Built on a decade of cyber insurance expertise. Powered by exclusive loss data from 100.000+ companies across 130 industries in 80 countries.
Developed by Munich Re, the world’s largest cyber reinsurer, this model has been used to price billions in cyber policies across thousands of global companies. Every result has real financial consequences: if it’s wrong, Munich Re loses money.
Today, the same methodology powers both Munich Re’s underwriting and the Squalify platform. It’s been applied in over 4,500 company assessments and is trusted in major partnerships, including Google Cloud Protection Plus.
Squalify’s model simulates both the frequency and severity of cyber scenarios for your organization, based on its individual risk profile. It quantifies risk through three layers: from cause to consequence to cost. The result: a full financial picture of cyber exposure for board-level decisions.
Based on real-world incident patterns and historic loss data, each threat type reflects how cyber events drive financial loss in the insurance market. Because this modelling is embedded and continuously updated, you don’t need to estimate threat inputs manually.
You assess three core incident types based on your business model:
Ransomware is modelled as a hybrid event combining both breach and interruption effects.
Each consequence maps to seven Loss Components representing real financial categories observed in cyber insurance claims. These align closely with the FAIR Materiality Assessment Model (FAIR-MAM) cost categories, allowing experienced practitioners to adapt easily.
Download the FAIR vs. Squalify whitepaper to see where traditional models fall short - and how a top-down approach delivers faster, board-ready results.
Squalify applies Monte Carlo simulation to capture the unpredictability of real-world cyber events - where losses vary in both frequency and financial impact. The same method is used in finance and insurance to measure uncertainty when outcomes can’t be predicted with a single number.
Each simulation runs thousands of scenarios based on your inputs and loss data. Some years show no events; others reveal rare, high-impact losses. Together, they form a statistical picture of your true exposure.
This approach turns cyber risk into defensible, financial metrics that boards can rely on - without subjective assumptions or asset-level modelling.
Our risk model is both expert-driven, calibrated by Munich Re’s underwriting, claims, and cyber specialists, and data-backed, using an exclusive loss database that includes thousands of anonymised insurance cases across more than 100,000 companies in 130+industries and 80+ countries.
The database is continuously regularly augmented to reflect the newest and most relevant cyber threats, incidents, and loss patterns impacting financial exposure.
