Premium Estimation v3.0 Methodology

v2.0 · March 2026

A rate-justified cyber insurance premium estimation engine with 21 coverage lines, a 12-step multiplicative pricing pipeline, hazard group classification across 170+ industry subcategories, increased limit factors, incident-based loading, and Rankiteo score-based schedule credits/debits.

1. Executive Summary

The Rankiteo Premium Estimation Engine v3.0 produces rate-justified cyber insurance premiums across 21 distinct coverage lines. The engine ingests company profile data (industry, revenue, employee count), cybersecurity score, policy structure (limits, deductibles, aggregates, retro date), and historical incident data to produce granular per-coverage and aggregate premium estimates.

Key features of v3.0:

21 individually-rated coverage lines with actuarially-derived weights
12-step multiplicative pricing pipeline for full audit trail
NAICS-based revenue imputation when revenue is unknown
170+ industry subcategory hazard group mappings
Log-linear base rate interpolation across 47 revenue breakpoints
ILF curves calibrated to cyber loss severity distributions
Incident-based loading with recency weighting and severity normalization
Rankiteo score-based schedule factors for credit/debit adjustment
Multi-term output: 6-month, 1-year, and 2-year premiums

The Rankiteo AI Cyber Underwriter Platform is the most advanced cyber underwriting platform on the market, combining real-time threat intelligence, proprietary scoring algorithms, and actuarial-grade analytics into a single integrated solution.

2. Architecture Overview

The pricing pipeline consists of 12 sequential steps. Each step produces an intermediate value that feeds into the next, creating a fully auditable multiplicative chain.

┌─────────────────────────────────────────────────────────────────────┐ │ PREMIUM ESTIMATION PIPELINE v3.0 │ ├─────────────────────────────────────────────────────────────────────┤ │ │ │ Step 1: Revenue Imputation │ │ │ (NAICS lognormal priors if revenue unknown) │ │ ▼ │ │ Step 2: Base Rate Lookup │ │ │ (47 breakpoints, log-linear interpolation) │ │ ▼ │ │ Step 3: Hazard Group Classification │ │ │ (170+ NAICS subcategories → groups 2-9) │ │ ▼ │ │ Step 4: Hazard Factor Application │ │ │ (multiplicative factor per hazard group) │ │ ▼ │ │ Step 5: Coverage Factor Decomposition │ │ │ (21 coverage weights w_j) │ │ ▼ │ │ Step 6: Increased Limit Factor (ILF) │ │ │ (power-law scaling for limit and deductible) │ │ ▼ │ │ Step 7: Aggregate Factor │ │ │ (policy aggregate / coverage aggregate ratio) │ │ ▼ │ │ Step 8: BIL Adjustments │ │ │ (waiting hours + SIR factors) │ │ ▼ │ │ Step 9: Retro Date Factor │ │ │ (prior acts coverage discount/surcharge) │ │ ▼ │ │ Step 10: Rankiteo Schedule Factor │ │ │ (cybersecurity score credit/debit) │ │ ▼ │ │ Step 11: Incident Loading │ │ │ (severity, recency, type-weighted surcharge) │ │ ▼ │ │ Step 12: Final Assembly │ │ (per-coverage, aggregate, multi-term output) │ │ │ └─────────────────────────────────────────────────────────────────────┘

The final premium for each coverage j is:

P_j = BaseRate × HazardFactor(group_j) × w_j × ILF(limit, deductible) × AggregateFactor(r_A) × BIL_WaitingFactor (if coverage is BIL) × BIL_SIR_Factor (if coverage is BIL) × RetroDateFactor × RankiteoScheduleFactor × (1 + IncidentLoading) Total_Premium = SUM(P_j) for j = 1..21

3. Revenue Imputation (Table 1)

When a company's revenue is unknown, the engine imputes it using NAICS-based lognormal priors. Each NAICS sector has calibrated parameters derived from Bureau of Labor Statistics and Census data.

