CloudCover | December 27, 2021
The cybersecurity insurance market is in trouble, fueled by a rapid increase in cyber attacks – up 486% from the beginning of 2018 through the end of 2021, according to Aon. As a result, insurers have little choice but to raise rates and scrutinize policy terms and conditions, as there’s no historical data to set policies and premiums like traditional insurance products.
CloudCover, the company Reimagining CyberSecurity, is making strides to improve cyber safety by creating the first end-to-end cyber security technology and insurance platform. Today, the company announces the continued rollout of its suite of CloudCover insurance products with the launch of a new insurance offering: CloudCover Cyber Liability (CCCL) and Information Systems Business Interruption (ISBI) insurance. The release of the cybersecurity insurance coverage brings forward an entirely new market category: cybersecurity network and data insurance cover that utilizes the CC/B1 PlatformTM to obtain the data analytic set required to efficiently underwrite and set accurate premiums. CloudCover’s $1 Million Ransomware Warranty was launched in September 2021.
Through its CCCL insurance, CloudCover will issue a $1 million cover per occurrence and a $10 million aggregate policy. This insurance option covers:
First-party response costs, including any costs associated with the investigation and remediation of cybersecurity breaches, as well as payment for costs associated with notifying affected parties of the breach,
Third-party liability and regulatory costs, including any costs associated with the defense of lawsuits, regulatory fines, and penalties in addition to the costs associated with any judgements rendered from those activities, and
Cover for any ransom demanded by cyber criminals who have locked the insured company’s network or computer systems.
Similar to the CCCL coverage, CloudCover will also issue $1 million coverage per occurrence and a $10 million aggregate policy for its ISBI coverage. The insurance policy provides payment for lost revenue in the event that a Distributed Denial of Service (DDoS) attack disrupts or compromises the insured party’s network.
Both insurance covers are powered by CloudCover’s CC/B1 Platform, an advanced Intelligent Threat ManagementTM security solution. The CC/B1 relies on a patented AI/ML (automated intelligence/machine learning), X-NDR (extended network detection and response), SOAR (security, orchestration, automation and response) technology that empowers risk awareness, risk control, and risk transfer in near real time. The platform operates as a Firewall EverywhereTM, collecting data from all corners of an organization’s network, streamlining and utilizing machine learning to detect, analyze, and stop suspicious activity – all while using the collected network patterns with risk scoring and building actuarial models for incremental cybersecurity network insurance.
“This marriage of cybersecurity technology and cyber insurance represents the creation of a new market,No other security vendor is able to provide cybersecurity risk scoring, risk event mitigation and mediation, accurate identification and threat stopping, and cyber risk insurance underwriting and auto-adjudication for claims in one platform. Using cybersecurity technology to learn about a company’s network and utilizing that data to create more accurate premiums and better coverage gives our industry the opportunity to better control cybersecurity insurance losses in the future, as we’ll be able to detect threats and issue micro-policies in a fraction of a second.”
Stephen Cardot, founder and CEO of CloudCover
In the months ahead, CloudCover plans to debut the final product in its initial CyberSafety Insurance Coverage portfolio: Cybersecurity Network Data Insurance, which will be the first insurance policy to insure data in motion with both first- and third-party liability coverage. This insurance, which will launch in February 2022, makes it possible for organizations to insure and thereby value their intangible assets, i.e., data, just as they would other company assets – something that’s been long seen as impossible in the FASB/GAAP industry.
In order to purchase CloudCover’s insurance offerings, a company will need to have the CC/B1 Platform installed on its network in addition to completing CloudCover’s CyberSafety Registry.
CloudCover is an AI-driven, virtual machine-learning cybersecurity platform. CloudCover has reimagined cybersecurity as a risk-predictive CyberSafety Platform – delivering real-time extended network detection and response through a patented, math-based security orchestration automated response risk aware/control solution. The CloudCover SOAR capability accumulates data between an organization’s diverse security technologies and environments and streamlines them into holistic actions on potential risks. The CC/B1 Platform provides an ever-evolving, protective security layer to your existing cybersecurity tech stack – meaning network threats are detected in near zero-second speed with near zero-threat accuracy. With CloudCover, the elusive “single pane of orchestration” capability of an organization’s network security isn’t a myth – it’s reality.
