Cyber risk management is prevention, insurance is reaction.

The prevalence of cyber threats continues to escalate, underscoring the growing need for cyber insurance and for more robust prevention measures.

In this article we dive deep into the realm of cyber insurance, exploring its significance for not just enterprises but also families and individuals. At the heart of this evolving landscape lies the pivotal role of prevention technology—innovative solutions designed to fortify digital defenses and mitigate risks.

Join us on a journey through the current market offerings, gaining insights into how these technologies are reshaping cyber insurance for a safer and more resilient digital future.

What is Cyber Insurance? 

Digital growth comes with a price

Accelerated digitization has greatly increased data availability and connectivity worldwide. This comes with the risk of major failures and security breaches that can have serious consequences for businesses and individuals. Cyber threats are rising across all industries, with approximately 37% of organizations falling victim to ransomware attacks in 2021.

Cyber Insurance is designed to protect against the financial, regulatory, reputational, and operational impacts of cybercrime.

A rapidly growing market

Cyber Insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021. It is one of the fastest growing sectors in insurance, with carriers competing to offer new products and innovative services to policyholders.

Winning market share while limiting risk

There is a significant demand for Cyber Insurance in the market, but insurers are becoming more risk-averse. Cyber insurers are trying to differentiate by not only offering various types of coverage, but also actively helping policyholders prevent attacks.

Some insurers partner with external cyber security vendors, while others provide a bundled solution that combines cybersecurity software and real-time cyber risk monitoring alongside insurance coverage.

Coverage-needs for a shifting tech landscape

Keeping pace with evolving cyber threats and growing risk exposure is a tall task for insurance companies. As businesses change IT infrastructure, deploy new services, and onboard new resources - their risks rapidly change. Many insureds are placing faith in ineffective defenses too. According to a recent study, a third of the insured enterprises don’t anticipate an attack because they feel confident that their insurance will cover them.

Insurance companies can guide victims through the incident response process - limiting remediation costs - but there is growing opportunity in preventing attacks altogether.

Prevention in Cyber Insurance

Businesses need to think about their defenses if they want to secure coverage

As the cyber market hardens, it also becomes more difficult to secure coverage. 97% of organizations that have cyber policies have made changes to their cyber defense to improve their insurance position. As an example, the lack of multi-factor authentication or poor Identity and Access Management controls can easily result in rejection when applying for or renewing coverage.

Eligibility for Cyber Insurance can be a powerful incentive to strengthen cyber defenses and reduce risks. But what else can insurers do to prevent attacks?

Type of preventions cyber insurers can provide to reduce the policyholders’ risk and add value:

Let’s take a closer look at some key players in cyber insurance

1. Corvus

On a mission to better predict and mitigate cyber risk

Corvus Insurance, founded in Boston in 2017, uses digital tools and data-driven underwriting to reduce risk, increase transparency, and improve resilience for their policyholders. Corvus was created to fill a gap in the market by providing specialized, data-driven insurance policies for enterprises using machine learning and advanced analytics.

Corvus Scan

Providing Cyber Insurance to an organization begins by assessing their risks. Corvus Scan is a non-intrusive software that evaluates an organization's cyber security and assigns a security rating score based on historical data. If a company's cyber security is not sufficient, they may not be insurable due to their risk exposure.

If an organization does obtain insurance, Corvus Scan (as part of the Policyholder Dashboard) helps prevent cyber attacks and improve their risk profile with actionable insights.

How Corvus Scan works can be broken down to 3 main steps

1. discovery

Corvus Scan assesses a company's internet-facing infrastructure, identifying domains, email servers, software, and outside vendors.
During this process, important risk factors such as infrastructure size (surface area) and third-party risk exposure through software providers are also identified.

2. testing

After the extent of a company's internet-facing infrastructure has been identified, Corvus Scan assesses the technical aspects of their cyber security, including threat intelligence, hosting, DNS security, email security, online encryption, data loss history, software patching, and web encryption.
Corvus checks the company's third-party software against a database of known vulnerabilities and performs various tests to detect criminal activity and evaluate security settings.

