Cyber insurer launches InsurSec solution to help SMBs improve security, risk management

Cyber insurance provider At-Bay has announced the launch of a new InsurSec solution to help small-to-mid sized businesses (SMBs) improve their security and risk management postures through their insurance policy. The firm describes the At-Bay Stance platform as a “world’s first” that aims to addresses major security technology and skills access gaps by centralizing and prioritizing risks, along with providing expert support to mitigate threats – managed in conjunction with cyber insurance coverage.

The emergence of InsurSec technology reflects a cyber insurance landscape that has seen significant change recently. As the frequency and severity of ransomware, phishing, and denial of service attacks have increased, demand for and conditions relating to coverage have evolved. Policies are becoming more diverse, complex, expensive, and harder to qualify for, presenting CISOs and their organizations with new challenges and considerations for optimal cyber insurance investment.

At-Bay defines an InsurSec solution as an end-to-end approach to protecting businesses from cyberthreats by bringing insurance and security together. It provides security services including threat prevention, detection, recovery/response, and risk intelligence – delivered by the insurer in conjunction with coverage.

At-Bay Stance integrates security controls, attack prevention, incident response

Traditionally, At-Bay has used proprietary security scans and active risk monitoring to assess organizations’ cyber risk postures. However, simply scanning a company’s external attack surface is no longer enough to tackle today’ s complex threat landscape, the firm said. At-Bay Stance, therefore, features several elements that combine to provide more holistic and effective risk management to users, At-Bay added. These are:

• At-Bay Stance Exposure Manager is a purpose-built software platform that centralizes threat and vulnerability data by integrating existing security controls from inside a company with At-Bay’s external scans.
• At-Bay Stance Managed Security offers in-house experts who provide intelligence-powered recommendations to businesses on what to do to stop attacks before they happen. This team will help businesses with remediation, in addition to proactively sharing security recommendations and insights.
• At-Bay Response and Recovery provides in-house incident responders who can be immediately deployed to understand the root cause of incident, evaluate the impact, and develop the appropriate plan to get customers operational as soon as possible.
• At-Bay Security Partner Network provides discounts on top-performing third-party security products and solutions.

At-Bay Stance will be available to At-Bay customers purchasing a new Cyber E&S policy from May 1 or renewing policies as of August 1. At-Bay will be showing the product at this year’s RSA Conference, booth ESE-19.

InsurSec solutions have significant potential value, trust is key to success

InsurSec solutions are new, emerging offerings, but the concept behind them and its potential to add value to involved parties is something being recognized more widely, particularly for SMBs and organizations struggling with an adverse blend of low maturity and cost constraints.

“I think the insurance market is recognizing that their future offering in this space has to grow beyond simple loss protection,” Paul Watts, distinguished analyst at the Information Security Forum, tells CSO. “Providing complementary services to help organizations with proactive and reactive management of cyber risk could also help foster stronger relationships between insurer and client.”

Both parties stand to benefit here – by engaging in this way, risk is better (and jointly) managed, Watts says. Insurers are mitigating losses, and clients are drawing down on capabilities that were previously too expensive for consideration and could see lower premiums as a result. From an insurer’s perspective, they stand to gain access to a whole lot of additional data that will help them to hone their products, offering increased value to clients whilst managing their loss opportunities in a more optimal way, Watts adds.

“That requires some real trust to be in place – clients will be hesitant to allow insurers to get that level of intimacy with their security operations. It’s early days, but I think the foundations of mutual trust and transparency are starting to appear to enable this.”