petra Wildemann
Guests are Denny Wan and Steve Wilson

The debate extends the concepts of the discussions in the white Papers on “Pro-Active Insurance Pricing Model” and “Cyber Incentive Model” with the discussion of the paper “Advancing Accumulation Risk Management in Cyber Insurance – Prerequisites for the development of a sustainable cyber risk insurance market”. The debate explores how important it is that the insurance markets manage the accumulation risk and learning to understand it better so the market can continue to expand.
We discuss the role of cyber insurance in supply chain risk management and learn that the beneficiaries of the cyber insurance policy in a supply chain context are generally not the policyholders. And furthermore, it can be compared to other insurance lines such as automotive in particular when looking at “Usage Based Insurance (UBI)”, which is a rising parallel trend collecting data from installed black boxes in vehicles. Policyholders just expect “good drivers to be rewarded with lower premiums”, which is also a topic for cyber risks and cyber security, both in technology and in cloud systems.
There is a rapid increase in businesses and individuals, who outsource to the cloud with a potential for risk concentrating around Cloud Service Providers’ operations. The usage of common software packages and some software runs across industries, so these create wide-spread exposure to malware attacks. The insurance industry can provide its experience with other risks in a variety of business lines. In the debate, we discuss several factors regulations, risk mitigation along the risk value chan.
Insurance is fundamentally a risk transfer process rather a technology challenge. It is largely based on people’s perception of risk and their risk appetite. Self-insurance is an easy way out when the perception of risk is hard to define. As Steve explained, maintaining strong underwriting discipline is a foundation to limiting accumulation risk.

Transcript on “Managing Accumulation Risk in Cyber Insurance”


Research Documents

Pro-active Cyber Insurance Model, Insurance Risk Modelling, Engaging Cyber Insurance Brokering Experience

Effects of cyber risk in manufacturing and production

Effects of Cyber Risk in Manufacturing and Production

By Petra Wildemann

I recently observed in Zurich the operation of a highly sophisticated modern crane at the site of a huge building which had been severely damaged by a major fire, to the point where there was imminent danger of collapse of the remaining structure. There was a time when a large number of human beings would have risked their lives to deal with this situation, but now, a single person was able to „give orders“ by remote control to this crane, which then essentially figured out how to execute these orders by using artificial intelligence.

As I watched this, I thought about how with industrialisation, the automation of processes took wing to fly into a new and – then-called – modern world. We now look back and see this as a pre-manufacturing world. Nevertheless, with the start of automation in manufacturing firms, the use of robots has started to bring us today into a world of artificial intelligence. Manufacturing processes are now taken over by technology which is utilized to drive the business in an increasingly complex global network. Back-office applications and fully controlled high-risk manufacturing processes with a variety of technologies produce products with less human labor in the global marketplace.

This change results in an accelerated pace of change in technology due to emerging trends, such as high investments in intellectual property and exponential technologies. Additionally, the growth of smart-phone applications and the rapid adoption of analytical processes to improve internet strategies bear with them the risk that the existing technology may expand to a point where it is entirely out of our control. It is to a remarkable degree already out of our control.

And herein lies the dilema: If we cannot handle the technology, how will we be able to intelligently deal with the risks? Not just the unintended risks entailed by run-away technology, but the risk of those who use AI in order to deliberately do harm. It is an open secret that the society in the dark net is by far better structured than official society, and much better positioned, below the tip of the iceberg, to take advantage of its presence in the Internet of things. The broader value-chain of the technologies being used in the manufacturing and industrial ecosystem is clear only to a small number of people. The specific cyber risks in manufacturing processes, especially in larger-scale processes along the supply value chain, are becoming increasingly mysterious to nearly everyone, and it is also a sad fact that many manufacturers are only just beginning to try to more fully understand cyber risks in relation to their key third parties within their innovation network, their business partners and their subcontractors.

A data set is a crucial asset.

Manufacturers have started to make better use of data, moving from a transactional mindset to the valuation of data as an asset in and of itself. This brings key advantages, but also great risks. To be useful, data has to be made use of, which effectively means that it needs to „move“.  And as it moves: throughout the organisation, through business systems to shop floors, to customers and other third parties, the risk level inevitably increases.

