Article
Behind the Scenes of our Email Security Research Report with CEO Rotem Iram
Leveraging our first-party data to increase transparency and accountability in the cybersecurity industry
Choosing which security products to buy is a challenging task for an organization, especially with limited resources or security expertise. It is easy to believe that security products help, but to what extent are they worth the investment, and which product within a category is the most effective? Those questions are really difficult to answer by experts, let alone customers.
But the issue runs deeper than that.
Security solutions are layered on top of IT choices with products and configurations that can create wildly different security challenges for organizations. Some software products are more prone to becoming vulnerable to attacks, while others lack security controls that highly impact the risk of the organization.
Without a clear analysis of the risk associated with IT choices, insureds are left to make a choice based solely on functionality, inadvertently putting themselves in a riskier position. That’s why we published this research report: to provide simple, data-based insights that can help organizations make better-informed decisions about their software investments, as well as help software providers close down risk at the source rather than after an attack.
The Current State Of Software Security
The reality is that all software products can become vulnerable to a cyber attack, but some are more vulnerable than others.
Still, there is little accountability or incentive for software vendors to prioritize security — especially since enhanced security features often come at the expense of a “seamless” or more straightforward user experience with the product.
What’s needed is an objective, statistically significant financial analysis of the relationship between software and software security choices as well as the financial loss and business impact from cyber attacks associated with each product choice. Such analysis would also make it possible to measure the return on investment for different security products and product categories, which is essential for organizations with limited budgets.
How We Created Our Report
In pursuit of our mission to bring clarity to cybersecurity and empower businesses to embrace technology with confidence, we have created this report to help provide a benchmark for the expected losses, according to our portfolio, associated with several of today’s popular email solutions and email security solutions. See the top findings and key takeaways from our report.
At-Bay’s Cyber Research team collected and analyzed technical claims data from the ~40,000 individual policies we issued to businesses over the last four years. We used this information to rank email solutions and email security solutions, which together comprise the perimeter and first line of defense against email-related attacks — the most common attack vector on small and medium-sized businesses.
Thanks to our first-party data on attacks and losses, At-Bay can reveal the real-world relationship between product choices and corresponding financial risks for each major product category in software and software security. This provides valuable insight into both product performance and prioritization of solutions.
We trust that this report, and those that follow, will serve as a valuable resource to the security community, providing vendors with an opportunity to improve their own intelligence on their product performance and decisioning, while empowering customers to make better decisions in choosing secure software.
About the Author
Rotem Iram is At-Bay’s Co-Founder and CEO, the InsurSec provider for the digital age. . Before founding At-Bay in 2016, Iram spent two years as Managing Director and Chief Operating Officer at K2 Intelligence, a leading global risk management firm focusing on cyber intelligence, cyber defense strategy, and incident response.
He began his career as a captain in Unit 8200 of the Israeli Intelligence Corps and was a consultant at McKinsey & Company. Iram holds a BS in Computer Engineering from The Hebrew University of Jerusalem and an MBA from Harvard Business School.