The Kovrr Methodology
A Walk Through of the Cyber Risk Quantification Process
Your submission has been received!
Kovrr’s CRQ Methodology FAQs
Speak to an Expert to Learn MoreWhat types of data and intelligence are fed into Kovrr’s models?
Kovrr's extensive data sources can be categorized into cyber intelligence or insurance intelligence. In terms of cyber intelligence, our models are fed with continuously updated information on vulnerabilities and exploits, cyber events, threat intelligence, and third-party service provider outages. Due to our unique history of working with insurance providers, we also have privileged access to insurance claims and intelligence and insurance industry loss aggregation.
How does Kovrr calculate my organization’s inherent or baseline risk?
Leveraging our extensive, continuously updated datasets, Kovrr's models generate a bespoke event and cyber risk catalog based on your organization's unique firmographics, such as industry, size, location, and technologies used. With the context of that specific cyber risk landscape, our CRQ platform then quantifies the unavoidable financial exposure your company faces, even if all security controls were upgraded to their fullest extent.
What internal organization information does Kovrr’s methodology incorporate?
Our company data curation process can be done via integration or manual input. Our platform can also utilize your attack surface profiling to gather the necessary information. The data we gather is your organization's technographic footprint, asset mapping, business unit structure, cybersecurity and IT controls and their respective maturity levels, and any custom damage types or risk scenarios your company faces.
Why does Kovrr utilize the Monte Carlo simulation in its CRQ approach?
Since Kovrr can't predict the future in uncertain terms, we leverage the Monte Carlo statistical model to simulate the following year 10,000 times. Each simulation generates a different annual scenario of the cyber events and risks an organization faces. Using these 10,000 outcomes, we can then quantify figures, such as the Average Annual Loss (AAL), to illuminate, on average, how much an organization is expected to lose due to cyber events.