Our consulting team was engaged by US insurance brokers to carry out a highly detailed cyber risk assessment at the organisational level for a global satellite provider. Both the client and the broking team wanted to ensure that they had a very comprehensive view of the exposure of the organisation to cyber risks before entering the insurance market, and wanted to understand where there might be possibilities for improvement prior to engaging under writers. This was also extremely critical because the clients infrastructure and architecture was highly complex as a result of their operations in space, and also had exposures to government contracts.
The team began by issuing a request for information list to review as many documents as possible which described the infrastructure, architecture, revenue drivers, and cyber security controls within the organisation to create a strategic context. Our consultants use this to build a notional model of the organisation which would help us to understand how it could be exposed to cyber security risks, particularly around satellite operation and control. We also carried out a highly detailed assessment of what controls were in place and how this specifically related to the organisations critical assets. The end result was a report which enabled the client to understand their cyber exposure and to bridge the gap between the insurance team and the risk management team on a very important topic. Advances were also made in developing a potential maximum loss for cyber in the context of the organisations revenue drivers. The report was also subsequently disclosed to key insurance markets when building a cyber insurance programme, providing under writers with the transparency that they would need to underwrite and assess such a complex client.