Cyber insurance incentive model

Cyber Insurance Incentive Model

By Denny Wan and Petra Wildemann
27 August 2018

This whitepaper extends the concept of Pro-active Cyber Insurance Pricing Model (by the same authors) leveraging cyber risk control metrics in order to encourage insureds to improve their cyber security posture. This whitepaper explores the underpinning incentive model for cyber insurance policy and its potential to elevate and amplify the incentive effort.

Insurance is a risk transfer model whereby the insurers promise to compensate the insureds financially when the insured risk events materialise. The insurers maintain their right to adjust the payable claim amount based on their assessment of the actual financial damages suffered by the insureds attributable to the insured risk events. The maximum payable claim amount is known as the “policy aggregate limit” in the policy. From the insureds’ perspective, the aggregate limit is a continuum in funding available to mitigate their financial risk exposure to the insured risk events.

The default risk mitigation option is “self-insured” and when the insurance premium is a relatively small sum compared to the aggregate limit, such an approach can be financially attractive.

However, if this market split were to materialise, this would present a very good opportunity for our proposed Pro-active Cyber Insurance Model, since the insurers would earn higher premiums at the risk of higher exposure to a much more concentrated insureds demographics with similar risk profiles.

In the white paper “Cyber Insurance Incentive Model”, Denny Wan and Petra Wildemann tentatively compare Cyber incentive models to more complicated insurance business lines. A great deal of careful analysis will be required to accomplish a more in-depth comparison. This is in particular the case because historical claim-data-driven risk models are not suitable for forecasting future risks, and measurement and modelling approaches that have been developed for other risks (such as natural catastrophes) cannot easily be transferred to cyberrisk. We feel that our approach is genuinely unique and has material value, and we are in the process of clarifying a solid path for execution, e.g. by identifying sources of incentives.

White Paper

Cyber Insurance Incentive Model

By Denny Wan and Petra Wildemann

About the Authors

Denny Wan and Petra Wildemann are co-authors of the White Paper “Pro-active cyber insurance pricing model” from 29 July 2018, which has been published on Social Media, Cyber-risk-insurance and Security Express

Denny Wan is the principal consultant of Security Express (, a Sydney Australia based cyber security consulting practice. His specialisation includes security policy development, IT security audit, GRC risk management, virtualisation and hybrid cloud security architecture. He is the chair of the Open Group FAIR Sydney Chapter ( and currently undertaking postgraduate research into Cyber Insurance Pricing Strategy at Macquarie University ( under an Australian Government Commonwealth Scholarship.

Petra Wildemann is the Chair and Founder of the Swiss Cyber Think Tank (, a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms. As a qualified actuary for Life Insurance and Property & Casualty Insurance in Switzerland (SAV), Germany (DAV) and UK (IFoA Affiliate), her specialisation includes risk management on a variety of local and global risks. Of late, she has expanded her focus to also include the challenges of modelling the risks in the age of cyber risk ( and the mismatch between measurement and pricing of cyber-risk insurance policies (

 Research into cyber insurance

Cyber Insurance is an important business tool for managing residual cyber security risks which cannot be mitigated in a cost effectiveness manner. 

24 August 2018

For more information, please take a look at:

 Pro-active cyber insurance pricing model

Pro-active Cyber Insurance Pricing Model

29 July 2018
By Denny Wan and Petra Wildemann

When we review the terms of Cyber Insurance policies, it becomes clear that there is a mismatch between the insured‘s knowledge of the underlying type of cyber risks and the cyber risk insurance products offered on the market. It is not a gross overstatement to say that the insured simply has no idea what type of cyber risks and events they want to insure for.

Insurance is a business instrument for transferring and spreading risks. Comparing cyber risk to other insurance sectors, we note that not many people know much about the mechanical/physical aspects of cars, building safety or health management. Yet automotive, property and health insurance products are much more sophisticated than cyber risk products, driving stiff price competition. This is because the insured are well-educated about these insurance products even if they are not well-educated about the underlying insured risks. 

