A manager of a portfolio of companies may be interested in understanding the portfolio's aggregate cyber security risk level because, once understood, the manager can take action to manage or reduce that risk. Doing so can be advantageous in a number of scenarios where, e.g., an insurance company underwriting cyber-insurance needs to minimize the chance of catastrophic loss due to correlated risk, or an organization needs to minimize its exposure to breach or business interruption stemming from its vendors (e.g., third party vendor risk management). Examples of such adverse cybersecurity events include Distributed Denial of Service (DDoS) and the like, which lead to significant business interruption.
Currently available technologies for managing a portfolio's cybersecurity risk level suffer from certain drawbacks. For example, while certain technologies determine how diverse a set of companies may be, they do not provide meaningful information with regard to whether the companies' shared features actually influence or are indicative of the occurrence of a cybersecurity risk event. In other words, known technologies do not meaningfully inform a user of a portfolio's reduced or increased correlated risk of experiencing a cybersecurity event.