Anyone who’s been around IT over the past decade and a half knows that the cloud has been one of the most disruptive technologies and paradigms, completely changing the ways organizations operate and do business. The cloud computing industry is now setting its sights on the insurance market, with one of the leading hyperscale cloud service providers, Amazon Web Services (AWS) announcing the AWS Cyber Insurance Program. In this analysis, I’ll take a look at some of cyber insurance’s common problems and how AWS will tackle them with its innovative offering.
AWS Cyber Insurance Program
Cyber insurance has long been a tricky challenge, due to cybersecurity’s opacity: lack of historical data around security incidents; gaps in incident reporting requirements; and more. Organizations have been wrestling with topics such as coverage clauses and premiums, with some even going so far as to call cyber “uninsurable.”
But despite such cries, I’ve observed a growth in the cyber insurance market in parallel to the continued uptick in security incidents and organizations falling victim to attacks such as ransomware. Traditional insurance companies have begun to evolve their offerings to account for cyber incidents, and new insurance companies have entered the fold, looking to address a market gap.
AWS Cyber Insurance Program aims to address challenges in cyber insurance by doing one thing exceptionally well: connecting cyber insurance providers with those seeking coverage and leveraging cloud-native services to expedite the process. By doing so, it hopes to address challenges in the market such as high cyber insurance premiums and coverage limits that leave many organizations without insurance. AWS Worldwide Head of Cloud Foundations Ryan Orsi calls the launch of the program an “industry shaping moment.”
5 Key Value Propositions
The AWS Cyber Insurance Program in particular highlights five key value propositions:
- Getting a guaranteed cyber insurance quote in two days or less
- Dozens of insurers, large and small, participating
- Easy access for partner companies looking to help with assessment and advisory services
- AWS as an intermediary between consumers and insurance partners
- Streamlining a traditionally manual and cumbersome process, especially for small- and medium-sized businesses (SMBs)
One of the AWS Cyber Insurance Program’s most transformative aspects is that it allows organizations to make use of native AWS services such as AWS Security Hub to quickly assess the security posture of their environment against regulatory and compliance frameworks, industry standards, and AWS security best practices. This information can then be exported and provided to insurers. Traditionally, assessing the environment would have been a manual activity, prone to human error and often limited by resource constraints.
Coupling this approach with a strong AWS partner network of security and compliance expertise gives SMBs and enterprise organizations access to innovative services and firms to accelerate their ability to use cyber insurance. It does this by curating a list of vetted insurers working with AWS to ensure companies can get the sort of coverage they need at premiums they can afford.
It also gives the insurers a higher level of assurance that the companies they are covering have done their due diligence with regard to compliance and security best practices and that they are insuring workloads that aren’t overly risky or dangerous.
In my consulting experience, I have used AWS services extensively to assess environments for commercial customers as well as the Department of Defense (DoD) and federal agencies. These services are incredibly efficient, effectively streamlining traditional compliance assessment activities and removing much of the manual toil and subjectivity that existed in legacy on-premise environments when it comes to getting cyber insurance, all by leveraging the power of the cloud.
The AWS Cyber Insurance Program represents a transformative offering for a variety of stakeholders from insurers, SMBs, and cloud and security advisory firms to address existing gaps and inefficiencies that hinder widespread cyber insurance adoption and coverage.