Cyber insurance should tell you how much to invest in cybersecurity
Introduction:
Our client in the distribution industry was relatively small but had a complex business model with a number of critical SaaS providers that they depended on for their day-to-day operations. The company had trouble determining how much insurance coverage they should purchase as peer benchmarks didn’t account for the complex nature of their risk, and simple data breach calculators weren’t helpful. They needed a partner who could help them quantify their cyber exposure and total value at risk.
Problem
The client explained that they utilized several SaaS products which hosted valuable data backups. They knew if one of their vendors were hit with an attack, it would devastate their operations.
Solution
Using a risk modeling approach we call “decision analysis,” our risk quantification team provided two comprehensive strategies for reducing SaaS risk as it relates to both business disruption and potential breaches. One strategy presented a high incremental expected value. The next best strategy presented a more modest incremental expected value.
Both strategies included comprehensive State of Your Risk and State of Your Vendor’s Risk analyses to gain visibility on all internal and external risks. Both strategies were analyzed through an ROI-oriented risk mitigation plan and risk modeling through our Cyber Risk Modeling lab to quantify loss scenarios.
Both solutions allowed the client to ease their risk transfer budget and allocate that spending to other areas of their risk management. They chose to ease in with the less aggressive strategy first, testing its effectiveness and reliability given a broader set of operating requirements.
Result
As a result of our detailed risk quantification and “decision analysis” approach to risk modeling, this client was able to drastically reduce their insurance premium while increasing their resilience against third-party risk. Through human-in-the-loop partnerships between our cyber risk quantification team and the client’s CISO, CFO, and Board of Directors, we successfully shifted this client’s attitude toward risk mitigation and transfer, saving them money and guiding them on their path to cyber resilience.