For such traditional insurance products, there are plenty of historical claim data which can be used to inform the pricing model, using actuarial techniques. The most important point is that these actuarial models are designed specially to reflect these commonly understood risk metrics. With so little historical data available, the creation of better cyber-risk models poses a major challenge for modern actuaries.

In the white paper “Pro-active cyber insurance pricing model”, Denny Wan and Petra Wildemann discuss cyber insurance pricing models which can potentially provide the necessary incentive to the insured to improve cyber security postures as a sustainable response for cyber threats to bridge the gap. They examine a transformational approach called “pro-active cyber insurance”, where there is explicit understanding of the risk metrics by the insurer and insured.

White Paper: 
Pro-active Cyber Insurance Pricing Model
by Denny Wan and Petra Wildemann


About the Authors

Denny Wan is the principal consultant of Security Express (, a Sydney Australia based cyber security consulting practice. His specialisation includes security policy development, IT security audit, GRC risk management, virtualisation and hybrid cloud security architecture. He is the chair of the Open Group FAIR Sydney Chapter ( and currently undertaking postgraduate research into Cyber Insurance Pricing Strategy at Macquarie University ( under an Australian Government Commonwealth Scholarship.

Petra Wildemann is the Chair and Founder of the Swiss Cyber Think Tank (, a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms. As a qualified actuary for Life Insurance and Property & Casualty Insurance in Switzerland (SAV), Germany (DAV) and UK (IFoA Affiliate), her specialisation includes risk management on a variety of local and global risks. Of late, she has expanded her focus to also include the challenges of modeling the risks in the age of cyber risk ( the mismatch between measurement and pricing of cyber-risk insurance policies (

 Impact of artificial intelligence  for risks in cyber

Is there a cyber risk for Artificial Intelligence? 

27 June 2018
Petra Wildemann

Cyber Risks requires modeling of risks and their parameters. That is already a challenge for insurers and those dealing with the various aspects of cyber attacks via cyber crime and cyber war.

Anything that is connected to data bears the risk of cyber and its variations. Programs and data structures that have been built and developed by people can be corrupted by other people, in various ways, whether by accident or by deliberate criminal behavior.

Is there a cyber risk for Artificial Intelligence?

To the article: Is there a cyber risk for Artificial Intelligence – 27June2018

Cyber and the talenT question

Cyber and the Talent Question
14 May 2018
By Ulrich Seega

Cyber Risk, Regulatory Risk and an increase in technology investment are at the forefront of leaders’ agendas. In many cases this means that the talent agenda suffers. 

To the article: Cyber and the Talent Question – 14May2018


The Author: Ulrich Seega is Managing Director of Schonhofer, an international London based talent advisory business that follows the philosophy that in order to be successful (as a business and in a business) two things need to be clear: What is your purpose and which behaviours are required to achieve the goals? 


Case Studies and Use Cases

Case Study: Crisis Management following a Cyber Attack

03 April 2018
by Pascal Michel and Marc Brandner, SmartRiskSolutions GmbH

To the article: Crisis Management following a cyber attack – 03April2018

SmartRiskSolutions GmbH

SmartRiskSolutions is specialized in security consulting, crisis management, and travel risk management. With our team of experienced consultants, analysts, instructors and international partners we support you wherever hazards put your business, organization or staff at risk. As we on a regular basis are conducting crisis response consultancy to insured clients facing extortion, kidnap for ransom, malicious product tampering, cyber attacks or other threat events we know what kind of emergency and crisis management structures work effectively and which do not.


General Data Protection Compliance Regulation (GDPR) and the german “Datengrundschutzverordnung” (DSGVO)

The Impact of GDPR on Education

21 May 2018
Petra Wildemann

Anyone who imagines that the impact of GDPR, which will take effect as of May 25th 2018, will be mostly limited to large corporations, should consider the field of education, where students, teachers and parents interact with large quantities of highly sensitive data.

To the article: The impact of GDPR on education – 21May2018

Additional information: Data Protection in the education business –

Further information:

  • European Network and Information Security Agency ENISA. Position Paper No. 1: Security Issues and Recommendations for Online Social Networks (PDF).
    Editor: Giles Hogben, October 2007.
  • Bericht und Empfehlung zum Datenschutz in sozialen Netzwerkdiensten «Rom Memorandum», März 2008 (PDF)
Do you think Data Theft couldn’t be an Issue for you? Think again!

