Cyber Risk Impact Zones (formerly known as CRA-Zones) were established to provide an easy to use open framework to measure and understand catastrophic cyber risk exposure. The Crimzon framework defines the minimal elements needed to provide a view of aggregated  cyber exposure. CRIMZON allow for analysis across multiple portfolios of risks and monitoring of exposure trends. The framework was also created to support regulatory efforts for setting a standard for data collection for cyber exposure management.

For natural catastrophe risk, individual policy exposures can be aggregated within geographic zones. Similarly, cyber exposures can be aggregated using Crimzon. Geographic location is still important when assessing cyber catastrophe risk, however, two additional elements must be taken into account to properly assess cyber risk aggregation - industry sector and company size.  The foundation of the Crimzon is built on acquired historical data and continuous analysis of millions of cyber incidents worldwide.

Analysis has shown a significant correlation between companies from the same location and industry tending to use the same third-party service providers and technologies, leaving them exposed to corresponding cyber attacks. Additionally, the analysis demonstrated that entity size has a direct correlation to technologies used, cyber preparedness, security policies, cybersecurity spending, and level of sophistication of cyber attacks.