Cyber Insurance Analysis

Portfolio Exposure Management
Cyber Underwriting & Risk Selection

Portfolio Exposure

Stress Test Cyber Risk Accumulation Scenarios

Learn more
Industry Recognition
Meet Board & Regulatory Compliance Requirements
Validate and Modify Cyber Underwriting Guidelines
Monitor Cyber Capacity
Assess Capital Management Strategies
Determine Reinsurance/ Retro Coverage Needs
Key Advantages
Learn more

Proprietary Cyber Catastrophe Modeling Framework

Our framework is based on an extensive analysis of the characteristics of historical cyber risk events including triggers, propagation and impact. The framework uses Kovrr’s proprietary event catalog with more than 100,000 synthetic events for loss simulation which vary from cloud provider outage in a specific territory to massively distributed global ransomware attacks and other tail events.

Multi-Model Loss Quantification

Detailed event catalog provides a full view of risk, allowing view of loss by category - catastrophic loss events, large loss events, and attritional loss events.

Visibility into Potential Accumulations and Tail Events

Achieve clear visibility to probable maximum losses due to potential large loss and catastrophic cyber events. Leverage Kovrr’s impact based modeling framework to assess known knowns and known unknowns by applying probabilistic and deterministic cyber risk scenarios, including Lloyds RDS.

Insights into New Emerging Vulnerabilities

The Kovrr platform reflects emerging exposures and allows (re)insurers to control risk accumulation by notifying them when pre-defined risk thresholds are crossed. 

Silent Risk Exposure

Gain visibility to risk associated with potential cyber triggered claims within any commercial P&C insurance book.

Monitoring Portfolio Aggregations

Calculate aggregated exposure to cyber risk in your portfolio while taking into account systemic risk stemming from different types of policies within various lines of businesses. 

Stress Test any P&C Portfolio Against Cyber Catastrophes

(Re)insurers can assess their cyber exposure in any type of (re)insurance’s book using a list of predefined scenarios, both historical and synthetic. They can also custom build their own scenarios. For example, a reinsurer can quantify the exposure of its commercial property book to a large scale business interruption event such as the NotPetya ransomware attack.

Cyber Underwriting
& Risk Selection

Predict & Price Cyber Risk

Learn more
Quantify Cyber Risk for New and Existing Insureds
Grow your Cyber Book while Maintaining Profitability
Operationalize Cyber Risk Management
Monitor Pricing Strategies

Cyber Risk Quantification (CRQ)

Asses potential economic impact, insured annual average loss (AAL), and probable maximum loss (PML) broken down by coverage.

Contextual Actionable Underwriting Insights

Understand the projected insured attritional and large loss of specific risk scenarios such as data theft, denial of service, ransomware, extortion, etc. Kovrr helps insurers segment customers and diversify their book via analysis of a company's use of commercial software, geography, third party services and susceptibility to a cyber attack.

Efficient Prospecting

Pinpoint potential clients for cyber insurance within your existing P&C portfolios.

Comprehensive Data Acquisition & Augmentation

Shorten or eliminate the questionnaire process by augmenting missing information, validating provided data and cutting out questions from the insurance application. Power digital rate-quote-bind portals.


Cyber Risk Impact Zones

Download the framework in order to measure & understand your catastrophic cyber risk exposure.

What is CRIMZON™? 

Cyber Risk Impact Zones (formerly known as CRA-Zones) were established to provide an easy to use open framework to measure and understand catastrophic cyber risk exposure. The Crimzon framework defines the minimal elements needed to provide a view of aggregated  cyber exposure. CRIMZON allow for analysis across multiple portfolios of risks and monitoring of exposure trends. The framework was also created to support regulatory efforts for setting a standard for data collection for cyber exposure management.

For natural catastrophe risk, individual policy exposures can be aggregated within geographic zones. Similarly, cyber exposures can be aggregated using Crimzon. Geographic location is still important when assessing cyber catastrophe risk, however, two additional elements must be taken into account to properly assess cyber risk aggregation - industry sector and company size.  The foundation of the Crimzon is built on acquired historical data and continuous analysis of millions of cyber incidents worldwide.

Analysis has shown a significant correlation between companies from the same location and industry tending to use the same third-party service providers and technologies, leaving them exposed to corresponding cyber attacks. Additionally, the analysis demonstrated that entity size has a direct correlation to technologies used, cyber preparedness, security policies, cybersecurity spending, and level of sophistication of cyber attacks.

Download Framework

What are the elements of the CRIMZON™?


Country level worldwide and state granularity in the US -based on the ISO-3166 Alpha-2 standard.


Industry classification breakdown based on the SIC classification system with additional granularity options. 

Entity Size

Four categories based on commonly used revenue bands.

Download Framework

CRIMZON Data Granularity

The framework is built to accommodate users with various levels of data. In cases with insufficient data,  an automated data extrapolation technique can be applied for cyber exposure analysis using Crimzon.
Zones can be viewed with low or high granularity. The views are built to accommodate the ability to use the platform despite varying quality of data within a group of risks

Low Granularity

243 Countries
10 Divisions
Company Size
4 Revenue Band Size Classifications
Number of Zones

High Granularity

243 Countries + 57 US States & Territories
10 Main divisions + 83 Subdivisions
Company Size
4 Revenue Band Size Classifications
Number of Zones

Advantages of Implementing

Open framework - No need to license a model

Understand  your cyber risk accumulation

Facilitate portfolio risk diversification

Easily track portfolio aggregation trends

Gain a view of risk that reflects risk accumulation across multiple portfolios

Download Framework

Benefits of Applying Additional Data Layers on CRIMZON™

Detect correlation between risk accumulation & cyber attacks trends

Monitor compliance with defined risk appetite 

Support regulatory reporting obligations 

Financially quantify probable maximum loss (PML) events

Benchmark to average losses and average industry exposure per zone 

Download Framework

CRIMZON™ Coding System

*United states_Virginia_Services_Business Services_Large Company

Download Framework

Example Portfolio

Want to learn more about CRIMZON™?