Data Support for Critical Cyber Book Management


Using Quantar’s cyber valuation platform provides your enterprise with client-specific and aggregated data across multiple levels for developing cyber product and service development. Having data at a micro and macro level facilitates growth strategies for the cyber segment. Understanding the total cyber portfolio within the book is critical in hedging or transferring excess exposure for long-term stability and compliance.

  • Selection & Pricing

    Cyber insurance underwriting poses new and emerging issues – Quantar can provide the data you need to make informed decisions…

  • The Data Challenge

    Our CyCalc proprietary technology acquires client-specific cyber threat & risk data. By combining & modelling multiple data sources….

  • New Cyber Frontier

    Cyber risk management is not a technical cyber security problem; it is a multi-faceted business risk. In the same way that other….

  • Informed Insurance®

    Our unique CyCalc® underwriting & valuation support platform used to assess, select & price cyber coverage… 


Using Quantar’s cyber valuation platform provides your enterprise with client-specific and aggregated data across multiple levels for developing cyber product and service development. Having data at a micro and macro level facilitates growth strategies for the cyber segment. Understanding the total cyber portfolio within the book is critical in hedging or transferring excess exposure for long-term stability and compliance.

Informed Insurance®

Unlike most actuarial models that use easily accessible authoritative sources of data, for cyber, there is an absence of any meaningful information to draw from. For general P&C underwriting, the picture is clear, with little variance over a considerable period of time. Even in the case of modelling natural disasters, the models have sufficient data to undertake analysis to determine overall exposures with high confidence levels.

Loss events or near misses are generally well reported for mainstream risks, but the information security sector estimates that more than 50% of data breaches go unreported, despite there being mandatory breach reporting laws in the US and now the EU. The reasons are obvious, aside from the direct cost of informing customers and providing backup services for their financial and identity security. Customer churn rates have been proven to increase post-breach report, with confidence in a breached company falling over a sustained period.

For cases of near misses, or even simple threat data and vulnerabilities posed to a customer, the probability of them informing a potential cyber insurer is close to zero. As such, there is a fundamental asymmetry of relevant data, with a consequent increased risk of adverse selection by an underwriter. Unlike other forms of P&C products, for cyber products there is reliance upon the judgement and experience of the underwriter.

For cyber risks, the key issue is the sheer number of attributes that affect impact, whether immediately, or into long-run periods that may not be comprehended at the time of a risk event. Discovery of a data breach may take place at a far later time, with multiple impacts, raging from legal fees to a severe negative market reaction.

Variables that must be considered at the very least for cyber include degree of cyber security maturity, risk appetite and risk management posture, IT topology, in-house versus external contracted skill sets, employee training and profiles, location and time zones and physical infrastructure.

Even when attempting to account for as many of the variables as possible is undertaken, much of the data has a lower relevance in future periods due to the volume and type of threat constantly evolving. To what degree does an underwriter attach a level of weighting to cyber risks? What models should be used to account for the voluminous parameters?

Quantar developed CyCalc® purely to provide financial institutions and large enterprises with the capability to calculate, model and manage cyber risks through the use of multiple data and actuarial and operational models. See how your enterprise can use our platform for insightful underwriting data.

How Can We Help You?

  • check-w
    Providing a financial value for your cyber risks
  • check-w
    Clear identification of processes at most risk
  • check-w
    ” What-if ” scenarios for modelling mitigation actions
  • check-w
    Risk profile aggregation for total portfolio management
  • check-w
    Historical trend analysis and audit traceability
  • check-w
    Future projections of threats and risk values

Using Quantar's CyCalc® Cyber Analytics

Quantar supports underwriters through the provision of proprietary client cyber risk data in many forms.

This ranges from actual attacks experienced by an enterprise, to modelling of mitigation actions to identify the most effective means of reducing or eliminating financial risk exposure.

Using CyCalc® provides you with the  means of both aiding the assessment and pricing process and also as an added-value service to your clients for corporate risk management and data breach law compliance.


Case Usage

  • Assess Prospective & Actual Cyber Client Risk


    View cyber threats experienced by the insured over time

    Project extrapolated threat data into future periods of up to 12 months

    Use red/amber/green visual warnings to trigger risk event management

    Identify risk appetite through trend analysis

  • Price Risks by

    Coverage & Terms


    Utilise industry standard risk statistics for enhanced modelling

    Define overall risk exposure through application of temporal profiles

    Drill-down capability provides deep insight into risk types with individual and overall results

    Run audit reports for in-house and client benefit and for regulatory compliance

  • Accumulation & Exposure Management


    Run model for future attack rate forecasts

    Calculate future expected loss exposure up to 12 months ahead

    Determine conditional expected shortfall

    Identify tail risk

    Review exposures according to confidence level

    Aggregate total exposure for cyber portfolio management

  • Client Advisory &

    Regulatory Compliance


    Create baseline scenario to determine existing level of financial risk

    Utilise ” what-if ” capability to model mitigation action efficiency for optimal capital allocation

