{"id":24609,"date":"2025-11-28T04:00:00","date_gmt":"2025-11-28T03:00:00","guid":{"rendered":"https:\/\/www.thebrokernews.ch\/?p=24609"},"modified":"2025-11-27T16:57:17","modified_gmt":"2025-11-27T15:57:17","slug":"cyber-risks-as-a-financial-investment","status":"publish","type":"post","link":"https:\/\/dev.thebrokernews.ch\/en\/cyber-risks-as-a-financial-investment\/","title":{"rendered":"Cyber risks as a financial investment: Citalid&#8217;s vision for the future of the insurance industry"},"content":{"rendered":"<div class=\"ccfic\"><span class=\"ccfic-text\">Cyber risks as a financial investment: Maxime Cartan, CEO and co-founder of Citalid.<\/span><\/div>\n\n\n\n<p><strong>Maxime Cartan, CEO of Citalid, explains how cyber risk is becoming one of the most strategic and scalable opportunities in the insurance industry. His company transforms cyber threats into measurable financial metrics, enabling insurers, corporates and financial institutions to understand, assess and manage digital risk as an asset class. <\/strong><\/p>\n\n\n\n<p>Thebroker<em>news<\/em> talks to the winner of the <a href=\"https:\/\/swissinsurtech.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Swiss InsurTech Hub<\/a> Summit &amp; Awards 2025.<\/p>\n\n\n\n<p><strong>Maxime, please tell us briefly: How did Citalid come about, and what was your personal motivation for founding a company that quantifies cyber risks?<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>Back in 2017, my co-founder <a href=\"http:\/\/linkedin.com\/in\/alexandre-dieulangard-4434688a\" target=\"_blank\" rel=\"noopener\">Alexandre Dieulangard<\/a> and I were both working in cyber threat intelligence at ANSSI, the French cyber-defense authority. We were helping compromised critical organisations, both governmental and private.<\/p>\n\n\n\n<p>And we kept running into the same wall with executives: every strategic decision ultimately comes down to economics, yet cyber risk was still discussed only in technical terms. The bridge between cybersecurity, business continuity, financial exposure and insurance simply didn\u2019t exist. Organisations were essentially flying blind.<\/p>\n\n\n\n<p>Alexandre and I have always been driven by entrepreneurship, with complementary backgrounds: his legal and geopolitical lens, and my engineering and mathematical approach to cyber. Building a concrete, silo-breaking solution felt like the natural next step. We wanted to answer one simple question: \u201cWhat is the financial exposure of my company to cyber risk, and what should I do about it?\u201d<\/p>\n\n\n\n<p>Our motivation was clear: make cyber risk measurable, comparable and actionable for executives, insurers and financial institutions. Because once you can quantify it, you can finally manage it.<\/p>\n\n\n\n<p><strong>What exactly distinguishes your platform from traditional approaches to cyber insurance or cyber risk management? What technological levers do you use ? AI, threat intelligence, modelling?<\/strong><\/p>\n\n\n\n<p>Traditional approaches rely on external scoring or questionnaires. You\u2019re forced to choose between speed and substance: long questionnaires capture internal posture and business context, but are time-consuming and painful; external scans, while fast and necessary, only reveal technical signals visible from the outside.<\/p>\n\n\n\n<p>Meanwhile, cyber is a dynamically evolving risk. The limited historical loss data available becomes obsolete quickly, yet cyber remains one of the top risks for corporates and insurers. The industry needs a new approach that merges threat intelligence, business context, external and internal signals, and financial impact into a single coherent view\u2026 without compromising speed.<\/p>\n\n\n\n<p><a href=\"https:\/\/citalid.com\/\" target=\"_blank\" rel=\"noopener\">Citalid<\/a> is now the leading cyber risk quantification technology in Europe because it addresses this gap through three pillars:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Live cyber threat intelligence contextualized to specific sectors, geographies and offensive scenarios.<\/li>\n\n\n\n<li>Advanced modelling, mixing Bayesian networks, Monte-Carlo simulations and financial impact expertise.<\/li>\n\n\n\n<li>AI systems that automate analysis, correlate signals and detect risk propagation across IT systems and company portfolios.