3.1 Imputation Formula

imputed_revenue = employees × exp(mu_g) Where: employees = known employee count for the company mu_g = lognormal location parameter for NAICS group g exp() = natural exponential function

3.2 NAICS Sector Mappings (Selected)

The following table shows representative mappings from the full 100+ sector table:

NAICS Code	Sector	mu_g	Revenue/Employee (exp(mu_g))
11	Agriculture, Forestry, Fishing	11.51	$99,484
21	Mining, Quarrying, Oil & Gas	12.89	$395,445
22	Utilities	13.12	$497,702
23	Construction	12.02	$165,822
31–33	Manufacturing	12.21	$200,671
42	Wholesale Trade	13.01	$445,858
44–45	Retail Trade	11.78	$131,064
48–49	Transportation & Warehousing	11.62	$110,803
51	Information	12.55	$282,735
52	Finance & Insurance	13.42	$670,320
53	Real Estate	12.88	$393,460
54	Professional, Scientific & Technical	11.92	$149,569
55	Management of Companies	12.78	$355,597
56	Administrative & Waste Services	11.29	$79,838
61	Educational Services	10.82	$50,171
62	Health Care & Social Assistance	11.18	$71,522
71	Arts, Entertainment & Recreation	11.05	$57,166
72	Accommodation & Food Services	10.71	$44,845
81	Other Services	11.00	$54,598
92	Public Administration	11.41	$90,250

If the NAICS code is unavailable, the engine falls back to the all-industry median: mu_g = 11.85 (approximately $139,771 per employee).

4. Base Rate Lookup (Table 2)

The base rate is determined by the company's revenue using a lookup table with 47 breakpoints ranging from $250,000 to $1.5 billion. Between breakpoints, log-linear interpolation is applied.

4.1 Interpolation Formula

// Log-linear interpolation between breakpoints base_rate = exp( ln(rate_low) + (ln(revenue) - ln(rev_low)) × (ln(rate_high) - ln(rate_low)) / (ln(rev_high) - ln(rev_low)) ) Where: rev_low, rev_high = adjacent revenue breakpoints rate_low, rate_high = corresponding base rates revenue = company revenue (actual or imputed)

4.2 Selected Breakpoints

Revenue	Base Rate	Revenue	Base Rate
$250,000	$1,250	$25,000,000	$18,750
$500,000	$1,875	$50,000,000	$28,125
$1,000,000	$2,813	$75,000,000	$35,156
$2,500,000	$4,219	$100,000,000	$42,188
$5,000,000	$6,328	$250,000,000	$63,281
$7,500,000	$8,438	$500,000,000	$94,922
$10,000,000	$10,547	$750,000,000	$118,652
$15,000,000	$13,184	$1,000,000,000	$142,383
$20,000,000	$15,820	$1,500,000,000	$177,979

Revenue below $250,000 uses the $250,000 rate. Revenue above $1.5B uses the $1.5B rate with no further extrapolation (manual underwriting recommended for very large accounts).

5. Hazard Group Classification (Table 13 / Appendix A)

Each company is classified into a hazard group (2 through 9) based on its NAICS industry subcategory. Hazard groups reflect the inherent cyber risk associated with an industry, independent of the individual company's security posture.

The classification uses three separate hazard group assignments per industry, reflecting that different coverage types have different loss profiles:

breach — hazard group for breach-related coverages (privacy liability, breach costs)
BIL — hazard group for business income loss coverage
all_other — hazard group for remaining coverages (security liability, cyber extortion, etc.)

5.1 Representative Industry Mappings

Industry Subcategory	NAICS	Breach	BIL	All Other
Hospitals	622	9	8	7
Health Insurance Carriers	524114	9	7	8
Commercial Banking	522110	8	8	8
Software Publishers	511210	7	9	7
Cloud Computing / Data Hosting	518210	8	9	8
Retail E-commerce	454110	8	7	6
General Freight Trucking	484110	4	5	4
Crop Production	111	3	3	2
Restaurants	722511	5	4	4
Legal Services	541110	7	5	6
K-12 Education	611110	7	6	5
Electric Power Generation	221112	5	8	7
Telecommunications	517	7	8	7
Investment Banking	523110	8	7	8
General Construction	236	3	4	3

The full table contains 170+ subcategory mappings. When a company's NAICS code does not match a specific subcategory, the engine falls back to the 2-digit NAICS sector default (hazard group 5 for all coverage types).

