Julien Chamonal, Chief Revenue Officer at Citalid, and Vivien Bilquez, Principal Cyber Risk Engineer at Zurich Insurance, co-hosted a presentation titled Cyber Insurance: Zurich Insurance Joins Forces with Citalid to Innovate and Live Confidently with Cyber Risk at the 2023 edition of the Assises de la Cybersécurité. This conference was a significant occasion for Zurich Resilience Solutions (ZRS) to announce the launch of a new offering aimed at increasing the cyber maturity of their clients and attracting new ones to the path of insurability.
Citalid x Zurich : a collaboration rooted in the Zurich Innovation Championship program
Earlier this year, Citalid was the grand prize winner of the Zurich Innovation Championship, a program designed to assist promising and innovative startups in their development while collaborating with Zurich Commercial Insurances. With over 150 years of experience, the Zurich Group represents a $30 billion business, making it the second-largest insurance company in the world.
This participation in the Zurich Innovation Championship demonstrates that Citalid’s Cyber Risk Quantification solution is an asset for insurers, enabling them to help their customers improve their cyber maturity and progress toward insurability.
Cyber risk, an invisible risk that may seem abstract
“I’ve served as a CISO in various companies, and the challenge we frequently encounter is justifying the budget allocated to cybersecurity,” explains Vivien Bilquez. Despite the growing awareness of cyber risk, many companies allocate limited resources to preempt it. This is primarily because cyber risk remains invisible. Consequently, IT teams often find themselves in the unique position of assessing a company’s level of protection against this seemingly abstract threat. Obtaining and defending the appropriate budget is, therefore, a crucial concern for IT security teams, as Vivien Bilquez underscores: “As a CISO, you bear responsibility when a security incident occurs, so securing the cybersecurity budget is of utmost importance.”
Thanks to the media exposure of certain cyber-attacks, an increasing number of organizations are reaching out to insurance companies to mitigate their cyber risk. “Insurance premiums are rising, and, on top of that, the conditions for obtaining insurance are becoming more stringent. In fact, we’ve observed that insurers typically decline approximately 50% of applicants,” summarizes Vivien Bilquez. Adding to this already complex situation is the fact that cyber risk is relatively new, and thus, we have limited historical data on which to model. This complexity applies equally to both insurers and the insured, who must navigate a dynamic cyber risk landscape influenced by geopolitical developments.
Quantifying cyber risk for better insurance
First, quantifying cyber risk can serve as a valuable communication tool between the company’s technical teams and its board, as well as between the insurer and the insured. Unlike technical concepts, it delivers quantified results and financial indicators, which can naturally resonate more with company management. This facilitates the visualization of risk, enabling technical teams to present more relevant arguments to their management. For insurers, these figures provide a precise understanding of the risk faced by their policyholders, aiding them in making more informed decisions in their cybersecurity strategy.
The maturity of policyholders is also a crucial factor for the insurer, as explained by Vivien Bilquez: “If customers exhibit higher levels of maturity, there will be fewer claims, which benefits our portfolio.” Prevention is more effective than a cure. Thanks to precise and personalized analyses, quantification also enables the right investments for protection. Indeed, the solution designed by Citalid takes into account the environment in which the policyholder operates, allowing for a more accurate assessment of potential risks. “Quantifying a company is valuable, but quantifying a company within a third-party management context is even more beneficial,” notes Zurich Insurance’s Principal Cyber Risk Engineer.
What Citalid can offer to insurance companies.
The Zurich Insurance teams had the opportunity to test the solution offered by Citalid. “The results achieved by Citalid were so promising that even Zurich’s senior management expressed a keen interest in the solution”, states Vivien Bilquez. As a result, Zurich, through its Zurich Resilience Solutions business, started providing the Citalid solution to its customers.
Citalid provides a cyber risk quantification solution that harnesses both artificial and human intelligence. The tool is built on FAIR (Factor Analysis of Information Risk) technology, which enables the estimation of risk by correlating factors that define the frequency of attacks and the cost of successful attacks. More specifically, the platform developed by Citalid facilitates the easy and dependable measurement of financial risk for informed decision-making.
A team of Cyber Threat Intelligence experts continually monitors over 700 cybercriminal actors to provide the platform with data, enhancing the accuracy and contextualization of cyber risk analysis for each client. Our team shares resources that are accessible to all. “We share geopolitical analysis reports with our clients, and even with those who aren’t our clients,” Julien Chamonal informed the audience during the presentation. Recently, the Cyber Threat Intelligence team published a report on the state of threats against healthcare organizations in France (you can download it here).
Attack simulations can also be conducted to pinpoint the policyholder’s vulnerabilities, allowing for effective corrections to be made, utilizing over 1,000 modeled and quantified risk scenarios. With Citalid, the enhancement of cyber maturity is substantial, resulting in an average 30% reduction in the financial exposure for user companies. Additionally, there is an 8% increase in defensive maturity each year by following the investment roadmap recommended by our specialists.
Cyber Quantification as a Service, a new offering resulting from a partnership between Citalid and Zurich Resilience Services
The presentation by Julien Chamonal and Vivien Bilquez provided Zurich Resilience Services with the opportunity to introduce its new offering, built upon Citalid’s capabilities: Cyber Quantification as a Service. Its objectives are threefold:
- Enhance the cyber maturity of Zurich Insurance customers and assist those who are currently uninsurable due to a lack of maturity in making their organizations insurable.
- Aid customers in making informed decisions regarding their cyber risk and investments.
- Educate both customers and Zurich Insurance teams about the intricacies of cyber risk.
For the policyholder, it’s “Quantification as a Service,” offering an accurate assessment of cyber maturity, the establishment of a perimeter, and personalized risk scenarios. For the insurer, it’s “Third-Party Management,” enabled by the classification of third parties by risk category, third-party evaluations, and a dedicated dashboard for risk and maturity management. Both the insurer and the policyholder derive substantial benefits from this highly comprehensive offering.
Utilizing a shared economic indicator-based language, Citalid positions itself as a trusted third party, serving as a bridge between the realms of cybersecurity and insurance to facilitate a deeper comprehension and quantification of cyber threats. Whether you are an insurer or an insured party, consider trying our solution today, tailored to your company’s requirements for understanding your cyber risks. Request a demonstration here.