Morgani's Presentation on Systemic Cyber Risk and Data-Driven Approaches

The presentation by Morgani, leading cyber catastrophe modeling at Coalition, examines systemic cyber risk through high-profile incidents like Change Healthcare, CDK Global, and CrowdStrike, which disrupted U.S. healthcare, auto dealerships, and airline operations respectively. The talk introduces a data-driven approach using internet-scale network measurements to identify critical "aggregation technologies and vendors" (ATVs) that create systemic vulnerabilities, mapping dependencies across industries such as the Inc. 5000, registered investment advisory firms, and real estate agencies. The methodology leverages proprietary scanning infrastructure to fingerprint cloud services, regions, and third-party dependencies, revealing concentration risks—e.g., 18,000 domains in finance relying on a few cloud providers or real estate firms dependent on niche SaaS platforms like Anywhere Real Estate. Key findings highlight that major ATVs involved in past disruptions were previously defendants in antitrust cases, linking market concentration to systemic risk. The presentation critiques traditional catastrophe (CAT) modeling for cyber, citing misalignment with dynamic, adversarial threats and overreliance on hypothetical scenarios like week-long global outages, which contradict observed resilience in distributed cloud architectures. Recommendations include expanding critical infrastructure definitions to focus on "too connected to fail" technologies, mandating supply chain visibility via tools like SBOMs, and adopting granular, auditable risk models that account for uninsured economic losses. The analysis underscores a shift from reactive policies to proactive, data-informed interventions.