(Image source: BitSight homepage.)
Duck Creek Technologies (Boston) has announced that it has expanded its Partner Ecosystem program through a new relationship with BitSight (Boston), a provider of security ratings. Used by brokers, insurers, reinsurers, and modelers globally to evaluate, price, and model cyber risk, BitSight Security Ratings are now available to joint customers in the Duck Creek Platform.
“BitSight Security Ratings provide critical information to help P&C insurers around the world underwrite cyber insurance and model risk,” comments Samit Shah, Director of Insurance Programs & Partnerships, BitSight. “We are focused on bringing efficient underwriting workflow to our customers, and integrating our service with the Duck Creek Platform was a natural fit for us.”
Duck Creek reports that BitSight differs from other security assessment tools that examine a company’s policies or conduct periodic scans because it continuously measures security performance based on evidence of compromised systems, diligence, user behavior, and data breaches to provide an objective, evidence-based measure of performance. BitSight’s data-driven, outside-in approach requires no information from the rated entity, Duck Creek notes, thus enabling insurers using BitSight Security Ratings to augment questionnaire-based assessment towards a continuous-outcome-based model that is both effective and efficient.
Value-Add for Carriers
“Cyber security represents a growing threat to businesses of all sizes, and protecting them with appropriate coverage is only becoming more difficult as the types and scope of cyber threats expand,” comments Elizabeth Del Ferro, VP, Partner GTM, Duck Creek Technologies. “Security Ratings are a fantastic value-add for carriers, and Duck Creek is thrilled to welcome BitSight into our rapidly-growing partner ecosystem.”
An Anywhere Enabled Integration now available on the Duck Creek Content Exchange allows insurers to make requests to the BitSight service to retrieve an overall rating and industry comparison, as well as information on individual risk vectors, their grades, and their industry comparison grades. Using this data, carriers can assess the cyber risk of an applicant organization during the underwriting process and price the policy appropriately, according to the vendor.