SecondSight Enters Cyber ​​Insurance Market with AI-Powered Platform for Inside-Out Adoption

The cyber insurance market is still in its infancy – and many believe that first-generation solutions are constrained by technical debt and legacy thinking.

While ransomware and other cyberattacks continue to increase in both frequency and cost, many organizations are underinsured or not at all insured against cyberthreats. Not for lack of trying; As adoption evolves and becomes more complex, technical and time-consuming, many applications are simply declined.

All of this requires an entirely new approach to risk assessment: Insurers need mechanisms to measure the real digital risk that “lives within an organization,” said Reuben Vandeventer, CEO of the Indiana-based startup. second look.

His company aims to provide this: The company has emerged from stealth today with $3 million in seed funding and offers what it calls the first artificial intelligence (AI)-driven platform for “inside-out” adoption.

“SecondSight recognizes that cybersecurity and real digital risk are really about assets and liabilities,” says Vandeventer. “Digital risk is only meaningful and useful to business stakeholders if it is related to the bottom line.”

Cyber ​​insurance = A hard market

According to a 2021 report from the National Association of Insurance Commissioners (NAIC), the cybersecurity insurance market — including both U.S.-based insurers and alien surplus line insurers doing business in the U.S. — was worth approximately $4.1 billion in direct written premiums in 2020. This reflects an increase of 29.1% compared to the previous year.

Meanwhile, insurers writing standalone cyber insurance products reported about $2.58 billion in direct written premiums. Those who purchase cybersecurity insurance as part of a package policy reported about $1.49 billion in direct written premiums.

And the market is essential for even more growth: according to Markets and marketsthe size of the cyber insurance market will grow from an estimated $11.9 billion in 2022 to $29.2 billion in 2027, with a compound annual growth rate (CAGR) of nearly 20%.

The main drivers, according to the company, are the “rapid increase” in cybersecurity incidents coupled with an increase in mandatory cybersecurity regulations and legislation. However, the company points out that organizations are being constrained by the rising cost of cyber insurance.

“The private equity world is really saying that the cyber insurance market is likely to be a 10-year hard market,” said Vandeventer — meaning it will continue on a path of significant year-over-year growth.

‘Inside-out’ and ‘outside-in’ combined

The problem, he said, is that existing players in the risk quantification category — BitSight, Prevalent, RedSeal and SecurityScorecard, for example — are modeling risks from outside the firewall.

With this ‘outside-in’ approach, the primary concern is to prevent access at the network edge, and it largely involves human-requested input on risk management.

But “this stance no longer serves the nature of the market,” said Vandeventer, who previously founded OpenINSIGHTS and Data Clairvoyance Group, and served as chief data officer for Bridgewater Associates and CNO Financial Group.

SecondSight executes what it calls “inside-out” methods, as well as “outside-in”. The company brings telematics to digital risk and takes human observation out of the process by enabling system-to-system communication for direct observation of risk behavior in real time. It can be compared to Allstate’s Drivewise program, a telematics app that tracks driving habits.

This shows an organization’s “true digital risk” so that cyber insurance providers can quantify the severity of risks based on an organization’s digital assets and liabilities, Vandeventer said.

“When you’re outside the firewall, you don’t have the math to understand the P&L of digital assets,” he said. So “from the inside out and outside in, both must be used.”

Autonomous protection

As he explained, the cyber insurance company platform does not require a learning cycle; it autonomously discovers, classifies, and analyzes an organization’s “entire digital asset landscape,” the unique risk profile for each asset across thousands of risk factors, and the real operating costs that would be incurred if a digital asset were compromised.

AI modeling takes place right next to the data and metadata. More than 287 different models or algorithms — learning-based, deep learning, machine learning (ML), and other topological ones — identify, classify and map digital assets in the ecosystem, he said.

The platform integrates directly with SaaS applications and deploys agents and collectors in PaaS, IaaS and on-premise legacy environments. This edge-compute auto-discovery is combined with ongoing auto-correlation of digital assets with the insured’s business model.

What traditionally takes other companies weeks to compile is completed in just days by SecondSight — with an accuracy of a staggering 92%, according to Vandeventer.

“Carriers can relate digital assets to profit and loss, cash flow and balance sheet metrics,” he said.

He pointed out that in US markets, the average average recovery time after a ransomware attack is 28 days. “That’s 28 days the surgeries stop working,” he said. The “double whammy” is that organizations have 28 days of lost revenue, but 28 days still pay salaries and other bills.

Using SecondSight metrics, organizations can identify which digital assets are more correlated with production and operations, and focus on optimizing the mean time and recovery of those specific assets, explains Vandeventer. They can then add protections such as air-gapped backup, verbose detection and response (XDR), endpoint detection and response (EDR), multi-factor authentication (MFA), and two-factor authentication.

Cyber ​​insurance market is still in its infancy

As an executive at Allstate, Vandeventer’s big observation was that cyber insurance and its current manifestation didn’t behave like a mature or real insurance product, he said.

“The insurance industry didn’t treat it like real insurance,” he said.

This is because the insurance class has been marketed with an absolute minimum of acceptance. Market share grew rapidly, allowing carriers to make significant profits.

Now it’s pure economics: With the rise in claims after the pandemic, providers have imposed fewer policies while taking action to review underwriting.

SecondSight is an existing stealth on purpose as the industry is redefining standards, he said. The company is backed by several carriers and wholesale brokers (MGAs) and will soon announce a partnership with the largest cyber insurance wholesaler in North America.

The seed round, which will be used to advance go-to-market efforts, was led by Tim Crown (co-founder of Insight Enterprises), with participation from Indiana Ventures, Cook Ventures and Flywheel Fund.