SECONDO: Optimising cybersecurity investments and cyber insurance

SECONDO is an innovative European project that goes beyond the state-of-the-art by combining cutting edge technologies into one Economics-of-Security-as-a-Service platform. It estimates cyber risks based on a quantitative approach that focuses on both technical and non-technical aspects (e.g., users’ behaviour) that influence cyber exposure. Moreover, it recommends optimal investments in cyber security controls using attack graphs and game-theory methodologies. Also, it determines the residual risks and estimates the cyber insurance premiums considering the insurer’s business strategy, eliminating the information asymmetry between the insured and insurer. In addition, it stores the premiums in a private blockchain to store assets and information related to security and privacy risk measurable indicators. Finally, leveraging privacy-preserving smart contracts hides sensitive client information, providing flexible smart contract description, so that more expressive contract contents are reflected in the digital format.

“The SECONDO project will establish a new paradigm in risk management for enterprises of various sizes, with respect to the GDPR framework, while it will enable formal and verifiable methodologies for insurers that require estimating premiums. Moreover, the SECONDO project will use a private ledger, which provides secure access control on data records, to hold an inventory of assets and information regarding security and privacy risk measurable indicators of an organisation. Finally, privacy-preserving techniques will be used in data storage and smart contracts to protect clients’ privacy.” – Prof. Christos Xenakis, Department of Digital Systems, University of Piraeus

Innovative solutions in mitigating cyber security risks

SECONDO will provide an innovative platform that will contribute to mitigating cyber security risks by investing in cyber security as well as outsourcing residual risks. In turn, this will facilitate a more efficient and straightforward way of complying with the GDPR throughout EU countries. Regarding economic impacts, both SMEs and large organisations will be able to mitigate cyber risk through economically viable and effective cyber security solutions. They will also substitute expensive consultation on cyber security strategies and investments with the SECONDO platform and knowledge acquired from the project outcomes. Furthermore, the project results will help businesses to ensure for their customers higher levels of security making their services more attractive than before, therefore increasing their customer’s portfolio. Cyber insurers will also benefit from the results of the project by providing cyber insurance contracts with more affordable premiums for clients, thus attracting more clients.  The more affordable premiums may also encourage the underwriting of individuals to ensure their personal data value and implement basic cyber security controls to protect them.

The strategic partnership of the project will reinforce the role of universities in supporting industrial research and will bring academia closer to market trends and needs. This cooperation generates results that are presented as scientific publications in high-impact journals and well-known conferences. These results can be utilized to design proposals for upcoming future Horizon calls. Digital Europe and Horizon Europe will benefit from the development of the SECONDO platform in cybersecurity issues, defining the new contracts and agreements that will take place, with great attention to citizens and organisations. European citizens and organisations will be able to mitigate cyber risk through economically viable and effective cyber security solutions.

Read more details on the SECONDO mini-site and find out more about the latest update, project results and benefit to its end-users.