E5 Considerations for Insurers

by | Aug 26, 2024 | Cyber Risk

As cyber insurers move upmarket, they are increasingly encountering prospects that either already have or are considering purchasing an enterprise software license like the Microsoft E5 license. This shift brings a mix of opportunities and challenges from a risk reduction perspective. Enterprise software licenses can provide extensive security functionality, but the implications of this for insurers are multifaceted. 

Matthieu Chan Tsin, Vice President of Cybersecurity at Cowbell noted, “A one-stop shop has pros and cons. If it gets hacked or breached, you’re in trouble. Pros are that it may help customers get favorable pricing to have so much security built in.”

Caroline Thompson, Chief Underwriting Officer added, “Cowbell’s underwriting process integrates data points from security tools and application questions. Therefore, a company using an enterprise license is likely to present more positive responses in their application, leading to more favorable comparisons with their peers. This results in lower premiums, better coverage, and higher policy limits.” 

Here’s what else insurers should consider –

The Benefits of an Enterprise License

Most enterprise software platforms can provide an array of security features including: advanced threat protection, cloudy app security, identity and information protection as well as endpoint detection and response.

Sam Sawires, Director of InfoSec and IT at Cowbell shared, “From my point of view, software like an E5 license gives users everything plus security, whereas in the past you’d have to buy and install those separately. Now, it’s all-inclusive.”

The Positive Side for Risk Reduction

By using an enterprise software license, a company benefits from a one-stop-shop solution that includes all the necessary tools to secure its cloud infrastructure and network. This is especially beneficial for companies that may lack the internal bandwidth or resources to manage these aspects independently.  Consequently, companies that actively use an enterprise software platform with security tools baked in benefit from improved insurance terms, reflecting the lower risk they present.

An overview of the services that are generally provided include: a comprehensive security suite, integrated solutions, cost efficiency, and regular updates and improvements.

The adoption of an enterprise software solution by a company can significantly lower its risk exposure and increase its cyber awareness, which are critical factors in obtaining better pricing, coverage, and higher limits from insurers. Cowbell, for instance, prides itself on making a tangible difference in the insurance landscape by factoring in the use of such security suites into their pricing models.

Challenges and Concerns

In terms of insurability, this adoption is highly favorable. That said, there are always considerations to think about when reviewing a new account.

  1. Over-Reliance on a Single Vendor: While the integration of security tools is advantageous, it also poses a risk of over-reliance on a single vendor. Should a vulnerability be discovered within the suite, it could potentially expose multiple facets of an organization’s operations.
  2. Complexity and Implementation: The breadth of features in a license can be overwhelming. Effective implementation and utilization of all the security tools require substantial expertise and resources. Misconfigurations or underutilization of features can leave gaps in security.
  3. False Sense of Security: Organizations might develop a false sense of security, assuming that the license alone is sufficient for their security needs. This complacency can be dangerous if it leads to neglecting other essential security practices, such as employee training and incident response planning.

Implications for Cyber Insurers

For cyber insurers, understanding the nuances is crucial in assessing the risk profile of potential clients and can significantly impact the underwriting process. 

Here are some key considerations:

  1. Risk Assessment: Insurers need to evaluate how well an organization is implementing and managing the security features of the license. Proper utilization can lead to significant risk reduction, while poor implementation can be a red flag.
  2. Policy Tailoring: Cyber insurance policies may need to be tailored to account for the specific protections that are offered. This might involve adjusting premiums or coverage terms based on the effectiveness of an organization’s use of the security features.
  3. Diversification of Security Measures: Insurers should encourage clients to adopt a diversified security strategy. This approach ensures a more resilient defense against a broader range of threats.

Cowbell’s approach involves not just a transfer of cyber risk in issuing a policy  but a promise to monitor and alert customers.  By tracking vulnerabilities, we end up aiding in the maintenance of a robust security posture.

Conclusion

For cyber insurers, the presence of an robust enterprise software license within a prospect’s IT infrastructure can be both a positive indicator of risk management and a potential challenge if not properly implemented. By understanding the capabilities and limitations of the license, insurers can more accurately assess risk, tailor policies, and promote best practices, ultimately contributing to a more secure and resilient cyber environment. Most importantly, insurers and brokers should always be trusted advisors, helping customers understand and make informed decisions about their vendor relationships as it relates to risk.

Related Posts

Cowbell Blog

Grow your cyber IQ with our insights into cyber insurance, cyber risk, and cyber security.

See How Cowbell Can Protect Your Business