The Key to Discounted Cyber Insurance: A 'Bug Bounty'?
In a bid to spread better threat awareness, the cyber insurer will offer discounts on its policies to any client that has a vulnerably disclosure and bug bounty program.
February 20, 2018 at 09:20 AM
3 minute read
As cyber insurance evolves to account for new threats and cover developing international markets, one company is looking to leverage the prospect of cheaper insurance to change the way corporations acknowledge and address their cyber risk.
Coalition, a cyber insurer founded in 2017 that offers cybersecurity tools and cyber and technology insurance plans to small- and medium-sized businesses, announced a partnership with “bug bounty” and vulnerability disclosure platform HackerOne.
Under the terms of the partnership, Coalition's policyholders will receive discounts on their policies if they use HackerOne's services, which connect companies with “white hat” hackers that help discover and disclose software vulnerabilities in digital platforms, products, and IT systems.
As part of the service, companies must set up “bug bounty” programs that offer compensation for hackers that uncover vulnerabilities. HackerOne takes a percentage of this compensation, which can vary depending on the type and severity of the vulnerability discovered and is set by each individual company.
The partnership, which came about in part because Coalition co-founder John Hering also sits on the board of HackerOne, will see Coalition host HackerOne's response app on its cyber risk management platform. The app includes cybersecurity tools that its policyholders can use for free.
Though Coalition has only announced a partnership with HackerOne, Joshua Motta, founder and CEO of Coalition, noted that cyber policy discounts “are not exclusive to HackerOne customers.”
“So anyone who has a bug bounty program or a vulnerability disclosure program, even if it's a program they run by themselves or with a competitor of HackerOne, are still eligible for the discount from Coalition,” he explained.
He added that while the amount of such discounts will “change from client to client because different companies request different coverage from us, and also because companies are different” in sizes and need, the discounts are generally “in the order of magnitude of 10 to 15 percent.”
Motta explained that the impetus for the partnership and discount program was to change the way companies think about and address vulnerabilities in their software to better lower their cyber risk.
“There is a temptation amongst companies, and even within the insurance industry, that it is better to know less about bad things, about vulnerabilities, because it can potentially expose you to more legal liability if you're later on found to have ignored those things. And obviously I think that is a flawed way of thinking,” he said.
Of course, software vulnerabilities are only part of the way hackers can access their victim's systems. But Motta noted that because companies are free to design their bug bounty and vulnerability disclosure programs as they see fit, vulnerabilities can be defined broadly, such as specific email phishing threats.
Exploiting software vulnerabilities to gain access to a system, however, has been an effective strategy behind some of most notorious cyberattacks. Vulnerabilities in Windows XP, for instance, paved the way for the worldwide WannaCry ransomware attacks that occurred last spring.
Unsurprisingly, bounty programs are becoming increasingly common in the tech and corporate world, with companies such as Facebook, Microsoft and Uber offering compensation for vulnerability disclosures. They also have caught on in the federal government as well, with the Department of Defense launching its “Hack the Pentagon” and “Hack the Air Force” programs.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Litigation Leaders: Greenspoon Marder’s Beth-Ann Krimsky on What Makes Her Team ‘Prepared, Compassionate and Wicked Smart’
- 2A Look Back at High-Profile Hires in Big Law From Federal Government
- 3Grabbing Market Share From Rivals, Law Firms Ramped Up Group Lateral Hires
- 4Navigating Twitter's 'Rocky Deal Process' Helped Drive Simpson Thacher's Tech and Telecom Practice
- 5Public Notices/Calendars
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250