Kovrr: Helping your business by financially quantify cyber-risks

Kovrr: One of the main goals that companies and organizations are trying to reach daily is that their services and products, besides meeting the requirements of the user, are also trying to ensure user safety. With the rise of cyber threats and attacks from all around the world, it is being noticed that companies are now trying to invest more in cyber defense. But the investments in cyber defense till now are mostly made after a significant breakthrough has happened. So, we can say that the approach of companies till now has mostly been trying to fight the attack rather than preventing it from happening in the first place.

And one of the downsides of this approach is that, from a business point of view, the prediction and threat management system or calculations cannot be done properly. Not having a clear view of the threats and how they impact the business makes it even harder for businesses to fully grasp the idea of implementing the right cyber defense mechanisms needed to help companies to overcome threats and grow.

This is where Kovrr, a proactive cyber defense company, comes into the picture and is ready to help. If we can put it into a simple sentence, what Kovrr does is financially quantify companies’ cyber risk through their platform and translates it into a simple output for businesses to understand the need for investment into the right cyber defense methods. Their technology enables decision-makers to drive actionable cyber risk management decisions seamlessly.

A few days ago, we at 4imag had the chance to interview a member of the Kovrr team, Tom Boltman – VP of Strategic Initiatives, who gave us some fascinating insights about the approach of Kovrr, the platform with its benefits, and how is cyber security changing its course.

A background story on how Kovrr was created

“Kovrr has been around for five years now, and we spent these first few years just focusing on helping insurers and reinsurers financially quantify their cyber risk. What we did was built a whole suite of technology that enables cyber underwriting for small and large companies and also do exposure management. We were looking at portfolios of hundreds and thousands of different risks and understanding what could be these systemic events that could sweep across them and cause them to suffer large financial losses at an insurance level. Our experience dealing with them allowed us firstly to build a whole host of cyber risk modeling technologies that we now apply to in the enterprise world So now we serve some of the largest enterprises in the world.

We are talking about companies with hundreds and billions in revenue, hundreds of subsidiaries, very complex organizations etc. And what they’re looking to do is to be able to understand, communicate and better manage their cyber risk exposure. The way that we help them is through financial quantification where we are quantifying their exposure so that they can make better investments into the controls and understand the ROI so that they can make better risk transfer strategies when it comes to insurances. And overall to just understand, communicate, accept risk and know where they’re standing and monitor it.”

The main focus of the Kovrr platform

“We help companies understand what’s going on when you don’t even have data necessarily on the underlying companies in themselves. One of the things that we researched and came to the conclusion was that you could actually use minimum data standards, and we work with regulators as well to upgrade those key minimum data elements. Those are the minimum things you need to understand in cyber risk aggregations and what we found was that companies that share those attributes tend to share the same technologies and service providers, which are the key drivers of systemic risk, so this is called the Crimson framework. The ability to do within the exposure management that allows you to see this macro aggregation of risk where it lies, what’s driving it, but also connect it down into the underlying risk in a detailed way, but with the quantum.”

The benefits and solutions

“If I focus more on the quantum solution, it is designed to bridge a few different gaps.


Number 1 is the ability to help executive decision-makers see and understand a risk’s severity. The magnitude of cyber risk is very hard to express, and executives or board members don’t have the tools to measure the cyber risk involved. So, by being able to quantify the cyber threats financially then, we’re able to all talk the same language. That’s why our tagline is cyber decisions are financially quantified, and what we’re doing is uniting. We believe that cyber risk management is a team sport. Everyone is responsible for coming together, understanding the risks, and coming to conclusions about the decisions they have to make. That way, we can work with all this data provides and start measuring the ROI of what to do in prioritization.

Cyber Defense

The second thing is that we provide visibility in financial terms into the overall exposure, which you can then break down and prioritize how to best optimize your cyber risk management strategy. And you share this information with the team or board members to start working on the strategy they should take to minimize business risks and take the necessary measures.

And lastly, the main thing that makes this different from other solutions or approaches is the technology used. This is a product that you can press a button and get results as an output, which is the information. And since the business is evolving, we need to look at it constantly and as it changes. Therefore you also need some artificial intelligence to keep up with the changes and to interpret those. You also need to understand and differentiate between all types of events that could be specific. There could be attacks or different failures, and you need to be able to break into all of these and explain what could go wrong. That is what we provide.”

Some of the challenges that Kovrr faced

“One of the challenges that we faced was having to make people understand the importance of it, and explain this information into the business point of view. Just being able to communicate in a way that they get the importance to adopt this kind of platform and the benefits that you get from it. Unfortunately, this is not commonplace, but I believe it will become commonplace very soon, since it is not something that can be automatically done. The second thing is around data.

So naturally the more data we have, the better quality of information you will receive. But one of the things that we did from the start, because of our insurance background and the small number of data, was to be able to deliver in a quick time valuable information with minimal inputs. Fortunately, today we have a much broader capability to really take any type of data that they have and use our expertise as a company to consume cyber security data from internally linearly from different systems and then translate it into cyber risk management decisions that are financially quantified. “

Where is Kovrr headed in the future

“Our goal is to be the leader in the cyber risk management space. We want to be the fastest in output receiving, the most accurate in data processing, and the most value adding company that helps in making better cyber risk management decisions based on your own data. “

A piece of advice from Tom regarding cyber risk management

“I think having the ability to understand how a cyber event could impact the business from a financial perspective is a must because ultimately, you’re allocating resources, budget reputation on the ability to function, and be resilient. And without that perspective, you don’t really understand if you’re investing in the right factors. You don’t know if you’re allocating resources and capital in the right place. It might be well intentioned, but by not being able to identify what are the core drivers that you’re most exposed to, it might even lead to business interruption or other consequences regarding the impact of it. But by being able to defy and understand the risks, you know where you should be focusing your attention or investments. This way you’re going to be safer, more resilient and being able to predict risks, and carry on without any business interruptions. “

Kristi Shehu is a Cyber Security Engineer (Application Security) and Cyber Journalist based in Albania. She lives and breathes technology, specializing in crafting content on cyber news and the latest security trends, all through the eyes of a cyber professional. Kristi is passionate about sharing her thoughts and opinions on the exciting world of cyber security, from breakthrough emerging technologies to dynamic startups across the globe.