Month: October 2022

Packaging and Logistics Firm Delivers a Stronger Risk Profile Right On Time

Posted on by Dirk Shaw

Broker Introduced SecondSight to Streamline and Improve Cyber Renewal Readiness  

SecondSight is designed to make it easier for organizations to prepare for cyber underwriting and improve their likelihood of obtaining favorable terms. 

Requiring minimal effort from the broker or the logistics Company, SecondSight quickly discovered and inventoried all digital assets, both on premise and in the cloud, and verified adherence to the top cyber risk controls required by major carriers. Through that process, SecondSight identified certain risk control gaps that could be strategically addressed ahead of renewals. And finally, SecondSight made it easy to collect and deliver the evidence underwriters need to have confidence in the risk story. 

 

The result? Better business continuity. And an unimpeachable renewal submission. 

With a clearer and more comprehensive view of its overall digital risk, the logistics firm’s IT team was able to target risk remediation efforts strategically. As efforts progressed, overall recoverability and insurability were measurably improved. At renewal time, the company and its broker will have everything they need to answer underwriting questions confidently and make a strong case for optimal cyber coverage. .

Nonprofit Bounces Back Better After Two Breaches In A Year

Posted on by Dirk Shaw

The nonprofit’s broker turned things around by steering towards SecondSight. 

SecondSight took the burden off the nonprofit’s leadership — as well as its broker.  After a complete digital asset inventory, including multiple SaaS implementations, SecondSight verified the risk controls that were in place and collected the necessary evidence. At the same time, SecondSight identified critical risk control gaps that could be remediated ahead of renewals. 

Finally understanding the scope of its digital risk, the nonprofit knew it needed more help. 

By translating technical terms into more meaningful financial language, SecondSight helped the nonprofit understand its digital environment for the first time. And with a clear outline of the critical risk control gaps, It was much easier for leadership to bring in an MSP to start repairing its insurability. 

The result? The broker and MSP can work on securing renewal, and the nonprofit can do what they do best. 

With its IT under control and the MSP taking all necessary steps to improve its risk profile, the nonprofit is in a much better position to maintain its cyber coverage and crucial funding. And when renewal time comes around, the MSP and organizational leadership can leverage SecondSight to answer all underwriting questions and provide valuable evidence of its breach recovery progress.

Specialty Manufacturer Rebuilds Insurability After A Serious Attack 

Posted on by Dirk Shaw

The firm’s MSP kicked off a powerful comeback with SecondSight   

SecondSight’s easy-to-use automated tools and workflows quickly inventoried all digital assets across multiple facilities and found the critical risk control gaps that led to the breach and could jeopardize insurability. These efforts also revealed total digital risk costs of at least $10M — and potentially as high as $28M. 

 

Understanding the cost of digital risk helped decisionmakers prioritize MSP efforts. 

With SecondSight, firm leadership could see and understand the full business impact of the missing risk controls for the first time. Working with its broker and MSP, the manufacturer created a strategic remediation plan to protect business continuity and improve the firm’s overall risk profile. 

 

The result? No more renewal dread. And a much more secure future. 

All existing risk controls were verified through SecondSight, with the appropriate evidence to satisfy underwriters. As new risk controls get added, SecondSight can verify and collect the evidence necessary to demonstrate those improvements. The manufacturer, its broker and the MSP can rest easy, knowing they’ve done everything possible to ensure business continuity and protect the firm’s cyber coverage and vital contracts.  

$500M Manufacturer discovers how to add cyber coverage without adding hassle

Posted on by Dirk Shaw

The firm’s P&C broker made the hassle disappear with SecondSight. 

SecondSight, a powerful data-driven solution, made it much easier to prepare for cyber underwriting and demonstrate that the manufacturer is, in fact, a good risk. 

With minimal effort from the manufacturer or the broker, SecondSight quickly inventoried all digital assets, verified adherence to the top risk controls required by major carriers, and collected the evidence to prove it. 

In the process, SecondSight identified a key risk control gap related to business continuity, which could also affect the firm’s insurability. 

 

Rapid risk control remediation led the firm to faster recovery — and an even stronger risk story. 

The Manufacturer moved quickly and effectively to address the risk control gap, improving its restorability to one day or less. 

 

The result? Relieved client, happy broker and a streamlined road to securing coverage.
After collecting evidence of the risk control now in place, the firm and its broker had everything needed to answer all underwriter questions in the application process and attach impeccable supplementals. All with no hassle, no confusion, and absolute confidence in their submission.

