Wed, Apr 25, 2018

New Kroll CyberRiskRankER™ Solution Transforms the Cyber Insurance Procurement Process with Standardized, Transparent Cyber Risk Scores

Web-based solution provides more efficient, reliable, and meaningful risk assessments through a powerful combination of Kroll’s unique cyber insight and the CIS Controls™

New York – Kroll, a global leader in risk mitigation, investigations, compliance, cyber resilience, security, and incident response solutions, announces the launch of Kroll CyberRiskRankER, a cyber risk assessment platform that harnesses the unique insight of Kroll’s pre-eminent Cyber Risk and Business Intelligence and Investigations team to provide a meaningful view of a company’s cyber risk maturity that is tailored for the insurance industry. Kroll CyberRiskRankER is an online, automated solution that standardizes the measurement of an organization’s cyber risk and threat preparedness, delivering significant advantages for underwriters, brokers, and applicants alike. Kroll CyberRiskRankER leverages the powerful best practice guidance of the CIS Controls™, a prioritized set of actions to help protect organizations and data from known cyber attack vectors. The CIS Controls are developed collaboratively with the global Information Security community by CIS® (Center for Internet Security, Inc.).

“Because the nature of cyber risk is constantly changing, it is essential for providers and underwriters of cyber insurance policies to understand how policyholders are adapting to threats, and the infrastructure they have in place to mitigate their risks,” said Jason Smolanoff, Senior Managing Director, Global Practice Leader,Cyber Risk and Business Intelligence and Investigations. “Kroll CyberRiskRankER establishes a standard that will create transparency between insurers and policyholders when assessing the appropriate cyber insurance policy.”

“CIS understands the important role insurance plays in promoting good cyber security best practices, and we are pleased our partners at Kroll have chosen to base their assessment tool on the CIS Controls. The CIS Controls’ best practices and guidance provide the strong foundation insurance companies need to evaluate their applicants’ cyber security posture,” said Brig. Gen. USAF (Retired) Steve Spano, CIS President and COO.
Kroll CyberRiskRankER employs an online questionnaire collectively informed by the CIS Controls and the frontline expertise of Kroll’s global team of cyber practitioners. The questions are designed to develop a nuanced view of an applicant’s cyber risk, including its readiness to rapidly detect and effectively respond to a variety of cyber risks – the true measure of a mature information security program. Kroll CyberRiskRankER produces a score based on the applicant’s responses, which are weighted by a proprietary dynamic algorithm continuously refined by firsthand findings from Kroll’s team of experts on the evolving cyber threat landscape.

“Accurately assessing cyber risk for underwriting purposes is one of the most complex challenges today,” said Jennifer Rothstein, Senior Director in Kroll’s Cyber Risk and Business Intelligence and Investigations practice. “Kroll CyberRiskRankER’s ability to generate a reliable quantitative score clearly tied to proven cyber security controls will drive more accurate premiums, coverage, and risk mitigation strategies that benefit everyone in the process.”
Kroll CyberRiskRankER addresses the diverse needs of underwriters, brokers, and applicants. The solution’s integration of data and Kroll insight helps insurers refine underlying methodologies and criteria for policies that reflect modern and next-generation cyber threat scenarios. Likewise, brokers who are looking to differentiate themselves in the market can use Kroll CyberRiskRankER to develop a better understanding of their applicants’ cyber risk before approaching underwriters, while also offering targeted risk management tools to their clients. Importantly, applicant organizations also benefit from the solution’s transparent, risk-scoring criteria, which helps them to learn about potential risks, vulnerabilities, and areas for improvement that they can then proactively prioritize for strengthening.

About Kroll:
Kroll is the leading global provider of risk solutions. For more than 45 years, Kroll has helped clients make confident risk management decisions about people, assets, operations and security through a wide range of investigations, cyber security, due diligence and compliance, physical and operational security and data and information management services. Headquartered in New York with more than 35 offices in 20 countries, Kroll has a multidisciplinary team of nearly 1,000 employees and serves a global clientele of law firms, financial institutions, corporations, non-profit institutions, government agencies and individuals. For more information visit

About CIS:
CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. Our CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities. To learn more, visit or follow us on Twitter: @CISecurity.

Media Contact:
Infinite Global
Ada Oni-Eseleh | 646-685-8075 | [email protected]

Compliance Risk and Diligence

The Kroll Investigations, Diligence and Compliance team partners with clients to anticipate, detect and manage regulatory and reputational risks associated with global ethics and compliance obligations.