Corvus Insights Blog | Smart Cyber Insurance

Capturing the Right Data Signals in Cyber Risk Assessments

Written by Vincent Weaver | 10.28.22

This week, our team at Corvus was pleased to take part in a major announcement by SentinelOne of its WatchTower Vital Signs Report app in the Singularity Marketplace. For cyber underwriters like Corvus, this app provides a real-time “inside-out” view of an enterprise’s cybersecurity health for improved policy accessibility and reduced underwriting risk. This represents an exciting and needed development in our industry, as insurers contend with major shifts in the nature of organizations’ IT systems and the nature of the threats they’re exposed to, and in policyholder expectations. 

In my last blog, Help from our Friends: How Partnerships Will Drive the Future of Cyber Risk Management, I summarized the challenge that underwriters and brokers have traditionally faced in assessing a policyholder’s risk exposure based on user questionnaires. The disappearance of the “IT perimeter” as we know it has affected the way threat actors approach cybercrime, and it in turn explains why leading security practices have changed

Security best practices are no longer solely about protecting the boundaries around offices, data centers, and factories. They have evolved to focus on protecting critical data, user accounts (which access that data), and core business operations from attacks — which are now just as likely to come via third-party software as they are from exploits on one’s own systems. While automated and continuous external scans have greatly improved our risk insights and can provide a window into an attacker's view of an organization, scans don’t validate against prior or current cyber incidents or the effectiveness of internal security controls.

Capturing the Right Data Signals

At Corvus we know that there is a better way: one that reduces the amount of time that policyholders and brokers have to spend on new applications, and simultaneously provides greater validation of an organization’s internal risk posture. The key is capturing signals that are dynamically changing, then providing deep context into risk exposure. By connecting to signals coming from WatchTower Vital Signs Report, we are able to see risk signals from endpoints and cloud workloads for SentinelOne customers, as well as other signals including from unknown assets and identity exposures.

These efforts couldn’t be more timely. In August, BlackBerry Limited and Corvus released the BlackBerry Cyber Insurance Coverage study, which highlighted the importance of having sufficient cyber insurance coverage. Two-thirds of the respondents said they would reconsider a partner or buyer relationship due to poor cybersecurity practices or a breach, and 60 percent would be hesitant to enter a new agreement with any organization lacking cyber insurance. 

Little surprise there. The problem? Thirty-four percent of the respondents in the survey also stated that they had previously been denied cyber coverage, with one commonly cited reason: not meeting Endpoint Detection and Response (EDR) eligibility requirements. 

Historically, getting sufficient information about an organization’s EDR implementation is difficult to accomplish through direct conversations, let alone from an application questionnaire. From the insurer's perspective, there’s a huge difference in risk between an organization who might have some installed instances of EDR and an organization who has fully installed, configured, and actively monitored EDR. Knowing where on that spectrum an organization stands is critical; having access to validated risk signals like those from SentinelOne makes a major difference in how we perform accurate, timely, and frictionless risk assessments for applicants. Visibility into these risk signals will help Corvus build a complete picture of risk as we seek to provide coverage to as many organizations as possible.

New Data Streams and Improved Risk Modeling Capabilities

We’re excited to see how new streams of data can improve our risk modeling capabilities — but more important are the thousands of policyholders who trust us with their organization's livelihood. For most of them, pushing security practices beyond a well-established paradigm is easier said than done. Knowing that they need to make a change is not the same as knowing the “what” or the “how,” and there’s a real risk of wasting their time, effort, and resources without a thoughtful approach. 

Corvus is continuing our work building an active ecosystem of partners that will help identify and respond to cyber risks, share data in aggregate between our organizations, and help our policyholders mitigate or eliminate the impact of adverse events. 

 

This article and its contents are intended for general guidance and informational purposes only. This article is under no circumstances intended to be used or considered as specific insurance or information security advice.