At-Bay Stance aims to address security gaps by centralizing and prioritizing risks, providing support to mitigate and respond to threats in conjunction with cyber insurance coverage. Credit: Photon Photo/Shutterstock Cyber insurance provider At-Bay has announced the launch of a new InsurSec solution to help small-to-mid sized businesses (SMBs) improve their security and risk management postures through their insurance policy. The firm describes the At-Bay Stance platform as a “world’s first” that aims to addresses major security technology and skills access gaps by centralizing and prioritizing risks, along with providing expert support to mitigate threats – managed in conjunction with cyber insurance coverage.The emergence of InsurSec technology reflects a cyber insurance landscape that has seen significant change recently. As the frequency and severity of ransomware, phishing, and denial of service attacks have increased, demand for and conditions relating to coverage have evolved. Policies are becoming more diverse, complex, expensive, and harder to qualify for, presenting CISOs and their organizations with new challenges and considerations for optimal cyber insurance investment.At-Bay defines an InsurSec solution as an end-to-end approach to protecting businesses from cyberthreats by bringing insurance and security together. It provides security services including threat prevention, detection, recovery/response, and risk intelligence – delivered by the insurer in conjunction with coverage.At-Bay Stance integrates security controls, attack prevention, incident responseTraditionally, At-Bay has used proprietary security scans and active risk monitoring to assess organizations’ cyber risk postures. However, simply scanning a company’s external attack surface is no longer enough to tackle today’ s complex threat landscape, the firm said. At-Bay Stance, therefore, features several elements that combine to provide more holistic and effective risk management to users, At-Bay added. These are: At-Bay Stance Exposure Manager is a purpose-built software platform that centralizes threat and vulnerability data by integrating existing security controls from inside a company with At-Bay’s external scans.At-Bay Stance Managed Security offers in-house experts who provide intelligence-powered recommendations to businesses on what to do to stop attacks before they happen. This team will help businesses with remediation, in addition to proactively sharing security recommendations and insights.At-Bay Response and Recovery provides in-house incident responders who can be immediately deployed to understand the root cause of incident, evaluate the impact, and develop the appropriate plan to get customers operational as soon as possible.At-Bay Security Partner Network provides discounts on top-performing third-party security products and solutions.At-Bay Stance will be available to At-Bay customers purchasing a new Cyber E&S policy from May 1 or renewing policies as of August 1. At-Bay will be showing the product at this year’s RSA Conference, booth ESE-19.InsurSec solutions have significant potential value, trust is key to successInsurSec solutions are new, emerging offerings, but the concept behind them and its potential to add value to involved parties is something being recognized more widely, particularly for SMBs and organizations struggling with an adverse blend of low maturity and cost constraints. “I think the insurance market is recognizing that their future offering in this space has to grow beyond simple loss protection,” Paul Watts, distinguished analyst at the Information Security Forum, tells CSO. “Providing complementary services to help organizations with proactive and reactive management of cyber risk could also help foster stronger relationships between insurer and client.”Both parties stand to benefit here – by engaging in this way, risk is better (and jointly) managed, Watts says. Insurers are mitigating losses, and clients are drawing down on capabilities that were previously too expensive for consideration and could see lower premiums as a result. From an insurer’s perspective, they stand to gain access to a whole lot of additional data that will help them to hone their products, offering increased value to clients whilst managing their loss opportunities in a more optimal way, Watts adds.“That requires some real trust to be in place – clients will be hesitant to allow insurers to get that level of intimacy with their security operations. It’s early days, but I think the foundations of mutual trust and transparency are starting to appear to enable this.” Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe