Enterprises wrestle with cybersecurity challenges on a daily basis – emerging cyber threats, the implementation of nascent technologies, or software vulnerabilities. The surge in digitization, artificial intelligence, and the proliferation of interconnected systems, coupled with remote work, has expanded the attack surface for malicious actors. While rapid technological innovation brings numerous advantages, it also elevates the risk of exploitation, irrespective of size or sector. This further compounds the persistent challenges associated with risk quantification and underwriting cyber insurance.
Cowbell Factors: A novel approach
In 2019, Cowbell emerged as a groundbreaking cyber insurance provider, introducing its unique “Cowbell Factors” — a proprietary multivariate risk rating system to the market. This relative risk rating method explicitly built for cyber insurance positioned Cowbell at the forefront of modern, data-driven underwriting for cyber risk in the small and medium-sized enterprise (SME) market.
Cowbell Factors compare an organization’s cyber risk profile against its industry peers within the Cowbell Risk Pool of 38 million U.S. and U.K. small and medium-sized enterprises. This benchmarking enhances our understanding of an organization’s risk landscape and insurability.
Cowbell Factors recognize that the complexity of cyber risk transcends the scope of cybersecurity alone. For example, two organizations boasting identical security scores and revenue – one might assume their risk levels are comparable, the multidimensional nature of cyber risk requires a more comprehensive approach. The Cowbell Factors represent risk ratings that surpass cybersecurity scores, encompassing contextual intricacies of business operations, network complexity, regulatory aspects, geopolitical factors, industry dynamics, threat intelligence, historical claims, dark web presence and more. Presenting a more personalized and accurate risk profile.
Breaking Boundaries: Rethinking Cyber Risk
Traditional actuarial science relies on mathematical and statistical methods to analyze historical data and predict frequency and severity of future events. However, predicting future events without historical data poses a challenge, which is the case with cyber insurance.
Leveraging domain expertise, qualitative insights from experts, proxy data, feature engineering, and scenario modeling, we approach this problem with creativity, adapting as more information becomes available. AI, with its ability to handle complex patterns and large datasets, helps us in making predictions even in data-scarce scenarios. To evaluate the cyber risk of an enterprise, we are able to draw insights from its industry peers—companies of comparable size and operating in the same sector. By applying AI and data imputation models, we leverage the data network effect, maximizing the collective knowledge to enhance our risk assessment capabilities.
The foundational premise of this approach is that companies of comparable sizes within the same industry often adopt similar systems and processes. Even the human element, known to be the weakest link in the security chain, tends to migrate within the same industry. Over time, every industry organically develops its unique security posture, within its size category. This is how we construct a relative benchmarking model to calculate the cyber risk ratings of small or medium-sized organizations.
Cowbell Factor Updates: Improving our Risk Model
Last month, we reached a significant milestone that reinforced our confidence and provided further validation for our approach and the effectiveness of the Cowbell Factors. With four years of (re)learning and trillions of data points, we updated our risk model and evolved our approach to risk assessment. Here’s what’s changed:
- Replaced pre-modeled proxy data with unprocessed raw data, giving us more control and precision
- Significantly improved predictive accuracy by using Cowbell’s own claims data
- Added granularity to NAICS codes and classification
- Enhanced our ability to reprioritize vulnerabilities
- Incorporated a new data source to evaluate 3rd party vendor risk
The substantial volume and improved quality of data, coupled with a more robust closed-loop system and refined labeling and classification, has significantly influenced the effectiveness of our Cowbell Factors. The enhancements have resulted in a 436% improvement in predicting claims frequency and a 254% increase in predicting claims severity.
For a more detailed look at Cowbell Factors, the enhancements we’ve made, and where we’re headed, check out Cowbell Factors: A Defining Milestone in Cyber Risk Quantification.