Kroll’s CyberRiskRankER Solution Transforms Cyber Insurance Procurement Process with Standardized, Transparent Cyber Risk Scores (CDSA)

Kroll has debuted Kroll CyberRiskRankER, a cyber risk assessment platform that harnesses the unique insight of Kroll’s pre-eminent Cyber Security and Investigations team to provide a meaningful view of a company’s cyber risk maturity that is tailored for the insurance industry.

Kroll CyberRiskRankER is an online, automated solution that standardizes the measurement of an organization’s cyber risk and threat preparedness, delivering significant advantages for underwriters, brokers, and applicants alike. Kroll CyberRiskRankER leverages the powerful best practice guidance of the CIS Controls, a prioritized set of actions to help protect organizations and data from known cyber attack vectors. The CIS Controls are developed collaboratively with the global IT community by CIS.

“Because the nature of cyber risk is constantly changing, it is essential for providers and underwriters of cyber insurance policies to understand how policyholders are adapting to threats, and the infrastructure they have in place to mitigate their risks,” said Jason Smolanoff, Senior Managing Director, Global Practice Leader, Cyber Security and Investigations. “Kroll CyberRiskRankER establishes a standard that will create transparency between insurers and policyholders when assessing the appropriate cyber insurance policy.”

“CIS understands the important role insurance plays in promoting good cyber security best practices, and we are pleased our partners at Kroll have chosen to base their assessment tool on the CIS Controls. The CIS Controls’ best practices and guidance provide the strong foundation insurance companies need to evaluate their applicants’ cyber security posture,” said Brig. Gen. USAF (Retired) Steve Spano, CIS President and COO.

Kroll CyberRiskRankER employs an online questionnaire collectively informed by the CIS Controls and the frontline expertise of Kroll’s global team of cyber practitioners. The questions are designed to develop a nuanced view of an applicant’s cyber risk, including its readiness to rapidly detect and effectively respond to a variety of cyber risks – the true measure of a mature information security program. Kroll CyberRiskRankER produces a score based on the applicant’s responses, which are weighted by a proprietary dynamic algorithm continuously refined by firsthand findings from Kroll’s team of experts on the evolving cyber threat landscape.

“Accurately assessing cyber risk for underwriting purposes is one of the most complex challenges today,” said Jennifer Rothstein, Senior Director in Kroll’s Cyber Security and Investigations practice. “Kroll CyberRiskRankER’s ability to generate a reliable quantitative score clearly tied to proven cyber security controls will drive more accurate pricing, coverage, and risk mitigation strategies that benefit everyone in the process.”

Kroll CyberRiskRankER addresses the diverse needs of underwriters, brokers, and applicants. The solution’s integration of data and Kroll insight helps insurers refine underlying methodologies and criteria for policies that reflect modern and next-generation cyber threat scenarios. Likewise, brokers who are looking to differentiate themselves in the market can use Kroll CyberRiskRankER to develop a better understanding of their applicants’ cyber risk before approaching underwriters, while also offering targeted risk management tools to their clients.

Importantly, applicant organizations also benefit from the solution’s transparent, risk-scoring criteria, which helps them to learn about potential risks, vulnerabilities, and areas for improvement that they can then proactively prioritize for strengthening.