Our unique cyber insurance approach
Cyber insurance is a risk transfer mechanism and an important part of an effective cyber strategy. Organizations have insurance for other hazards such as flood, fire, hurricane and other threats but rarely consider cyber insurance as important. In general, cyber insurance will pay for business interruption, data exfiltration and regulatory costs.
Cyber Risk Quantification
Cyber Risk quantification looks at the different costs involved in a cyber attack and aggregates them into useful metrics.
Business Interruption Costs
Business interruption is a first-party loss for lost income from an interruption to an insured computer system as a result of a failure.
Data Exfiltration Costs
Data exfiltration happens when attackers steal the organisations information. This is typically based on the value of patents and personal information.
Regulatory loss happens when a regulator fines an organisation for a cyber breach. For GDPR privacy breaches of EU citizen, the fines can be 20 million euros or 4% of annual revenue.
First party expenses to investigate a system intrusion into an insured computer system.
First-party expenses required to hire a public relations firm to communicate a breach.
Cyber Insurance 2.0
Today, most brokers and carriers use loss events and industry metrics to create their cyber risk algorithms to determine how much to sell and pricing. This does not align to the way the insurance is actually paid out. Furthermore, these are not dynamic enough metrics. Cyber is dynamic and rapidly changing.
- Looking at historical data is not useful
- Remediation incidents does not affect your posture
- Criminals are exploiting insurance payouts.
We continuously asses your cyber security posture and share the analysed data with the insurance company. A supervised formula is used to discount your premium based on good cyber stewardship.
- Inherent Risk Score
- Residual Risk Score
- Cyber budgeting
- Vendor Cyber Risk
- IOT/OT Cyber Risk
- AI/ML Cyber Risk.
Cyber Risk Management
Each organisation has a different level of cyber maturity which we take into account based on resources, skill needed and the depth of experience in cyber management. We classify companies in 5 levels:
- Level 1: unaware
- Level 2: tactical
- Level 3: focused
- Level 4: strategic
- Level 5: pervasive
Small businesses also arguably have the most to lose from being hit with a damaging cyber-attack. A recent report revealed that businesses with less than 500 employees lose on average $2.5 million per attack.
ReaQta has been tracking an extensive and long running spear-phishing campaign, targeting the supply-chain in the Oil & Gas industry, most likely for espionage purposes. The campaign started in 2018 and it’s still running today, with a new wave began on the first week of May.
Around a quarter (23%) of small to medium sized enterprises (SMEs) believe that cyber insurance is not fit for purpose, according to joint research by insurer CFC Underwriting and Biba-accredited premium finance firm Premium Credit.