Cyber risk model

Our cyber risk model has been servicing clients since 2017 a year before the IMF proposed a smiliar approach.

Apply our regulatory cognisant cyber risk model to quantify potential losses from information, communication and technology risks in your business.

Better understand your operational resilience and the impact of operational resilience beaches.

  • Reduce risk – apply the first world’s commercially available cyber risk model
  • Reduce uncertainty – understand the capital impact of cyber related operational resilience failures
  • Increase control – assess the cyber risk capital requirements associated with new product lines, new portfolios and your insurance coverage

Leading clients


From first-hand experience elanev have a very intuitive approach that is simple to understand and straightforward to use. It was a pleasure to work with elanev.

Kashif, Head of Operational & Technology Risk at Santander Asset Management Limited.

We not only provide clients with the elanev Cyber Risk Model but seek to support the wider industry. We recently prepared a white paper on operational resilience tolerances for CROs and Heads of Risk.

Easy to implement

No IT change required – we deploy using our secure software as a service (SaaS) approach.
No GDPR implication – no need for you to share personal identifiable customer information.
Save on OPEX  – the elanev Cyber Risk Model removes the need for internal model build and maintenance, helping you to keep associated costs to a minimum.

Arrange a demo

Pilot now

Experience the benefits of the elanev Cyber Risk Model for yourself. Contact us to arrange for a no obligation demonstration. What’s more, you could be live with our full service within hours.

Frequently asked questions


What is elanev Cyber Risk Model? The elanev Cyber Risk Model is an online tool designed to help you assess the capital associated with low frequency – high impact Information, Communication and Technology (ICT) risks. Cyber risk is intrinsic in any modern-day business. It can give rise to loss through the actions of ICT staff as well as manifesting itself through weaknesses in ICT systems and ICT processes and through external events such as cyber security related attacks and physical ICT asset damage.

How is it accessed? The elanev Cyber Risk Model is accessed via our secure online portal. We provide you with a simple template to capture model inputs and settings. Upload the template and get a detailed report returned in real-time. The report contains capital estimates, commentary and insights. Repeat the process as often as you like as the model is available 24x7x365.

What type of inputs does the model use? The model can be run using the results of your scenario analysis or from fitting to real data.  A variety of modelling options can be selected within the template too. These are explained within an easy to understand technical document. We will support you with your initial set up and provide ongoing support. We also provide training and wider consultancy services as required.

What about our data? We do not store or back-up your data. It is only used to run the model.

Why should we use a model?  The ability to manage, quantify and capitalise for cyber risk is important when demonstrating that your business is operationally resilient. Recognising that most firms have not experienced such large losses, regulation allows for the application of scenario analysis to assess the possible impact from cyber risk events. Unfortunately, scenario analysis can be prone to uncertainty especially when assessing capital at the required low frequency but high impact levels. Typically, expert judgements overestimate more frequent risks and underestimate remote risk. Modelling scenario analysis outputs helps firms reduce uncertainty in their capital assessments. It provides a very effective mechanism for Risk teams to review and challenge judgements made.

What is the regulatory view on such models? Using the right scenario model to help in the assessment of Pillar 2 capital is viewed extremely positively by Regulators and meets their increasing regulatory expectations.

Is the model validated? Yes, the model is validated according:
1. The technical document contains a set of test batteries that detail the test we perform on the model and the corresponding results
2. The model results have been compared to those from an independent third-party model as part of a client take on process.
3. The underlying model has been presented to regulators and has been party to numerous regulatory ICAAPs and SREPs. All returned successful.
4. The model methodology is similar to that suggested by the IMF.

That all sounds expensive. Is it? We base our pricing on a fraction of a single risk modelling FTE which would be required to maintain an internal model. What’s more, our pricing is substantially less than that of a Big-4 Professional Services firm whilst our cyber risk modelling insights are more extensive.

Do you provide cyber risk consultancy? Yes, and we can provide wider consultancy services as required.