Edgile | December 24, 2021
Wipro Limited, a leading global information technology, consulting and business process services company, today announced it has signed an agreement to acquire Austin, Texas headquartered Edgile, a transformational cybersecurity consulting provider that focuses on risk and compliance, information and cloud security, and digital identity.
Edgile is recognized by security and risk leaders for its unique business-aligned cybersecurity capability, deep understanding of the changing regulatory environment and enabling cloud transformations that help secure the modern enterprise. In addition, the company’s “strategy-first” approach and “Quick Start” solutions will allow the combined entity to deliver enhanced value in strategic cybersecurity services.
Together, Wipro and Edgile will develop Wipro CyberTransform™, an integrated suite that will help enterprises enhance boardroom governance of cybersecurity risk, invest in robust cyber strategies, and reap the value of practical security in action. In collaboration with an extensive roster of alliance partners from Wipro and Edgile, Wipro CyberTransform™ will enable organizations to accelerate their digital transformation and operate in virtual, digital supply chains all in a highly secure manner.
“Adding Edgile’s strategic consulting capabilities and launching Wipro CyberTransform™ are significant milestones on our journey to becoming the trusted partner to security leaders and boardroom stakeholders. I see the team blending very well with Wipro’s CyberSecurists to deliver transformational cybersecurity on a global scale.”
Tony Buffomante, Senior Vice President & Global Head – Cybersecurity & Risk Services, Wipro
Don Elledge, Chief Executive Officer, Edgile, said, “We are immensely thrilled to join Wipro, a company we admire for its values and deep technology capabilities. Our collective full spectrum of cybersecurity risk consulting and security management capabilities will help our global customers to continue to securely embrace their digital transformation journey and sustain their on-going risk management priorities.”
Earlier this year, Wipro strengthened its cybersecurity business by acquiring Ampion, a leading provider of cybersecurity services in Australia, and the cybersecurity practice at Capco, a leading consultancy in the BFSI sector in Europe and the US. Additionally, through its Wipro Ventures arm, the company continues to invest in innovative cybersecurity start-ups, demonstrating the firm’s strong commitment towards providing industry leading cybersecurity solutions across sectors and regions.
Abry Partners, a minority private equity investor in Edgile, will fully exit its investment in Edgile as a result of this transaction. Piper Sandler acted as financial advisor to Edgile and Stone Key Partners LLC acted as financial advisor to Wipro for the transaction.
About Wipro Limited
Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading global information technology, consulting and business process services company. We harness the power of cognitive computing, hyper-automation, robotics, cloud, analytics and emerging technologies to help our clients adapt to the digital world and make them successful. A company recognized globally for its comprehensive portfolio of services, strong commitment to sustainability and good corporate citizenship, we have over 220,000 dedicated employees serving clients across six continents. Together, we discover ideas and connect the dots to build a better and a bold new future.
Edgile is the trusted leader in cybersecurity transformation and risk services partnering with the world’s leading organizations, including 31% of the Fortune 100 and 20% of the Fortune 500. Our strategy-first model optimizes today’s enterprise journey to the cloud and modernizes identity and security programs through a risk lens and expert compliance knowledge. We secure the modern enterprise by transforming risk into opportunity with solutions that increase business agility and create a competitive advantage for our clients.
S2W | January 03, 2022
Data Intelligence company S2W announced that INTERPOL has recently signed a contribution agreement introducing S2W's cyber threat intelligence (CTI) solution "S2-XARVIS ENTERPRISE" to strengthen its ability to analyze new cyber threats such as dark web and ransomware.
S2W has been supporting INTERPOL to identify and prevent "third-world dark web crimes" as part of its "binding the gap among member countries for a safer world," and recently conducted international ransomware organization arrest operation such as Revil, Cl0p, and GandCrab.