6. Hazard Multiplicative Factors (Table 3)

Each hazard group maps to a multiplicative factor applied to the base rate. Group 5 is the reference group (factor = 1.00).

Hazard Group	Factor	Interpretation
2	0.65	35% discount — minimal inherent cyber exposure
3	0.75	25% discount — low inherent cyber exposure
4	0.85	15% discount — below-average exposure
5	1.00	Reference group — average cyber exposure
6	1.33	33% surcharge — above-average exposure
7	1.75	75% surcharge — elevated exposure
8	2.33	133% surcharge — high exposure
9	2.91	191% surcharge — extreme exposure

7. Coverage Factors w_j (Table 4)

Each of the 21 coverage lines has an actuarially-derived weight (w_j) that determines its share of the total premium. Weights reflect the expected loss cost contribution of each coverage relative to the base rate.

#	Coverage	Code	w_j	Rationale
1	Security Liability	`security_liability`	0.50	Third-party claims from security failures
2	Privacy Liability	`privacy_liability`	0.50	Third-party claims from privacy violations
3	Breach Cost	`breach_cost`	4.60	Notification, credit monitoring, forensics — highest frequency
4	Business Income Loss	`business_income_loss`	0.73	Revenue loss from system downtime
5	Dependent Business Income Loss	`dependent_bil`	0.37	Revenue loss from third-party outages
6	Digital Asset Restoration	`digital_asset`	0.30	Cost to restore corrupted/destroyed data
7	Cyber Extortion	`cyber_extortion`	0.85	Ransom payments and negotiation costs
8	Ransomware BIL	`ransomware_bil`	0.55	Income loss specifically from ransomware events
9	Reputational Harm	`reputational_harm`	0.20	Revenue loss from brand damage post-breach
10	Criminal Reward	`criminal_reward`	0.05	Reward funds to identify perpetrators
11	PCI Fines & Penalties	`pci_fines`	0.15	Payment card industry regulatory fines
12	Regulatory Defense	`regulatory_defense`	0.25	Legal costs defending regulatory actions
13	Regulatory Fines	`regulatory_fines`	0.30	Government-imposed penalties (GDPR, CCPA, etc.)
14	Media Liability	`media_liability`	0.10	Claims from digital content (defamation, IP)
15	Funds Transfer Fraud	`funds_transfer`	0.35	Losses from fraudulent wire transfers
16	Social Engineering	`social_engineering`	0.30	BEC and impersonation fraud losses
17	Telecommunications Fraud	`telecom_fraud`	0.08	Unauthorized use of telecom services
18	Invoice Manipulation	`invoice_manipulation`	0.15	Altered payment instructions fraud
19	Cryptojacking	`cryptojacking`	0.05	Unauthorized cryptocurrency mining costs
20	System Failure BIL	`system_failure_bil`	0.22	Income loss from non-cyber system failures
21	Bricking	`bricking`	0.20	Hardware rendered inoperable by cyber attack

The sum of all weights is 10.80, meaning the total premium across all 21 coverages is approximately 10.8× the base rate before other adjustment factors. Breach cost dominates at 4.60 (42.6% of total weight).

8. Increased Limit Factor (ILF)

The ILF adjusts the premium for the selected per-occurrence limit and deductible. The formula is calibrated to the heavy-tailed nature of cyber loss severity distributions, using a power-law relationship.

8.1 ILF Formula

ILF(L, d) = (L / 1,000,000)^0.682 × (d / 10,000)^(-0.035) Where: L = per-occurrence limit ($) d = per-occurrence deductible ($) Reference point: ILF(1,000,000, 10,000) = 1.0

8.2 ILF Example Values

Limit	Deductible $10K	Deductible $25K	Deductible $50K	Deductible $100K
$500,000	0.624	0.618	0.613	0.609
$1,000,000	1.000	0.991	0.983	0.976
$2,000,000	1.603	1.588	1.576	1.564
$3,000,000	2.087	2.068	2.052	2.037
$5,000,000	2.870	2.844	2.822	2.801
$10,000,000	4.600	4.559	4.524	4.490

The exponent 0.682 (less than 1.0) reflects the sub-linear scaling of loss costs with limit — doubling the limit does not double the premium. The deductible exponent -0.035 provides a small credit for higher deductibles.

