Quantify and reduce your cyber risk quickly

Xquantify takes the guesswork out of your cyber risk management strategy. We can help you to quantify your cyber risk in financial terms. This will enable you to develop a cyber security strategy based on financial decisions.

Contact us

Business Benefits

Using economics to manage cyber risk


  • We use an industry leading tool to quantify cyber risk in financial terms ($, £, €)
  • Predictions are based on real data about historic cyber security incidents that is updated on a monthly basis and a model that is regularly review for accuracy by actuaries working in the cyber insurance industry.
  • We assess your security controls against either the CIS Top20 or the NIST Cybersecurity Framework


  • Economic quantification of your cyber risk that enables you to make business decisions about control improvements by assessing the cost of the control against the potential risk reduction
  • CISOs are able to request funding for projects that demonstrate financial business benefits
  • An understanding of your financial exposure enables a more cost-effective risk transfer to cyber insurance 


  • Our service includes regular reviews at a frequency that suits you to assess the financial risk reduction impact of security control improvement projects
  • The implicit risk profile of your business is also reviewed to take account of changes in your business and in the external threat environment
  • The portal provides tracking data that enables reporting on risk reduction and a range of other metrics



  • Data Loss – the cost of losing regulated data

  • Business Interruption – the cost of not being able to do business for a period of time

  • Ransomware – the cost of ransomware attacks of different durations

  • Misappropriation – the loss of intellectual property, business plans etc

  • Identify the key threats facing your organization

  • Compare the threats that your organization faces to the industry baseline data

  • Review the changing threat landscape as implicit risk data is updated monthly.

  • Threat and impact assessment for each attack vector

  • Assessments of the cyber security control effectiveness against the attack vectors

  • A ranking of the residual risk factors for each attack vector to enable prioritization

  • Identify areas of weakness in control effectiveness

  • Ask "what if" questions about potential control improvements to understand potential benefits

  • Rank control improvements by their potential for reduction of financial risk exposure


Risk Management Approach

Our risk management approach develops a tailored model of your implicit risk based on your responses to a range of business-related questions and the historic cyber breach data maintained in our partner SSIC’s X-Analytics model for cyber insurance. We then ask up to 650 questions about your cyber security controls based on either the Center for Internet Security Top20 controls or on the NIST Cybersecurity Framework. This provides a detailed view of your residual risk and enables the generation of the financial risk exposure results specific to your organization.