Two weeks ago, we launched an exciting new product: Our 8th Cowbell Factor™ for Software Supply Chain. Our Cowbell Factors are unique in the cyber insurance market. Cowbell Factors provide a relative rating of an organization’s risk profile against Cowbell’s risk pool, made of millions of accounts. Cowbell Factors anchor risk selection and cyber insurance underwriting with real-time, continuously updated risk exposure insights. During this week’s episode of The Cowbell Factors Podcast, our host Alexis Cierra Holt talked to Cowbell Cyber’s co-founder and CPO, Rajeev Gupta, about how the Cowbell Factors are calculated.
“Insurance is about risk transfer, so you need to first assess and understand what the risk is”, Rajeev explains, “cyber insurance risk cannot be assessed based on just revenue and industry. After all, cyber is the most complex insurance space out there.” He noticed this issue almost three years ago when brainstorming ideas with Cowbell’s CEO on how to advance the market with a new company.
“There is so much that can be done in this industry, especially coming from the cyber side”, he noted. Barely any of the data on the web was being utilized for underwriting. That is where the Cowbell Factors came into play.
Data quantification and APIs have always been the core of his work. He realized that a single rating number to assess such a complex concept as cyber risk would not be sufficient. It needed to be multivariate and real-time.
“Single risk-rating worked in the past because most lines of insurance only get influenced by a few factors. But with mono-line cyber, this simply doesn’t work.”
So, Rajeev and his team did not only create one Cowbell Factor – they created seven – each one of them assessing a different aspect of a company’s cyber presence. Based on a weighted algorithm, individual Cowbell Factors are combined to create the organization’s Company Aggregate Cowbell Factor. This weighted algorithm is also applied across the entire risk pool for that organization’s industry, to create an Industry Aggregate Cowbell Factor. This enables Cowbell Factors to be used as a benchmark of relative cyber risk of an organization as compared against their industry peers.
“We have close to 750 attributes we look at and rate in every organization. Of course, revenue, industry, and size is taken into account, but there is so much more data online. We use more than 100 of our own scanners to find exposures on the Internet, as well as partners to provide insights into, for example, dark web presence, past cyber-related lawsuits, or privacy rights data.”
This data is called outside-in data. Another important source for the Cowbell Factors is inside-out data. This data is generated through our Cowbell Connectors which assess how well an organization’s internal systems are set-up, how well data is encrypted, and ensure the presence of basic cyber security measures.
After the data is collected, AI comes into play. “The data comes from many different sources that don’t necessarily communicate with each other. The result is messy data. AI cleans and organizes it, and makes sense of it.” This is a big part of what Cowbell Cyber does. “We like to sell ourselves as an AI and data analytics company with the license to sell insurance.”
Now, after the data has been collected and organized, Cowbell Cyber and the policyholders can make use of it.
Businesses benefit from Cowbell Factors and Insights by better understanding their unique risk profile. This also helps with creating a plan on how to improve their risk.
“Through our Cowbell Insights, we can extract action items that policyholders should implement,” Rajeev explains. “It also eliminates clutter by helping to prioritize which security measures need to be implemented first to get the biggest effect.”
“We like to sell ourselves as an AI and data analytics company with the license to sell insurance.”
Cowbell Cyber also gains value from the Cowbell Factors. “We use them to decline the worst risks, but also extend services to those companies – they get full access to the Cowbell Cyber platform and can use it to improve their risks. Like that, we can insure them after they are more secure.”
Rajeev is aware that cyber risk is new and scary for most businesses. “Even though it can be daunting to look at what is happening in cybercrime, it’s not that hard to protect yourself. You just need to be more secure than your peers to stay relatively safe. Implementing the most important measures like strong passwords, MFA, and cybersecurity awareness training (which Cowbell offers to every policyholder), can make a company significantly more secure.
“The Cowbell Factors create a win-win-win situation. Policyholders gain unique visibility into their risk postures. Agents and brokers can have a more transparent conversation with their clients. And we gain insights on who to insure and how to improve our book of business.”
If you want to know more about what Rajeev discussed during the podcast, including a potential ninth Cowbell Factor and general advice for anyone trying to make a difference, you can listen to it on most Podcast platforms (Spotify, Google podcast, Apple podcast, Anchor, Breaker, and Radio Public).