Corvus Insights Blog | Smart Cyber Insurance

Cybersecurity Risk Prevention & Recommendations From Corvus Insurance

Written by Corvus Team | 06.21.23

If you pay attention to the headlines in the cyber world long enough, you’ll notice a trend. Cyclically, cybercriminals and cyber threat actors flock to where the greatest financial gain is — ransomware, phishing attacks, funds transfers, data breaches — and organizations play security catch-up to these catastrophic cyber attacks. Most recently, the rise of ransomware was the fuel behind investments in stronger security controls, government intervention, and the increasing popularity of cyber insurance. 

For a while, the defensive line seems to hold. Ransomware infection rates actually fell last year. But before cybersecurity experts and organizations alike can celebrate their successes, these types of threat actors pivot. Malicious phishing emails rose by 569% in 2022, cybercriminals switched gears to data extortion to avoid attention from law enforcement, and, as of March 2023, ransomware was back in full force.

We don’t say all of this to suggest we should pack up and move off the grid. While the game is rigged (and not in our favor), it doesn’t mean we’re hopeless. To combat cyber risk and malicious intent, we all just need a good partner in cyber threat mitigation. 

The threat landscape is overwhelming. Corvus Risk Prevention Services helps cut through the noise.

 

According to ArcticWolf, 44% of organizations don’t have staff members assigned to security as their full-time or primary function. Without the additional budget for a dedicated cybersecurity team, the odds for cybercriminals get even better. 

With limited expertise on hand, businesses need prioritization so their resources go further. Instead of wasting time chasing trends, they can invest where it counts, and help reduce cyber risk. Advance notice of threats makes it possible to stay proactive in a sea of new vulnerabilities, and a human touch guarantees that organizations know when and how to respond to malicious activities. 

We discovered the above after three years of working hands-on with policyholders and testing the impact of a partner-based approach. In fact, policyholders that engage with our services are 20% less likely to experience a cyber incident. 

Actionable security advice in one easy-to-find place

From the very beginning of a policy, Risk Prevention Services makes one of the hardest parts of cybersecurity a whole lot easier: prioritization. 

After bearing witness to a non-stop current of changing threats (and solutions), decision paralysis sets in for even the most well-intentioned and experienced business leaders. We created the Risk Dashboard so that an organization's decisions about its risk mitigation strategy and efforts don’t need to be made in the dark. Instead, choices are empowered by a culmination of technology and expert guidance:

Security recommendations personalized for each organization

  • Our scan technology sees an organization’s environment the same way a threat actor would. To fill-in the blanks, we pair our scan findings with security questionnaires to paint the complete picture of an organization’s attack surface. We use that information to create prioritized security recommendations, ranked on criticality. Organizations receive clear guidance on which steps to take first to reduce their exposure.

Tailored guidance on security spend and vendor selection

  • When it comes time to select security vendors to implement our recommendations, organizations aren’t left hung out to dry. We recommend vendor partners that we trust — they are leaders in their fields, whether it be cloud-based security or EDR solutions — and some offer their services at a discounted rate through our Marketplace.

Human expertise fuels our risk prevention capabilities

While the Risk Dashboard helps businesses make informed decisions on their security journey, we understand putting it all into action is easier said than done. With a dedicated partner in cyber risk, you don’t need to become a cybersecurity expert overnight. We already are. 

Our cross-functional team of cybersecurity, threat intelligence, and breach response professionals are readily available to work with policyholders throughout the entire policy period to address new, established, and evolving threats alike. So when it comes time for renewal, the path to insurability is always clear.

 

 

To stare down innovative human adversaries, we need to go above and beyond the traditional approach to risk transfer and cyber attack mitigation. Old-fashioned insurance (you pay a premium, we reach out at renewal time) wasn’t made with dynamic cyber threats in mind.

As the rates of ransomware skyrocket, it is more clear than ever how important it is for both cyber insurers and the businesses they work with to act in tandem to protect their bottom line (and avoid the worst-case scenarios of data breaches, ransomware attacks, and inventive social engineering). 

With tailored threat alerts, organizations know when to act 

There were 25,080 vulnerabilities disclosed in 2022. Of those, 15% (3,920) received a critical rating from the The Common Vulnerability Scoring System (CVSS). When faced with thousands of vulnerabilities, knowing when and what to patch can be an impossible task for even the most well-equipped organizations.

We’re here to help narrow the scope. Policyholders hear from us when threats are likely to directly impact their organization — a time-sensitive nudge that says “we think this one is critical.”

With strict criteria of when and who to alert, Risk Prevention Services serves further as a partner in cybersecurity prioritization. Is this vulnerability likely to lead to serious damage or widespread harm, and have we determined that this specific policyholder is at risk? We know a businesses’ time is valuable; we only send alerts for 12% of all of the threats we research, and 82% of those are later exploited in the wild.  

Staying ahead of threat actors matters. Policyholders who receive Corvus Alerts patch their systems three times faster than organizations who don't receive a notification. On average, we provide a 15 day head-start for our policyholders to patch before widespread active exploitation begins. 

We wholeheartedly believe in the power of collaboration. To encourage policyholders to engage with our services (because we know it works!) we offer an endorsement for policyholders that complete all Security Questionnaire modules in the Risk Dashboard. They are eligible to reduce their claim retention by 25%. Find out more about Risk Prevention Services.

 

This article and its contents are intended for general guidance and informational purposes only. This article is under no circumstances intended to be used or considered as specific insurance or information security advice.