At-Bay Stance aims to address security gaps by centralizing and prioritizing risks, providing support to mitigate and respond to threats in conjunction with cyber insurance coverage. Credit: Photon Photo/Shutterstock Cyber insurance provider At-Bay has announced the launch of a new InsurSec solution to help small-to-mid sized businesses (SMBs) improve their security and risk management postures through their insurance policy. The firm describes the At-Bay Stance platform as a “world’s first” that aims to addresses major security technology and skills access gaps by centralizing and prioritizing risks, along with providing expert support to mitigate threats – managed in conjunction with cyber insurance coverage.The emergence of InsurSec technology reflects a cyber insurance landscape that has seen significant change recently. As the frequency and severity of ransomware, phishing, and denial of service attacks have increased, demand for and conditions relating to coverage have evolved. Policies are becoming more diverse, complex, expensive, and harder to qualify for, presenting CISOs and their organizations with new challenges and considerations for optimal cyber insurance investment.At-Bay defines an InsurSec solution as an end-to-end approach to protecting businesses from cyberthreats by bringing insurance and security together. It provides security services including threat prevention, detection, recovery/response, and risk intelligence – delivered by the insurer in conjunction with coverage. At-Bay Stance integrates security controls, attack prevention, incident responseTraditionally, At-Bay has used proprietary security scans and active risk monitoring to assess organizations’ cyber risk postures. However, simply scanning a company’s external attack surface is no longer enough to tackle today’ s complex threat landscape, the firm said. At-Bay Stance, therefore, features several elements that combine to provide more holistic and effective risk management to users, At-Bay added. These are: At-Bay Stance Exposure Manager is a purpose-built software platform that centralizes threat and vulnerability data by integrating existing security controls from inside a company with At-Bay’s external scans.At-Bay Stance Managed Security offers in-house experts who provide intelligence-powered recommendations to businesses on what to do to stop attacks before they happen. This team will help businesses with remediation, in addition to proactively sharing security recommendations and insights.At-Bay Response and Recovery provides in-house incident responders who can be immediately deployed to understand the root cause of incident, evaluate the impact, and develop the appropriate plan to get customers operational as soon as possible.At-Bay Security Partner Network provides discounts on top-performing third-party security products and solutions.At-Bay Stance will be available to At-Bay customers purchasing a new Cyber E&S policy from May 1 or renewing policies as of August 1. At-Bay will be showing the product at this year’s RSA Conference, booth ESE-19.InsurSec solutions have significant potential value, trust is key to successInsurSec solutions are new, emerging offerings, but the concept behind them and its potential to add value to involved parties is something being recognized more widely, particularly for SMBs and organizations struggling with an adverse blend of low maturity and cost constraints. “I think the insurance market is recognizing that their future offering in this space has to grow beyond simple loss protection,” Paul Watts, distinguished analyst at the Information Security Forum, tells CSO. “Providing complementary services to help organizations with proactive and reactive management of cyber risk could also help foster stronger relationships between insurer and client.”Both parties stand to benefit here – by engaging in this way, risk is better (and jointly) managed, Watts says. Insurers are mitigating losses, and clients are drawing down on capabilities that were previously too expensive for consideration and could see lower premiums as a result. From an insurer’s perspective, they stand to gain access to a whole lot of additional data that will help them to hone their products, offering increased value to clients whilst managing their loss opportunities in a more optimal way, Watts adds.“That requires some real trust to be in place – clients will be hesitant to allow insurers to get that level of intimacy with their security operations. It’s early days, but I think the foundations of mutual trust and transparency are starting to appear to enable this.” Related content news NIST publishes new guides on AI risk for developers and CISOs Companion publications to NIST’s AI Risk Management Framework explore a long worry list in more detail and are likely to become essential reading for security professionals. By John Dunn May 01, 2024 4 mins Regulation Government Security Practices news analysis 5 key takeways from Verizon's 2024 Data Breach Investigations Report The rapid of exploitation of zero-day vulnerabilities, such as MOVEit, and the effectiveness of ransomware attacks are two of the major findings from last year’s breach data. By Rosalyn Page May 01, 2024 5 mins Data Breach Zero-day vulnerability Data and Information Security feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff May 01, 2024 15 mins Technology Industry IT Skills Events feature 3 Windows vulnerabilities that may not be worth patching Some vulnerabilities eat up a security team’s time and resources yet provide little or nothing in the way of true protection. Some may even introduce more risk to a network. By Susan Bradley May 01, 2024 7 mins Windows Security Patch Management Software Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe