Cowbell Adds Free Cybersecurity Services for Insurance Policy Holders
Cowbell this week added a free 24/7 managed security service for organizations that take out a cyberinsurance policy to help reduce the cost of a cybersecurity breach.
Manu Singh, vice president of risk engineering at Cowbell, said Cowbell 365 spans everything from working with policyholders to improve their overall cybersecurity posture management to responding to specific incidents. The goal is to both reduce the number of incidents and the scope of the damages that might later be claimed by the policyholder, he added.
The Cowbell 365 service is delivered by in-house cybersecurity professionals and also includes cybersecurity claims counsel and specialists along with a cybersecurity claims operations team dedicated to payments and claims processing. In addition, risk engineers monitor the threat landscape and proactively assist policyholders in adopting cybersecurity best practices.
Cowbell claims to have increased policyholders by 2.5x during 2022 and expects to double that number during 2023. It has also maintained a lower ratio of reported claims under 3% since inception, thanks to its underwriting discipline and risk engineering expertise, said Singh. In all ransomware claims reported to Cowbell, the company said a ransom payment is necessary less than 25% of the time. That’s because the majority of Cowbell policyholders have viable backups, effective business continuity and recovery plans and strategies to recover that have been thoroughly vetted, noted Singh.
It’s not clear how many organizations will avail themselves of a free set of included cybersecurity services as part of a cyberinsurance policy versus continuing to build out their own capabilities or rely on other service providers. It’s clear, though, that insurance carriers are looking to limit losses by helping organizations more proactively manage cybersecurity. In effect, cyberinsurance carriers now recognize they have as much at stake as their policyholders, so they are investing more in services that also serve to reduce the total cost of cybersecurity.
Cowbell offers cyberinsurance via a network of 17,000 brokers across 3,000 agencies. However, in recent months it’s become more challenging for organizations to take out a cybersecurity insurance policy because the requirements to qualify have expanded. Insurance carriers not only won’t grant policies to organizations that don’t have robust cybersecurity capabilities, they also won’t renew previously granted policies if they determine an organization’s cybersecurity policies are too lax.
This shift stands in sharp contrast to just a few years ago when many organizations were opting to take out cybersecurity insurance policies in lieu of investing in cybersecurity. In effect, cyberinsurance carriers are now trying to create a virtuous cybersecurity circle that is driving more organizations to improve their overall cybersecurity posture.
It’s not clear how cybersecurity professionals will react to these services not provided by an insurance carrier, but given the general shortage of cybersecurity expertise, these services should enable organizations to focus their security efforts on more challenging issues. Given the level of risk they face, most organizations are going to go without cyberinsurance, so taking advantage of additional cybersecurity services offered for free is a sensible option. The issue is determining exactly where the service provided by a carrier leaves off and the responsibility of an internal IT team begins.