<\/li>\n<\/ul>\n\n\n\n<p>The outcome is a platform that goes far beyond maturity assessments. It computes incident likelihood, expected losses, worst-case scenarios, and the ROI of security and insurance strategies. In short: we translate cyber into the language of risk, capital and insurance, making it measurable, comparable and decision-ready.<\/p>\n\n\n\n<p><strong>You won the Swiss InsurTech Hub Summit &amp; Awards 2025 with the statement that cyber is the \u201cmost profitable and scalable sector of the next decade\u201d. Can you explain this in more detail, and how do you see the role of insurers in this?<\/strong><\/p>\n\n\n\n<p>Yes\u2026 or at least it should be, if we collectively build the right foundations!<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"622\" src=\"https:\/\/www.thebrokernews.ch\/wp-content\/uploads\/2025\/11\/29b3a629-4a3e-49d3-885d-a45064d537e7-1024x622.png\" alt=\"\" class=\"wp-image-24612\" srcset=\"https:\/\/dev.thebrokernews.ch\/wp-content\/uploads\/2025\/11\/29b3a629-4a3e-49d3-885d-a45064d537e7-1024x622.png 1024w, https:\/\/dev.thebrokernews.ch\/wp-content\/uploads\/2025\/11\/29b3a629-4a3e-49d3-885d-a45064d537e7-300x182.png 300w, https:\/\/dev.thebrokernews.ch\/wp-content\/uploads\/2025\/11\/29b3a629-4a3e-49d3-885d-a45064d537e7-768x466.png 768w, https:\/\/dev.thebrokernews.ch\/wp-content\/uploads\/2025\/11\/29b3a629-4a3e-49d3-885d-a45064d537e7-1536x933.png 1536w, https:\/\/dev.thebrokernews.ch\/wp-content\/uploads\/2025\/11\/29b3a629-4a3e-49d3-885d-a45064d537e7.png 1564w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Cyber is the only insurance line where underlying exposure is growing faster than capacity, modelling capabilities or underwriting expertise. Digitalization, AI adoption, cloud concentration and hyper-connected supply chains are creating exponential exposure. And yet we still see huge coverage gaps: limited capacity for large corporates, and limited market penetration for the mid-market.<\/p>\n\n\n\n<p>This combination creates a perfect storm of opportunity:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tremendous and accelerating demand<\/li>\n\n\n\n<li>Limited available capacity<\/li>\n\n\n\n<li>A critical need for better pricing, modelling and risk selection<\/li>\n<\/ul>\n\n\n\n<p>Insurers who truly master cyber today will shape the market for the next decade. I\u2019m convinced cyber will become a <strong>core strategic line of business<\/strong>, on par with property or specialty but far more scalable, because it underpins every modern organisation.<\/p>\n\n\n\n<p>The role of insurers is pivotal: not just to provide capital, but to <strong>drive resilience<\/strong>, improve security incentives, and help the entire economy understand and price digital risk with the same clarity as any other financial exposure.<\/p>\n\n\n\n<p><strong>After winning the 2025 Awards what are your next growth steps? In which markets do you want to expand? Which partner ecosystems are important to you?<\/strong><\/p>\n\n\n\n<p>Three priorities come to mind for our next phase of growth.<\/p>\n\n\n\n<p><em>1. Geographic expansion<\/em><\/p>\n\n\n\n<p>We already serve clients in a dozen countries, and our focus areas are Switzerland, Germany, the UK and North America. These markets combine high cyber exposure, mature insurance ecosystems and strong regulatory drivers.<\/p>\n\n\n\n<p><em>2. Deep integration within partner ecosystems<\/em><\/p>\n\n\n\n<p>Brokers, insurers, reinsurers, MGAs and GRC&nbsp;underwriting platform vendors are central to our strategy. Our aim is to make cyber risk quantification natively available where underwriting, risk selection and capital decisions are made.<\/p>\n\n\n\n<p><em>3. Scaling the product footprint.<\/em><\/p>\n\n\n\n<p>We\u2019re expanding our portfolio-level analytics for insurers and banks, especially around risk accumulation, systemic scenarios and the connection between cyber and credit risk.<\/p>\n\n\n\n<p>Switzerland is a strategic hub for us: highly mature, innovation-friendly, and globally connected. It\u2019s an ideal launchpad for international expansion.<\/p>\n\n\n\n<p><strong>In your opinion, what are the biggest obstacles that still prevent insurers from underwriting cyber risks in a data-driven way or assessing them accurately<\/strong>?<\/p>\n\n\n\n<p>Cyber risk presents a combination of obstacles that makes it one of the biggest actuarial challenges insurance has ever faced.