With security risks coming left and right for companies across the world, a new industry has grown in recent years - cyber insurance. Basically, companies have their risks assessed and then they can get the right insurance for their needs, which would cover them in case of an attack. Who assesses these risks, however? Well, companies such as Cowbell Cyber.
Created earlier this year by an industry vet, Cowbell Cyber helps companies asses their risks and decide what kind of cyber insurance they need. In the process, they may even discover more about themselves. Jack Kudale is the founder and CEO of Cowbell Cyber and he agreed to have a chat with us about the cyber insurance industry, the security risks, and more. Read our interview below!
TechNadu: As the number of cyber threats grows and diversifies, more and more companies resort to cyber insurance. Cowbell Cyber can help these companies get the specific insurance they need. How exactly are you doing this? How can you assess the cybersecurity risks each company faces?
Jack Kudale: No two companies have the same approach to digitalization and technology adoption. The result is drastically different internet footprints, threats and risk exposures. Therefore, we assess companies across a set of risk-rating factors, or Cowbell Factor, to capture the complexity of their cyber environment.
We believe this is a more accurate approach than trying to deliver a single cyber risk score. Cowbell Factor is also what enables us to map the risk exposures to different types of insurance coverage at a granular level and offer tailored policies that address a company’s unique business needs. We can do this at scale, with accuracy and in near real-time using artificial intelligence and vast amounts of data.
TechNadu: What are some of the risks companies face in the first place? How do the threats vary from company to company and what exactly makes the difference here?
Jack Kudale: Risks vary by company size and industry sector, but also by the technology deployed. Companies can appear similar from the outside but have different internet footprints that expose them to completely different risks. A company that outsources most of its IT operations faces risks related to third parties. Its suppliers might practice better or worse security than its own. However, it might be better off than a company operating everything in-house with no resources dedicated to risk management. At the end of the day, everything matters. Cowbell Factor enables us to capture the complexity of a business’ risk exposure in our attempt to represent it with accuracy.
TechNadu: Are we seeing more companies getting cyber insurance nowadays? What is driving them to this decision?
Jack Kudale: Cyber insurance has been gaining momentum especially in the small and mid-size market which represents more than 90% of the new standalone policies according to a 2018 Advisen research. Small and mid-size businesses (SMBs) that have fewer resources on threat protection and prevention in the first place. They also have fewer resources to recover from a cyber incident. Cyber insurance can cover the recovery and liability costs and, in doing so, can also accelerate the process.
TechNadu: What are some of the biggest issues you discover when assessing these companies? What are the cracks in their shields?
Jack Kudale: The rapid shift towards cloud computing has resulted in risk exposures that we have all seen mentioned publicly in major breaches. Common ones include misconfigurations, insufficient protection and monitoring of privileged or admin accounts with broad access to systems, access rights not revoked in a timely fashion for former employees, absence of data backups, and more.
TechNadu: You've been in the business for a long time so you've seen a lot of cyber scandals. What are some of the steps you personally take to prevent getting your data stolen, or your devices and accounts hacked?
Jack Kudale: When you analyze major incidents of the past few years, many have and still are rooted in a couple of factors: stolen credentials, incident at a third party, or new software code moved rapidly from development to production with insufficient verification of access configuration. Easy to implement measures can prevent a great deal of incidents. For example, multifactor authentication (MFA) is the first line of defense that is easy to deploy and should be enforced on all systems.
TechNadu: How has the cyber landscape changed in the past few years? Are there more threats now than there were... 3 years ago? Are companies also more conscious that they need to invest in this field?
Jack Kudale: Awareness and investments in cyber have never been so high. Fortunately, or unfortunately, every incident that is made public is building a shared collective consciousness that every business, small or large, can be impacted by a cyber-attack. This is also shifting the discussion from threat to cyber risks and financial impacts on businesses. We start to see companies managing cyber risks like other business risks. This is certainly a contributing factor to the growth of the cyber insurance market.
TechNadu: The IoT industry is notoriously bad at securing devices. There have been numerous voices in the cybersecurity industry asking for the government to step in and adopt some ground rules for these companies to respect. What is your opinion on the matter? Is this something companies should settle on their own or do we need government interference?
Jack Kudale: Regulations have a lot to contribute to helping change behaviors, enabling consistency, and enforcing best practices around cyber across industry sectors. This is a process that can take time. Regardless, companies have a responsibility to protect their business and their customers. In doing so, they should be allowed to pass on their protection requirements to business partners and their supply chain.
What do you think about these cyber insurances? Would you get one if you had a business at risk of cyber-attacks? Drop us a note in the comments section below! Share the article with friends and family when you have the time and follow TechNadu on Facebook or Twitter for more tech news, guides, reviews, and interviews.Â