This week, Jeff Reichard, Vice President, Public Sector & Compliance Strategy at Veeam Software, hosted Manu Singh, Director, Risk Engineering at Cowbell in a LinkedIn Live discussion. The conversation revolved mainly around the topic of risk engineering at Cowbell, Manu’s primary area of expertise, as well as Cowbell’s closed-loop approach to risk management.
It is important to clearly define risk engineering before getting too far into its role at Cowbell. According to Manu, risk engineering refers to the manner in which an organization can reduce risk and cyber incidents, in terms of frequency and severity. At Cowbell, risk engineers engage policyholders 1:1 to encourage them to adopt security best practices and offer guidance that goes beyond what the Cowbell platform automatically recommends to remediate identified risk exposures. In summary, risk engineers partner with the insured to paint a complete picture of their cyber risk profile and how they can take action to improve it as well as prevent cyber events in the future.
As ransomware attacks continue to increase in frequency, demand higher payouts, and evolve in complexity, cyber insurance providers must reevaluate their risk appetite and refine how they assess and accept risk. As a result, more data is needed about the organizations seeking coverage. Cowbell collects a great deal of data automatically as part of its continuous risk assessment process – every business can access their individual risk rating factors, or Cowbell Factors – and risk engineers augment this data whenever needed as they engage policyholders in remediation of identified security weaknesses. Risk engineers engage with and encourage policyholders in continuous risk improvement to create a virtuous cycle for policyholders, what we refer to as Cowbell’s closed-loop approach to risk management. This entails a process in which policyholders continuously assess, insure, improve and respond to cyber risks and cyber events.
“[Risk engineering is] a partnership with policyholders, encouraging them to continuously improve their organization’s cyber risk profile.”
– Manu Singh, Director, Risk Engineer, Cowbell Cyber
Digging deeper into closed-loop risk management at Cowbell, you will see that the process is supported by four key functions: data science, underwriting, risk engineering and claims. Data science collects and organizes all data and risk signals for underwriting to perform precise and speedy risk selection and pricing. This also includes assessing and identifying the controls SMEs need to have in order to be insurable.These controls can include MFA, security awareness training, incident response plans, and backups (an area in which Veeam can help).
As the closed-loop process continues, the risk engineering team is tasked with taking the previously identified controls an insured has or doesn’t have and then working with them to help improve their risk. Finally, the claims team is responsible for responding to any cyber events that present themselves in the form of incidents or breaches within the organization.
Veeam offers its customers assistance with backup strategies. Veeam’s backup solution emphasizes frequency of backups, places high priority on sensitive data, promotes offsite storage of data, encrypts backups, and requires users to authenticate with MFA in order to access backups. Backups become increasingly important as bad actors become more sophisticated. A critical area in which a lot of policyholders can improve is related to having an incident response plan with clearly defined roles and responsibilities for both internal and external stakeholders. Ensuring that these stakeholders have a thorough understanding of how to prepare, respond, and recover to a variety of different incident types is also important when it comes to continuous risk improvement.