Our solutions for measuring and reducing risks
ACI develops and delivers technology and consultancy services within IT risk management. We collaborate with our customers on the best IT risk management, which can contribute to decisions on the most informed basis.
We combine insight and experience in insurance mathematics and IT security for the benefit of our customers. The overview below describes our four SARA services. SARA is short for Security And Risk Assessment. Each of the services is adapted to the company and the sector-applicable legislation.
The annual IT risk assessment of the entire IT environment
For companies that want to understand the overall risk landscape within the IT area. SARA is a project that results in an analysis that answers the following questions:
- What is the overall risk level for the IT area?
- How has the risk level changed since the last assessment?
- How is the risk level compared to the risk appetite?
- What is the loss in an extreme event (e.g., cyber)?
- What does a typical loss in the IT area look like?
- What is our current level of security?
- How do the different types of IT risks rank in relation to each other?
- What risk-reducing measures can we implement to reduce the risk level?
The company and ACI collaborate on uncovering vulnerabilities in the IT environment. We estimate loss/probability in several threat areas. The form of cooperation is online meetings, workshops, and tools we make available during the process.
CYBER STRESS TEST
Risk assessment with a focus on the cyber security area
The service provides a detailed understanding of cyber threats against the company. The analysis answers the following questions:
- What is the risk level for the company in relation to cyber-attacks?
- What is the probability of experiencing a major incident in the next 12 months?
- What types of cyber-attacks will the company typically be exposed to?
- How large is the attack surface from the perspective of the adversary?
- How expensive can a cyber-attack be?
- Is cyber insurance relevant, and how big should the cover sum be?
- Which risk reduction initiatives will provide the greatest reduction in the risk of cyber-attack?
The company and ACI collaborate on uncovering vulnerabilities for cyber-attacks against the company. The form of cooperation is online meetings, workshops, and tools that we make available during the process.
ACI collaborates with Danish and European partners who can contribute to security tests.
The detailed loss analysis after an incident
If, after a cyber-attack, the company wants to understand what happened and what the total cost of the incident is, SARA IQ (Incident Quantification) provides this insight.
The analysis gives shareholders, the board and top management detailed insight into the phases of the incident and the resulting losses. All losses are decomposed into primary and secondary losses. Any future losses are calculated using simulation and communicated with key figures that describe the future financially expected loss.
The analysis provides decision support to top management regarding activities to reduce the risk of similar incidents in the future.
Risk assessment for decision support in situations with several alternatives
The IT area moves fast, and key decisions are made all the time. It is typically a matter of choosing between individual alternatives.
The individual alternatives for each of these dilemmas will impose risk on the company. The question is where the overall risk is greatest. A SARA Spot Analysis provides an understanding of risk in each of the individual alternatives. Risk is formulated quantitatively (e.g., expected loss per year), and the alternatives can be compared. It provides optimal decision support for the board and top management.
ACI performs spot analyses in the following typical areas:
- Outsourcing to supplier A or B
- Choice of new technology A or B
- Transition to the cloud
- Initiation of project A or B
- Exit from an IT contract now or in the future