Faced with the increasing rise in cyber risk and the worsening of access to the cyber insurance market for businesses, Verlingue, an insurance broker specialising in business protection, and Inquest, a Stelliant group risk management consultancy, have just developed a full range of solutions to provide a comprehensive response for all business sizes:
• 91% of companies have experienced one or more cyber-attacks according to the Proofpoint study(1)
• A 49% increase in insurance premiums and a threefold increase in compensation(2)
• A “cyber-resilience” offer in which prevention becomes the first and most important component for insurance eligibility
The unprecedented increase in cyber incidents has led to a surge in the cost of risk. With less than 10% of companies insured, there is no risk pooling effect. This is why insurers are now requiring that the risk be controlled upstream of the underwriting and implementation of insurance coverage.
However, the assessment of this type of risk requires a global “Risk Management” approach (risk management, IT security, impact on operations, legal and financial issues) which is sometimes difficult to put in place in companies. Indeed, the level of preparation for this type of attack and the internal incident response system (including the business continuity aspect), which is often very precarious, as well as the appropriation of methods for evaluating the financial consequences of this type of attack, require the involvement of experts in each of these areas.
With this in mind, Verlingue has teamed up with Inquest to introduce a comprehensive cyber risk prevention offer, the first essential building block for tomorrow’s insurance.
Through this innovative partnership, Verlingue offers companies prevention and consulting solutions as part of an iterative process that enables managers of companies of all sizes and in all sectors to:
• Understand the threats facing the company in order to prepare for them;
• Define a risk prevention policy and measures;
• Document their cyber risk assessment process and facilitate the search for an insurance solution;
• Enable the company to choose and pay for the right level of insurance (coverage, deductibles, premiums, exclusions);
• Identify the residual risk and put in place means to reduce this risk, thanks to high added value services and advice.
Frédéric Chaplain, Director of Property and Casualty at Verlingue, says: “Risk management consulting is an integral part of Verlingue’s core business. As we do for traditional risks such as fire, risk assessment and prevention in cyber matters are becoming a sine qua non for insurance eligibility. But more than that, we see cyber risk management as the new marker for corporate risk management.”
Alexis Nardone, Inquest’s Managing Director, explains: “The tools and methods developed by INQUEST, a Stelliant group, in the field of cyber risk assessment and prevention enable us to provide Verlingue’s customers with expertise reinforced by our experience with a wide range of sectors and companies. Our priority is to help business leaders to approach the subject from a risk management perspective in an effective and pragmatic way. This approach allows us to show them how to improve the architecture of their information system in order to consider an appropriate insurance solution with them”.
Grégory Roy, Director of Key Accounts and Partnerships at Verlingue, adds: “Cyber risk is no longer just a subject for IT directors, it has become a key issue in corporate governance“.
How the “Cyber-resilience” offer is structured
This new cyber risk management offer, which can be adapted to suit the company’s needs and risk exposure, is structured around 5 key stages:
1. Audit: Interviews are conducted with management teams (including IT, Finance and Risk Management). An information gathering survey is carried out, supplemented by interviews with internal and external technical resources.
2. Analysis: Documents describing the IS, the organisation, and key IT assets are collected; supplemented by financial documentation where appropriate.
3. Threat assessment: The IS and IS security in relation to current threats are assessed. The company’s own threats are mapped and the most significant scenarios are defined.
4. Financial impacts: Based on the threat scenarios, the operational impacts, the remedial measures and the financial consequences resulting from potential incidents are documented and assessed in collaboration with the company’s teams.
5. Recommendations: A formal report is produced to provide recommendations for both insurance and cybersecurity.
Press contact: Léna Youinou – +33 (0)2 98 76 90 13 / +33 (0)6 98 76 90 13 – email@example.com
(1) Proofpoint survey of 150 information systems security managers (ISSMs) in France in December 2020
(2) AMRAE’s 2021 “LUCY” (LUmière sur la CYberassurance) report