According to Gallagher, in 2019_: "1.4m UK SMES suffered a cyber-attack/significant security incident. This cost the economy £8.8bn with the average attack costing £6,500\. 17% spent \>£10k to combat an incident with 10% paying out \>£20k. 23% of SMEs couldn't survive for \> a month if unable to trade following an incident ... 57,000 SMEs could be at risk of collapse."_ COVID-19 has dramatically increased these risks. Cyber-criminals are adapting their tactics and targeting endpoint vulnerabilities exposed by the surge in home working. In Q2, UK businesses reported a 92% increase in cyber-attacks (VMWare). ZNET identifies a 72% increase in file-encrypted malware in the last three months and notes that ransomware attacks are now focused on stealing data as well as encrypting it. As a recent example, on 17 July, the NCSC exposed Russian attacks on Covid-19 vaccine developers. These risks are unlikely to reduce in a post-COVID environment. A recent Gartner poll shows that 48% of employees will likely work remotely at least part of the time after COVID-19 versus 30% before the pandemic. SMEs are particularly vulnerable to remote working attacks as they typically lack the resources required to protect against cybercrime. Given the increased number of attacks, over 100,000 UK SMEs could now be at risk of collapse. Per Aon "_Over the past few years, bring your own device ("BYOD") programs have increased in popularity as organizations aim to increase employee mobility._ _In 2018, 45% of UK businesses allowed employees to use their own devices."_ A July 2020 survey by CyberArk shows that 77% of remote employees are now using unmanaged, insecure BYOD to access corporate systems. Per Aon _"Ideally, entirely separate devices should exist for corporate and personal data. However,_ _most organizations that did not follow a policy of issuing employees separate corporate devices prior to the coronavirus outbreak are highly unlikely to incur the costs of doing so now._ _...**As a result, there is an increased risk of data leakage particularly if personal devices are shared between family members or insecure network connections are being used**._" SMEs, while among the most vulnerable organisations, lack the specialists to assist them defend against the threat. Cyber risk management needs to be democratised to allow non-specialists to manage the basics of cyber defence. The Innovation Focus is to extend and repurpose InsurTechnix's existing software to meet the needs that Aon and many others describe by: **1\. Providing a means by which SMEs can ensure that laptops and phones, including BYOD, being used to access their networks meet the minimum security thresholds to defend against/avoid the substantial majority of threats;** and, **2\. Characterising, quantifying and reporting the data held on distributed devices, including BYOD, so that the risk of a data breach can be minimised by reducing the nature and volume of data held in higher-risk environments.**

"A decade ago, if you wanted car insurance you went to a high street broker and completed a paper form. Even though the risk was often badly priced, both the broker and the underwriter typically made a healthy margin. Today, automotive insurance is highly automated. Risk, particularly for younger drivers is 'personalised' via an on-board black-box that allows good driving behaviour to be rewarded in a transparent way that reduces risk for both parties. The old-style brokers are gone, much of the market is now direct and new business models such as 'compare the market' result in fewer players transacting on finer margins. Cyber insurance is one of the most dynamic and fastest growing areas of insurance today. Yet, when a company applies for cyber insurance, it is still required to complete a questionnaire (paper or phone) providing generic information. The annual premium bears little relation to the company's current risk and cannot not account for dynamic changes. As premiums are high, many elect not to insure or find themselves under-insured/not covered for a particular risk. We believe that what happened to car insurance is about to happen to the cyber insurance market and we intend leading this transformation. Our project applies AI/data techniques ('cybermatics') to the UK cyber insurance market. We have already developed a cyber risk detection product which collects risk data from business devices. We will apply AI to this data to enable UK insurers to better price cyber risk premiums and reward good cyber risk management through reductions in insurance premiums. Insurance is a global market in which the UK has led the world. We believe that: * our software and data-enabled transformation of the business model can help the UK defend and grow its position in cyber insurance; * we merit InnovateUK's support because of the need to out-innovate some of the massive insurers from the Far East and Asia who are beginning to exploit markets beyond their borders. If we want to see off these challenges, we have to bring in new models, and do so before it is too late; and * a product that helps reduce the UK's exposure to cyber-attack is a net public good, and increasingly crucial in an age where asymmetric non-conventional attacks as an instrument of policy are prevalent by rogue states."