"INTERPOL is strengthening the use of advanced information and communication technologies such as artificial intelligence and big data and expects that the introduction of S2W's cyber threat intelligence (CTI) solution – S2 XARVIS Enterprise will directly help to prevent nationwide cybercrime through real-time threat detection and dark web/deep web coverage,"
Robert Han, Head of Global Business of S2W
Sangduk Suh, CEO of S2W said "We are focusing on providing services to institutions and companies so that we can build a strong security environment using threat intelligence (TI) information, and through this, we will contribute to eradicating international cybercrime."
S2W is a Data Intelligence company, established in 2018, that extracts and provides actionable intelligences optimized for each client's needs from numerous data.
Specialized intelligence provided by S2W can cover multiple industries with its unique data collection and big data analysis for the Dark Web and Deep Web.
S2W solutions protect clients from various cyber threats and data leakage, such as personal information, financial information, confidential information within organizations through top-notch data collection and detection technologies.
HITRUST | December 18, 2021
HITRUST today announced it is addressing the need for a continuously-relevant cybersecurity assessment that aligns and incorporates best practices and leverages the latest threat intelligence to maintain applicability with information security risks and emerging cyber threats, such as ransomware. The design and selection of the controls for the HITRUST Implemented 1-year (i1) Assessment puts it in a new class of information security assessment that is threat-adaptive – designed to maintain relevance over time as threats evolve and new risks emerge, while retiring controls no longer deemed material.
Most existing assessment approaches are not designed to keep pace with current and emerging threats; those that do, rely heavily on broad control requirements that raise questions about suitability of control and consistency of review that ultimately impact reliability of results. In contrast, HITRUST identifies information security controls relevant to mitigating known risks and leverages cyber threat intelligence data to influence the selection – and where necessary, updating – of technically-focused HITRUST CSF requirements included in the HITRUST i1 Assessment. As a result, the HITRUST i1 Assessment includes controls selected to address emerging cyber threats active today.
“The HITRUST i1 Assessment is unique in both selection of controls and the design of its assurance program. Effort towards completion is comparable to other moderate assurance vehicles while delivering a higher level of reliability,”
Jeremy Huval, HITRUST Chief Innovation Officer
The HITRUST i1 Assessment is the first information security assessment of its kind with attributes not available through other assurance programs:
Designed to maintain relevant control requirements to mitigate existing and emerging threats and provide updates as new threats are identified (It is threat-adaptive, prescriptive, and focused on controls relevant to risk)
Designed to sunset controls that have lost relevance and have limited assurance value based on effort required to comply or assess
Its unique controls selection and assurance program design deliver a higher level of reliability than other moderate assurance options
The level of time and effort to complete is comparable to other moderate assurance options in the market
Offers a forward-looking, 1-year certification
As the HITRUST i1 was designed around relevant information security risks and emerging cyber threats, it is not surprising it provides coverage for numerous standards, such as NIST 800-171, GLBA Safeguards Rule, HIPAA Security Rule, and Health Industry Cybersecurity Practices (HICP).
HITRUST will evaluate security controls and review threat intelligence data no less than quarterly, and for each subsequent major and minor release of the HITRUST CSF, to ensure the HITRUST i1 Assessment requirement selection remains relevant over time. Guidance documents will also drive enhancements to the HITRUST CSF and HITRUST i1 Assessment control sets as needed. While the HITRUST i1 Assessment is intended to adapt and evolve to maintain relevance, it’s important to note that HITRUST i1 Assessment certified organizations will not be impacted by changes to the HITRUST i1 Assessment control requirements until their next HITRUST assessment cycle.
HITRUST is hosting a webinar at 11 a.m. CT on Thursday, February 3, 2022, to discuss the HITRUST Implemented 1-year (i1) Assessment in more detail. To register, and for more information, click here: Next Generation HITRUST Information Security Assessment Focuses on Continuous Cyber Relevance
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies.