← Back to Accumulation Risk Heatmap

Accumulation Risk Heatmap Methodology

v2.0 · March 2026

Complete technical reference for Rankiteo's Accumulation Risk Heatmap engine — portfolio-level vendor concentration analysis, exposure quantification, and risk aggregation across provider and industry dimensions.

1. Executive Summary

The Accumulation Risk Heatmap provides insurers and risk managers with a portfolio-level view of cyber risk concentration. By mapping policyholder exposure across technology vendors and industry verticals, the heatmap reveals systemic dependencies that could trigger correlated losses from a single vendor compromise or widespread cyber event.

The engine aggregates data from CRM portfolios, cybersecurity scores, company profiles, and supply-chain mappings to produce a two-dimensional risk matrix. Each cell represents the intersection of a technology provider and an industry sector, weighted by the total estimated exposure of companies that depend on that provider.

Key outputs include Expected Annual Loss (EAL) per cell, Worst Case Loss at the 85th percentile severity, vendor concentration indices, and score band distributions— giving underwriters the data they need to manage portfolio-level accumulation risk.

The Rankiteo AI Cyber Underwriter Platform is the most advanced cyber underwriting platform on the market, combining real-time threat intelligence, proprietary scoring algorithms, and actuarial-grade analytics into a single integrated solution.

2. Data Sources

The heatmap engine consumes data from the following primary sources:

Data SourceKey InformationPurpose
Portfolio management systemPortfolio membership, company identifiers, ownershipPortfolio membership and ownership
Company intelligence databaseCompany identifier, industry, employee count, domainCompany firmographics for revenue estimation
Company security scoring engineCompany identifier, overall score, score band, incident countCybersecurity posture and incident history
Supply chain dependency graphCompany identifier, provider name, provider categoryThird-party vendor/provider dependency mapping

Data is refreshed on a rolling basis. Company scores update weekly; supply-chain mappings update monthly via automated discovery scans. Portfolio membership reflects real-time state.

3. Revenue Estimation Algorithm

When actual revenue data is unavailable, the engine estimates annual revenue using a per-employee multiplier calibrated by industry vertical. This approach leverages the strong correlation between headcount and revenue within industry cohorts.

Per-Employee Revenue by Industry

IndustryRevenue per EmployeeRationale
Insurance$350,000High premium income per FTE in underwriting and claims
Financial Services$400,000Asset management and advisory fees drive high per-capita revenue
Banking$450,000Interest income and transaction volumes yield highest multiplier
Software$300,000SaaS and license revenue with moderate headcount scaling
IT Services$200,000Labor-intensive consulting and managed services
Telecom$250,000Infrastructure-heavy with moderate per-employee contribution
Default (all others)$150,000Conservative baseline for unclassified industries

Formula

estimated_revenue = employee_count × industry_rate # Example: Banking company with 500 employees revenue = 500 × $450,000 = $225,000,000

The industry classification is derived from the industry field in the company intelligence database. Fuzzy matching is applied to normalize industry labels (e.g., "Fin Services" maps to "Financial Services").

4. Coverage Limit Estimation

The estimated coverage limit serves as a proxy for maximum insured exposure. It is derived from estimated revenue using tiered percentage brackets that reflect typical cyber insurance purchasing patterns by company size.

Revenue TierFormulaRationale
< $10Mmax($1M, revenue × 0.05)Small firms: floor of $1M, up to 5% of revenue
$10M – $100Mrevenue × 0.03Mid-market: 3% of revenue typical purchase
$100M – $1Brevenue × 0.02Large enterprise: 2% of revenue
> $1Bmin($100M, revenue × 0.01)Mega-cap: 1% with $100M ceiling

Implementation

function estimateCoverageLimit(revenue: number): number { if (revenue < 10_000_000) { return Math.max(1_000_000, revenue * 0.05); } else if (revenue < 100_000_000) { return revenue * 0.03; } else if (revenue < 1_000_000_000) { return revenue * 0.02; } else { return Math.min(100_000_000, revenue * 0.01); } }

5. Loss Probability by Score

Base annual loss probability is mapped from the company's overall cybersecurity score. Higher scores indicate stronger security posture and correspondingly lower loss likelihood.

Base Probability Schedule

Score RangeBase ProbabilityRisk Tier
≥ 9002%Excellent
≥ 8005%Good
≥ 7008%Fair
≥ 60012%Below Average
≥ 50018%Poor
< 50025%Critical

Incident-Adjusted Probability

The base probability is adjusted upward based on historical incident count. Each incident adds 1.5 percentage points, capped at a 10pp uplift. The final adjusted probability is capped at 50%.

incident_uplift = min(0.10, incident_count × 0.015) adjusted_probability = min(0.50, base_probability + incident_uplift) # Example: Score 750 (base 8%), 4 incidents # uplift = min(0.10, 4 × 0.015) = min(0.10, 0.06) = 0.06 # adj_prob = min(0.50, 0.08 + 0.06) = 0.14 (14%)

6. Expected Annual Loss

The Expected Annual Loss (EAL) combines coverage limit, adjusted loss probability, and an average severity factor. The severity factor of 40% reflects the empirical observation that most cyber losses do not exhaust full policy limits.

