Protecting your business locations is a crucial aspect of business operations, and all businesses take steps to ensure their locations remain secure and operational. One of the steps you might take is to install a security system to monitor attempts to access the premises after hours, alert you to fires, etc. You may also contract with a security company to monitor the alerts for you. What if you didn’t tell the security company about a location you depend on to generate a large percentage of your production? As a result, the company cannot monitor this location, and there is a break-in resulting in damage to your production equipment. The break-in leads to significant business income and extra expense losses — losses that could have been reduced or avoided altogether. What, you may ask, does this little thought experiment have to do with cyber risk and insurance?
Coalition has a unique approach to helping organizations manage their cyber risk. Unlike traditional insurers, we gather data to assess their cyber risk holistically — and we mean a good bit of data. We request that you provide us with all the domains you use for your business, not just the public-facing websites, but domains used for your email or internal networks. While this may seem surprising, it isn’t all different from applying for insurance for your physical office space. A property insurance underwriter will ask you for all of your business locations to include factories, warehouses, as well as details about those locations. When a property insurer looks at your physical locations, they look at buildings construction (bricks and sticks), sprinklers, if you are located in a flood or earthquake zone, etc. This additional information allows the insurer to both underwrite and make recommendations to reduce your risk (firewalls were a construction technique long before they were a thing in IT).
Coalition asks for a complete list of your business's domains because we need to assess the cyber risk of more than just your public-facing website. We need to look at your organization’s risk as a whole, and we need to do it entirely from the outside, just like a would-be attacker.
Coalition generates billions of scanning events every month and analyses thousands of companies and their assets. By assets, we don't just mean not just domains, but subdomains and IP addresses as well. With a complete and accurate picture of your organization's assets we are able to discover what open ports your organization has, what technologies you use, and what security misconfigurations or vulnerabilities exist on your assets. Furthermore, we accomplish all of that scanning entirely from the outside, without any penetration testing or other internal access.
Our goal is to look at the parts of our network exposed to the internet the same way an attacker would. By looking for vulnerabilities from the outside, we can provide you with real, actionable feedback about your cyber risk and allow you to address those risks to reduce the likelihood of experiencing a cyber event. We do this upfront for prospective clients and on an ongoing basis for our policyholders.
After our scans have found all of our organization's assets and all security issues have been accounted for, we generate a risk score. We take extreme care in how we categorize the different security issues. For example, an organization with a critical risk score (between 91-100) has one or more vulnerabilities that, without remediating the risk score and requiring authentication, such as multi-factor authentication (MFA), to access the network, an attacker would be able to access either the data or assets of that organization.
Our ability to do this depends on having a complete list of your domains; we can only provide feedback on the networks we know you own.
While this may sound intimidating — and given the seemingly unending proliferation of aggressive cyber attacks such as ransomware, risk is intimidating — Coalition also offers means to address and mitigate your risk score.
Coalition policyholders can access the premium version of Coalition Control, our software-as-a-service platform with attack surface monitoring. Coalition Control allows your organization to monitor multiple third parties, vendors, suppliers, and other partners whose systems may be integrated or touch yours to a monitoring watchlist. Also inside the Coalition Control ecosystem is information about all of our security week cybersecurity solutions partners.
The good news continues: once you are a policyholder, there is no impact on coverage for the rest of the policy period if we notify you of a new vulnerability. Coalition believes in helping policyholders address their risk up front. We all benefit from mitigating risk before an attacker uses it to exploit and compromise your system.
By now, cyber risk is part of the cost of doing business, but managing risk and acquiring cybersecurity insurance doesn’t have to be complicated or intimidating. Coalition believes in helping policyholders manage their risk, and one of our biggest differentiators is our internal feedback loop. We deal with our policyholders end-to-end on their cybersecurity journey.
Our claims team has seen policyholders with vulnerabilities that could have been alerted and addressed before an attacker exploited it had we known an additional web or email domain also belonged to them. This is why we request a complete list of domains, subdomains, and IP addresses - to save you from the disruption and distraction of dealing with the attack, along with paying the policy self-insured retention.
We know that working closely with our policyholders won’t prevent all claims — that’s what insurance is for, after all. But we also know that in partnership with our policyholders and insurance brokers, we can reduce both the frequency and severity of claims which benefits us all.