A cyber risk profile is a complex measure of an organization's security posture. It paints a picture of your risk related to technical aspects such as network and system security liability and network interruption, as well as more organizational aspects such as cyber defense maturity.
Although many organizations develop their own risk profiles for internal uses ― like improving security ― cyber insurance carriers use cyber risk profiles as a tool to determine risk when writing policies. A carrier takes the results of an organization's assessments and creates its own profile, incorporating additional information that develops a deeper understanding of that organization's risk.
According to Julian Waits, CEO of cyberriskadvisory firm PivotPoint Risk Analytics, "The first thing an insurance company does when building a cyber risk profile [on a prospective insurant] is to determine if the house is on fire or not. Are there things that are obviously wrong with a given environment from a security perspective, from an end-user training perspective, from the maturity of the executive perspective that says we should be leery of covering a risk in this environment?"
