Reducing cybersecurity risk level of a portfolio of companies using a cybersecurity risk multiplier
First Claim
1. An interactive tool for improving a cybersecurity risk level of a portfolio of companies, the interactive tool comprising:
- a memory; and
one or more processors communicatively coupled to the memory, where the one or more processors are configured to;
identify;
at least one company that experienced a cybersecurity risk event during a certain time period;
at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies,a degree of mutuality of the at least one attribute;
determine a probability that another cybersecurity risk event will occur with respect to the portfolio of companies, where the probability depends on;
the number of identified common attributes, anddegrees of mutuality of the number of identified attributes;
generate, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies; and
generate a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier.
4 Assignments
0 Petitions
Accused Products
Abstract
A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.
-
Citations
20 Claims
-
1. An interactive tool for improving a cybersecurity risk level of a portfolio of companies, the interactive tool comprising:
-
a memory; and one or more processors communicatively coupled to the memory, where the one or more processors are configured to; identify; at least one company that experienced a cybersecurity risk event during a certain time period; at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies, a degree of mutuality of the at least one attribute; determine a probability that another cybersecurity risk event will occur with respect to the portfolio of companies, where the probability depends on; the number of identified common attributes, and degrees of mutuality of the number of identified attributes; generate, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies; and generate a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier. - View Dependent Claims (2, 3)
-
-
4. A method for improving a cybersecurity risk level of a portfolio of companies, the method comprising:
-
identifying at least one company that experienced a cybersecurity risk event during a certain time period; identifying; at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies, and a degree of mutuality of the at least one attributes; determining a probability that another cybersecurity risk event will occur with respect to the portfolio of companies, where the probability depends on; the number of identified common attributes, and degrees of mutuality of the number of identified attributes; generating, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies; and generating a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations to improve a cybersecurity risk level of a portfolio of companies, the operations comprising:
-
identifying at least one company that experienced a cybersecurity risk event during a certain time period; identifying; at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies, and a degree of mutuality of the at least one attributes; determining a probability that another cybersecurity risk event will occur with respect to the portfolio of companies, where the probability depends on; the number of identified common attributes, and degrees of mutuality of the number of identified attributes; generating, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies; and generating a refined cybersecurity risk level that is a function of the initial cybersecurity risk level and the cybersecurity risk multiplier.
-
Specification