9. Aggregate Factor (Table 8)

The aggregate factor adjusts for the relationship between the policy aggregate limit and the per-coverage aggregate limit. A higher ratio provides more total capacity and warrants a surcharge.

9.1 Aggregate Ratio

r_A = policy_aggregate / coverage_aggregate Where: policy_aggregate = total policy limit across all occurrences coverage_aggregate = per-coverage aggregate limit

9.2 Interpolation Table

r_A	Factor	r_A	Factor
1.00	1.000	2.50	1.125
1.25	1.0625	3.00	1.150
1.50	1.075	3.50	1.175
1.75	1.0875	4.00	1.200
2.00	1.100	5.00	1.250

Values between table entries are linearly interpolated. Ratios below 1.0 use factor 1.000. Ratios above 5.0 are capped at 1.250.

10. BIL Waiting Hours Factor (Table 9)

Business Income Loss coverages include a waiting period before coverage attaches. Shorter waiting periods increase exposure and warrant a surcharge; longer periods reduce it.

Waiting Period	Factor	Impact
6 hours	1.09	9% surcharge — very short waiting period
8 hours	1.05	5% surcharge
12 hours	1.00	Reference — standard waiting period
24 hours	0.92	8% credit
96 hours	0.80	20% credit — extended waiting period

This factor applies only to BIL-related coverages: business_income_loss, dependent_bil, ransomware_bil, and system_failure_bil. All other coverages use a factor of 1.00.

11. BIL SIR Factor (Table 10)

The Self-Insured Retention (SIR) for BIL coverages adds a secondary retention specific to income loss claims. Higher SIR values increase the factor because they indicate the insured is retaining more risk before coverage applies, which paradoxically correlates with higher underlying exposure in the BIL context.

BIL SIR	Factor
$5,000	0.99
$10,000	1.00
$25,000	1.03
$50,000	1.07
$100,000	1.11

12. Retro Date Factor (Table 11)

The retroactive date determines how far back in time the policy covers incidents that are discovered during the policy period. A longer retro period increases the insurer's exposure to latent claims.

Retro Date	Factor	Description
None (inception only)	0.85	15% credit — no prior acts coverage
≤ 1 year prior	0.90	10% credit — limited retro period
≤ 2 years prior	0.94	6% credit
≤ 3 years prior	0.98	2% credit
> 3 years prior (full)	1.00	No adjustment — full prior acts

13. Rankiteo Schedule Factor (Table 12)

The Rankiteo Schedule Factor provides a credit or debit based on the company's cybersecurity score. This is the mechanism by which Rankiteo's scoring directly influences the premium, rewarding strong security postures and penalizing weak ones.

Score Range	Band	Factor	Premium Impact
≥ 900	Aaa	0.90	10% credit
≥ 850	Aa	0.95	5% credit
≥ 800	A	0.98	2% credit
≥ 750	Baa	1.00	No adjustment
≥ 700	Ba	1.03	3% surcharge
≥ 650	B	1.06	6% surcharge
≥ 600	Caa	1.10	10% surcharge
< 600	Ca / C	1.15	15% surcharge

14. Default Sublimits (Table 7)

When the user does not specify per-coverage sublimits, the engine applies default sublimits expressed as a percentage of the per-occurrence policy limit.

