Case Study

Cyber insurance risk assessment for a global satellite communications and launch provider

When:
2022
Where:
North America
Services involved:
Threat Intelligence
Crisis Planning and Continuity
Cyber

Our consulting team was engaged by US insurance brokers to carry out a highly detailed cyber risk assessment at the organisational level for a global satellite provider.

This was extremely critical because the client’s infrastructure and architecture was highly complex as a result of their operations in space, and had exposures to government contracts.

Desired outcomes:

  • Gain comprehensive view of the exposure of the organisation to cyber risks before entering the insurance market.
  • Understand where there might be possibilities for improvement prior to engaging underwriters.

The process

The team began by issuing a request for information list to review as many documents as possible which described the infrastructure, architecture, revenue drivers, and cyber security controls within the organisation to create a strategic context.

Our consultants used this to build a notional model of the organisation which would help us to understand how it could be exposed to cyber security risks, particularly around satellite operation and control. We also carried out a highly detailed assessment of what controls were in place and how this specifically related to the organisation’s critical assets.

The result

The end result was a report which enabled the client to understand their cyber exposure and to bridge the gap between the insurance team and the risk management team on a very important topic.

Advances were also made in developing a potential maximum loss for cyber in the context of the organisation’s revenue drivers.

The report was also subsequently disclosed to key insurance markets when building a cyber insurance programme, providing underwriters with the transparency that they would need to underwrite and assess such a complex client.

Project leads
Adam Carrier
Head of Consulting
View profile
Nick Robinson
Consultant, Crisis & Security Strategy
View profile

Outcomes

  • A due diligence process which enabled the insurance team to themselves get a better view of the cyber security controls in place at the organisation.
  • Visualisations of architecture and infrastructure, and how this connects to revenue, which can be used to stimulate better conversations both within the client and with insurance markets.
  • A highly detailed assessment of the controls in place to mitigate cyber risks at the organisation in comparison to the benchmarks currently being set by insurance markets, which covered around 700 control types across 20 different control themes.
  • A report which was shared with brokers, underwriters, and the information security team to be used as a single source of truth to help identify the organization’s requirements for cyber insurance cover.

Relevant case studies

View more projects we have completed for clients.

Active Threat Monitoring
Threat Intelligence
Threat Assessment

Contact us

We’re always keen to talk through problems – even if you don’t end up working with us.

Let us know your problem or situation and one of our consultants will get back to you and arrange a call.

Step one
You let us know what you or your team requires help with.
Step two
One of our consultants will arrange a meeting to find out more.
Step three
We outline how we can help you in a proposal.
Step four
If accepted, we begin providing you or your team with our solution.