Abstract: Evaluating an organization's risk of exposure to cyber security events by collecting security-based risk indicators about multiple organizations and an indication of whether the multiple organizations suffered a security event, inputting into a software model values representing financial damages of the security events and values of the security-based risk indicators about the multiple organizations, running the software model multiple times to output sets of classifiers distinguishing organizations that suffered the security event or not, where each run of the model is associated with the financial damages of the security event, accumulating the values that represent the financial damages associated with each set of classifiers, and assigning a weight to classifiers outputted by the software model according to the accumulated sum of the values that represent the financial damages that appeared in a set of the multiple sets outputted by the software model.

Abstract: Evaluating an organization's risk to be exposed to cyber security events, by collecting security-based risk indicators about multiple organizations and an indication on whether or not each of the multiple organizations suffered a security event, inputting values of the security-based risk indicators about the multiple organization into a software model, running the software model multiple times, where the software model outputs multiple sets of one or more classifiers, where each set of one or more classifiers distinguishes organizations that suffered the security event from organizations that did not suffer the security event, where the one or more classifiers include classifiers selected from the security-based risk indicators, assigning a risk score for a specific organization according to the importance of classifiers related to the specific organization, and computing an underwriting score for the specific organization.

Abstract: A computerized method for evaluating an organization's risk to be exposed to cyber security events, the method including receiving a request to evaluating a specific organization's risk to be exposed to cyber security event, the request including information about the specific organization, collecting security-based risk indicators about the specific organization, inputting the security-based risk indicators about the specific organization into a model, said model obtains weights to classifiers that represent an impact of a specific organization to be exposed to a security event, computing a specific risk value for the specific organization according to values of the specific organization and the weights of the classifiers.