We recently connected with Theresa Le Chief Claims Officer at Cowbell, which claims to be the leader in cyber insurance for small and medium-sized enterprises (SMEs).
Cowbell is the provider of cyber insurance for SMEs and the “pioneer” of Adaptive Cyber Insurance. Cowbell reportedly “delivers standalone cyber coverage tailored to the unique needs of each business.”
Their innovative approach ‘relies on AI for continuous risk assessment and continuous underwriting while delivering policyholders a closed-loop approach to risk management with risk prevention, risk mitigation, incident preparedness and response services.”
Our conversation with Theresa Le is shared below.
Crowdfund Insider: Why is cyber insurance critical in today’s threat landscape?
Theresa Le: Cyber insurance protects businesses from evolving risks related to security and privacy. Cyber risk exposures continue to grow as digitization accelerates and cyber insurance offers financial protection to withstand the impact of losses when organizations experience cyber incidents such as cybercrime.
Cyber insurance mitigates financial damages by covering expenses related to incident recovery, regulatory penalties, forensic investigations and reputational damage costs. Cyber coverage can also address the costs of business interruption and help cover financial losses and expenses related to fraudulent activities.
Organizations undergo an underwriting evaluation and obtain a policy wherein they are covered for a specific period. As cybercrime is volatile and ever changing, it is common to see that before that policy is up for renewal, threats have changed, and an organization’s risk exposure has changed with it, leaving policies ultimately disconnected from the risks that need to be covered.
Crowdfund Insider: What is adaptive insurance and why is it more effective to meet today’s cyber insurance needs?
Theresa Le: Cyber insurance policies are determined annually and only consider organizational risk at that moment. When the policy is up for renewal the threat landscape has changed, and the organization’s risk exposure has changed with it. Organizations have policies that are disconnected from the risks that need to be covered, leaving them to cover significant losses independently.
Adaptive cyber insurance meets the evolving complexity of the risk landscape by offering policies that remain aligned with the policyholder’s exposures and overall risk profile.
Rather than implementing an annual risk evaluation, adaptive cyber insurance policies are anchored in a continuous risk assessment process to continuously offer coverage in line with a business’s risk profile. The continuous, never static, risk assessment leaves little room for coverage gaps throughout a policy period.
Dynamic and continuous cyber insurance offerings have been found to encourage policyholders to implement more advanced cyber security measures, therefore significantly reducing the likelihood of cyber incidents.
Crowdfund Insider: How can we bridge the gap between cyber insurance and cybersecurity?
Theresa Le: Policyholders must improve cyber hygiene – that is, the practices performed to maintain the security of users, devices, networks and data. . This can be accomplished by implementing baseline cybersecurity protections like multifactor authentication, endpoint detection and response, data backup, and general security best practices.
Improving and upholding cyber hygiene also allows policyholders to avoid higher premiums and potentially disastrous financial losses or reputational damages, and adaptive cyber insurance helps provide a constant assessment of risk to drive better outcomes. Adaptive cyber insurance initiates better collaboration between cyber insurance and cybersecurity to deliver a positive outcome for all: insurance premium gets optimized, the organization continuously improves its risk profile, and the likelihood of a cyber incident is lowered.
Crowdfund Insider: What services should customers expect from cyber insurance providers?
Theresa Le: A cyber insurer should provide more than just coverage in case of a cyber incident. They should give customers the tools and the knowledge to prevent a cyber event in the first place—for instance, free training to a customer’s employees to improve practices and cyber hygiene. Businesses should seek out an insurer with strategic partnerships with cybersecurity vendors.
If a cyber incident does occur, customers need an insurer with an effective incident response plan – one that is prepared with actions to take moments after an incident to limit the damage to a customer’s business.
Crowdfund Insider: Why is cyber insurance important to SMEs?
Theresa Le: SMEs represent two-thirds of the U.S. private sector yet they’re currently the most underserved market when it comes to cyber insurance. They are also the most unprotected when it comes to data breaches and ransomware attacks. Recent research by Intuit QuickBooks found that 42% of SMEs say they’ve already experienced a cybersecurity breach, and more than one in five, around 23%, describe cyberattacks as one of the biggest threats to their business.
For SMEs, cyberattacks can be devastating to the company’s reputation, as well as its bottom line. As cyberattacks continue to increase at a significant rate, it’s not only essential for SMEs to implement cyber insurance, but also take advantage of all resources their cyber insurance provider offers – from cyber training to tools, services, and partnerships with cybersecurity vendors.
Crowdfund Insider: Please explain CISA’s new Cross-Sector Cybersecurity Performance Goals initiative and how Cowbell can help SMEs meet the goals outlined in this initiative.
Theresa Le: The Cybersecurity and Infrastructure Security Agency (CISA) recently released its new Cross-Sector Cybersecurity Performance Goals initiative. This initiative encompasses the many security requirements that cyber insurance providers need to select and price cyber risks accurately.
The IMF predicts that, due to legacy cyber insurance providers creating mispriced risk assessments, as little as one breached or disruptive service could have the same catastrophic effects as the 2008 financial crisis. Cyber insurers see that these goals are needed more than ever to avoid writing mispriced policies that discount huge risks.
Cowbell is the leader in providing cyber coverage for small and medium-sized enterprises (SMEs). The National Institute of Standards and Technology (NIST) cybersecurity framework is the foundation of Cowbell’s risk assessment framework. It uses an AI-based continuous cyber risk assessment to support precise, unbiased and continuous underwriting.
The AI-assisted, continuous underwriting enables insurance policies to evolve and align with the risk profile of the covered organization. While the process informs underwriting for cyber insurance, every finding is shared back with the organization applying for coverage so that they can benefit from any insight provided to mitigate any security weakness and improve their risk profile. Cowbell’s implementation of this dynamic cyber insurance policy ensures consistent and accurate coverage of a business’ risk profile and appropriately covers the financial burden of the numerous types of cyber incidents faced by businesses.
Cowbell’s AI-based approach to underwriting alleviates the systemic issues legacy insurance providers have created, namely mispriced risk. Cowbell’s technology better collects and shares data resulting in improved reporting of cyber risk to financial institutions. This relationship leads to quick action and helps avoid attacks that could lead to a systemic breakdown, overall championing CISA’s recent Cybersecurity Goals initiative.