Optimizing Cyber Insurance Programs To Reduce Portfolio Exposure
A private equity firm with a portfolio of over 600 million Euro AUM in diversified, mid market companies with a €56 million Euro cybersecurity budget. The company operates mainly in Europe with over 50 portfolio companies. The main cybersecurity team is located in the United Kingdom.
Using Cyber Risk Quantification to Effectively Minimize Cyber Insurance Costs
The Problem
The company performs an annual review of cyber security risk assessment for all their portfolio companies, which primarily focuses on making sure that the companies properly implement security controls, adhere to regulations and assist portfolio companies with cyber insurance, to validate that all portfolio companies have adequate coverage.
In order to do so, they needed to assess prior insurance coverage, understand the company’s cybersecurity posture, and ensure the correct clauses and sub limits are incorporated in their new policies to optimize coverage. The private equity firm wanted to negotiate a better bulk deal with their broker. By having a cyber risk quantification assessment of each company, they would know their overall exposure as well as per company, and could therefore leverage the companies with better controls in their negotiations with brokers.
The Solution
The company analyzed all 50 companies by running a cyber risk quantification. This was done using Kovrr’s Cyber-Sphere outside data and internal data integrations with Microsoft & ServiceNow. Each company was then notified about their areas of high financial exposure due to cyber events.
Using Kovrr’s platform and information from each company about the costs of specific cybersecurity initiatives, they were able to understand the ROI for specific projects and then decide if they would mitigate risk or transfer via their insurance policy. Based on these quantifications, the firm then analyzed current costs of cyber insurance per company, and requested additional data points for a subset of 24 companies to present to their broker to lower their current cyber insurance costs.
The Outcome
The PE firm was able to lower their portfolio’s cyber insurance costs by 17%. They were able to transfer direct financial risk to a dedicated cyber insurance program and cost effectively prioritize their focus on specific companies for negotiation.
