Cyber risk modeller Kovrr has launched its CRIMZON framework for comparing and managing accumulations of systemic cyber risk.
Formerly named CRA-Zones, the CRIMZON framework expands re/insurance applications beyond identifying risk accumulation to include cyber threat assessment and trend analysis, deeper risk management and monitoring, as well as event response.
The CRIMZON framework divides global regions into ‘Impact Zones’ which includes location, the size of the entity, and the industry type.
It’s based on research that demonstrated companies from the same location and industry often rely on the same technologies and third-party service providers leaving them exposed to similar cyber attacks or failures.
Yakir Golan, CEO and co-founder of Kovrr commented: “When we first developed this framework, the goal was to help re/insurers measure catastrophic cyber risk exposure on their portfolio, but we realised that it could do so much more to help companies address the potential financial impact of cyber on the business, identify trends in advance, and proactively respond to these events.
“The CRIMZON Framework is extremely useful in this current cyber insurance climate where ransomware is becoming its own pandemic, and in which carriers want to grow their cyber portfolios but are increasingly fearful of how a single disaster could drive huge losses.”
Insurers can use CRIMZON to manage risk aggregation against risk appetite, improve diversification within larger portfolios, and create more targeted pricing structures tailored to actual level of risk.
It can also be used to assess the current threat levels of each zone, which are targeted by cyber attacks in different ways and for different purposes.
Re/insurers will be able to react faster to developing trends in the threat landscape, and focus on what zone requires the most attention to avoid one-size-fits-all solutions.
The framework helps quantify the “footprint” of a cyber event, in terms of which ‘Impact Zones’ were affected, the percentage of the population within each zone, and the local intensity.
This allows effective distribution of resources, estimating future costs and insurance claims related to cyber events.
It also allows for a more granular and realistic description of potential cyber scenarios where a hypothetical threat can be projected on each zone and analysed separately.
