Introducing At-Bay Stance, the World’s First InsurSec Solution to Help SMBs Mitigate Cyber Risk

No one ever intended for small businesses to be in the eye of the storm; battling nation states and organized criminal groups, operating complex security solutions that they can’t afford, by cybersecurity experts that they can’t hire. But this is their new reality, and why, despite best efforts by the security industry and the insurance industry, the gap between attackers and small business defenders is only growing.

We built At-Bay with a mission to protect small businesses from cyber risk. It is our belief that insurance is the key to unlock this market failure in SMB security. A technical cyber insurance company has the incentives, the scale and the skills to not only pay claims, but to help SMBs close their security gaps and avoid incidents all together. It is why we’re so excited to launch the next frontier in SMB cyber risk management: the At-Bay Stance InsurSec solution.

Small businesses most often fall victim to attacks that could have been prevented by a skilled operator with adequate visibility into the security posture of the organization. They fail because they lack the budgets and expertise to purchase, configure and manage their IT and security stacks.

InsurSec is an innovative new approach to cyber risk that brings together mission-critical security products and services that reduce cyber risk, coupled with an insurance policy. In addition to protecting you in the unlikely event of an attack, we also help you to minimize your exposure to prevent attacks. This includes giving you the technology and expert support you need to build the best security stack and improve your security posture in order to unlock better coverage and premiums.

Learn more about InsurSec and how it can help businesses manage their risk better.

At-Bay Stance will help you to monitor for new threats against your organization through a managed risk intelligence platform, provides you with experts who can help remediate issues and address gaps in your security proactively and reactively, as well as give you access to a dedicated response and recovery team who can help you to respond to a covered incident quickly and reduce losses.

Finally, we want our customers to be empowered to buy the best-performing security technology. Using our claims data to understand which solutions are performing the best in their category (for example, see our recent Email Security Solutions Report), our team will identify the best providers and secure exclusive discounts for our customers. All as part of your insurance policy. 

At-Bay Stance honors our promise to always place our customers’ security at the heart of everything we do. At-Bay’s world-class cyber insurance solutions have helped businesses of every size thrive in a digital world. For instance, At-Bay’s 30,000+ policyholders experience 80% fewer ransomware attacks compared to the industry average¹. But there’s more work to be done to protect businesses and we believe that InsurSec is what insurance needs to be today. 

Based on claims data from our policyholders, we know what security controls matter the most and which products can reduce the risk of attacks. With this knowledge, we can help close the security gap for even the smallest businesses so they can get access to our coverage and security capabilities to maximize the ROI on their spend.

“Cybersecurity for SMBs is broken. A fragile technology stack and complex security tools require budgets and expertise that small businesses simply cannot afford. By combining insurance with security into InsurSec, At-Bay brings the incentives, scale and expertise needed to bridge the SMB cybersecurity gap.”
– Rotem Iram, CEO & Co-Founder, At-Bay

What Does At-Bay Stance Include?

At-Bay Stance™ is a managed risk solution that combines mission-critical products and services that reduce cyber risk, all as part of your insurance policy. 

What’s included in At-Bay Stance:

At-Bay Stance Exposure Manager2 – A purpose-built software platform that centralizes threat and vulnerability data, by integrating data from existing security controls from inside your company with At-Bay’s external scans. Exposure Manager evaluates and prioritizes your areas of exposure, increases visibility, and empowers our customers to take action when needed. (A similar third-party solution would typically cost a company upwards of $5,000/year.3)

At-Bay Stance Managed Security2 – In-house experts who provide intelligence-powered recommendations to businesses on how to stop attacks before they happen. This team offers “on-demand” services to help businesses with remediation of detected vulnerabilities. They will also share recommendations and insights proactively. This is the force multiplier that helps businesses build the right posture. (Similar services would typically cost more than $300/hour.)

At-Bay is also rolling out these new offerings to Cyber and Tech E&O (excess and surplus) policyholders:

At-Bay Response & Recovery4 –  In-house incident response team to help expand a business’ resources and options for who they can tap to help with recovery when impacted by an incident. The goal of the Response & Recovery team is to understand the root cause of an incident, assess the total impact, and develop the appropriate plan to get customers back on their feet in the event of a covered incident.