Real Digital Risk Series: 4 Key Takeaways From Our Phoenix Session

Posted on by Dirk Shaw

It’s time for a massive paradigm shift in cybersecurity. Cyber attacks are skyrocketing, both in incidence and in impact. The breakneck pace of digital transformation (driven by the pandemic) opened up multiple new risk frontiers. Meanwhile, many IT teams are saddled with what CPOMagazine.com calls a “complex patchwork of cybersecurity tools,” that are often poorly integrated or simply too niche for this new era. Then there’s the unprecedented state of the cyber insurance market, with carriers reeling from severe losses and coverage harder and more expensive than ever to secure. 

None of this is sustainable. That’s why we need a seismic shift in how businesses, brokers, carriers and their partners should think about, manage, hedge and insure digital risk. And that’s what the Real Digital Risk Series (RDRS) is all about. 

RDRS brings together executives, brokers, carriers and other business leaders to learn about and discuss ways to foster a more resilient, collaborative approach to digital risk and cybersecurity. The first event was held on October 12, 2022 at Insight Enterprises in Phoenix, Arizona and hosted by SecondSight Founder and CEO Reuben Vandeventer. 

If you weren’t able to join us, here are four important takeaways you can use to inform your 2023 cybersecurity and budget allocation planning. 

  1. Everybody in the organization has to be part of the digital risk conversation. 

Tim Crown, Co-Founder and Chairman of the Board at Insight Enterprises, set the table thusly: “the biggest change in cybersecurity is the fundamental awareness that every single individual in the organization, internally and externally, has to be involved in the conversation.” To put things more directly, Insight’s Vice President and Chief Information Security Officer (CISO) Jason Rader said, “I don’t want 100 people on my security team. I want 12,000 people on my security team.” 

  1. The modern CISO should be a strategic partner to the business, not just a guard dog. 

This point came directly from CISO Jason Rader — “A Chief Information Security Officer with a technical-only orientation isn’t going to be super effective anymore…The new CISO is a business enabler. I consider that a partnership now where the CISOs get to step out of the dark rooms and into the boardrooms.”

Developments on the SEC front are driving this shift. The new rules proposed in Q2 of 2022 require public-company Boards of Directors to have cybersecurity expertise in the mix, just as Sarbanes-Oxley pushed financial expertise at the board level. This is a good thing. In today’s digital business world, corporate boards can’t steer the ship effectively if they don’t have cybersecurity expertise at the table.

Insight Co-Founder and Chairman Tim Crown said “From a board perspective, this is the thing we’re trying to get our heads around: how much do we spend? (CISO) Jason’s laundry list of things we might want to have is unlimited… How far down that list do we go? I don’t know the answer to that. Ultimately, we’re looking at people like Jason to give us their expert opinion.” 

  1. Poor translation in the boardroom is a huge, overlooked cybersecurity threat.
    IT professionals tend to think in technical terms (threats, firewalls, code, etc.). C-suite execs, however, think financially — assets, liabilities and the bottom line.  

So when IT leaders try to make a case for cybersecurity initiatives in board-level capital allocation meetings, there’s a disconnect. Non-technical leaders usually can’t fully appreciate or budget appropriately for these efforts because IT is talking in a foreign language. The same thing goes for risk-control initiatives aimed at securing and maintaining cyber coverage. 

As SecondSight’s Reuben Vandeventer said, “It’s really challenging for an executive to manage real digital risk if they don’t understand or have the ability to see what that risk is in their business. Translating the threat is a major breakdown for cyber executives and insurance teams.” 

  1. The project of insurability is mission-critical and should be valued as such. 

One initiative that’s on the CISO’s radar, year after year, is the annual cyber insurance renewal. Organizations simply can’t afford to lose cyber coverage or go without. Demonstrating that the company is a good risk is vital to obtaining and renewing coverage at viable terms — and that requires actively managing digital risk year-round, especially maintaining the risk controls required by the major carriers. 

Gartner recently forecast that spending on information security and risk management will top $186.3 billion in 2023. Cyber hygiene will never qualify as a capital project (it falls into OPEX). Insurability, however, as a project can be capitalized, with designated resources all year round.   

Strategist and cybersecurity thoughtleader Robert Napoli, writing in Forbes, says that “…more companies are considering their information security posture to be a part of their overall business strategy, with associated payoffs and return on investment.” Napoli emphasizes the importance of ensuring capital allocation to “those cyber risks that have the most material financial, business, and operational impact.” 