<\/p>\n\n\n\n<p><em>A young risk with limited, inconsistent historical data<\/em><\/p>\n\n\n\n<p>There is no century-long loss history or universally accepted taxonomy. Without common definitions, benchmarks and exposure metrics, insurers struggle to calibrate models and write policies.<\/p>\n\n\n\n<p><em>Extremely high volatility<\/em><\/p>\n\n\n\n<p>Attacker behaviour, tools and incentives evolve at digital speed, making past loss data a weak predictor of future events.<\/p>\n\n\n\n<p><em>A human-driven, geopolitically sensitive threat<\/em><\/p>\n\n\n\n<p>Cyber risk is shaped by malicious intent, geopolitical tensions, economic cycles and emerging technologies \u2014 all factors that introduce deep uncertainty.<\/p>\n\n\n\n<p><em>A technically complex domain with scarce expertise<\/em><\/p>\n\n\n\n<p>Understanding vulnerabilities, controls, architectures and behaviours requires expertise that is rare\u2026 and in a tense hiring market, extremely hard for insurers to recruit and retain.<\/p>\n\n\n\n<p>All these factors lead to a lack of appropriate solutions on the market built to help insurers grow cyber insurance portfolios profitably and optimize underwriting processes based on a strong cyber expertise.<\/p>\n\n\n\n<p>Citalid helps overcome these gaps with standardised exposure metrics, live attacker-centric intelligence, and automated modelling that integrates natively into underwriting and risk workflows, making cyber quantifiable, comparable and insurable at scale.<\/p>\n\n\n\n<p><strong>How do your corporate customers specifically experience the benefits of your solution? Do you have any examples of how risks or premiums have changed?<\/strong><\/p>\n\n\n\n<p>Our cyber risk quantification engine actually powers two complementary products:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Citalid Portfolio<\/strong> \u2014 large-scale third-party risk quantification used for insurance underwriting, portfolio accumulation analysis, supply-chain risk management (TPRM), and even credit risk evaluation.<\/li>\n\n\n\n<li><strong>Citalid Core<\/strong> \u2014 detailed first-party risk modelling that helps corporates identify their most relevant scenarios, quantify exposure, and run what-if simulations to build an optimal security and insurance roadmap.<\/li>\n<\/ul>\n\n\n\n<p>Together, they create a virtuous risk-reduction loop: Portfolio users (insurers, brokers, financial institutions) are incentivized to co-sell Core to their most critical clients, because improving the insured\u2019s risk posture directly reduces their own exposure. It\u2019s a true win-win dynamic.<\/p>\n\n\n\n<p>Corporate users of our Citalid Core product usually report three concrete benefits:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Radical visibility: for the first time, executives understand which scenarios matter and the financial magnitude of each, in clear business language<\/li>\n\n\n\n<li>Optimized premiums and policy terms: some clients have reduced premiums by up to 20% or renegotiated conditions to accurately reflect their true risk, strengthening trust with their insurer<\/li>\n\n\n\n<li>Smarter investment decisions: instead of \u201cbuying everything,\u201d they prioritize security actions with the highest marginal risk-reduction impact, benefiting every stakeholder involved<\/li>\n<\/ul>\n\n\n\n<p>And on the insurer side, the value is symmetrical: one carrier used our models to reprice an entire portfolio after identifying clusters of companies with disproportionately high projected loss ratios\u2026 a pattern they simply couldn\u2019t detect before.<\/p>\n\n\n\n<p><strong>Cyber insurance traditionally has the problem of having few historical claims records. How do you deal with this? How do you model scenarios that are rare but still possible?<\/strong><\/p>\n\n\n\n<p>Traditional actuarial modelling of risks requires large, stable historical datasets\u2026 which simply don\u2019t exist in cyber. That\u2019s why we rely on <strong>Bayesian networks<\/strong>, and just to be clear: no, I\u2019m <em>not<\/em> talking about the yacht called \u201cBayesian\u201d someone from the audience mentioned to me after the Awards!<\/p>\n\n\n\n<p>In simple terms, a Bayesian network is a kind of explainable AI that combines <strong>expert a-priori knowledge<\/strong><strong> <\/strong>with<strong>a-posteriori real-world observations<\/strong>.<\/p>\n\n\n\n<p>On the one hand, we codify what cyber risk experts already know about attackers\u2019 victimology, behaviours, techniques and defenders\u2019 control effectiveness, likely business impacts and resilience. That becomes the <em>prior<\/em>: a structured, quantified understanding of how cyber incidents unfold, even before seeing any data.<\/p>\n\n\n\n<p>On the other hand, every new incident, be it a ransomware campaign, a data leak, a supply-chain compromise, \u2026 provides new signals. Bayesian updating through inference allows the model to learn and recalibrate from every new data point, even if they are rare or incomplete.<\/p>\n\n\n\n<p>This is crucial because cyber is the opposite of traditional actuarial domains: it\u2019s adversarial, interconnected and fast-evolving. Waiting for decades of loss data is simply not an option.<br>Bayesian networks allow us to <strong>augment scarce datasets with contextual intelligence and cyber expertise<\/strong>, and then refine the model continuously as reality evolves.<\/p>\n\n\n\n<p>The result is a genuinely new viewpoint for insurers: one that can model plausible but unseen scenarios, quantify tail events, and understand how risk propagates across technologies and supply chains. In other words, it gives actuaries a rigorous framework that finally matches the nature of the risk, which is why it resonates so strongly with carriers frustrated by the limitations of historical-only approaches.<\/p>\n\n\n\n<p class=\"has-pale-cyan-blue-background-color has-background\"><strong>Maxime Cartan<\/strong> is co-founder and CEO of Citalid, a technology scale-up recognized as the European leader in Cyber Risk Quantification (CRQ). He previously worked as a cyber threat intelligence specialist at ANSSI, the French national cybersecurity authority. He is a graduate of a prestigious engineering school and a renowned business school in France and holds certifications in Offensive Security (OSCP, CEH). Before joining ANSSI, Maxime was a partner at Hypermind, a startup company specializing in predictive geopolitical analysis.   <\/p>\n\n\n\n<p><em>The questions were asked by Binci Heeb. The second part of the interview will be published on Monday, December 1.<\/em><\/p>\n\n\n\n<p>Read also: <a href=\"https:\/\/www.thebrokernews.ch\/en\/startups-winners-and-strong-ideas-awards25\/\">Start-ups, winners and strong ideas: The InsurTech Awards 2025<\/a><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Maxime Cartan, CEO of Citalid, explains how cyber risk is becoming one of the most strategic and scalable opportunities in the insurance industry. His company transforms cyber threats into measurable financial metrics, enabling insurers, corporates and financial institutions to understand, assess and manage digital risk as an asset class. Thebrokernews talks to the winner of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":24602,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"footnotes":""},"categories":[5100,5134,5138],"tags":[8787,8789,8637,5286,6549,8784,8785,5671,8786,8788,5255,5631],"class_list":["post-24609","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-current","category-general","category-interviews-en","tag-bayesian-networks","tag-cyber-cat-simulation-en","tag-cyber-insurance-en-2","tag-cyber-risks","tag-expansion-en","tag-financial-investment","tag-market-penetration","tag-obstacles","tag-quantification","tag-risk-selection","tag-scalability-en","tag-transparency-en"],"acf":[],"cc_featured_image_caption":{"caption_text":"Cyber risks as a financial investment: Maxime Cartan, CEO and co-founder of Citalid.","source_text":"","source_url":""},"_links":{"self":[{"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/posts\/24609","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/comments?post=24609"}],"version-history":[{"count":3,"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/posts\/24609\/revisions"}],"predecessor-version":[{"id":24633,"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/posts\/24609\/revisions\/24633"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/media\/24602"}],"wp:attachment":[{"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/media?parent=24609"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/categories?post=24609"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.thebrokernews.ch\/en\/wp-json\/wp\/v2\/tags?post=24609"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}