Digitalization has proven to be a key to success for businesses around the world. Regardless of size or sector, organizations are tapping into digital trends to try and gain any advantage possible over their closest rivals. Like any change, digitalization comes with its own unique set of risks, which until now, businesses and their insurers have failed to adequately address, according to Asaf Lifshitz, CEO of cyber security assessment company, Sayata Labs.
The Sayata Labs team combines the expertise of cybersecurity researchers, insurance professionals, IT developers and data scientists to help companies – in particular small and medium-sized businesses (SMBs) - address their true cyber risk. Co-founded by Lifshitz, the firm was built around the premise that insurance companies have failed to adjust their methods to evaluate and combat new risks, rather relying upon out-dated methods to ascertain a company’s cyber vulnerability.
“Cyber insurance started out as a very niche market. There was demand from customers, particularly larger organizations, and some insurers wanted to offer it,” said Lifshitz. “The fastest way to do that without knowing cyber insurance was going to turn into a massive industry was for insurers to adapt the techniques that had worked in other commercial lines. So, they asked a series of questions on a form, which the client filled out, signed and sent back in return for a quote. In its simplest form, that was the data collection process.
“What’s interesting with cyber risk is that the core of it is digital risk. There’s such a breadth of information, at least conceptually, that insurers can bake into their decision-making processes. Yes, there may be some questions an underwriter might want to ask a customer, but they’re going to miss out on a lot of information if they don’t leverage the fact that there’s an abundance of information stored digitally waiting for collection.”
Cyber news: European Central Bank hit with data breach
The Sayata Labs cyber risk assessment solution for SMBs is built around AI-based algorithms and granular data collated from past cybersecurity breaches. The firm focuses on the root causes of past cyber breaches to determine attack vectors – how attackers get into and take control of systems – and then uses those insights to derive what risk mitigation organizations should have had in place in order to avoid those breaches. As Lifshitz put it, they like to focus on “proven predictors of risk” based on root cause analysis.
“I think our approach creates a really excellent dynamic that doesn’t really exist in the old world of cybersecurity,” Lifshitz told Insurance Business. “The way a lot of cybersecurity discussions go: you may be trying to recommend some remedy, or some new protective measure to be implemented, but it’s very hard to back that up with data. What I like about the new angle that we’re really trying to push is that insurance and cybersecurity are really fusing together. They’re merging in the sense that the insurance is helping organizations in a data-driven way, by using analysis of cyber events that have actually happened. I think that approach is not used as much as it could be by the cyber insurance industry.”
Sayata Labs is tailored towards the SMB segment – and there’s a reason for this. With backgrounds in data science, IT, physics, technology and cybersecurity, the Sayata Labs team members have followed cyber trends closely since the inception of the cyber insurance market. They had a lot of conviction that it made sense for even the smallest organizations to purchase cyber insurance because everyone is exposed, explained Lifshitz, and yet it took a long time for cyber insurance solutions to be tailored for SMB buyers.
“It led us to think about the way the insurance industry looks at and thinks about SMB cyber risk, and we felt that a shift in mindset needed to happen,” Lifshitz commented. “So many things are different in terms of an SMB’s cybersecurity versus a large corporate company’s cybersecurity. The nature of attacks they’re going to face are different, and also the sophistication of the organizations and the type of budget and resources they have to throw at the problem of cybersecurity will vary greatly. That led to us creating Sayata Labs, combining the cybersecurity know-how with the data science to enable the cyber insurance industry to upgrade the way it looks at, thinks about and deals with mitigating cyber risk for SMBs.”