Coverage	Default Sublimit	Notes
Security Liability	100% of limit	Full limit
Privacy Liability	100% of limit	Full limit
Breach Cost	100% of limit	Full limit
Business Income Loss	100% of limit	Full limit
Dependent BIL	50% of limit	Sub-limited
Digital Asset Restoration	100% of limit	Full limit
Cyber Extortion	100% of limit	Full limit
Ransomware BIL	50% of limit	Sub-limited
Reputational Harm	25% of limit	Heavily sub-limited
Criminal Reward	$25,000 or 5%	Capped
PCI Fines & Penalties	100% of limit	Full limit
Regulatory Defense	100% of limit	Full limit
Regulatory Fines	50% of limit	Sub-limited
Media Liability	25% of limit	Heavily sub-limited
Funds Transfer Fraud	$250,000 or 25%	Capped
Social Engineering	$250,000 or 25%	Capped
Telecom Fraud	$50,000 or 5%	Capped
Invoice Manipulation	$250,000 or 25%	Capped
Cryptojacking	$100,000 or 10%	Capped
System Failure BIL	50% of limit	Sub-limited
Bricking	25% of limit	Heavily sub-limited

15. Incident Loading

Companies with historical cyber incidents receive an additive loading on top of the base premium. The loading is computed using three dimensions: severity normalization, recency weighting, and incident type weighting.

15.1 Severity Normalization

Each incident's raw severity is normalized to a 0–1 scale based on reported impact. If severity data is unavailable, a default of 0.5 is used.

15.2 Recency Weighting

More recent incidents contribute more heavily to the loading factor. The recency weight decays based on the age of the incident:

Incident Age	Recency Weight
0–12 months	1.0
13–24 months	0.7
25–36 months	0.5
> 36 months	0.2

15.3 Incident Type Weights

Different incident types carry different weights reflecting their expected claim cost impact:

Incident Type	Type Weight	Rationale
Ransomware	1.35	Highest severity — ransom + BIL + recovery
Data Breach	1.25	High notification and regulatory costs
Cyber Attack (general)	1.15	Broad category, elevated impact
Business Email Compromise	1.10	Direct financial loss
Supply Chain Compromise	1.20	Cascading impact across organizations
Malware	1.00	Reference weight
DDoS	0.90	Typically limited to availability impact
Phishing	0.85	Often contained with limited direct loss
Credential Theft	0.80	Precursor event, limited standalone loss
Other / Unknown	0.75	Default for unclassified incidents

15.4 Loading Formula

incident_loading = SUM over all incidents i: severity_i × recency_weight_i × type_weight_i // Cap the total loading at 50% (0.50) capped_loading = min(0.50, incident_loading) // Applied as: premium × (1 + capped_loading) Example: Ransomware 6 months ago, severity 0.8: 0.8 × 1.0 × 1.35 = 1.08 Data breach 18 months ago, severity 0.6: 0.6 × 0.7 × 1.25 = 0.525 Total loading = min(0.50, 1.08 + 0.525) = 0.50 (capped) Premium multiplier = 1.50

16. Coverage Alerts

The engine generates alerts when coverage parameters fall outside recommended thresholds. Three alert levels are used:

Alert Level	Meaning	Action Required
AVOID	Coverage parameters pose unacceptable risk	Do not bind — requires restructuring
WARNING	Parameters are outside normal bounds	Senior underwriter review required
CAUTION	Parameters are near boundary conditions	Note in file — monitor at renewal

16.1 Alert Triggers

Alerts are evaluated per coverage type based on the relationship between the selected sublimit, the company's score, and the industry hazard group. Examples:

AVOID: Ransomware BIL sublimit > $5M for hazard group 8–9 companies with score < 600
WARNING: Cyber extortion sublimit > $2M with no EDR confirmed
CAUTION: Dependent BIL sublimit > 50% of limit for companies with 3+ cloud providers

17. Premium at Limit Scaling

For generating premium estimates at multiple limit tiers, the engine applies a power-law scaling formula relative to the reference limit:

premium_at_limit = base_premium × (limit / reference_limit)^0.75 Where: base_premium = premium computed at the reference limit limit = target limit for the tier reference_limit = the primary policy limit (typically $1M) 0.75 = scaling exponent (sub-linear) Example limit tiers: $500K, $1M, $2M, $3M, $5M, $10M At $5M limit (reference $1M): premium_at_5M = base_premium × (5,000,000 / 1,000,000)^0.75 = base_premium × 5^0.75 = base_premium × 3.344

This sub-linear scaling reflects the diminishing marginal loss probability at higher layers. The exponent 0.75 is calibrated to observed cyber loss severity distributions.