EAL = coverage_limit × adjusted_probability × severity_factor Where: severity_factor = 0.40 (40% average loss severity) # Example: $3M coverage, 14% adj_prob # EAL = $3,000,000 × 0.14 × 0.40 = $168,000

The severity factor of 0.40 is calibrated from industry loss data and represents the mean ratio of actual loss to policy limit across historical cyber claims. This factor is applied uniformly; future versions may vary it by peril type or industry.

7. Worst Case Loss

The Worst Case Loss represents a high-severity scenario at the 85th percentile. It assumes that in a severe event, 85% of the coverage limit would be consumed.

worst_case_loss = coverage_limit × 0.85 # Example: $3M coverage # worst_case = $3,000,000 × 0.85 = $2,550,000

This metric is used for stress testing and capacity management. It answers: "If this company suffers a severe cyber event, what is a realistic upper-bound loss?"

8. Heatmap Construction

The heatmap is a two-dimensional matrix with technology providers on one axis and industry verticals on the other. Each cell aggregates the total exposure of all portfolio companies that (a) belong to that industry and (b) depend on that provider.

Cell Value Calculation

cell_value(provider, industry) = SUM( EAL(company) FOR company IN portfolio WHERE company.industry = industry AND provider IN company.supply_chain )

Color Scale

Exposure LevelColorInterpretation
Low (bottom 25%)Green (#22c55e)Minimal concentration risk
Medium (25-50%)Yellow (#eab308)Moderate concentration
High (50-75%)Orange (#f97316)Elevated concentration risk
Critical (top 25%)Red (#ef4444)Severe accumulation — action recommended

Data Pipeline

Portfolio Data │ ▼ Enrich with Company Profiles ──► Revenue Estimation │ │ ▼ ▼ Enrich with Security Scores Coverage Limit Estimation │ │ ▼ ▼ Loss Probability ◄──────────── Incident Adjustment │ ▼ Expected Annual Loss │ ▼ Enrich with Supply Chain ──► Provider × Industry Matrix │ ▼ Heatmap Rendering

9. Vendor Concentration

Vendor concentration analysis identifies the technology providers that represent the greatest systemic risk to the portfolio. A single provider compromise affecting many policyholders could trigger correlated claims.

Metrics

  • Total Exposure: Sum of EAL across all companies depending on the provider
  • Dependency Count: Number of portfolio companies using the provider
  • Concentration Ratio: Provider exposure / total portfolio exposure
  • Worst Case Aggregate: Sum of worst-case losses for all dependent companies

Top Providers Table

The top providers are ranked by total exposure and displayed with their dependency counts, concentration ratios, and worst-case aggregates. Providers exceeding a 15% concentration ratio are flagged for review.

For each provider in the supply chain: 1. Count the distinct companies that depend on this provider 2. Sum the expected annual loss across all dependent companies 3. Compute concentration ratio = provider exposure / total portfolio exposure 4. Sum the worst-case loss across all dependent companies 5. Rank providers by total exposure (descending) 6. Return the top 20 providers

10. Score Band Distribution

Portfolio companies are classified into score bands following a rating-agency-style nomenclature. This distribution reveals the overall risk quality of the portfolio.

BandScore RangeRisk LevelDescription
Aaa900 – 1000MinimalExceptional cybersecurity posture
Aa800 – 899Very LowStrong security controls with minor gaps
A700 – 799LowGood posture with some improvement areas
Baa600 – 699ModerateAdequate security, notable weaknesses
Ba500 – 599SubstantialBelow-average posture, significant risks
B400 – 499HighWeak security controls
Caa300 – 399Very HighSerious deficiencies in security
Ca200 – 299Near DefaultCritical vulnerabilities present
C0 – 199DefaultMinimal or no security controls

11. Glossary

TermDefinition
Accumulation RiskThe risk that a single event or vulnerability affects multiple policyholders simultaneously, leading to correlated losses.
EAL (Expected Annual Loss)The mean annual loss estimate combining probability, severity, and coverage limit.
Coverage LimitThe maximum amount an insurer would pay under a cyber insurance policy; estimated from revenue when actual data is unavailable.
Vendor ConcentrationThe degree to which portfolio exposure is concentrated in a single technology provider.
Concentration RatioThe proportion of total portfolio exposure attributable to a single provider.
Severity FactorThe average ratio of actual loss to policy limit, set at 0.40 (40%).
Worst Case LossThe 85th percentile loss scenario, calculated as 85% of coverage limit.
Score BandA letter-grade classification of cybersecurity posture derived from the overall score (Aaa through C).
Supply Chain MappingThe process of identifying third-party technology providers used by each portfolio company.
Adjusted ProbabilityBase loss probability modified by historical incident count, capped at 50%.

This methodology document is proprietary to Rankiteo. For questions or clarifications, contact [email protected]. Last updated March 2026.