For insurance

When third-party risk is the line of business.

Whether you're underwriting cyber risk, managing your own vendor stack, or both — third-party security is the product. The Agency's combined-signal model gives underwriting and operations the same continuous, evidence-backed view across thousands of vendors.

The numbers your team already knows.

Insurance organisations are doing third-party risk twice — once as a regulated business with a vendor stack, and once as the underwriter pricing other people's third-party risk. The same intelligence layer should serve both.

5M+
Companies REX continuously monitors
The data moat for cyber underwriting
1,000+
Vendors per major UK insurer
Industry estimate
24 hrs
DORA initial-notification window for major ICT incidents
DORA Article 19

REX, VANCE, ARIA — underwriting and ops, one signal.

Three of The Agency's leads serve the dual mandate: continuous outside-in intelligence for the underwriting desk, regulator-formatted reporting for ops and compliance, and the evidence layer that makes both possible.

REX avatar
REX
Outside-In Intelligence

The 5M+ company data moat — for both sides of the business. REX powers continuous monitoring of your own vendors and outside-in intelligence for cyber underwriting. Same data, same signal, same continuous loop.

What you get
  • 5M+ continuously monitored companies
  • Vendor concentration risk surfaced across the portfolio
  • Underwriting-grade outside-in scoring
VANCE avatar
VANCE
Regulatory Reporting

DORA, FCA, APRA — composed, not assembled. VANCE generates regulator-formatted reports from current evidence — Article 28 packs, FCA outsourcing reviews, APRA CPS 230 attestations — across the portfolio.

What you get
  • DORA Article 28 packs from live data
  • FCA outsourcing and APRA CPS 230 attestations
  • Tamper-evident audit trail per output
ARIA avatar
ARIA
Evidence & Document Intelligence

One evidence layer for vendor risk and claims. ARIA structures every piece of vendor evidence against the 157 Universal Controls — useful for vendor risk teams, useful for claims teams handling cyber incidents.

What you get
  • Documents structured against 157 Universal Controls
  • Contract clause extraction — including liability caps
  • SnapShot summaries on demand for risk and claims

Four shifts you'll feel across underwriting and ops.

Insurance is the only industry where The Agency's combined-signal model serves the underwriting desk and the operational risk team from the same data.

Underwriting backed by combined signal

ARIA's evidence reading + REX's external scanning — reconciled into one view. The "single source of truth" cyber underwriters have been promised, finally architected.

DORA / FCA / APRA from one source

One evidence layer, multiple regulator-formatted outputs. The same data feeds the underwriting desk and the operational resilience report.

Vendor concentration risk visible

The DORA-driven question your board will ask — answered in real time, not assembled at quarter end.

Continuous monitoring across portfolios

Your insured book and your own vendor book monitored the same way, on the same cadence, against the same data.

We replaced two analysts' worth of questionnaire chasing with The Agency in eight weeks. The risk team is finally doing risk work.

JM
CISO
FTSE 250 Insurance

See it on your vendors.

Book a 30-minute call and we'll have NOVA, ARIA and REX produce a complete posture report on one of your live vendors inside 24 hours.