Squalify unveils fast-track cyber risk quantification tool

Squalify has launched Essential CRQ, a cyber risk quantification product that produces financial loss estimates within 24 hours using 42 inputs.

The company said the offering targets Chief Information Security Officers, Chief Risk Officers, Chief Financial Officers and boards. It positions the product as a faster route to board-level cyber risk reporting than more data-intensive quantification programmes.

Essential CRQ sits on Squalify's existing cyber risk quantification platform. Squalify said the model draws on Munich Re cyber risk data, which it described as based on more than 15 years of experience in the market.

Financial metrics

Squalify said Essential CRQ generates loss metrics from a limited set of organisational data points. The company said the output includes worst-case loss scenarios and annual loss expectancy.

Squalify also listed modelled large loss events across multiple recurrence periods. It said the tool produces loss component breakdowns. Squalify said the output includes an assessment of whether current security controls are adequate relative to the organisation's exposure.

The company said the model uses Monte Carlo simulations. It also said the product aims to reduce the need for extended data gathering during cyber risk measurement exercises.

Insurance use

Squalify said Essential CRQ can feed into cyber insurance decisions and negotiations. It also framed the output as relevant for regulatory discussions.

Squalify said cyber insurance brokers can integrate Essential CRQ into advisory and brokerage processes. It said brokers can do so via an API.

Cyber risk quantification tools have grown in prominence as boards and finance leaders ask security teams to express risk in monetary terms. Insurers and brokers have also increased their focus on evidence and measurement as they assess exposure, coverage terms and pricing.

"With Essential CRQ, organizations no longer have to choose between speed and credibility," said Asdrúbal Pichardo, CEO, Squalify. "We designed this product to give executives a clear financial view of cyber risk without months of data gathering, complex spreadsheets, or opaque assumptions," added Pichardo.

Squalify said Essential CRQ produces "defensible" metrics for board reporting. It said the streamlined data collection approach is intended to shorten deployment time.

One broker customer pointed to the link between quantification and insurance structuring.

"KROSE's cyber insurance advisory is already among the best in the market. With Squalify, we give our clients an outstanding way to quantify cyber risks in financial terms and tailor their coverage even more precisely to their actual needs. Together with Squalify, we create additional value for our clients," said Leopold Muhle of KROSE.

Product tiers

Squalify positions Essential CRQ as an entry point to a broader set of products. The company said Essential CRQ acts as an on-ramp to Squalify Enterprise CRQ.

Squalify said Enterprise CRQ adds high-ROI security control identification. It also listed decision-impact simulations, multi-entity cyber risk steering, and board-level management reporting.

Squalify said optional API access and expert support are available across both tiers.

Expansion plans

Squalify referenced recent expansion in the US and continued growth across Europe. The company said it aims to shift discussions of cyber risk away from qualitative assessments and towards financial measurement and accountability.

"We designed this product to give executives a clear financial view of cyber risk without months of data gathering, complex spreadsheets, or opaque assumptions," said Pichardo.