Xylo quantifies uninsured financial exposure from systemic failure scenarios. It translates operational risk into balance-sheet language.
A company can suffer complete operational shutdown without a single breach, without physical damage, and without data theft. Traditional insurance was never designed for this.
Your supplier's supplier gets breached. Your systems are untouched. Your revenue stops. Your cyber policy won't trigger — there's no insured event on your network.
Business interruption cover typically requires physical damage. A cloud outage that costs you millions produces no physical damage whatsoever.
If contingent business interruption was purchased at all, it's heavily capped or excluded. The gap between belief and reality is where Xylo lives.
Companies are exposed to material financial losses they genuinely believe are covered. This belief gap is what Xylo makes visible.
For each scenario, Xylo asks: which losses would this policy actually respond to, and which would fall through?
Anonymised policy types, limits, sub-limits, exclusions, waiting periods. No insurer names, no pricing, no personal data.
Catastrophic but plausible failure cascades: supplier compromise, cloud outage, ransomware propagation, SaaS dependency loss.
Total projected loss, insured proportion, uninsured gap — rendered in executive-grade visual outputs with full explainability.
A Tier-1 supplier's management system is compromised via phishing. Malware propagates through trusted API connections. No breach occurs inside the insured company's network.
| Loss Category | Estimated Range | Coverage Status | Reason |
|---|---|---|---|
| Lost Revenue | £1.2M – £2.0M | Excluded | No direct attack on insured systems; no physical damage trigger |
| Idle Labour | £250K – £400K | Excluded | BI cover requires physical damage; not triggered |
| Contractual Penalties | £150K – £300K | Excluded | Consequential loss; not covered under standard cyber |
| Incident Response | £80K – £150K | Partial | Some forensic costs may trigger; heavily sub-limited |
| Customer Churn | Significant | Excluded | Reputational damage universally excluded |
| Emergency Sourcing | Variable | Excluded | Mitigation costs; no policy mechanism to respond |
Six initial sectors identified by severity of dependency-driven exposure and inadequacy of existing insurance structures.
Supplier OT/SCADA compromise causing cascading service shutdown. Non-damage BI, regulatory penalties, public service obligations.
Key: Non-damage BI · Regulatory penaltiesSupplier ERP/MRP compromise breaking just-in-time supply chains. Idle labour, missed delivery penalties, restart costs.
Key: Idle labour · Delivery penaltiesUpstream cloud provider compromised causing multi-client service suspension. Revenue loss, client claims, termination rights.
Key: Revenue loss · Client claimsProgramme management platform compromised causing multi-subcontractor delays. Delay damages, cost overruns, client claims.
Key: Delay damages · Cost overrunsCleared supplier's system compromised triggering mandatory investigation shutdown. Contract termination, sovereign penalties.
Key: Contract termination · ComplianceSupplier order system compromised causing stock replenishment failure. Lost sales, margin erosion, brand damage.
Key: Lost sales · Brand damageXylo owns the delta between what insurance covers and what actually happens when dependencies fail.
Xylo is currently in development. Try the interactive exposure analysis demo or request early access.