Category Archives: Uncategorized

Filippo Passerini, Former CIO of Procter & Gamble, Joins Cyberwrite’s Advisory Board

  • imgWed, 16 Dec 2020
  • imgNir Perry
Filippo Passerini - Cyberwrite

The move powers the company’s global expansion into the supply chain and vendor risk management market offering corporations the ability to calculate their tailored financial cyber exposure to 3rd party relationships.

December 16, 2020 09:00 AM Eastern Standard Time

NEW YORK–(BUSINESS WIRE)–Filippo Passerini, former CIO and President of Global Business Services at P&G, joins the cyber risk modeling firm’s Advisory Board, supporting the company’s global expansion into the supply chain and vendor risk management market.

“Filippo brings decades of experience in IT, data science, innovation, and corporate risk management.”Tweet this

Passerini has over 35 years of IT management experience, and currently serves on the board of multiple traded companies including United Rentals and Integer. At Procter & Gamble, Passerini powered the Global Business Services of the consumer goods giant with innovative models and capabilities. His strategies, principles and ideas have been the subject of numerous books, articles, and Harvard Business Review publications.

“I have been following Cyberwrite’s evolution for some time, and I am excited to support this team of innovators. As a CIO, I have seen first-hand the challenges organizations are facing with cyber risk and the impact it has on business. This platform is a game-changer that enables organizations to assess vendor risks in financial terms, not just scores,” said Passerini.

“We are thrilled to have a top executive of such magnitude joining Cyberwrite,” said Nir Perry, CEO of Cyberwrite. “Filippo brings decades of experience in IT, data science, innovation, and corporate risk management.”

“Many companies struggle with quantifying cyber risk caused by 3rd party relationships due to the use of generic risk scores. This is further compounded by the fact that the same vendor may pose a different risk to different organizations but is scored the same by security risk scoring companies. Using Cyberwrite, companies can quantify risk in financial terms they can understand and act upon, as well as getting a tailored risk analysis for each 3rd party relationship. Generic security scores leave organizations in the dark with regard to business impact and Cyberwrite solves exactly that. Insurance companies have been using our award-winning financial risk models for several years worldwide. We have now made these models available to corporates to enable better 3rd party risk management,” says Perry.

Cyberwrite’s solution enables risk managers to make sense of an immense amount of data related to 3rd parties in an automated manner and to sort the risk according to potential financial damage that may be caused to its operations. The platform is intuitive to use, requires zero-integration, and provides risk benchmarking based on both external and internal data, as well as inherent and residual financial risk analysis of companies worldwide.

About Cyberwrite

Cyberwrite provides cyber risk quantification solutions for corporates worldwide. In 2020, Cyberwrite was awarded the most innovative cyber risk modeling firm by Frost and Sullivan and was named a Gartner Cool Vendor in 2018. Cyberwrite’s technology is also used by multiple insurance companies to underwrite the impact and potential financial damage of cyber-attacks on businesses of all sizes. The platform is available in multiple languages.

Cyberwrite Research for Mastercard Shows: Cyber-Attacks on Israeli Local Municipalities May Lead to an Aggregated 4.5B ILS in Damages

  • imgThu, 27 Feb 2020
  • imgNir Perry

Cyberwrite Research for Mastercard Shows: Cyber-Attacks on Israeli Local Municipalities May Lead to an Aggregated 4.5B ILS in Damages

February 26, 2020 09:00 AM Eastern Standard Time

StartPath Cyberwrite

TEL AVIV, Israel–(BUSINESS WIRE)–Cyberwrite, in collaboration with Mastercard, shared insights from a recent cyber-risk financial impact research which reveals that cyber-attacks on local municipalities and regional councils in Israel may lead to aggregated damages estimated in 4.5 billion New Israeli Shekels.

