Case Study

Cyber insurance risk assessment for a global satellite communications and launch provider

Location:
North America

Services

Overview

Our consulting team was engaged by US insurance brokers to carry out a highly detailed cyber risk assessment at the organisational level for a global satellite provider. Both the client and the broking team wanted to ensure that they had a very comprehensive view of the exposure of the organisation to cyber risks before entering the insurance market, and wanted to understand where there might be possibilities for improvement prior to engaging under writers. This was also extremely critical because the clients infrastructure and architecture was highly complex as a result of their operations in space, and also had exposures to government contracts.

The team began by issuing a request for information list to review as many documents as possible which described the infrastructure, architecture, revenue drivers, and cyber security controls within the organisation to create a strategic context. Our consultants use this to build a notional model of the organisation which would help us to understand how it could be exposed to cyber security risks, particularly around satellite operation and control. We also carried out a highly detailed assessment of what controls were in place and how this specifically related to the organisations critical assets. The end result was a report which enabled the client to understand their cyber exposure and to bridge the gap between the insurance team and the risk management team on a very important topic. Advances were also made in developing a potential maximum loss for cyber in the context of the organisations revenue drivers. The report was also subsequently disclosed to key insurance markets when building a cyber insurance programme, providing under writers with the transparency that they would need to underwrite and assess such a complex client.

Outcomes for the client

  • A due diligence process which enabled the insurance team to themselves get a better view of the cyber security controls in place at the organisation.
  • Visualisations of architecture and infrastructure, and how this connects to revenue, which can be used to stimulate better conversations both within the client and with insurance markets.
  • A highly detailed assessment of the controls in place to mitigate cyber risks at the organisation in comparison to the benchmarks currently being set by insurance markets, which covered around 700 control types across 20 different control themes.
  • A report which was shared with brokers, under writers, and the information security team to be used as a single source of truth to help identify the organization's requirements for cyber insurance cover.

Project leads

Adam Carrier
Head of Consulting
View profile
Nick Robinson
Associate, Crisis & Security Strategy
View profile

Contact our team today