- Rosanna Hayes
Quantify cyber risk across your book and save the prop-form headache
This month STORM Guidance launched the latest development to its pioneering risk assessment service, Cyber3: Rapid Risk Review.
The cybersecurity risk assessment has been created for cyber carriers to give a precise evaluation of client risk data, accurately quantifying client exposure, and demonstrating insurability. And after much collaboration with insurer and broker partners, the team levelled up its existing platform, refining the complete process to create a more user-friendly experience. Both client and (re)insurer/broker-facing systems received a transformative reconstruction, allowing for effortless navigation and straightforward cyber assessment results.
Now, assessed clients, brokers, and insurers can easily view Cyber Risk Management Maturity (CRMM) scores, download comprehensive reports on assessment findings, track the completion of suggested remediation strategies, and automatically complete proposal forms. All of these can be considered when determining new policy cover and renewals.
An example of the client dashboard can be seen in the image below, illustrating their maturity levels across key risk areas and the simplicity of how these results are conveyed.
The new management dashboards for insurers and brokers provide both summary and detailed insights into client cyber risk, mitigation progress, and their current cyber maturity, allowing for easy monitoring of risk across your book of insured businesses.
A new feature allowing for the automatic generation of proposal forms eliminates the arduous task of gathering client information, bypassing delays in obtaining information from the client's IT and Finance departments and the board of directors. Cyber3 questions are continuously monitored to align with those asked by underwriters and can automatically be filled onto a range of leading insurers' prop forms. This new and unique feature allows cyber carriers to avoid the lengthy delays associated with gathering information from clients' IT and Finance departments and boards of directors.
The new dashboard and features can be viewed in the video below:
Cyber3 dashboard features
Cyber risk management maturity score
Detailed findings compiled into a practical rating on organisational risk management maturity across 5 key areas: People, Processes, Technology, Data Asset Awareness & Vendor Management.
Key cyber risk indicators
A dashboard-style presentation of key cyber risk indicators with scoring explanation.
Prioritised improvements checklist
Recommendations conveyed into a list of actions for stepped improvements in maturity.
Evidence-based, specialist commentary on key risks with remediation advice, cyber specialist opinion statement, and improvement action plan ranked by criticality.
Certificate of assessment
Official certificate of assessment issued by STORM Guidance
Auto-fill insurance prop forms
The assessment questions align with those asked by underwriters, meaning the answers can be automatically filled onto a range of leading insurers' prop forms.
The Cyber3 process has been refined to deliver results in a clear and understandable way for executives, non-technical, and technical specialists alike, closing the loop in the risk management cycle with transparency and ease of collaboration between broker and client.
The risk-based assessment incorporates critical reviews of data security and corporate governance, whilst also looking at vulnerabilities from both the inside-out and outside-in perspectives, ensuring accurate data is collected. The results are given with 5-point scores over five key areas of cyber risk management maturity:
People: Staffing, roles, capability, and skills
Processes: Governance, policy, and procedures
Technology: Security systems and IT strategy
Data Asset Awareness: Categorisation and amounts
Vendor Management: Oversight, risk, and liability
Designed specifically for existing or prospective cyber insurance clients, Cyber3 is the only assessment that includes questions asked by cyber insurers on prop forms and is recognised by underwriters, adding real value to your brokerage risk management capability. The 90-minute review is delivered via a ‘cyber expert-to-client’ web conference and integrates an assessment of the client’s internet-facing systems with the CyberProfiler Attacker’s Eye View™ scan. Upon completion, an easy-to-track maturity score is given, helping insurers and their clients to understand their cyber risk whilst monitoring improvement over time. With the client’s engagement in strengthening their risk management strategies, it can be reflected in their premiums, strengthening client relationships.