    Define sequencing of security enhancements to arrive at desired risk exposure

    Match risk appetite to total enterprise cyber risk valuation for corporate risk management

    Save scenarios for regulatory data breach compliance documentary support

  • Create Sectoral



    Map business processes to system and categories for dependency modelling

    Manage outsourced process risk through adjustable weighting selection

    Model temporal shift impacts upon overall financial risk from downtime or process outage

    Determine required granularity of model according to requirements

    Configure for non-electronic threats, including malicious insiders and physical infrastructure damage

  • Multi-data +

    Multi-model Approach


    Combine multiple sources of data

    Add cyber-security metrics

    Subtract risk mitigation actions

    Incorporate your client’s enterprise risk management values

    Assess the predictive cyber risk analytics quantified financial impact

    Run what-if alternative mitigation to assess outcomes




Quantar has been the the business of valuing cyber risks since 1999, with our first patents applied for in 2003. Since then, our systems and valuation processes have been protected by a series of patents, which continues today. We are uniquely positioned to offer the deep insight you need to correctly assess, price and manage customer cyber financial exposures.



Our cyber threat quantification & valuation expertise allows your business to focus on your real underwriting  & pricing needs. Quantar has you covered with bespoke cyber threat valuation predictive analytics solutions.


Quantar’s application Suite is composed of three modules that operate to capture threat data, analyze and value the risks of your company being connected to the internet.

The IPTAP data acquisition systems acquires, aggregates and identifies those cyber and privacy threats posed to your business, taking actual cyber threat data and utilizes industry-standard methods of prioritizing and calculating targeted assets owned by your enterprise.

Our patented system technology acts covertly and does not penetrate your confidential and proprietary data.

Taking actual company-specific cyber threat data ensures accuracy and appropriateness when analyzing and predicting current and future trends. Quantar’s applications comprise two multi-model analytic modules for threat data analysis.

The first of these solutions, Network Operational Risk Manager (n-ORM),identifies which business processes would be affected by a successful attack and calculates the financial losses that would result.

The cost-benefit assessment function enables financial evaluation of implementing various cyber risk mitigation options.

The second module of the analytics suite, Predictive Analytics Engine (PAE), allows users to use different statistical analysis methods for the same sets of cyber threat data.

This enables your business to set your enterprises risk appetite or regulatory compliance thresholds and actively monitor actual and ongoing cyber/privacy threat exposure levels. Each module has a print to store functionality for all cyber and privacy risk data plus financial exposure over any period selected.

Quantar’s application reporting provides easy to understand cyber risk exposure report, together with any risk reduction actions over a user-defined period.

The applications suite enables your enterprise to optimize all cyber and business continuity programs.

Built-in RAG (Red; Amber; Green) warning systems enable a simple visual check of the current cyber risk exposure level and whether this is still within the defined limits prescribed by senior management or by the regulatory environment.

With CyCalc Suite, we can assist your business to:

  • implement a self-documenting operational risk valuation infrastructure integrating actual organization-specific threat data & user defined data into a single repository for cyber risk management & for regulatory compliance
  • adopt consistent cyber threat operational values-at-risk methodology throughout your organization
  • create group-wide overviews of your business process and technology interdependency cyber threat operational risks; provide the requisite levels of transparency and traceability for regulatory authorities and to simplify calculation explanations to satisfy auditors
  • enhance capital allocation efficiencies through modeling “what-if” scenarios for cyber threat risk mitigation options, maximizing your enterprises business efficiencies
  • reduce the costs of regulatory compliance through eliminating expensive duplications of cyber threat risk management & compliance functions into a single, integrated solution.

CyCalc Suite

Quantar CyCalc Suite is composed of 3 modules; Network Operational Risk Manager (n-ORM); Predictive Analytics Engine (PAE), and Internet Protocol Threat Assessment System (IPTAP)


Network Operational Risk Manager (n-ORM)

Quantar’s Network Operational Risk Manager (n-ORM) combines four distinct functionalities into a consolidated tool to enable all businesses to measure and generate a cyber financial value at risk for the interconnectivity between corporate networks and the internet.

  • Use n-ORM to calculate your organization’s financial cyber threat exposure in an easy to understand and simple to use manner.
  • Understand which business processes are the most vulnerable and have the highest loss impact upon your organization.
  • View the historical trend of cyber threat risk exposure simply using the graphical output or tables to ensure tomorrow’s threats are accounted for.
  • Utilize the risk mitigation calculation engine to calculate the ROI for each risk mitigation action available to you and optimize capital expenditure allocation.
  • Combine the output from n-ORM with Predictive Analytics Engine in determining the level of risk you wish to reduce through insurance or alternative risk transfer.
  • Create pro-active strategies for managing cyber threat value-at-risk into future time periods.
  • Account for cyber and non-cyber impacts upon business processes from occurrences such as power outages, fire, floods, and insider attacks.

n-ORM delivers traffic capture, packet analysis, process mapping, and an algorithmic engine into a single, easy to use product, for the benefit of senior management, I.T. security teams, risk management and/or business continuity teams, plus audit and compliance units.

Configuration is divided into automated determinants, as well as manual inputs from the user, to derive a cyber threat financial value-at-risk. The ability of the application to import previous scenarios, multiple business process maps and handle multiple languages results in a quick and efficient method of ensuring an organization’s risk exposure is aligned with the stated levels of risk appetite set by senior management and can also be utilized for ensuring compliance with current and emerging regulations.

From n-ORM V4.3 onwards has had a multi-language capability option, including Cyrillic character sets such as Arabic and can therefore be utilized in multi-locations where there are differences in local languages.

n-ORM also benefits from the “what-if” functionality for capital budgeting and cost-benefit analysis of independent risk management mitigation actions. This component of the application delivers an easy to understand, visual representation of how a cyber threat value-at-risk exposure may be reduced by single or consecutive mitigation actions until the desired cyber threat value at risk for your organization is


Predictive Analytics Engine (PAE)


Network operational risks are those associated with virus attacks, targeted attacks (hacking) and physical attacks (damaging or immobilizing technology infrastructure).

Quantar’s Predictive Analytics Engine (PAE) uses quantitative modeling techniques, enabling a quantification of risk metrics for such attacks. These are then utilized in the calculation of the cyber threat Value at Risk, risk-capital measures and also the associated cost of mitigation insurance.

For the first time, your organization has the financial loss exposure caused by cyber threats actually experienced available to risk manage such potential financial losses. Predictive analytics of your network attack data creates forward looking financial values at risk, facilitating pro-active cyber risk management strategies and pre-emptive actions to be formulated.

Having current and future predictive values provides the means to evaluate capital allocation efficiencies for cyber threat management. Having a current I.T. security capability today does not mean it will remain static against future cyber threats. PAE gives you the power to forecast security requirements into future periods.

PAE analytics provide greater stochastic modeling capabilities than those within n-ORM and are able to compute a wider range of analytical measures aimed at meeting new and emerging requirements for stress testing of risk models.

The system comprises a primary three-phase approach to modeling, with these being a time-series component, a risk calculation component and a post processing layer. Within phase one, there are a number of optional features that may be enabled or disabled by the end-user, these being:

  • Utilizing a linear or an exponential process model
  • A normal or weighted data model whereby the most recent data has a higher degree of importance in the forecast and simulation
  • A standard least squares or a robust model to take account of the particularities of cyber attack data.

Within the second phase, a Monte Carlo simulation model is utilized which takes a range of input and configuration data and computes risk distributions.

The calculation engine generates probability distribution functions, enabling various statistics to be drawn and utilized within the system in deriving the financial quantification of the cyber threats experienced by your organization as those for future periods.


Internet Protocol Threat Assessment Program


Quantar’s Internet Protocol Threat Assessment Program (IPTAP) acquires threat and risk data specific to your enterprise, utilizing our patented methodologies, to ensure accuracy and appropriateness of data for effective cyber threat risk management.

Internet Protocol Threat Assessment Program captures inbound network traffic and detects and stores attack information.  Placement of the system is external to your organization’s network security perimeter within the DMZ.

With this location, it is important that the system is not compromised; the system is not directly addressable. Quantar patented a methodology in 2002 that enables the system to be managed remotely, without being placed in the position of being attacked.

Other vendors utilize cloud-based application hosting, leaving potential for compromise in a number of ways. Indeed cloud threats are one of the drivers for the need to accurately value cyber threats. For this reason, out back-end systems are NOT connected to your organization’s network directly and constantly.

IPTAP generates temporal profiles of attacks and these are exported in xml file format via fileswap or web for use by n-ORM; PAE or third party applications for inputs of your organization’s actual threat events exposure. Quantar’s applications and methodologies utilize your organization’s proprietary data in deriving your cyber value at risk, combined with other external data.

The IPTAP system does not capture and store the content within packet data, since this can create regulatory compliance and privacy issues – particularly for organizations operating or servicing the E.U. market.

The output data of IPTAP can also be used for fine-tuning perimeter defenses and as historic OpRisk data for audit and compliance.

Custom cyber threat valuation & data governance solutions built specifically for your business

  • Data Governance

    Our services add to your teams’ compliance programs through the provision of assessment gap analysis……

    Click here

  • Regulatory Compliance

    Use Quantar to assist in your risk management & regulatory compliance programs…

    Click here

  • Digital Risk Management

    Our services & solutions provide you with insight into current & predicted data…

    Click here

  • Predictive Analytics

    Quantar’s patented proprietary technology enables you to financially value the data and cyber risks…

    Click here

  • Cyber Underwriting

    Quantar’s cyber valuation platform provides your enterprise with client-specific and aggregated data…

    Click here

  • Captives

    The larger the corporation, the broader the spread of its cyber risk areas, with greater complexity….

    Click here