18. Output Structure

The engine produces a comprehensive output object containing premiums at multiple terms and granularities:

18.1 Term-Based Premiums

Term	Multiplier	Description
6 months	0.55	Short-term policy (slightly more than half due to fixed costs)
1 year	1.00	Reference term
2 years	1.85	Multi-year discount (7.5% per year)

18.2 Output Object Structure

{ "company_id": "acme-corp", "computed_at": "2026-03-25T12:00:00Z", "policy_params": { "limit": 1000000, "deductible": 10000, "policy_aggregate": 2000000, "retro_date": "2023-01-01", "bil_waiting_hours": 12, "bil_sir": 10000 }, "factors": { "base_rate": 10547, "hazard_factor": 1.75, "ilf": 1.000, "aggregate_factor": 1.100, "bil_waiting_factor": 1.00, "bil_sir_factor": 1.00, "retro_date_factor": 1.00, "rankiteo_schedule_factor": 0.95, "incident_loading": 0.12 }, "premiums": { "6m": { "total": 62415, "per_coverage": { ... } }, "1y": { "total": 113482, "per_coverage": { "security_liability": 5250, "privacy_liability": 5250, "breach_cost": 48300, "business_income_loss": 7665, "dependent_bil": 3885, "digital_asset": 3150, "cyber_extortion": 8925, "ransomware_bil": 5775, "reputational_harm": 2100, "criminal_reward": 525, "pci_fines": 1575, "regulatory_defense": 2625, "regulatory_fines": 3150, "media_liability": 1050, "funds_transfer": 3675, "social_engineering": 3150, "telecom_fraud": 840, "invoice_manipulation": 1575, "cryptojacking": 525, "system_failure_bil": 2310, "bricking": 2100 } }, "2y": { "total": 209942, "per_coverage": { ... } } }, "limit_tiers": { "500K": { "total": 59500, ... }, "1M": { "total": 113482, ... }, "2M": { "total": 190600, ... }, "3M": { "total": 255200, ... }, "5M": { "total": 379300, ... }, "10M": { "total": 637100, ... } }, "alerts": [ { "level": "CAUTION", "coverage": "cyber_extortion", "message": "Sublimit exceeds 100% of limit for hazard group 7" } ] }

19. Glossary

Term	Definition
Base Rate	The starting premium amount determined by company revenue, before any adjustment factors are applied.
Hazard Group	An industry-based classification (2–9) reflecting inherent cyber risk exposure, independent of individual company security posture.
Coverage Factor (w_j)	The actuarially-derived weight assigned to each coverage line, representing its expected share of total loss cost.
ILF	Increased Limit Factor — adjusts the premium for the selected per-occurrence limit and deductible using a power-law formula.
Aggregate Factor	Adjustment for the ratio between policy aggregate and per-coverage aggregate limits.
BIL	Business Income Loss — coverage for revenue lost due to system downtime from a cyber event.
SIR	Self-Insured Retention — the amount the insured must pay before coverage attaches, similar to a deductible but with different legal implications.
Retro Date	Retroactive date — the earliest date from which incidents are covered under a claims-made policy.
Schedule Factor	A credit or debit applied based on the Rankiteo cybersecurity score, rewarding strong security postures.
Incident Loading	An additive surcharge based on historical cyber incidents, weighted by severity, recency, and type.
NAICS	North American Industry Classification System — a standard for classifying business establishments by industry.
Lognormal Prior	A statistical distribution assumption used to impute revenue from employee count based on industry-specific parameters.
Sublimit	A maximum payout for a specific coverage type, expressed as a dollar amount or percentage of the policy limit.
Claims-Made	A policy form that covers claims first made (reported) during the policy period, regardless of when the incident occurred (subject to retro date).
Power-Law Scaling	A mathematical relationship where one quantity varies as a power of another (e.g., premium scales as limit^0.75).
Log-Linear Interpolation	Interpolation performed in logarithmic space, producing smooth curves between breakpoints that follow exponential growth patterns.

This methodology document is maintained by the Rankiteo Actuarial and Analytics team. The pricing model is reviewed quarterly and recalibrated annually against observed loss data. For questions or feedback, contact [email protected]. Last updated March 2026.