Remediating gaps in cyber risk controls isn’t a last-minute proposition. Rolling out multi-factor authentication across all digital assets, for example, could take an entire year. James Reed, Vice President and Cyber Regional Leader at USI, said his organization encourages clients to prepare early and stay ahead of the renewal cycle. Once carriers spot an important risk control gap on a client’s application, “you’ve kind of muddied the waters already and you might not get a second bite at the apple.”  The opportunity to secure favorable terms may be gone — even if the client goes back and fixes the issue. 

Clearly, insurability has to be an ongoing project with board-level annual planning and a dedicated capital budget. That calls for senior-level project management and collaboration within the organization, with its broker partner, and with any other partners that touch the digital environment. 

Stay tuned for the next Real Digital Risk Series event, coming soon from SecondSight. In the meantime, if you’d like to join the discussion or find out more, contact info@secondsight.ai. We look forward to connecting with you!

SecondSight Raises Financing, Launches Insurance Industry’s First AI-Driven Platform for ‘Inside Out’ Underwriting

Posted on by Dirk Shaw

SecondSight Raises Financing, Launches Insurance Industry’s First AI-Driven Platform for ‘Inside Out’ Underwriting 

  • First AI-driven platform that brings telematics to digital risk
  • Enabling true digital risk to be discovered and quantified in ways not possible before
  • Enabling continuous digital risk intelligence and making being uninsurable for cyber a thing of the past

 

BLOOMINGTON, Ind., October 12, 2022 — SecondSight (www.secondsight.ai) today came out of stealth with the launch of the insurance industry’s first AI-driven platform for ‘inside-out’ underwriting and an oversubscribed $3 million seed round of financing led by Tim Crown (co-founder of Insight Enterprises) with participation from Indiana Ventures, Cook Ventures, and Flywheel Fund, among other investors. A more comprehensive solution for current market needs, SecondSight is the first AI-driven platform that brings telematics to digital risk. With a rapidly growing customer roster, SecondSight expects the new funding to accelerate market adoption and impact to the cyber insurance industry. 

In a world where ransomware attacks surpass $7.5 billion annually and new cyberattacks occur every 39 seconds, businesses today are constantly vulnerable to unseen threats. As the digital risk grows, so does complexity, making it harder to obtain cyber insurance to hedge against those risks, with a majority of businesses in North America either uninsured or underinsured against skyrocketing growth of ransomware attacks and other cyber threats. More than 80% of cyber insurance applications today are denied, standards for underwriting are becoming more stringent, and there’s an increased need to accurately measure the true digital risk and severity that lives within an organization. 

“The cyber insurance gap is growing and the underwriting process for cyber insurance is getting increasingly more technical and time-consuming as requirements for getting coverage increase in complexity,” said Reuben Vandeventer, CEO and founder of SecondSight. “SecondSight was created to help businesses make sense of their digital assets — and find the true digital risk and value in them. Before SecondSight, the marketplace has had a million different viewpoints on cybersecurity and digital risk. SecondSight recognizes that cybersecurity and true digital risk are really about assets and liabilities. Digital risk is only meaningful and actionable for business stakeholders when it’s connected to the bottom line. We founded SecondSight to offer a fundamentally different approach to underwriting that connects the entire digital risk ecosystem while offering a powerful autonomous system.”

With SecondSight’s platform for ‘inside-out’ underwriting, businesses and cyber insurance providers can for the first time see the true digital risk with complete clarity, enabling cyber insurance providers to be able to quantify risk severity based on the digital assets and liabilities of an organization. SecondSight’s platform autonomously discovers, classifies and analyzes an organization’s entire landscape of digital assets, the unique risk profile for each digital asset across thousands of different risk factors, and the real business costs that would be incurred if a digital asset was compromised. 

SecondSight goes both broader and deeper than external risk control audits to inventory and classify all digital assets, analyze thousands of facets of risk, and calculate dollarized impact. Within a matter of days, businesses can have a high-resolution view of its digital assets and liabilities — and an accurate picture of how much risk exists and exactly where it lives. What traditionally takes the industry weeks to compile takes SecondSight a matter of days — well above the industry average rate.

