I missed this when it came out, and thanks to listener Dustin for bringing it to me.
Sophos has partnered with Cowbell insurance – specifically sharing their security health information with Cowbell to facilitate optimal premium quotes and policies.
“Specifically with this partnership, Sophos endpoint customers will be able to ‘opt-in’ to share their endpoint security health status with Cowbell from the Sophos Central platform, using a new data connector. This easy-to-enable connection will streamline Cowbell’s risk assessment process, allowing assessors to efficiently evaluate Sophos customers’ defenses against the requirements needed for insurance policies,” said Raja Patel, senior vice president of products at Sophos.
Besides insurance, another sector looking at using cyber security data is the credit bureaus. In reporting in the Washington Post reveals that credit rating agencies are increasingly factoring in cybersecurity as part of their credit assessment criteria as they try to get a handle on the risks companies to face. That said, investment in cyber then offsets any degradation.
Why do we care?
Cyber linked to your credit score is going to be impactful. More so, however, is this approach of directly collecting data on the live configuration and then having your insurance pricing dependent on it. This is savvy – minimize your risk as the insurer by ensuring the controls are in place. This is well beyond the survey-style, or attestation style, of data collection. And it’s going to change the way services companies deliver security services.
Which is the point.