Cyberwrite research for Mastercard shows that cyber-attacks on Israeli local municipalities may lead to an aggregated 4.5B ILS in damagesTweet this

Cyberwrite, a leading cyber risk modeling firm which is specialized in the quantification of financial damages caused by cyber-attacks, has utilized its technology to collect open-source intelligence and model the cyber risk municipalities are exposed to using its proprietary AI algorithms. Cyberwrite has recently been selected to participate in the Start Path, Mastercard’s award-winning startup engagement program and is providing its technology to businesses worldwide. The company’s solutions and technology are simple to use and involve zero-integration.

As part of this collaboration, Cyberwrite generated cyber-risk reports for 251 local municipalities and regional councils in Israel which include risk benchmarking and financial damage estimation for different risk types. The study found that 5 of Israel’s largest cities are exposed to potential aggregated damages valued at 650M ILS. The financial damages stem mainly from risks such as theft of residents’ information, loss of information records, digital theft, disabling public services and more.

The study also found that user login credentials of Israeli local municipalities’ employees and contractors were commonly found on the dark web. Municipalities are the first on the list with an average of 17 stolen user credentials, while regional councils had an average of 11 credentials found online.

Nir Perry, Cyberwrite’s CEO, mentioned that: “Municipalities in the United States and Europe are subject to constant cyber threats. In the first nine months of 2019, over 600 successful cyber-attacks on municipalities and urban authorities in the United States were identified. This is a global trend that is likely to affect municipalities world-wide and the privacy of their citizens alike. Many municipalities are also purchasing cyber insurance policies to cover some of the damages in case of a cyber incident.”

Omer Unger, Mastercard’s Israel manager, said: “Mastercard is expanding its cyber services to provide its global customers with the best and most innovative services. This is achieved by collaborating with Israeli Cyber companies, by the global acquisition of cyber companies, and through the establishment of cyber centers around the world, such as The Cyber Centre in Vancouver, Canada, which was announced by Mastercard in collaboration with the Canadian Government during last week’s World Economic Forum.”

About Cyberwrite

Founded in 2017 by cyber risk and insurance industry veterans, Cyberwrite is a leading technology provider enabling businesses world-wide to quantify their financial exposure to cyber risk using proprietary AI algorithms. Using the Cyberwrite solution, companies can predict their potential financial exposure to cyber-attacks and benchmark it to industry peers. Cyberwrite is backed by Austrian VC firm Speedinvest as well as by Silicon Valley based 500 Startups and Plug & Play Ventures. The company has offices in the US and Israel. Visit Cyberwrite at

About Mastercard

Mastercard (NYSE:MA),, is a technology company in the global payments industry. Its global payments processing network connects consumers, financial institutions, merchants, governments and businesses in more than 210 countries and territories. Mastercard products and solutions make everyday commerce activities – such as shopping, traveling, running a business and managing finances – easier, more secure and more efficient for everyone. Follow Mastercard on Twitter @MastercardAP, join the discussion on the Beyond the Transaction Blog and subscribe for the latest news on the Engagement Bureau.

Cyberwrite selected by Mastercard to join StartPath Program

  • imgSat, 07 Dec 2019
  • imgNir Perry
Cyberwrite StartPath Mastercard

Mastercard Start Path Welcomes Seven Fintechs to Help Build the Future of Commerce

Jen Langione | December 4, 2019 | Industry News

Investment in fintech has reached new heights with more than $39 billion invested globally last year. New opportunities abound to bring innovative technology to market through strategic partnerships – what may arise from a customer need, pain point or desire can become a reality through co-creation with corporations that can benefit from new ways of thinking and in turn offer funding and scaling opportunities.

In Miami, seven elite startups from around the globe that are mitigating the financial impact of cyber risk for businesses, providing ecommerce platforms for women’s health and personal care, offering pay-on-demand solutions for casual dining restaurants, and much more will join the Mastercard Start Path network of companies that have gone on to work with the world’s largest banks and renowned organizations.

Mastercard Accelerate gives fintechs access to everything they need to grow quickly and offers a simple, single entry point to Mastercard’s wide portfolio of specialized programs, including its award-winning startup engagement platform Start Path. Start Path invites later-stage startups to participate in a six-month virtual program, providing opportunities to scale and secure strategic investments.

