“The first is company mapping, which is equivalent to a company’s ancestral tree. Understanding parent entities and subsidiaries and how they work together inform cyber integrity. The second type is technographic data, which showcases the technologies, services, and data centers that the company relies on. Digital asset data is commonly used to understand the scale of a company’s digital footprint, and thus understand the magnitude of a cyber event, but diligence data is needed to see the potential company exposure to different cyber events. Since organizations face a constantly evolving attack surface, it’s nearly impossible to manually gather this data. Leveraging consortiums from security rating providers that have information on open ports, server configurations, and publicly disclosed security incidents can help fast-track this process. The third type of data is firmographic, which consists of business information about the company. Some examples of this data are revenue figures, employee count, business location, industry type and number of customers.”
Source: Hardening Cyber Insurance Market Makes Cybersecurity More than a Tech Problem