“At a time when cyber losses are growing at 50 percent per year but less than one percent of the global cyber losses are insured, SecondSight has built an industry-first solution that is poised to transform digital risk management and cyber insurance for the entire digital risk ecosystem in ways that have not been possible before,” added Vandeventer. “From businesses to cyber insurance providers, SecondSight enables a 360 degree picture of digital assets and unprecedented visibility into true digital risk.” 

About SecondSight

SecondSight is re-imagining how digital risk is discovered, quantified, hedged and insured with the industry’s first AI-driven platform for digital risk management and cyber underwriting that enables unprecedented, “always-on” views into the true digital risk that lives in a business. Helmed by a seasoned leadership team with deep experience in data science, insurance and asset management backgrounds from Allstate, Bridgewater Associates, Cloudera and Informatica, SecondSight has developed the insurance industry’s first AI-driven platform for “inside out” underwriting. SecondSight connects the entire digital risk ecosystem — creating shared understanding around True Digital Risk and a common ground for better collaboration between businesses, carriers, brokers, and the entire digital risk ecosystem.

 

Source: https://www.businesswire.com/news/home/20221012005483/en/SecondSight-Raises-Financing-Launches-Insurance-Industry%E2%80%99s-First-AI-Driven-Platform-for-%E2%80%98Inside-Out%E2%80%99-Underwriting

SecondSight enters cyber insurance market with AI-driven platform for ‘inside-out’ underwriting

Posted on by Dirk Shaw

The cyber insurance market is still in its infancy — and, many say, first-generation solutions are being constrained by tech debt and legacy thinking. 

While ransomware and other cyberattacks continue to rise in both frequency and cost, many organizations are underinsured or uninsured altogether against cyberthreats. Not for lack of trying; as underwriting evolves and becomes more complex, technical and time-consuming, many applications are simply denied. 

This all requires a whole new approach to risk assessment: Underwriters need mechanisms to measure the true digital risk that “lives within an organization,” said Reuben Vandeventer, CEO of Indiana-based startup SecondSight.

His company aims to provide this: The company today emerged from stealth with $3 million in seed funding, offering what it calls the industry’s first artificial intelligence (AI)-driven platform for “inside-out” underwriting.

“SecondSight recognizes that cybersecurity and true digital risk are really about assets and liabilities,” said Vandeventer. “Digital risk is only meaningful and actionable for business stakeholders when it’s connected to the bottom line.”

Cyber insurance = A hard market

According to a 2021 report from the National Association of Insurance Commissioners (NAIC), the cybersecurity insurance market — including both U.S. domiciled insurers and alien surplus lines insurers writing business in the U.S. — was worth roughly $4.1 billion in direct written premiums in 2020. This reflects a 29.1% jump from the prior year.

Meanwhile, insurers writing standalone cyber insurance products reported approximately $2.58 billion in direct written premiums. Those writing cybersecurity insurance as part of a package policy reported roughly $1.49 billion in direct written premiums.

And, the market is prime for even more growth: According to Markets and Markets, the cyber insurance market size will grow from an estimated $11.9 billion in 2022 to $29.2 billion by 2027, registering a compound annual growth rate (CAGR) of nearly 20%. 

The main drivers, according to the firm, are the “rapid surge” of cybersecurity incidents coupled with an increase in mandatory cybersecurity regulations and legislations. However, the firm points out, organizations are restrained by soaring cyber insurance costs.

“The private equity world is really saying that the cyber insurance market is likely a 10-year hard market,” said Vandeventer — meaning it will continue on a path of significant, year-over-year growth. 

‘Inside-out’ and ‘outside-in’ combined

The problem, he said, is that existing players in the risk-quantification category — BitSight, Prevalent, RedSeal and SecurityScorecard, for example — model risk from outside the firewall. 

With this “outside-in” approach, the primary concern is preventing access at the edge of the network, and it largely involves human-requested input about risk controls. 

But, “this stance no longer serves the nature of the market,” said Vandeventer, who previously founded OpenINSIGHTS and Data Clairvoyance Group, and served as chief data officer for Bridgewater Associates and CNO Financial Group. 

SecondSight performs what it calls “inside-out” methods, as well as “outside-in.” The company brings telematics to digital risk, taking human observation out of the process by enabling system-to-system communication for direct observation of risk behaviors in real time. It could be compared to Allstate’s Drivewise program, a telematics app that tracks driving habits. 

This shows an organization’s “true digital risk” so that cyber insurance providers can quantify risk severity based on an organization’s digital assets and liabilities, said Vandeventer. 