3. recommendations and monitoring

The results of the scan are combined and weighted based on the client's specific circumstances to produce a numerical score called the Corvus Score, which indicates the company's level of cyber risk exposure.
They also provide mitigation suggestions for each vulnerability found throughout Discovery and Testing. Corvus continues to monitor for new risks and provides updated reports to the client through the Policyholder Dashboard on a regular basis.

Policyholder Dashboard

Corvus Scan results are accessible through the Policyholder Dashboard platform. Through the dashboard, policyholders can access IT security recommendations, scan reports, and risk management resources. It helps policyholders prevent and mitigate cyber risks, acting as the primary prevention experience for their customers.

The main elements of Corvus’ Policyholder Dashboard helping customers prevent attacks:

Scan Results 

The scan produces a Corvus Score, which is a comprehensive metric that weighs vulnerabilities and findings against known risk factors. Corvus also sends email alerts with recommended steps to remediate severe vulnerabilities as they are identified.

Action Center

Based on the results of the Corvus Scan and responses in the Security Questionnaire, Corvus provides prioritized cybersecurity recommendations to policyholders. These recommendations, which are updated monthly, are labeled based on their criticality and include explanations from Corvus' cyber security and privacy experts. The recommendations may include actions such as patching software or disabling accesses.

Security Questionnaire

To supplement the scan, Corvus is asking its insureds to fill out a questionnaire related to their business’ IT security. The questionnaire helps the organizations assess cyber processes and hygiene against well defined frameworks.

Vendor Marketplace

A variety of industry-leading cyber security partners that have been thoroughly vetted by Corvus. The marketplace provides brief descriptions of vendor tools and services and information on special discounts. Corvus organizes vendors into categories like cloud security, firewalls, and security trainings.

2. Elpha Secure

The first cyber coverage to actively reduce risk

Elpha Secure offers cybersecurity technology and insurance coverage for small and medium-sized enterprises. The tech is included in the policy, helping policyholders manage and mitigate risks from the start. Elpha monitors metadata for suspicious activity and addresses threats as they arise. If an issue is detected, it is sent to their support team for analysis.

Elpha Secure Software

Elpha's security software platform is a lightweight suite of features that protect against ransomware, social engineering, and other threats in real-time.

It provides continuous monitoring, alerts, backups, and multi-factor authentication, among other features.

Elpha's platform is designed to be user-friendly and self-service, but the insurer's 24/7 support team is also available to help policyholders remediate vulnerabilities highlighted by the software - creating an opportunity to deepen the partnership between policyholder and insurer.

Elpha offers 7 key features and services to help clients avoid cyber crime, which they refer to as a "cyber safe house.”

• Multi-factor Authentication (MFA) 
and Remote Access
• Data backups
• Virtual Private Network (VPN)
• Version and patching management
• Endpoint threat detection and response (EDR)
• Access to Security Operations Center (SOC) experts
• Antivirus alerts and insider threat detection

These are all included with customers’ premiums. According to Elpha, their solution is mainly targeted to small organizations, who might not have in-house cybersec or even an IT team.

3. Cowbell

Real-time recommendations to mitigate cyber risk

Cowbell was named the "Best Product in Cyber Insurance" in the 2022 Cyber Defense Magazine's (CDM) 10th Annual Global InfoSec Awards. According to Cowbell's 2022 Q3 report, the company has seen measurable improvement in the cyber risk ratings of their insureds, particularly for small firms with less than $25 million in revenue - which is significant as these firms have the least knowledge in cyber defense and basic enhancements (e.g. stronger password policies, multi-factor authentication, backups) can easily boost their risk ratings.

Cowbell’s preventative resources include:

• real time, continuous risk monitoring and insights
• access to Cowbell’s dedicated cyber risk engineering team
• cyber awareness training for the employees
• solid plan to remediate identified security weaknesses
• access to additional cybersecurity providers

Cowbell Factors

With Cowbell Factors, policyholders can compare their cyber risk against Cowbell’s large risk pool (20M+ accounts.) The software gathers and examines a vast amount of data and signals from various sources, including previous loss cases, industry-specific data, regulatory compliance, and, most importantly, the insured company's current level of cyber risk exposure.

