Open XDR provider Stellar Cyber is launching what it calls a Risk Shield Cyber Insurance program, initially partnering with Converge Insurance to enable MSSPs to resell cyber insurance to their end customers at a discount.
Here’s how it works. The program follows the playbook of providing the insurance company with transparency into the protections and controls put in place by the MSSP at customer sites. This gives the insurance company a clearer view of risk, enabling discounts for clients viewed as less at risk because of their existing cybersecurity protections.
Stellar Cyber’s partnership relies on something the company has just rolled out – a newly developed Coverage Analyzer that allows MSSPs to present a clear and comprehensive picture of clients’ security postures. The Coverage Analyzer uses the MITRE ATT&CK framework to evaluate the breadth and effectiveness of security controls in the client site.
For instance, by accessing data from installed security tools such as endpoint detection and response (EDR), multi-factor authentication (MFA) and firewalls, the Coverage Analyzer offers a report about the clients’ security posture to the insurance company.
Stellar Cyber, Converge's Automated Real Time Assessment
Stellar Cyber’s VP of Strategic Alliances Andrew Homer explained to MSSP Alert that the cybersecurity insurance discount is similar to the discount non-smokers would get on their health insurance.
“We can provide an automated real-time assessment against the MITRE ATT&CK framework to see what the client’s health posture is,” Andrew Homer told MSSP Alert. “So now, much like in the healthcare industry, insurance underwriters like our partner Converge Insurance is able to provided discounted insurance rates based on the visibility in the health posture, security posture within the organization.”
Following the healthcare analogy another step, Homer pointed out that someone who had had a heart attack (or a cybersecurity breach) might struggle to get insurance coverage at a reasonable rate. But by demonstrating their compliance with best practices via the Coverage Analyzer, they could prove their improved risk posture.
Homer said that Stellar Cyber is partnering with Converge Insurance first because they believe the company is a next-generation underwriter that is actually embracing the MITRE ATT&CK framework.
Extending the Open XDR Strategy to Cyber Insurance Providers
For the longer term, Homer said that Stellar Cyber plans to expand the program to other insurance providers in the spirit of its Open approach to XDR, enabling MSSPs and their clients to continue to work with insurers they may already have relationships with to get the benefits of proving their better risk posture via Stellar Cyber’s cybersecurity controls.
“We are extending our OpenXDR strategy to embrace other insurance providers as well,” he said.
Steve Garrison, Stellar Cyber’s SVP of Marketing, told MSSP Alert that not all insurance coverage will necessarily cover the vertical market that a particular MSSP specializes in, and by opening up the program to multiple insurance carriers Stellar Cyber will give MSSPs the flexibility they need to welcome their clients’ preferred carriers.
“The Stellar Cyber RiskShield program is a convergence of risk management and cybersecurity that will undoubtedly help small and medium-sized businesses better understand and obtain the protections they need,” said Dr. Mike Saylor, CEO and founder of MSSP Blackswan Cybersecurity in a prepared statement.
Stellar Cyber’s initial insurance partner Converge Insurance provides coverage for companies with up to $750 million in revenue. The collaboration with Stellar Cyber has produced an offering from the company called ConvergeConnect, designed to offer primary cyber coverage through partnerships with prequalified technology providers. Converge Insurance offers expert risk assessments and competitive insurance rates, reflecting the robust security measures implemented by the MSSPs.
Converge says that it further simplifies the cyber insurance process for MSSPs and their clients by providing access to wholesale brokers specializing in state and local regulatory compliance, ensuring a smooth and efficient path to obtaining cyber insurance.
"Data has never been more valuable or vulnerable," said Tom Kang, CEO of Converge. "Our mission is to ensure our partners have the right controls and insurance to mitigate cyber incidents and quickly return to normal operations."