Lock 4a0b04f92e0206596075d560552a127b39cac26db080507672d861aa683a8ef7

Cyber Readiness

The CFO Alliance Cyber Readiness methodology takes a simple yet innovative approach to cyber risk assessment, addressing the challenge from the perspective of security and resilence practitioners vice the traditional insurance industry approach.


Bars 16b1680340ebeb42fb9ebf3f7d9d6054bc2c5b1f1fc506b4c4b8e7b1b8c85463

Our methodology more effectively
assesses cyber risk by:

  • Recognizing the true, dynamic nature of cyber risk
  • Allowing leaders of client organizations to utilize a familiar business process (the procurement of insurance) to better manage enterprise cyber risk -not just IT-specific cyber risk-
  • Being more client-specific in assessing cyber risk
  • Increasing confidence and reducing risk for the insurer thereby creating a more reliable product for the client with fewer exclusions

Cog 7c7d08cdbc62501586477d3780e22d9e2ed336b20314a96e200df4be064fd7ed

How it works:

Inform assess act horizontal e25d2fe94055c4ea15356e9d2a21f81efa320dcab08e182722aec6cb34fc8068 Inform assess act 7481cc2e70a188f51a483deb7b5bd17689d3c82df52190f8b4bda9f13314f91a

Inform with real cyber intelligence

  • Utilize real intelligence from the real cyber domain to illuminate the client sector-specific cyber threats
  • What actors and methods are most active in the client's sector and are most likely to impact the client?


Assess specific client risk

  • An actuarial-centric approach is both antiquated and too general to effectively determine cyber risk
  • The Ridge Methodology leverages the inteligence to deliver an informed assessment that assists both the insured and insurer in recognizing client-specific cyber risk, avoiding a "check-the-box" approach that is often too standard.
    • What is the client's capability to defend against the most likely threats?
    • At a minimum, is the client compliant with any industry standards?
    • Is the client prepared to deal with comprehensive cyber risk (IT/non-IT)?


Act to reduce risk and rates

Utilizing the information from the inteligence and assessment phases, enable the client to take mitigating action, potentialy leading to stable or reduced client premiums.

  • Incentivize cyber risk reduction
  • Strengthen the capaticy of the C-Suite and Board to provide oversight