The notion of risk transfer — handing risk off to a willing third party and paying a premium for it – is the primary tenet of the insurance industry. For a myriad of reasons, risk transfer in the cybersecurity insurance industry isn’t as cut and dried — or is it? In our latest blog, we break down CloudCover’s approach to risk transfer and why the approach is the solution to today’s challenging cyber insurance market.
In the first three blogs of our “Solution Differentiators” series, we’ve talked in-depth about the elements that are crucial for future cybersecurity success:
- A network detection and response platform focused on risk awareness and risk control,
- The ability of that platform to proactively learn about a company’s network, collecting data and uncovering patterns of IT events to understand a company’s risk, and
- Being able to use this data to enable the continuous, real-time update of actuarial models for risk transfer and cybersecurity insurance.
In this blog, we’ll unpack how CloudCover transfers risk — and what it means for the future of cybersecurity insurance.
CloudCover’s approach to risk transfer
Our process begins with our proprietary CC/B1 Platform™. At the same time CC/B1 is analyzing and stopping threats to your network, it’s also using machine learning to create algorithms — algorithms that are constantly maturing with every malicious transmission they encounter. These algorithms learn your risk — and the data they uncover creates dynamic, real-time actuarial baselines for risk transfer.
When CC/B1 detects an IT event, it’s able to generate a potential micro-insurance policy in real time — and incremental risk pricing for that premium happens dynamically, based on a company’s network and compliance risk posture. Because the CC/B1 knows your network’s risk in real time, the premiums for these policies are an accurate reflection of the risk being transferred in real time, and the policies insure your network and data at its real value to your company.
As risk is transferred, the CC/B1 is able to notify a company of the specific IT event, rather than the insured claiming an IT event’s compromise. Because we already know about the IT event, we’re able to auto-adjudicate any potential claim in fractions of a second.
What our approach means for the future of cybersecurity insurance
In traditional insurance, the most common way to transfer risk is through an insurance policy — the insurance carrier assumes the defined risks for the policyholder in exchange for an insurance premium and covers the cost of any damage the risk causes. In most insurance markets — auto, home and life, for example — insurers have many years of data to base these premiums on.
This kind of historical data isn’t available for cyber insurance. In addition, insurance companies really have no idea how good a company is at protecting its network security or infrastructure. As a result, it’s tough for insurers to know the risks, which in turn makes it tough to be proactive in setting the right-priced premiums, or applying effective cyber insurance coverage that isn’t full of exclusions.
Our process of risk transfer is a transformational leap toward true cybersecurity — or as we prefer, CyberSafety Insurance — as it’s based on actual risk, not “dartboard guess” risk. The AI/ML (automated intelligence/machine learning) — X-NDR (extended network detection and response) — SOAR technology (security, orchestration, automation, response) of the CC/B1 is providing your company its own unique risk underwritten score, including its very own actuarial table(s), and the continuous risk assessment and risk monitoring of your company’s network that ensures all responsible parties fully understand their threat landscape.
Cyber insurance and cyber security shouldn’t be two separate capabilities, or alternatives to one another — they should work fused in unison, together. And with our solution, they do.
Our secret cybersecurity insurance ingredient: immutable blockchain recording
We apply risk transfer through nano-insurance, where the data at risk can be underwritten at its dynamic real value at the packet level. To do this, we use a permissionless and permissioned blockchain to create a forensic record of the IT event’s insurance policy — a record that’s opened, adjudicated and closed in less than a second.
Blockchain recording is essential for cyber insurance as there’s the potential to have billions for micro-insurance policies, all lasting a tenth of a second. It’s important to have a forensic, unchangeable record of every one of those policies — opening and closing. We recognized early on how important blockchain could be for cyber insurance — and recently secured a patent for our cybersecurity insurance utilizing blockchain innovation.
In our next blog, we’ll bring our “Solution Differentiators” series to a close with a summary of everything we’ve covered and the outlook for the cybersecurity markets and cybersecurity insurance industry in 2022. In the meantime, learn more about our CyberSafety CC/B1 Platform by requesting a demo at cloudcover.cc/request-a-demo.