Cyber insurance has become a staple in many organisations’ risk strategies, but its strategic value is often under-leveraged. For many firms, it remains disconnected from broader decisions about how to manage cyber risk. That’s a missed opportunity, according to James Hanbury, global lead director, CRI at KPMG.
When used well, cyber insurance is more than a financial backstop, Hanbury believes. It can play a vital role in a rounded risk management strategy, helping organisations navigate uncertainty, reinforce resilience and align around a clear risk appetite. But to get there, we need to start with something many organisations still lack – a consistent way of quantifying cyber risk.
Quantification connects dots that are otherwise left hanging
The most resilient organisations don’t just transfer risk – they integrate it. They treat insurance as part of a broader conversation about business objectives, risk appetite and where best to invest for impact.
That’s where cyber risk quantification (CRQ) comes in. It helps organisations put a number on cyber exposure in financial terms: “How much could this scenario cost us?” “Where are we over- or under-insured?”…