Each year, Start Path evaluates thousands of startups around the world and carefully selects about 40 companies that offer the most promising technologies and show a readiness for scale. More than 200 startups have participated in Start Path since its founding in 2014, and those companies have collectively gone on to raise $1.5B in capital.

Group pic Start Path Wave 15 news breif

After searching 210 countries and beyond, Mastercard has selected the following companies to receive tailored programs, operational support and commercial engagements within the Mastercard ecosystem:

  • BharatPe is a digital bank that enables small- and medium-sized merchants in India to accept payments.
  • Cyberwrite’s Cyber Risk SaaS platform discovers, quantifies and helps mitigate the financial impact of cyber risk on businesses worldwide.
  • Eureka AI is enabling mobile operator-to-enterprise partnerships by applying AI.
  • Hydrogen quickly builds cutting-edge digital financial applications anywhere globally using one platform.
  • Kasha is an ecommerce platform for women’s health and personal care in Africa.
  • mmuze is a voice-shopping platform for retail businesses.
  • Ziosk is a pay-on-demand solution for casual dining restaurants, enabling guests to order and pay and go when ready.

Innovation is at the heart of Mastercard’s 50-year history, and the cutting-edge technologies being pioneered by the latest group of Start Path companies align to the innovative, value-driven approach Mastercard takes to the solutions it creates and services it offers. The newest Start Path companies will be connected to a global ecosystem of banks, merchants, technology partners and digital players that are partnering to deliver transformative solutions to drive growth.

Cyberwrite cherry-picked to participate in the NY Fintech Innovation Lab 2019 cohort

  • imgThu, 04 Apr 2019
  • imgNir Perry

This year’s program includes five Insurance technology companies selected by Accenture customers and other financial institutions in the US out of hundreds of applicants.

We are very proud to announce that Cyberwrite has been selected to be one of only five Insurtechs to take part in the Fintech Innovation Lab in NY this year by the NY Partnership Fund and Accenture. This is an additional strong validation to the interest large corporates have in the Cyberwrite cyber insurance solution.

The selection process has been long and started with online applications. Hundreds of Insurtechs from all around the world have applied. This was followed by a face-to-face pitch to the program leaders and sponsoring corporates and finally a selection day expo in which the top 10 startups presented and of which only 5 got accepted to the program.

Cyberwrite Fintech innovation lab 2019! Meeting the Corporates!
Startups meeting the corporate sponsors at the Fintech innovation lab.
Cyberwrite mention on Forbes Money:
“On the security front, Cyberwrite was chosen for the lab because it provides an easy to understand report benchmarking the risks and financial impact a cyber attack would have on small and medium-sized businesses. The data is in real-time and on-demand. It used for customer engagement, improved underwriting and to manage risk.”

Cyberwrite Identified as Top 10 Insurtech by Accenture’s Customers in the NY Fintech Innovation Lab

  • imgWed, 13 Feb 2019
  • imgNir Perry
Cyberwrite Accenture Fintech Innovation Lab

Accenture Fintech Innovation lab identified Cyberwrite as one of only 10 Insurtechs to present to its customers in Feb’ 19.

Out of over 250 candidate companies – Accenture’s insurance customers have Identified Cyberwrite as one of only 10 which presented in February 2019 in NY in front of representatives from the insurance industry.

The FinTech Innovation Lab is an annual 12-week accelerator program that brings together early-stage financial technology companies and the world’s leading financial institutions.

Cyberwrite’s solution for Cyber Insurance digital customer engagement, cyber insurance underwriting for SMB’s and aggregated risk management are used by leading carriers in the US and Europe.

Nir Perry, CEO of Cyberwrite presented the Cyber Insurance Underwriting solution at the Fintech Innovation Lab in New York.

Cyberwrite Named a 2018 Cool Vendor in Insurance by Gartner for its Cyberrisk Profiling Technology


Vendors selected for the “Cool Vendors” report are innovative, impactful and intriguing.

