Safe Security debuts two free risk assessment tools for businesses

Cybersecurity risk assessment company Safe Security on Tuesday rolled out two new online risk assessment tools for businesses to use, in order to help them understand their vulnerability to cyberattacks and the costs of insuring against them.

Both tools—an interactive cost calculator for cyberattacks and a cyberinsurance assessment app—are available as free-to-use web pages, created by Safe Security and based on the company’s institutional knowledge and in-house research into cybersecurity risk factors.

Risk tools measure financial impact of cyberthreats

The cost calculator for cyberattacks takes into account general data—like revenue, number of employees, vertical, headquarters location and the types of records stores—to arrive at an “annual loss expectancy” figure, according to vice president of AI and cyber insurance at Safe Security, Pankaj Goyal. This measures the likelihood of an attack against the potential financial impact, breaking the potential harms down by the type of attack—currently ransomware, data breach, and business email compromise, but with more types on the way, according to Goyal.

The cyberinsurance assessment tool is designed to provide a detailed view of an organization’s risk profile in regard to cyberthreats, particularly as it applies to insurance premiums. Safe Security uses APIs from the user’s internal technology environment, and grades the in-place security products and policies, to create its evaluation. The company then provides detailed guidance on the level of recommended coverage, relative risk level compared to similar organizations, and key action items for improving cybersecurity posture.

These types of cyber risk assessment products aren’t new, but offering a free—or “freemium”—version is much less common, according to Gartner research principal analyst Elizabeth Kim.

“Therefore, in my opinion, Safe Security’s free version of the tool could be helpful for organizations that are not quite at the point of investing in cyberrisk quantification but are open to exploring its benefits before fully investing in it,” she said.

There’s a dearth of detailed knowledge about this type of issue, even among cyberinsurers, according to IDC Research Director Phil Harris. While the tools could obviously become a potential sales channel for Safe Security, the broader benefit of raising awareness and provoking companies to take a harder look at their overall security postures is one that could be felt more widely, he said.

“It should at the very least keep the interest of the person using the calculator to ask ‘Why?’” he said. “Not enough people are asking that question these days, even cyberinsurers —as a cyberinsurer, I’d want to know what the client’s security posture is.”