10 May 2018
Petra Wildemann

When we hear about stolen personal data and read reports, many of us tend to think that this has little or nothing to do with us. This kind of thinking could not be more mistaken!

Sensitive personal data in the healthcare business is a topic we tend not to think too much about. But data in the healthcare business is a lucrative target for hackers. As the healthcare industry often has to very quickly process sensitive patient/customer data, their websites are often exposed to hackers and their storage drives are often unencrypted.

To the article: Do you think data theft couldn’t be an issue for you Think again – 10May2018

Impact of GDPR on the Use of Private Computers by Educators

01 May 2018
Petra Wildemann

When the new GDPR (DSGVO) terms go into effect in Germany, many industries will be affected. The industries we tend to think of first in this connection are large businesses and industries with sophisticated data processing design and cloud services. 

Private computers are used by teachers to develop courses, make notes and store information about their classes. Because schools very seldom provide computers, laptops or other devices to the teachers, provisions have often not been made for storing data on a secure network. Under the new DSGVO terms, which will take effect starting May 2018, the German government will allow teachers to use private computers and smartphones for educational purposes, but with strict limitations. 

To the article: Impact of GDPR on the Use of Private Computers by Educators – 01May2018

Impact of GDPR on the Health Insurance Business

23 April 2018
Petra Wildemann

The closer we get to the new GDPR terms, the more we learn what impact this will have for different industries. Organizations need to prepare themselves to be ready to comply with the new General Data Protection Compliance Regulation. More than a regulation, GDPR is a paradigm shift which forces industries to think differently about personal data and how to protect all elements of personal data. The regulation applies to all companies in the EU and abroad whenever data is processed on EU data subjects.

GDPR challenges all industries. However, it has a special impact on the healthcare business because of the large role that personal data plays in healthcare. “Personal” data is defined as “all information, which is related to a natural person”, including name, identification number, location data, and all information with respect to the health, culture identity and social identity of a person.

To the article: Impact to GDPR on the Health Insurance Business – 23April2018

Risks with the Release of GDPR for Internet Users

13 April 2018
Petra Wildemann

The release of the new GDPR term is near and will carry with it major changes affecting user data protection and risk. Many processes that allow external access to user data will have to be adjusted as a result.

GDPR (General Data Protection Regulation) has a direct impact on what will be allowed and what needs to be avoided in countries where the new regulation will be released in May 2018. The German regulation DSGVO (Datenschutzgrundversorgung) reacts to the needs in particular for Germany.

To the article: Risks with the Release of GDPR for internet users – 13April2018

Risks on Personal Data
11 April 2018
Petra Wildemann


Digitalization of communication platforms enhances cyber risks for business and personal life. The discussion about data leaks within the communication of personal data started once we saw what Social Medias are able to do with personal data.

Let’s take a look at how advertisements and knowledge about the need for products are combined. Prior to digital communication as we know it today, advertisements came via paper or other media (television, radio, telephone) to the people.  There was certainly knowledge as to what someone might like to buy or to own.

That knowledge was held by local businesses near where people lived.

With digitalization and globalization, the circles of knowledge as to what people might like to buy or to own became wider. Today, most communication is digitalized through various platforms. When entering a department store, apps combine knowledge about the goods in the market with the needs of the app user. That can help to guide people to desired products. However, it can also hinder people from buying and trying different products. The same holds for personal data which is communicated in social media. Personal information sent to the world via social platforms can be used for the retail industry to sell their products to groups which they have identified. This is certainly an advantage when looking for specific products but can also lead to scenarios where data is stolen, or in any case people are not aware of who has access to their personal data.

If the announcements concerning the Facebook dataleak are correct, then “Up to 87 Million of Facebook-Profiles were stolen”?  That would represent a huge proportion of the over two billion active Facebook users as of the 4thquarter 2017.

Are we at risk? How careless are the users of Social Media when giving personal data away? Do we know what is done with personal data and who has access to private information? Is this only the top of the iceberg of what happens when people give information away?