San Francisco, California, and Tel Aviv, Israel – May 15th, 2018 – Cyberwrite today announced it has been included in the list of “Cool Vendors” in the “Cool Vendors in Insurance”[i] by Gartner, Inc. The InsurTech innovator has been recognized for its cyberrisk profiling technology for cyber insurance.

In the report Gartner writes, “Gartner’s Cool Vendors in insurance apply a broad range of emerging technologies to provide innovative products and services and support new business models. Life and P&C insurance CIOs can use this research to keep themselves and their business peers ahead of the competition.”

Cyberwrite’s cloud-based SaaS solution gives insurers and brokers unique insights that enable them to tailor cyber insurance policies to meet the specific needs and budget of individual small and midsized businesses (SMBs). The solution is based on machine learning technology for translating raw cyber risk data into cyber coverage risk scores and financial impact estimations.

Cyberwrite enables coverage to be tailored to the specific risks of SMB’s, rather than the “one size fits all” approach currently offered. The solution is already being used by some of the world’s largest insurers, with reports run so far for over 50,000 companies globally.

Because Cyberwrite profiles and analyzes the cyber insurance risk of businesses in real time and on demand, it helps both insurers and their customers to understand the probability and financial impact of a cyber event for that specific business. This is presented in a one-page, simple to understand report, which serves insurers and brokers when they sell and underwrite cyber policies as well as business owners so they can purchase the right coverage. It is especially useful and clear for those who are not cyber experts.

In addition, insurance companies integrate Cyberwrite’s data into their system using Cyberwrite’s APIs for underwriting and catastrophe modelling purposes.

“Cyber insurance policies offered to small and midsize businesses are typically very broad and untailored, resulting in businesses paying extra for unneeded coverage while not being covered for the actual risks they face, and we are out to change this,” said Nir Perry, CEO, Cyberwrite. “We are very proud to be included in the prestigious Gartner report. We believe that Cyberwrite is set to shake things up in the coming years for the insurance industry.”

According to the US National Cyber Security Alliance 60 percent of small companies are unable to sustain their businesses six months after a cyber attack.

“Cyber insurance is becoming essential to businesses as the only product that compensates them after an attack, when technology cannot provide total protection. We expect high demand for this type of insurance among small and mid-size businesses because of the high and growing number of damaging cyber attacks,” added Perry. Allianz projects the cyber insurance market is set to grow to $20B in annual premiums in the next 7 years.

Cyberwrite is one of only four insurtech companies globally to be recognized by Gartner, as a Cool Vendor, whose insurtech database covers more than 1,000 startups.

Gartner clients can access the Gartner report here.

¹Gartner, Cool Vendors in Insurance, Sham Gill, Kimberly Harris-Ferrante, Jeff Haner, Laurie Shotton, Richard Thomas Natale, Juergen Weiss, 26 April 2018



About Cyberwrite

Cyberwrite was founded in 2016 by a team of cyber risk experts and insurance veterans to address the $20B market of cyber insurance.

The company has customers in the United States and Europe and is backed by Austrian venture capital fund SpeedInvest, as well as senior insurance executives and angel investors from the United States and Israel. Among the company’s advisors are Shmulik Regev, one of the founders of Trusteer and Inbar Raz, a thought leader and speaker in cyber intelligence research. Visit Cyberwrite at or on LinkedIn and Twitter

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Speaking with Judy Selby – a leading expert on Cyber Insurance consulting to corporates and insurance companies.

Cyber Insurance Interview

Hi Judy, thank you for joining us today.

Hi Nir, thank you for having me.

What can you tell us about your background?I was an insurance coverage lawyer for 25 years, handling large, complex coverage matters, usually on behalf of insurance companies.  I was fortunate to have had substantial trial and international arbitration experience. When litigating coverage claims, it becomes readily apparent that the precise wording of the policy is crucially important. Many cases are decided on the basis of a single work or on the absence or inclusion of punctuation.  This background has been extremely helpful in my consulting practice, where I assist companies to get better coverages, improved alignment of their insurance policies, and increased clarity of policy language to avoid coverage disputes. I also help companies to better understand their requirements and conditions under the policies so that they can avoid missteps that may jeopardize coverage.

How did you start dealing with Cyber Insurance?

I began dealing with cyber insurance when data breaches and regulatory requirements concerning data protection and privacy began gaining prominence. I already had a strong insurance background, but I also took a number of courses through the Massachusetts Institute of Technology (MIT) on cybersecurity and related issues to assist with counseling my clients about coverage for cyber risks. It must always be remembered, however, that although cyber policies raise new technology and privacy-based issues, they are still insurance contracts. Even cyber forms are relatively new, many of the terms in cyber policies, and the rules of policy construction have been the subject of decades, or more, of specialized insurance jurisprudence. I believe its very important to understand those issues when selecting a cyber policy.

 What is your position on Cyber Insurance policy wording process?

It’s challenging.  There are no standard forms and each carrier’s form is different. This makes policy comparison difficult. It’s vitally important to review every word of a policy before it’s purchased.  The good news is that because the cyber insurance market is soft, insureds often have the opportunity to negotiate for more favorable policy terms. They just need to know what issues to raise with their brokers and/or insurers.

What are some of the challenges you see insurance companies have to deal with when offering a new cyber product?

There certainly are issues when it comes to underwriting new cyber risks. Many insurers have done a good job of creating new coverages to deal with today’s constantly emerging new cyber threats. But unlike with other more traditional risks, insurers do not have decades of data on which to base underwriting decisions.

 Do you see many claims? Can you share an interesting example you have seen?

 In my experience, the vast majority of claims are paid. But I have seen claims denied when an insured violates a policy condition, such as not obtaining prior consent before making expenditures after an incident. Going forward, I suspect that we may see more insurers challenge claims when they believe the insured provided inaccurate information to the insurers when obtaining coverage. That’s why incredibly important for companies to ensure that any information they provide to an insurer is accurate. They can’t just wing it or guess at responses to insurer questions. It likely will be necessary to get input from a cross-section of stakeholders, include third party service providers, to respond accurately to insurer questions. And if a company doesn’t understand an insurer’s question, it should seek written clarification before responding.


What is your prediction for the market in the next few years?

I expect to see the uptake of cyber coverage continue to increase, both in the US and elsewhere.  New regulations, such as the GDPR, increase the stakes for today’s companies, and many small and midsize companies are not well positioned — technically or financially — to deal with a cyber incident or the regulatory fallout. An appropriately designed cyber policy can help these companies successfully take and survive a cyber punch.


Thank you for your time Judy.

Thank you Nir. 

Cyberwrite won the UK TexChange Award for Cyber Innovation

  • imgSat, 24 Mar 2018
  • imgNir Perry

Cyberwrite is among few Israeli companies selected to join an exclusive delegation to London, for an immersive delegation to the UK including vast networking, business and investment opportunities and access to top industry leaders in London.

According to the UK embassy in Israel: “…only the top 12 startups who applied were selected to join our exclusive delegation to London this September and enjoy an immersive three-day programme including vast networking, business and investment opportunities and access to top industry leaders in the UK from companies and organizations including the National Cyber Security Center, Aviva Insurance, BT, K&L Gates, Taylor Wessing, Goldman Sachs, RBS and Visa.

Nir Perry and Inbar Raz on Cyber Insurance Challenges and Solutions

  • imgFri, 23 Mar 2018
  • imgNir Perry

Cyber Insurance for SME’s – Challenges and Solutions

By: Nir Perry, CEO of CyberWrite, Cyber Insurance Technologies, and Inbar Raz, Advisor to Cyberwrite.

Inbar is a leader in cyber intelligence research, worked in cyber intelligence for Israeli Defence Forces for over 15 years and lead CheckPoint’s (Nasdaq: CHKP) cyber research division.

Inbar Raz – Advisor to Cyberwrite

The impact of Cyber-attacks on small and medium businesses and enterprises.


Small and Medium Enterprises are the backbone of our economy, yet they are mostly unprepared to face modern cyber threats. Tailor-made Cyber insurance could help this huge market to mitigate some of the inherent risks in doing business in the digital world, but only if certain challenges are resolved.

Looking at the latest cyber-related headlines, one might mistakenly think that cyber-attacks only target enterprises such as Equifax ,Yahoo, and recently Alteryx, a marketing analytics firm, whose breach exposed sensitive information on over 120 million U.S. households. But in reality, smaller businesses are being targeted in increasing numbers, and with growing impact. They are not big or famous enough to make the headlines, but they sure do end up in the statistics.

In recent years 43% of all Cyber attacks targeted small businesses. 51% of small businesses had sensitive information exposed or stolen according to Symantec and 60% of small companies that suffer a cyber-attack are out of business within six months. SMBs are targeted as much as bigger enterprises but are less prepared to deal with this menacing threat. Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as “highly effective”.It is therefore not surprising that SMEs have become the focus of cyber criminals, since these businesses are less prepared for preventing attacks and responding to them. 

During the last year, we’ve witnessed a new global phenomenon: Ransomware,  a malware that encrypts data on infected devices and promises to release it in exchange for ransom – usually in Bitcoin. These attacks have been hurtful for SMEs, with more than one-third of businesses suffering a ransomware attack in the last year, and more than one in five (22%) of these impacted businesses had to cease operations immediately, according to Malwarebytes.


The reasons for SMEs high exposure


SMEs are a preferred target by cyber criminals as they are less secured by nature. Various surveys show that cybersecurity maturity among SMEs is still fairly low compared to that of larger enterprises – although this situation is slowly improving. Even when  SMEs acknowledge cyber risks, they still face serious challenges which set them apart from enterprises and impairs their ability to properly mitigate cyber risks:

  1. Costly Investment: Enterprise-grade cybersecurity solutions involve costly licensing, substantial setup investment and high maintenance costs, that are usually outside the reach of SMEs.
  2. Lack of skilled manpower and Technical Expertise: Sophisticated security systems require skilled and experienced IT experts, who are difficult to recruit and place a heavy burden on payroll expenses.
  3. Minimal protection capabilities offered to SMEs: Security solutions tailored for SMEs (some of the free version of security tools) simply do not offer the same level of protection as High-end solutions.
  4. Lack of guidance and standards: In some areas, clear standard are available (such PCI-DSS compliance), but hardly any industry-wide standards are available, at least not such that SMEs can interpret by themselves.


With ever-growing sophistication of cyber criminals and businesses adopting new technologies, the small and medium companies will continue to be an easy target for the foreseeable future.


How can cyber insurance help SMEs mitigate the risk


According to a recent article, Cyber Insurance is one of the fastest growing coverage for U.S. companies. In fact, according to Fitch Ratings, one of the world’s largest credit rating agencies, the market for cyber insurance grew thirty-five percent. The cost of a potential breach and the need for insurance coverage are some of the factors impacting purchasing decision as illustrated by Hiscox, a large insurance provider:

And yet, adoption of Cyber insurance among SMEs is low, with some estimates of a penetration rate as low as 5 percent or less. Below are some of the reasons for current low adoption rate:


According to a recent survey by Hiscox – trust in cyber insurance policies and underwriters is currently low with almost a third of responders say they are not sure they will be paid in the event of a cyber breach. Some industry statistics do show discrepancies between the direct costs and insurance payouts.  Another factor hampering trust is that insurance policies are perceived as too complicated for the customers. More than one in six (17%) of those who have no plans to take out cyber insurance stated this as the main reason. Many cyber insurance policies include multiple exclusions that reduce the value of the policy and deter potential clients from purchasing these policies, as these reduce the trust that underwriters will actually pay when a breach occurs.


Cyber insurance policies are complex and include many exclusions. They are hard to understand for non-technical readers and even worse – the agents who sell them lack, in most cases, the know-how on how to sell the product to customers. In addition – different types of customers have different coverage needs. Current policies are usually a “one size fits all” and are not tailored to each business, with standard sub-limits offered to all customers. This is a problem since for some customers, for instance, confidentiality is more important than availability due to possible business impact. This is not currently addressed well.

Lack of regulation

Cyber insurance is not mandatory. Many business owners who don’t see the value will rather invest elsewhere until required to by law or regulation. In addition, cyber insurance is a fairly new product in its current version, and is not fully understood by many business owners. Following the same mentality as other non-mandatory insurance policies, many will only purchase it after the first breach or incident they suffer.

Perceived risk vs. Cost of insurance

Perhaps one of the bigger hurdles on the way to mass adoption of such policies is the fact that ordinary people know very little about cybersecurity, and cannot estimate the actual risk (or exposure) they face from cyber activities. When the risk is not fully understood or is not tangible enough (at least not when compared to everyday insurance like car and health), the value of the insurance meant to offset it is harder to quantify, thus making the insurance seem expensive.   


Some of these reasons, such as trust and complexity, can be addressed by a tailor-made underwriting process which will take into consideration the customer’s needs and adapt the coverages, exclusions, and sub-limits to fit the customer. Such policy offering will improve customer satisfaction and will also enable better control of risk levels for the insurer.

CyberWrite has set out to solve the underwriting and digital customer engagement challenges related to SME’s.

Challenges for engaging business owners and managing the underwriting process are a barrier to win the market. CyberWrite – a company dedicated to the creation of cyber insurance technologies is offering a solution for SME underwriting. Here are some of the challenges:

Classic risk assessment process is old-fashioned and non-scalable.

Most client risk assessments are conducted in an old-fashioned manner. On-site evaluations conducted by expert teams are a reasonable approach when assessing large enterprises with big IT departments and multiple assets, but are impractical when aiming at smaller clients. SMEs are interviewed over the phone or answer questionnaires over email, in a process conducted by insurances agents that are not cyber experts. Both methods have their downsides – the need to send a team of experts impacts the cost of the underwriting process, the time it requires and the burden on the client. Sending a questionnaire over email is cheap but results in an inherently inaccurate and qualitative assessment which is hard to benchmark. Both are human-centric and suffer from inherent biases and inaccuracies.

Risk assessment process is too generic and lacks historical data analysis process suited for cyber.

In addition to being conducted manually, the assessment process is generic and does not take into consideration important factors that affect the clients’ exposure.

Research shows that many carriers lack sufficient historic or credible data. This results in a “flat rate” used by many insurers, use a Base Rate with Modifications (client size, turnover, etc.) or use Industry Classification (in an attempt to control for risks to the insured based on the industry in which the client operates).

Risk score presented to the client is a generic cyber-risk score, not a cyber insurance-centric one

The would-be clients are presented with a cyber risk score, but that is not an easily understandable tool for explaining their exposure, nor do they understand how it is tied to the proposed policy. It is a cyber security score and as such uses cyber terminology and data they can’t understand or relate to, and certainly not make an educated decision regarding the required cyber insurance to match the risk score.

The Cyberwrite solution:

Cyberwrite tackles the issues above using a combination of cutting-edge technology and business model. The platform Cyberwrite developed allows underwriters to conduct very quick, accurate assessments, with little to no input required from the client. This frictionless, scalable approach is quite the opposite of sending a team of experts and interviewing the client’s IT manager. In a nutshell, Cyberwrite’s system collects open-source information available on the client, cross-references it with the clients’ geography and business sector and rapidly arrives at the following:

  1. Coverage scores
    An accurate benchmarked cyber insurance score (as opposed to a generic cyber-risk score). This coverage score is presented to the client, showing it the areas where exposure is more likely to occur, and therefore should be offset by adequate insurance coverage per that business-risk. This tailor-made approach provides the insurer with an analytic tool to match the coverage to the risk, using machine learning algorithms to connect cyber-risk parameters to insurance coverages. 
  2. Expected monetary damage
    The system calculates the expected damages for the company in the event of a breach, enabling to set sub-limits according to client size, business area, and perceived risk.
  3. Fine-tuned coverage
    By scoring the coverage and calculating the expected monetary damage – both the client and the underwriter can adjust the policy to best suit their needs.

