Security Experts:

Improving Security Posture to Lower Insurance Premiums

Cyber insurance is a new branch of an old industry. That industry has centuries of experience in insuring shipping and a hundred or more years of insuring motor cars -- but only a few decades of cyber knowledge. It has comparatively little knowledge of either cyber risk or the financial insurance risk – and nobody yet knows where this new journey will take it.

The one thing we do know is that there is a direct relationship between insurance cost (the premium paid by the customer) and insurance settlements (the amount paid out in insurance claims). Premiums must exceed claims for the industry to survive. If claims are low, premiums can be low; but if claims are high, premiums must also be high.

It follows that the more cyber-secure the customer is, the greater the likelihood of lower premiums. The problem is that insurance doesn’t yet understand cybersecurity. The danger is that as it begins to, it might impose specific security solutions on its customers to decrease the cybersecurity risk and thereby decrease its own financial risk.

So far, insurance shows little inclination to do this. It would probably be counterproductive, with potential customers accepting the insurance company’s proposal on how to improve their security posture, and then declining to pay the insurance premiums.

So, we are left with an impasse. Companies do not fully understand the cyber insurance industry, and the industry does not have a detailed understanding of how security can defend its pay-out claims.

Enter Cowbell Cyber. Cowbell is both a cybersecurity firm and an insurance firm. Its products continuously monitor its customers’ systems to find weaknesses that can be plugged so that insurance can be offered with greater confidence. In this sense, it bridges the current lack of knowledge between security and insurance.

[ READ: Plugging the Discrepancy Between Cyber Insurance Coverage and Actual Risk ]

But a problem still remains. Cowbell’s AI-based security monitoring might highlight a security issue, but the customer (particularly SMBs) might not know themselves how best to solve it. So, Cowbell has now launched Cowbell RX, a security marketplace that offers preferred access to a range of leading security services and product vendors. On the one hand the company helps its customers locate posture weaknesses, and on the other hand it helps to solve those weaknesses. As a result, the insurance industry can be more confident in offering cyber insurance at the lowest possible premium.

“Cybersecurity and cyber insurance must work in harmony to build an organization's cyber resilience,” explains Cowbell’s VP of market engagement, Isabelle Dumont. “We are working with 20 of cybersecurity’s biggest leaders to make this happen. Cowbell Rx is a key component of Cowbell’s closed-loop risk management initiative to continuously improve an organization’s risk profile. Together with our partners, we are bringing streamlined access to today’s top cybersecurity services and solutions straight to current and future policyholders.”

The strength of this new marketplace is that it simplifies matters for the SMB. The weakness is that only twenty security vendors are currently included in the product announcement. This is a very tiny fraction of the total number of security companies in existence. Making it into the marketplace may imply a recommendation that may not be fully deserved – or more seriously, may imply a criticism by exclusion of those not included.

[ RELATED: The Case for Cyber Insurance ]

There is no question over the quality of the security vendors already included in the Cowbell RX marketplace. “We're pleased to be part of Cowbell's new marketplace,” comments Eric Skinner, VP of market strategy at Trend Micro. “By bringing together Cowbell policyholders with cybersecurity experts like Trend Micro, we can all work together to ensure our mutual customers stay resilient in a world of constantly changing cyber threats.”

Trend Micro is a good option; but does its presence imply a recommendation over similar companies – such as Sophos, or Kaspersky, or Malwarebytes – that are not included within the marketplace?

In fairness to Cowbell, it does not make recommendations but merely facilitates introductions to security vendors that can improve its clients’ security posture for the purpose of getting better insurance. Nor does it inhibit entry into the marketplace by other legitimate vendors. At the time of writing this, just a few days after the announcement was initially drafted, the marketplace has grown from 20 to 24 participating vendors. Hopefully it will continue to grow.

So, the value of Cowbell RX is likely to increase over time. It does not impose any particular product solution on its customers, but is designed to help its SMB customers find a good solution – and frankly, many SMBs need as much help as they can get.

Cowbell Cyber, headquartered in Pleasanton, Calf, was founded in January 2019 by Jack Kudale (CEO), Prab Reddy, Rajeev Gupta (chief product officer), and Trent Cooksley. It emerged from stealth in September 2019, and raised $20 million in a Series A funding round led by Brewer Lane Ventures in March 2021.

Related: Cyber Insurance Market to Top $14 Billion by 2022: Report

Related: Plugging the Discrepancy Between Cyber Insurance Coverage and Actual Risk

Related: Cyber Insurance Firm At-Bay Raises $185 Million at $1.35 Billion Valuation

Related: The Case for Cyber Insurance

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.