— New Members Introduce Themselves
Quick recap. Shawn initiated the meeting, encouraging new members to introduce themselves and discussed the potential of a new website for learning and sharing. Brandon presented on the workings of the scan engine, his role in the underwriting process, and the process of handling claims within the business. The meeting also covered the company's approach to security, the claims process after an incident occurs, and the impact of cyber insurance on the likelihood of a breach.
Show 7 discussion topics
New Members Introduce Themselves
In the meeting, Shawn initiated the discussion, welcoming everyone and encouraging new attendees to introduce themselves. Alexis, a new member from Megaport, introduced herself and shared her background in Cisco and her interest in cloud security. Shawn emphasized the importance of networking and making connections within the group. Kimberly, another new member, introduced herself, sharing her experience in engineering and product management at Verizon and her recent role at Ericsson. Shawn concluded the introductions and hinted at a special presentation for the day.
Website Creation and Cyber Insurance
Shawn encouraged group members to share their expertise and resources for the new website he had created, emphasizing its potential as a platform for learning and sharing. He also asked for suggestions to improve the site's content. Brandon then presented on the exciting topic of cyber insurance, explaining its function as a risk transference tool for individuals and organizations unwilling to pay for cyber insurance claims out of pocket.
Exploring the Scan Engine's Functionality
Brandon discussed the workings of the scan engine, a tool used in the cyber insurance industry. He explained that the scan engine is cloud-based, built on a serverless architecture, and looks at domains, public IP addresses, SPF records, and SSL certificates. He also mentioned that the scan engine is split into different parts, including minions worldwide and honeypots for detecting major vulnerabilities. Brandon emphasized that the scan engine only touches external infrastructure and does not scan shared hosting providers unless there are egregious issues. He also clarified that contingencies, or stop signs, are part of the scan engine and can affect various tech stacks. Lastly, he mentioned that the scan engine also scans the entire internet, gathering data on common protocols and software banners.
Underwriting Process and Security Analysis
Brandon discussed his role in the underwriting process, which involves reviewing scan data results and issuing declinations or contingencies based on security issues. He noted that he is pre-bind, meaning he reviews policies before they are bound, and he has the authority to issue declinations for egregious security issues. He also mentioned that he is the only team member with mainframe experience, and he handles all mainframe calls. Brandon further explained the underwriting process, which involves sorting businesses based on revenue class and industry class, with certain industries like MSPs being rarely underwritten. He also mentioned that they are the only company willing to underwrite crypto-oriented businesses. Lastly, he differentiated between the pre-bind security analysis side and the post-bind security support center.
Security Practices and Underwriting Process
Shawn asked Brandon about the company's approach to security, specifically whether they look at security practices from an internal viewpoint or only from an attacker's perspective. Brandon explained that they do look at internal infrastructure during security calls, especially when there are questions about a declination or a scan engine. He also mentioned that they are starting to push towards getting policy holders on user behavior analytics. Paul then asked about the thoroughness of their underwriting process compared to a typical pen test, to which Brandon responded that they do look at CVEs and vulnerabilities, but it's not a super detailed pen test. Lastly, Paul asked about the claims process after an incident occurs, which Brandon said would be a long conversation.
Handling Claims and Breach Council
Brandon discussed the process of handling claims within the business. He explained that claims are handled by specific contacts, which are usually found in a document issued after binding a policy. These contacts include the Security Support Center for security alerts and the claims department for client issues. Brandon also mentioned the involvement of breach council and the possibility of using a predefined forensics provider. He emphasized that the size of the cyber carrier determines the size of the claims fund. He also hinted at the possibility of using external legal help for breach council.
Cyber Insurance Claims and Payouts
Brandon discussed the process of claims and payouts in cyber insurance, emphasizing that the timeline and payout amount depend on the complexity of the claim and the type of incident. He also mentioned that disputes often arise from misrepresentation of risk. Jason asked about exclusions in policies, to which Brandon explained that post-bind contingencies can be used to exclude certain risks, such as outdated software. Kimberly asked about the impact of cyber insurance on the likelihood of a breach, to which Brandon responded that having cyber insurance reduces the likelihood of a claim by 2 times on average. Carly asked about the consideration of reputational damage in payouts, to which Brandon explained that it depends on the type of claim and the severity of the breach. Lastly, Brandon shared his personal journey into cyber insurance, starting from a security operations center role and being drawn to the unique aspects of the field.