Cowbell Cyber Allies With Swiss Re on AWS Cyberinsurance

Cowbell Cyber this week allied with Swiss Re to provide cybersecurity insurance to organizations with up to $750 million in revenue that deploy applications on the Amazon Web Services (AWS) cloud.

The two companies have also integrated the risk assessment tools created by Cowbell and risk monitoring technology developed by Swiss Re.

Cowbell’s Cowbell Factors platform ranks the cybersecurity posture of organizations against a risk pool of 25 million U.S. businesses. The risk monitoring tools created by Swiss Re, meanwhile, pull security configuration data directly from AWS. The two companies also provide organizations with a credit toward a subscription to AWS Security Hub as part of the program.

Cowbell offers cyberinsurance via a network of 17,000 brokers across 3,000 agencies. A team of cyberinsurance claims experts from Cowbell handle all cybersecurity incidents via a 24/7 incident response hotline available to all policyholders.

Rajeev Gupta, chief product officer for Cowbell, said it’s become harder for organizations to take out a cybersecurity insurance policy because the cybersecurity requirements have grown and changed. Insurance carriers not only won’t grant policies to organizations that don’t have robust cybersecurity capabilities, Gupta noted, but they also are not renewing policies they have previously granted if they determine an organization’s cybersecurity policies are too lax.

Of course, just a few years ago, many organizations were opting to take out cybersecurity insurance policies in lieu of investing in cybersecurity. Now, cybersecurity professionals are finding that their organizations are finally willing to invest more in cybersecurity to qualify for cybersecurity insurance. The irony is that many cybersecurity professionals have been asking their organizations to make those investments for years, noted Gupta.

In effect, cyberinsurance is creating a virtuous cybersecurity circle that is driving more organizations to improve their overall cybersecurity posture, he added.

Of course, cloud security is especially problematic for many organizations. In general, cloud platforms are more secure than on-premises IT environments; however, the processes used to build and deploy cloud applications is often deeply flawed from a cybersecurity perspective. Developers routinely use open source tools like Terraform to provision cloud infrastructure as part of an effort to accelerate application development. Most of those developers have limited cybersecurity expertise so, inevitably, mistakes are made. The chronic shortage of cybersecurity expertise makes it all but impossible for most organizations to keep pace with the rate at which workloads are being deployed in the cloud.

The issue is that no matter how much time and effort is made to educate developers, there will always be a development team that fmakes a mistake. Cybercriminals are becoming more adept at finding ways to faster exploit those mistakes. Developers, meanwhile, often assume that cloud service providers are applying automation to secure workloads when, in fact, most of their efforts are on securing their infrastructure rather than the application workloads deployed on those platforms.

Cyberinsurance is not meant to be a substitute for implementing DevSecOps best practices to improve cybersecurity. However, it may go a long way toward encouraging more organizations to truly secure the workloads deployed in the cloud.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard