The Wall Street Journal recently reported that premiums collected by the largest U.S. cyber insurance carriers in 2021 rose 92% year-over-year, largely in response to a surge in ransomware. Cyber risk insurers are also declining coverage to companies with substandard cybersecurity controls, as well as changing the fine print for sublimits to reduce coverage for types of losses one by one.
The best defense: a thorough, quantitative analysis of the loss exposure in dollar terms that your company faces from cyber risk – and in detail. RiskLens software and services run on FAIR™ (Factor Analysis of Information Risk), the international standard for cyber risk quantification. Here is a quick look at two tools from RiskLens to give you maximum advantage in shopping for cyber insurance coverage.
RiskLens Enterprise Platform
For organizations running a cyber risk management program at enterprise scale, the platform offers these capabilities for smart cyber security insurance purchase:
>>Top Risk Assessment
The rule of thumb is, buy insurance for low likelihood/high impact loss events and invest in controls for higher likelihood/lower cost events. With a rapid risk assessment workshop conducted with RiskLens consultants, your analysts can scope loss event scenarios that can be analyzed by the RiskLens platform. The result: a ranked list of top risks based on likelihood and impact, revealing the probable cost of high impact events. Analysts can drill down into individual top risks to understand the cost drivers, yielding more insights, for instance on legal fines and judgments or business interruption, helpful for negotiating policy details.
With this capability, organizations can group risk scenarios by business unit, geography, revenue stream or any other view of loss exposure that would focus insurance coverage decisions. For instance, you may want a read on ransomware risk by business unit to evaluate where the highest risk is concentrated and where to begin mitigation efforts or tailor an insurance policy.
>>Risk Treatment Analysis
To answer the ultimate treat-or-transfer question of insurance buying, the RiskLens platform can run this function to game out controls or process changes to understand their effect on risk reduction in financial terms and compare cost vs. benefit of pay vs. not pay on insurance premiums.
In this case study, RiskLens answered the question of “what’s more cost-effective to mitigate earthquake hazard, insurance or a building retrofit?”
RiskLens My Cyber Risk Benchmark Tool
For organizations looking for a quick, high-level view of cybersecurity loss exposure:
The My Cyber Risk Benchmark tool offers customized insight to an organization’s cyber risk across the seven most common categories (ransomware, denial of service attacks, etc.), refined by industry, geography, database size, and other parameters, with results expressed as probable cost in dollars and likelihood of occurrence. The same data science that feeds the RiskLens enterprise platform supports My Cyber Risk Benchmark. Also, the tool rates the organization’s security posture and quantifies the impact of posture changes. Together these features deliver fast, reliable insight for decisions on insurance coverage and treat-or-transfer.
Learn more in a webinar: CRQ for All: My Cyber Risk Benchmark.