Is Cyber Risk a Topic for the Social Media?
08 April 2018
Petra Wildemann

The digital media dominates business and private life. Paper-based business processes are shrinking and are certainly on the way out. Yes, paper-based still exists, but the processes for core business functions are inexorably going digital. 

With digital processes, information is no longer safely kept in a locked filing cabinet. It is therefore much harder to protect and secure the safety of all data and information used for business processes. Digital processes, especially those involving distribution of data through the internet, in particular in clouds, lead to the risk of cyber attacks and cyber crime.

Cyber Risk is everywhere because digital information and processes are everywhere. In some industries, the digital processes are more advanced than in others. In addition, there are industries which are more advanced and therefore better protected than others. One reason for the advanced protection lies in past experience of data-mining attacks, for example in the financial industry. Regulations have certainly helped to protect data and private information used for transfers in the banking sections.

There are areas which are less well regulated, such as Social Media. A recent review of the interview between Zuckerberg (Facebook) and Jobs (Apple) in 2010 gives insight into how companies handle private data on different platforms.

Should private data be insured in order for better protection against usage of data for commercial gain?

Can insurers take the lead to protect private data in the social media? What risks need to be included; what risks need to be excluded? Is there enough available data to enable the misuse of private data in social media to be accurately measured?

Technology and digitilisation are becoming part of our working life

Those Who do not want Change, Deny the Future we are all in
21 March 2018
Petra Wildemann
Technology is changing our habits, our life and our professional behaviour. Technology and digitilisation are becoming part of our working life.

This is also true for insurers, who are looking more and more for opportunities to gather, analyse and determine the needs for data. The banking industry is much further on the path to offering their services via apps and online portals. Why is this the case? Are banking services simply in some way inherently more accepted and/or more needed  than insurance services, eg risk management services? To understand this better, we need to look at the differences between the businesses and other groups who bear the risks.

Let’s take a look at the Health industry. Doctor Apps are a popular sort of medical app. The users enter information as to their health (or sickness) and fill out questionaires via apps in order to obtain answers to questions instead of going to a doctor, or in some cases to obtain a second opinion. Based on an algorithm and powered by  Artificial Intelligence, the app gives a list of possible answers. Chats  with  online human doctors are also possible. Some insurers and InsurTech companies offer such medical apps.

From Data with Love: How the data economy is impacting the insurance sector

The health industry is certainly an industry which can offer online services closer to the banking industry than other insurance-related sectors, where the needs for services and chats with the insurer are more oriented toward risk coverages and claims.

More than 65% of insurers offer very few mobile services. They either prefer working with traditional channels or else simply have no mobile strategy. Hesitation in this area is partly due to security reasons, but these don’t adtually play a major role. The traditional channels via agencies or brokers do often hinder insuers from building and implementing a mobile strategy.


It would be recommended that insurers pay attention to the modern and futuristic way of serving customers!


Catastrophic Risks along the Epidemic Risk Value Chain

12 July 2018
Petra Wildemann

Epidemic and Pandemic risks are among the global risks for catastrophic mortalities along with Cyber risks, War or any Accidental risks, Hazards and Icebergs. Other risk types are shock events, which include Natural Catastrophic risks of the environment and infrastructures.

To the article: Catastrophic Risks along the Epidemic Value Chain – 12July2018

Cyber Risk is a Global Risk
02 March 2018
Petra Wildemann

Cyber Risk is a global risk, which can hurt people, industries and infrastructure. The globalization, in particular with respect to power grid and communication, of many countries and regions have a much higher impact to our risk in life than any other business. An attack to any infrastructure can be done on purpose or for harm and in most cases it has the purpose to gain illegal resources and capital. With these thoughts in mind, it makes cyber much more dangerous as pandemic risks. The start of a virus in a system can occur from many locations which are invisible for the attacked infrastructure. Pandemic risks are a failure in the nature of the health system from zoonotic to human diseases. Cyber risks can be also be seen as a failure in the IT systems and communication platforms. Man-made attacks to this system for espionage, sabotage and/or extortion lead to loss or exploitation of relevant information.

To the article – in English and French:

Further links: