The Key to Discounted Cyber Insurance: A 'Bug Bounty'?
In a bid to spread better threat awareness, the cyber insurer will offer discounts on its policies to any client that has a vulnerably disclosure and bug bounty program.
February 20, 2018 at 09:20 AM
3 minute read
As cyber insurance evolves to account for new threats and cover developing international markets, one company is looking to leverage the prospect of cheaper insurance to change the way corporations acknowledge and address their cyber risk.
Coalition, a cyber insurer founded in 2017 that offers cybersecurity tools and cyber and technology insurance plans to small- and medium-sized businesses, announced a partnership with “bug bounty” and vulnerability disclosure platform HackerOne.
Under the terms of the partnership, Coalition's policyholders will receive discounts on their policies if they use HackerOne's services, which connect companies with “white hat” hackers that help discover and disclose software vulnerabilities in digital platforms, products, and IT systems.
As part of the service, companies must set up “bug bounty” programs that offer compensation for hackers that uncover vulnerabilities. HackerOne takes a percentage of this compensation, which can vary depending on the type and severity of the vulnerability discovered and is set by each individual company.
The partnership, which came about in part because Coalition co-founder John Hering also sits on the board of HackerOne, will see Coalition host HackerOne's response app on its cyber risk management platform. The app includes cybersecurity tools that its policyholders can use for free.
Though Coalition has only announced a partnership with HackerOne, Joshua Motta, founder and CEO of Coalition, noted that cyber policy discounts “are not exclusive to HackerOne customers.”
“So anyone who has a bug bounty program or a vulnerability disclosure program, even if it's a program they run by themselves or with a competitor of HackerOne, are still eligible for the discount from Coalition,” he explained.
He added that while the amount of such discounts will “change from client to client because different companies request different coverage from us, and also because companies are different” in sizes and need, the discounts are generally “in the order of magnitude of 10 to 15 percent.”
Motta explained that the impetus for the partnership and discount program was to change the way companies think about and address vulnerabilities in their software to better lower their cyber risk.
“There is a temptation amongst companies, and even within the insurance industry, that it is better to know less about bad things, about vulnerabilities, because it can potentially expose you to more legal liability if you're later on found to have ignored those things. And obviously I think that is a flawed way of thinking,” he said.
Of course, software vulnerabilities are only part of the way hackers can access their victim's systems. But Motta noted that because companies are free to design their bug bounty and vulnerability disclosure programs as they see fit, vulnerabilities can be defined broadly, such as specific email phishing threats.
Exploiting software vulnerabilities to gain access to a system, however, has been an effective strategy behind some of most notorious cyberattacks. Vulnerabilities in Windows XP, for instance, paved the way for the worldwide WannaCry ransomware attacks that occurred last spring.
Unsurprisingly, bounty programs are becoming increasingly common in the tech and corporate world, with companies such as Facebook, Microsoft and Uber offering compensation for vulnerability disclosures. They also have caught on in the federal government as well, with the Department of Defense launching its “Hack the Pentagon” and “Hack the Air Force” programs.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Greenberg Traurig Combines Digital Infrastructure and Real Estate Groups, Anticipating Uptick in Demand
- 2Trump Administration Faces Legal Challenge Over EO Impacting Federal Workers
- 3Supreme Court Considers Reviving Lawsuit Over Fatal Traffic Stop Shooting
- 4Long Hours and Lack Of Boundaries: Associates In India Are Leaving Their Firms
- 5Goodwin Procter Relocates to Renewable-Powered Office in San Francisco’s Financial District
Who Got The Work
J. Brugh Lower of Gibbons has entered an appearance for industrial equipment supplier Devco Corporation in a pending trademark infringement lawsuit. The suit, accusing the defendant of selling knock-off Graco products, was filed Dec. 18 in New Jersey District Court by Rivkin Radler on behalf of Graco Inc. and Graco Minnesota. The case, assigned to U.S. District Judge Zahid N. Quraishi, is 3:24-cv-11294, Graco Inc. et al v. Devco Corporation.
Who Got The Work
Rebecca Maller-Stein and Kent A. Yalowitz of Arnold & Porter Kaye Scholer have entered their appearances for Hanaco Venture Capital and its executives, Lior Prosor and David Frankel, in a pending securities lawsuit. The action, filed on Dec. 24 in New York Southern District Court by Zell, Aron & Co. on behalf of Goldeneye Advisors, accuses the defendants of negligently and fraudulently managing the plaintiff's $1 million investment. The case, assigned to U.S. District Judge Vernon S. Broderick, is 1:24-cv-09918, Goldeneye Advisors, LLC v. Hanaco Venture Capital, Ltd. et al.
Who Got The Work
Attorneys from A&O Shearman has stepped in as defense counsel for Toronto-Dominion Bank and other defendants in a pending securities class action. The suit, filed Dec. 11 in New York Southern District Court by Bleichmar Fonti & Auld, accuses the defendants of concealing the bank's 'pervasive' deficiencies in regards to its compliance with the Bank Secrecy Act and the quality of its anti-money laundering controls. The case, assigned to U.S. District Judge Arun Subramanian, is 1:24-cv-09445, Gonzalez v. The Toronto-Dominion Bank et al.
Who Got The Work
Crown Castle International, a Pennsylvania company providing shared communications infrastructure, has turned to Luke D. Wolf of Gordon Rees Scully Mansukhani to fend off a pending breach-of-contract lawsuit. The court action, filed Nov. 25 in Michigan Eastern District Court by Hooper Hathaway PC on behalf of The Town Residences LLC, accuses Crown Castle of failing to transfer approximately $30,000 in utility payments from T-Mobile in breach of a roof-top lease and assignment agreement. The case, assigned to U.S. District Judge Susan K. Declercq, is 2:24-cv-13131, The Town Residences LLC v. T-Mobile US, Inc. et al.
Who Got The Work
Wilfred P. Coronato and Daniel M. Schwartz of McCarter & English have stepped in as defense counsel to Electrolux Home Products Inc. in a pending product liability lawsuit. The court action, filed Nov. 26 in New York Eastern District Court by Poulos Lopiccolo PC and Nagel Rice LLP on behalf of David Stern, alleges that the defendant's refrigerators’ drawers and shelving repeatedly break and fall apart within months after purchase. The case, assigned to U.S. District Judge Joan M. Azrack, is 2:24-cv-08204, Stern v. Electrolux Home Products, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
