As CISOs, security experts, network architects, and incident responders themselves, Arceo has seen that the solutions to these problems often only make risks more complex. “They end up stacking on products and driving up the number of vendors they have to manage, rather than managing their own cyber risk,” mentions Vishaal “V8” Hariprasad, co-founder and CEO of Arceo.
As a cyber insurance company, Arceo is faced with this same challenge at scale, because every customer they assess is a unique risk with different challenges and liabilities. As they grappled with building the first data-driven cyber insurance company, they realized that the company had to first provide macro-level context around the micro technical view of each company.
Cyber Meteorology enables smarter policies by providing a clearer, data-driven understanding of each customer’s risk profile
Cyber meteorology serves as the basis to insure companies against cyber risks and help them prioritize their security efforts. Most importantly, it enables Arceo to be the first cyber insurance company whose top goal is to make its customers safer, not just calculate “a steady rate of return.” This is critical as the company’s mission is not to be profitable by avoiding paying claims but to build resilient customers that have the strongest protection, fast response resources, and thorough recovery options.
Arceo’s cyber meteorology combines a company’s internal and external security controls with global and industry level threat trends, to gain a full understanding of risks that matter most to a company’s bottom line such as:
• Threat environment data that includes indicators of high-level global, industry, and organization-specific threats.
• Exposure data that looks at the attack surface both inside and outside an organization.
The combination of all three analyses provides a highly detailed picture and unique quantification of the cyber risks faced by an organization, making the risks easier to mitigate, as well as transfer through insurance.
Insurance risk transfer is a critical security tool for CISOs because not all cyber events are preventable. “Good insurance can be a highly cost-effective means in making organizations more resilient by speeding recovery, paying for costly legal expenses and helping drive better internal hygiene,” says Hariprasad. Such an insurance profile translates to tens of millions of dollars in value for less than the cost of hiring an SOC analyst, who will probably move to a new gig after nine months. “Cyber Meteorology enables smarter policies by providing a clearer, data-driven understanding of each customer’s risk profile. When both parties have this clarity of the actual risks at hand, everyone can make smarter coverage decisions,” mentions Hariprasad.
Arceo’s goal is to make companies more cyber resilient by providing smarter insurance and dynamic cybersecurity protections. This will move the marketplace towards a model where companies will be incentivized to implement better cyber hygiene practices with increased levels of coverage and cheaper rates. “It’s no easy lift to move a market, but with this new partnership between security and insurance, we can reduce the complexity of cyber risk (and the CISO’s life) to build a more resilient society,” concludes Hariprasad