Security Partner Network: We’ve also expanded our security tools and services partner program and offer discounts on the top-performing 3rd party security products and solutions who have a strong track record of preventing risk according to our claims research. This helps businesses make informed buying decisions, reduces exposure, and potentially could lower their insurance premiums.

Why At-Bay Stance? Why Now?

The majority of cyber attacks don’t target large enterprises anymore. In 2021, 82% of ransomware attacks targeted companies with fewer than 1,000 employees.⁵ According to a recent report from NetDiligence, 98% of cyber insurance claims in the past five years came from small and mid-sized businesses with revenue under $2 billion.⁶ When a business is impacted, sales are interrupted, sites and stores shut down, and customers lose trust in the brand.

But the reality is, despite cyber risk being an ever-growing challenge among smaller businesses, getting access to the right tools and expertise remains incredibly difficult and expensive. For the businesses that did not invest in robust cybersecurity measures (like MDR and resilience), they often don’t know how to interpret threat alerts and lack a cyber attack response plan for two main reasons:

1. They lack in-house resources and cybersecurity expertise.
2. They’re grappling with an unfair burden to navigate a complex, hard-to-keep-up-with technology landscape.

Insurance has thus become the single most important risk defense mechanism that many small businesses can turn to — but that comes with its own limitations. Cyber risk is so rampant in today’s world that most insurers require businesses to have a basic set of security protections in place in order to insure them. As a result, many small businesses who have been priced out of the security market are also being priced out of insurance. With At-Bay Stance our goal is to solve for this growing need so we can better protect emerging and mid-sized businesses from digital risk.

What Makes At-Bay Stance So Powerful?

We believe that insurers who invest in bringing both insurance and security protection into an end-to-end managed risk solution will have a transformative impact on the security of their customers — and the outlook of their business and ours. 

When we bring these two risk management products together, our innovative solution becomes a force multiplier. Insurance is able to unlock the critical data that can identify areas where security can improve. 

Without claims and financial loss data, the performance of today’s security technologies would go unchecked and a business’ ability to reduce their risk would always be limited to the metrics their vendor decided to share. And without security, insurance would struggle to remain a viable product. Together, both insurance and cybersecurity solutions can help to address the limitations of the other in reducing risk — dramatically improving the performance and ROI of both products by reducing cyber crime and losses.

At-Bay Stance Exposure Manager’s dashboard highlights and prioritizes threats, and recommends fixes.

We’ve already proven the value of strong cybersecurity practices and their impact on reducing risk and loss ratios, which is why At-Bay is happy to do the heavy lifting for our customers by investing in our security team and offering these services to insureds at a fraction of the cost that they would typically pay for comparable services.

It’s not your job to be an expert on cybercrime. It’s ours. By bringing together the best of security and insurance into At-Bay Stance, businesses are now in a unique position to deeply understand their security risks, and then work with human experts to put those insights into action to protect their data, customers, employees and bottom line.

At-Bay Stance will be available to any business that purchases a new Cyber and Tech E&O surplus lines product (on a primary and excess basis) from us starting May 1, and to renewing policies starting August 1. If you’re not an At-Bay customer and are interested in getting a quote that includes access to At-Bay Stance Exposure Manager and Managed Security, please contact your insurance broker for more information.

Learn more about At-Bay Stance

Footnotes:

¹ Frequency Based on Primary and Excess Cyber and Tech Errors & Omissions losses reported and exposure earned through 9/30/2022, evaluated as of 10/1/2022, and 2020-2021 industry analysis.

² At-Bay Stance Exposure Manager and Managed Security are available to At-Bay policyholders via the Embedded Security fee and corresponding Embedded Security Endorsement, as shown in your Policy’s Declarations. Please refer to your Policy.  

³ Estimated value of At-Bay’s Stance Exposure Manager based on estimated annual cost of a comparable solution for small- and medium-sized businesses. At-Bay Stance Exposure Manager should not be considered a replacement for a comprehensive exposure management solution or a standalone cybersecurity solution. Please consult with an IT professional for additional guidance.

⁴ Response & Recovery team is an affiliate of At-Bay Insurance Services, LLC. As with all panel vendors, you must follow the requirements and procedures set forth in your Policy.

⁵ Coverware Report – Law enforcement pressure forces ransomware groups to refine tactics in Q4 2021

⁶ NetDiligence 2022 Claims Study. Report based upon the summary statistical analysis of almost 7,500 cyber claims for incidents that occurred during the five-year period 2017–2021.