Seeing your company's quantitative rating in real-time and how it compares to others can be a strong incentive to implement better cyber threat prevention measures.

Cowbell Insights

To improve cyber defense, customers must understand their organization's vulnerabilities and conduct a thorough assessment of weaknesses. Cowbell Insights provides policyholders with a detailed dashboard of real-time cyber risk exposure and actionable insights to remediate identified vulnerabilities. As the insured addresses a risk, it’s removed from the dashboard, and their Cowbell Factor and risk rating improve. Seeing security ratings and vulnerabilities in real-time can help prevent a cyber attack from occurring at the outset.

Cyber Insurance for individuals and families

As digital is increasingly integrated into our personal lives, it’s important to evaluate our daily online risks. To do this, it is necessary to learn about potential threats and practice good cyber hygiene. Even with advanced cyber security measures, it just isn’t possible to completely eliminate all risks. Personal Cyber Insurance provides an additional level of protection by helping customers prevent losses and transfer remaining risks.

Personal cyber is slowly gaining traction, but it is still a long way from adoption at scale.

It’s sometimes sold as a standalone policy, but more frequently it’s bundled with another product like homeowners.

Protection is a key value add for personal cyber – as carriers can provide risk reduction services to decrease the likelihood of ever making a claim. An overwhelming majority of personal Cyber Insurance customers are interested in these additional services, like 24/7 technical assistance, security alerts or identity theft monitoring according to a research.

Personal cyber insurance typically covers expenses for 4 main categories:

2 cyber insurance products tailored for families and individuals

1. DynaRisk

Protect individuals’ and families’ digital footprint

DynaRisk provides users with personalized security scores and easy steps to lower cyber security risks. DynaRisk serves personal and commercial customers and provides risk management tools and data to assist MGAs, MGUs, and (re)insurers. DynaRisk differentiates with a sophisticated solution for individuals and families, including the following components:

• Score: DynaRisk determines a person's cyber score by checking several factors including their device security (phones, personal IoT devices, WiFi routers etc.,) data breach exposure, and their level of cyber knowledge.
• Monitoring and alerts: DynaRisk constantly searches for stolen and exposed accounts and personal information on the dark web. If they discover customer's accounts in a breach, they immediately notify the customer and provide recommendations for next steps. DynaRisk also alerts their customers about new vulnerabilities that arise
• Improvement plan: DynaRisk provides a dashboard highlighting actionable steps on how to improve their score and enhance protection and safety against cyber crime.

DynaRisk helps to protect

2. Chubb

Everyday protection for a life lived online

Chubb’s Masterpiece Cyber policy has been in market since 2018 and has placed them as a leader in personal cyber. Chubb has maintained a long partnership with The Ackerman Group (security experts) – helping individuals up their game in protecting themselves against cyber attacks with an emphasis on comprehensive threat prevention and thorough security assessments.

Among other preventative measures Chubb:

• provides recommendations on anti-virus programs
• recommends cybersecurity processes
• evaluates home networks and firewalls
• provides in-depth audits and digital security assessments to find vulnerabilities and risk exposures
• consults on best practices for internet and social media use (for children as well)

In the event of an attack, Chubb covers cybercrime expenses and provides expertise to minimize damage. They also provide guidance to families with children on how to improve cyber hygiene and reduce the risk of children being victimized by cybercrime or cyberbullying.

Key takeaways

• The frequency and severity of cyber breachers is increasing for business and personal cyber.
  
  
• Unsurprisingly, adoption is higher for enterprises than individuals, though everyday people are becoming more aware of their exposure.
  
  
• Basic cyber hygiene can go a long way in de-risking customers.
  
  
• Enterprises and individuals can benefit from monitoring tools and mitigation services to make their businesses and homes safer. Insurers can get them there through partnerships or more holistic internal product development.