Client Overview

Our client is a cyber insurance assessment company in U.S. Their underwriting team heavily relied on manual analysis of cybersecurity audit reports (e.g., eSPA reports) to assess risk and assign scores. These reports were unstructured, lengthy, and inconsistent, making it difficult to extract relevant control-level information efficiently.

Challenge

After initial discovery, we analyzed existing underwriting workflows and identified gaps in manual data extraction, standardization, and scoring, leading to the development of an AI/ ML based automated risk assessment system.

Our Solution

• We utilized AI (NLP) & ML to extract structured control-level data from scattered audit reports.

• We also designed an AI question driven extraction framework to identify particular security signals.

• Developed category specific ML models to understand security posture across key domains (Email, IAM, network, endpoint, vulnerability).

• Created an AI scoring framework (between 40-100) aligned with the NIST cybersecurity standards.

• Built an AI composite risk score (between 300-850) combining security posture, business risk factors, and claim exposure multipliers.

• Enabled explainability using SHAP-based insights to alert about risk factors.

Business Outcome

• Our implementation helped reduce the time required to analyze cybersecurity reports by automating data extraction and scoring.

• Removed subjectivity and man-made errors through a standard model-driven risk assessment.

• Enabled underwriting teams to handle higher task volumes without the need to increase headcount.

• Deliver clear information about key factors.

• Improved response time for policy evaluation and risk assessment.

Tech Stack