Reducing cybersecurity risk level of portfolio of companies using a cybersecurity risk multiplier
First Claim
1. A method for reducing a cybersecurity risk level for a portfolio of companies, the method comprising:
- determining an initial cybersecurity risk level for the portfolio of companies;
identifying at least one company that experienced a cybersecurity risk event during a certain time period;
identifying;
one or more attributes common to the at least one identified company that experienced the cybersecurity risk event and a plurality of companies in the portfolio of companies, anda degree of mutuality of the identified common one or more attributes;
determining a probability that another cybersecurity risk event will occur with respect to the plurality of companies in the portfolio of companies, where the probability depends on;
a number of the identified common one or more attributes, anddegrees of mutuality of the number of the identified common one or more attributes;
generating, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies;
generating a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier; and
enabling a tool for using the refined cybersecurity risk level.
6 Assignments
0 Petitions
Accused Products
Abstract
A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.
-
Citations
40 Claims
-
1. A method for reducing a cybersecurity risk level for a portfolio of companies, the method comprising:
-
determining an initial cybersecurity risk level for the portfolio of companies; identifying at least one company that experienced a cybersecurity risk event during a certain time period; identifying; one or more attributes common to the at least one identified company that experienced the cybersecurity risk event and a plurality of companies in the portfolio of companies, and a degree of mutuality of the identified common one or more attributes; determining a probability that another cybersecurity risk event will occur with respect to the plurality of companies in the portfolio of companies, where the probability depends on; a number of the identified common one or more attributes, and degrees of mutuality of the number of the identified common one or more attributes; generating, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies; generating a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier; and enabling a tool for using the refined cybersecurity risk level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus for reducing a cybersecurity risk level for a portfolio of companies, the apparatus comprising:
-
a non-transitory memory; and one or more processors coupled to the non-transitory memory, where the one or more processors are configured to; determine an initial cybersecurity risk level for the portfolio of companies; identify at least one company that experienced a cybersecurity risk event during a certain time period; identify; one or more attributes common to the at least one identified company that experienced the cybersecurity risk event and a plurality of companies in the portfolio of companies, and a degree of mutuality of the identified common one or more attributes; determine a probability that another cybersecurity risk event will occur with respect to the plurality of companies in the portfolio of companies, where the probability depends on; a number of the identified common one or more attributes, and degrees of mutuality of the number of the identified common one or more attributes; generate, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies; generate a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier; and enable a tool for using the refined cybersecurity risk level. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification