Determine an organization’s level of cyber risk for insurance underwriting

A Cyber Insurance Risk Assessment involves a short but high-level review of an organization’s risk rating using the framework known as C.O.P.E (construction, occupancy, protection and exposure).

Cyber Insurance Risk Assessment

Our Cyber Insurance Risk Assessment is constructed for it’s intended recipient being insurance providers, underwriters in addition to businesses getting ready to buy cyber insurance. The Assessment is derived from Mandiant’s expansive knowledge of high-level threat actors, security penetration responses, and furthermore the evaluations of security software maturity and readiness. The Cyber Insurance Risk Assessment gives you a rather quick, advanced analysis of an organization’s risk level given it’s processes, technology, and human resources to allow us to identify and classify cyber risk for insurance underwriting. Our team assesses an organizations level of Cyber Risk using the four elements of property insurance underwriting which are construction, occupancy, protection and exposure (C.O.P.E.) The framework was amended to include the assessment of technology-driven risk.

Advantages of Cyber Insurance Risk Assessment

  • ID, classification and analysis of cyber risk for the purpose of insurance underwriting
  • determine factors which could cause an insurer to suffer a loss
  • strategy for improving security measures
  • organization and industry cyber threats

Cyber Insurance Risk Assessment Deliverables

  • Cyber Insurance Risk Assessment report including current capabilities, level of risk and strategy
  • Cyber threat assessment report
  • Presentation to C-Level Executives

1CS Approach to Cyber Insurance Risk Assessment

This undertaking takes place over two-weeks and uses a standard organizational risk assessment given the organizations size, industry and geography with cyber risk ratings across the four pillars of the C.O.P.E. framework. The resulting weighted risk rating assists in determining the level of risk for each pillar in addition to the organization in it’s entirety.

Cyber Insurance Risk Assessment

Construction: What is the structure of the security system? What are the strengths, weaknesses and areas for improvement? Areas reviewed:

  • Technology guidelines and procedures
  • Incident and crises response guidelines and procedures
  • Audit and compliance instructions
  • Cyber security awareness for Management
  • Staffing guidelines and procedures

Occupancy: How are data and asset management processes carried out? Areas reviewed:

  • Data retention
  • Backup and recovery
  • Business Continuity & Disaster Recovery
  • Classification guidelines
  • Management controls
  • Asset build and control requirements
  • Encryption

Protection: How is the organization protected from high-level cyber attacks? Areas reviewed:

  • Technology deployment plan
  • New and established processes
  • Internal and external staff
  • Capabilities like visibility of threats, security, and responses

Exposure: What is the potential for risk? Areas reviewed:

  • Procedures and policies used to determine data security risks
  • IT Network and Systems maintenance guidelines
  • Procedures and policies for secure collection and storage of data
Contact 1CS

If your organization needs to assess it’s level of security and/or risk rating for the purpose of cyber insurance, 1CS is here to help. Contact 1CS for more information on our cyber insurance risk assessment services or to book an appointment.