Get answers to common questions about Squalify, our top-down cyber risk quantification approach, and our partnership with Munich Re.
Squalify transforms complex cyber risk data into financial metrics that are easily understood by C-level executives and board members. Our insights provide an aggregated view of an organization's risk profile. This enables effective strategic decision-making and risk prioritization at the highest levels of an organization, based on the magnitude of the financial business impact of cyber risk.
Squalify is designed for a wide range of strategic applications, including:
Top-Down vs. Bottom-up Quantification
Squalify's quantification approach uses a top-down methodology that focuses on assessing enterprise-wide cyber risk, providing insights for strategic decision-making at the highest levels of the organization. This contrasts with traditional bottom-up approaches that analyze technical, asset-level data for operational decision-making.
Benefits of Top-Down Quantification
Squalify's top-down methodology makes aggregated, enterprise-level risk assessments lean and seamless, with a time-to-insight of just days. These advantages offset the disadvantages of bottom-up methods, which tend to be much slower, more complex, and more data-intensive.
No - Squalify uses a proprietary risk quantification methodology, developed through ten years of cyber insurance risk quantification by our parent company Munich Re, one of the world’s largest cyber reinsurers.
Our approach also makes use of Munich Re’s unique cyber insurance database. This greatly simplifies the information collection stage and means that you don’t need to guess how often threats might occur, or how much an incident may cost. We’ve got the historic data about what actually happens and how much it costs. Of course, we keep the model updated to reflect new threats and changes in the loss landscape.
Our methodology includes a Monte Carlo Simulation to statistically model the financial impact of cyber risk. This is built into our platform and part of our core service, so you don’t need in-house statistical or mathematical expertise to set this up. And you certainly don’t need to create and maintain lots of spreadsheets!
We believe that our unique methodology greatly speeds up cyber risk quantification, while maintaining an unparalleled high level of quality. We take care of the difficult and boring stuff, leaving you to focus on what cyber risk means for your business and how you can use quantification to achieve strategic decision making.
Our methodology is fully documented, so if you do want to peek under the covers and review the mathematics we will be happy to geek out with you.
Squalify balances speed with high quality results through a lean data collection process and advanced quantification algorithms. Our platform uses a "model certainty" criterion that measures the confidence level of quantification results based on the quality and quantity of data inputs. This ensures that you always have full transparency into the quality of the input data and the reliability of the quantification results.
Squalify requires only a dozen data points for fast quantification and a maximum of 200 data points for full quantification.
Squalify simplifies the data collection process by focusing on key data points that provide a comprehensive view of your organization's cyber risk. We typically require only a fraction of the data required by traditional methods, enabling fast yet thorough risk assessments.
We need three categories of data to complete a full quantification:
As a rule of thumb, the more data we receive from you, the higher the quality of the quantification results.
For the initial assessment, clients typically complete data collection in a few days for the worst-case loss assessment and 2-4 weeks for the full quantification. Importantly, future assessments become exponentially faster, requiring only updates as new information becomes available.
That’s the neat part, with Squalify you don’t need to.
Our unique methodology (see Does Squalify Use the FAIR Methodology above) includes an industry leading cyber loss database based on over 10 years of real life cyber insurance claims. This means that we now how often incidents occur, and how much incidents cost when they do.
Our model comes with a number of threat scenarios based on this historic data, which means that you can spend more time making decisions and no time guessing.
Squalify recognizes that Cyber Risk Quantification can appear daunting and complicated. We address this firstly by having a simple quantification methodology and implementation (see Does Squalify Use the FAIR Methodology above), and secondly by supporting you with training as we welcome you to the platform.
We will work closely with you through the first quantification project (see What is the Onboarding Process? below) and aim to ensure that your team has the skills and knowledge to run later projects independently.
Our methodology is documented in detail and we can share this with you to use as a reference material. There is also an extensive help guide built within to our platform.
To ensure your success from the first quantification, we provide your quantification team with in-depth training and workshops on how to effectively use our platform and approach. Through your first quantification project we will support you with data collection, interview guidance, and scenario building. The onboarding also includes data validation rounds and peer reviews to ensure high quality data input and quantification output from the outset to ensure your continued success in cyber risk quantification.
Of course, our team is always available after onboarding if you need additional support.
The Squalify platform includes Munich Re's proven cyber risk model, which is used to calculate insurance premiums and deductibles for its clients. This model has been refined through over 4,500 large enterprise quantifications and underpins our platform's ability to deliver high quality and reliable risk assessments, providing you with quantification insights backed by one of the world's leading reinsurers.
There is limited data sharing between Squalify and Munich Re. We only share fully anonymized data in aggregate form with Munich Re for continuous model improvement. Your specific risk quantification results remain confidential. And because we have a strong commitment to privacy and security, we maintain a separate IT environment from Munich Re to ensure that no sensitive client data is shared with them.
Squalify's model is continuously updated by the Munich Re team, incorporating the latest threat landscape information and insurance loss data. This ensures that our risk quantifications are always relevant, accurate and aligned with emerging cyber threats, providing you with up-to-date insights for informed decision-making.
