Digital Dominoes: Scanning the Internet to Expose Systemic Cyber Risk
Black Hat USA 2025 · Day 1 · Briefings
Morgan Hervé-Minucci of Coalition, one of North America's largest cyber insurers, argues that the current generation of catastrophe models used to quantify systemic cyber risk are structurally broken — anchored in natural-catastrophe frameworks, fed on fear-driven scenarios, and blind to the actual technology dependencies that determine how failures propagate. His alternative: continuously scan the entire internet to build a granular graph of organizational technology dependencies, then model systemic risk from empirical data rather than speculation. ---
AI review
Coalition's Head of Catastrophe Modeling is arguing that the insurance industry's cyber risk models are broken, which is true, and his empirical alternative — continuous internet scanning to build a granular technology dependency graph — is more rigorous than anything the CAT model vendors are currently doing. Cross-disciplinary find for the right audience; niche for everyone else.