“If you’re outside the firewall, you have no mathematical ability to understand digital asset P&L,” he said. Thus, “inside-out and outside-in both need to be used.”

Autonomous protection

As he explained, the cyber insurance company’s platform doesn’t require a learning cycle; it autonomously discovers, classifies and analyzes an organization’s “entire landscape of digital assets,” the unique risk profile for each asset across thousands of risk factors, and the real business costs that would be incurred if a digital asset was compromised. 

AI modeling takes place right next to the data and metadata. More than 287 different models or algorithms — learning-based, deep learning, machine learning (ML) and others topological in nature — identify, classify and map digital assets in the ecosystem, he said. 

The platform is directly integrated with SaaS applications and deploys agents and collectors into PaaS, IaaS and on-premise legacy environments. This edge-compute auto-discovery is combined with ongoing auto-correlation of digital assets to the insured’s business model.

What traditionally takes other companies weeks to compile is completed by SecondSight in mere days — with as accurate as 92% accuracy rate, according to Vandeventer. 

“Carriers can correlate digital assets to profit and loss, cash flow and balance sheet metrics,” he said. 

He pointed out that, in U.S. markets, the average mean time of recovery after a ransomware attack is 28 days. “That’s 28 days that operations are down,” he said. The “double-whammy” is that organizations have 28 days of lost revenue, but 28 days of still paying salaries and other bills. 

Using SecondSight metrics, organizations can identify which digital assets are more correlated to production and operations, and focus on optimizing mean time and recovery of those specific assets, Vandeventer explained. They can then add such protections as air-gapped backup, extended detection and response (XDR), endpoint detection and response (EDR), multifactor authentication (MFA) and two-factor authentication. 

Cyber insurance market is in its infancy

While with Allstate, Vandeventer’s big observation was that cyber insurance and its current manifestation wasn’t behaving like a mature or real insurance product, he said. 

“The insurance industry wasn’t treating it like real insurance,” he said. 

This is because the insurance class was brought to market with a bare minimum of underwriting. Its market share grew quickly, allowing carriers to make significant profit. 

Now, it’s pure economics: With claims spiking post-pandemic, providers have been binding fewer policies while simultaneously taking action to re-engineer underwriting. 

SecondSight is purposely existing stealth as the industry redefines standards, he said. The company is supported by several carriers and MGAs (wholesale brokers) and will soon announce a partnership with the largest cyber insurance wholesale broker in North America. 

The seed round, which will be used to advance go-to-market efforts, was led by Tim Crown (cofounder of Insight Enterprises), with participation from Indiana Ventures, Cook Ventures and Flywheel Fund.

 

Source: https://venturebeat.com/security/secondsight-enters-cyber-insurance-market-with-ai-driven-platform-for-inside-out-underwriting/amp/

$3M seed round for Bloomington startup

Posted on by Dirk Shaw

BLOOMINGTON, Ind. – Bloomington-based startup SecondSight has secured a more than $3 million seed round of funding to advance the company’s AI platform to help businesses who get hit by ransomware attacks.

The company says the system helps businesses to better understand their digital assets and assess their risk and value when they file a claim with their insurance carrier.

“Digital risk is only meaningful and actionable for business stakeholders when it’s connected to the bottom line,” said Reuben Vandeventer, CEO and founder of SecondSight.

Vandeventer says the platform takes an ‘inside-out’ approach for underwriting and gives businesses a clearer picture of the assets. They say the technology allows cyber insurance providers to be able to quantify risk severity and calculate loss.

“SecondSight recognizes that cybersecurity and true digital risk are really about assets and liabilities,” said Vandeventer, adding there’s an increased need to accurately measure the true digital risk and severity that lives within an organization.

The company says ransomware attacks surpass $7.5 billion annually and businesses are constantly vulnerable to unseen threats. The company says as the digital risk grows, so does complexity, making it harder to obtain cyber insurance to hedge against those risks.

SecondSight says a majority of businesses in North America either uninsured or underinsured against skyrocketing growth of ransomware attacks and other cyber threats.

The company says the financing was led by Tim Crown, co-founder of Insight Enterprises (Nasdaq: NSIT), an Arizona-based global technology company. Other investors include Indiana Ventures, Cook Ventures, and Flywheel Fund.

The company currently has 20 employees and is looking to double employee levels over the next year hs for product management, UX design, engineering, and data science.

 

Source: https://www.insideindianabusiness.com/articles/3m-seed-round-for-bloomington-startup