loder

Our unique cyber insurance approach

Cyber insurance is a risk transfer mechanism and an important part of an effective cyber strategy. Organizations have insurance for other hazards such as flood, fire, hurricane and other threats but rarely consider cyber insurance as important. In general, cyber insurance will pay for business interruption, data exfiltration and regulatory costs.

Cyber Risk Quantification

Cyber Risk quantification looks at the different costs involved in a cyber attack and aggregates them into useful metrics.

Business Interruption Costs

Business interruption is a first-party loss for lost income from an interruption to an insured computer system as a result of a failure.

Data Exfiltration Costs

Data exfiltration happens when attackers steal the organisations information. This is typically based on the value of patents and personal information.

Regulatory Costs

Regulatory loss happens when a regulator fines an organisation for a cyber breach. For GDPR privacy breaches of EU citizen, the fines can be 20 million euros or 4% of annual revenue.

Forensics Investigations

First party expenses to investigate a system intrusion into an insured computer system.

Media Liability

First-party expenses required to hire a public relations firm to communicate a breach.

Cyber Insurance 2.0

Today, most brokers and carriers use loss events and industry metrics to create their cyber risk algorithms to determine how much to sell and pricing. This does not align to the way the insurance is actually paid out. Furthermore, these are not dynamic enough metrics. Cyber is dynamic and rapidly changing.

  • Looking at historical data is not useful
  • Remediation incidents does not affect your posture
  • Criminals are exploiting insurance payouts.

Risk-Adjusted Pricing

We continuously asses your cyber security posture and share the analysed data with the insurance company. A supervised formula is used to discount your premium based on good cyber stewardship.

  • Inherent Risk Score
  • Residual Risk Score
  • Cyber budgeting
  • Vendor Cyber Risk
  • IOT/OT Cyber Risk
  • AI/ML Cyber Risk.

Cyber Risk Management

Each organisation has a different level of cyber maturity which we take into account based on resources, skill needed and the depth of experience in cyber management. We classify companies in 5 levels:

  • Level 1: unaware
  • Level 2: tactical
  • Level 3: focused
  • Level 4: strategic
  • Level 5: pervasive