This data-driven approach provides a granular assessment, which in turn translates into a tailor-made policy and reduces the need for exclusions. Fewer exclusions mean that the client is more confident and will be more likely to purchase the policy.

The Cyberwrite technology allows to conduct numerous concurrent assessments and quickly map clients on a risk scale.

Another benefit of the system is that it creates Standardization across all business types and sectors- inaccurate assessments (due to missing client information, insufficient time to assess, human biases, etc.) are a thing of the past, and both underwriters and clients can feel confident that the policy fits the actual exposure of the client, is properly quantified and will provide the needed coverage in times of need.


Cyber insurance is a growing market with a huge potential. To date, underwriters have not been able to achieve significant traction within the largest segment of the commercial sector- the Small and Medium Enterprises, mainly due to their reliance on outdated evaluation techniques which led them to offer “cookie cutter” policies that are not considered comprehensive or valuable enough for the end clients. By using data-driven approach and utilizing the latest in machine-learning and big data technologies, underwriters can improve their evaluation process, offer tailored policies to a much larger audience and grab a larger share of this huge, underserved market.  

Interview with Nir Perry on on Cyberwrite

  • imgFri, 23 Mar 2018
  • imgNir Perry

This interview with Nir Perry, CEO of Cyberwrite was published on on cyberwrite and cyber insurance

Cyber Insurance is among my InsurTech trends predictions for 2018. The attention Cyber insurance receives has increased in the past year in the wake of media coverage of cyber attacks and Trump administration. Business owners may not have noticed that Cyber attacks and (black hat) hackers have been around for many years and neither have cyber insurance policies. However, until recently, cyber insurance standalone products were tailored mainly for large corporate and were not adapted to the needs of small and medium-size businesses.

According to an article, a research conducted by the National Cyber Security Alliance found that almost 50 percent of small businesses have experienced a cyber attack and that more than 70 percent of attacks target small businesses. As much as 60 percent of hacked small and medium-sized businesses go out of business after six months. The high percentage number is the reason that cyber insurance is critical for companies of all size.

To better understand the opportunity in the Cyber insurance products I would like to share with you an interview with Nir Perry, the CEO and founder of CyberWrite, a company dedicated for the development of cyber insurance technologies.

[G] Let’s start with your background. Can you share your journey to cyber and cyber insurance?[N] I have been working in Cyber risk management since 2001. I started my career in the Israeli Air Force information security unit. I worked for PwC and Accenture in Italy and consulted on risk management and security strategy to clients like Deutsche Bank, UniCredit, Allianz and similar high profile companies. In 2015I started noticing a spike cyber insurance purchasing by enterprises and anticipated the need by SMB’s which do not have the financial resources to deal with cyber threats. Due to the spike in cyber attacks in recent years with victims like Sony and Target, an increasing number of insurers stated offering cyber insurance policies for both enterprises SMB’s (Small-medium Businesses).

I gained a lot of experience and knowledge and decided to translate that into technology for cyber insurance underwriting and to build a tool that will enable customers to select a policy that fits their business’ cyber risk.

I was always eager to be a part of the innovation eco-system. Insurance for me is especially interesting since my father and brother work in the field, so I founded CyberWrite to solve some of the existing gaps in the market.

The Market

[G] Where was the turning point for this market?
[N] I think that the Target breach in 2013 was a turning point for the cyber insurance industry. The hack to Sony and the nearly devastating result motivated the market to demand more coverage and the insurance companies to offer cyber insurance policies with better coverage, and related services such as PR, Incident response, credit monitoring and disaster recovery teams to join the eco-system as well.

[G] What’s the challenge insurance companies are facing which you are solving?
[N] To underwrite an enterprise client that is looking for a $50mm to $500mm coverage, the underwriter needs to send a team to audit and to evaluate the client. It is expensive to send a team to a client’s site, but that expense is worthwhile because of the high premium that reaches hundreds of thousands of USD. On the other hand, SMB policy premium will be anywhere from $100 to $50,000, and it doesn’t make economic sense for the insurance company to send a team of cyber experts since it would kill the profitability of the whole product. There was a need for a scalable platform to serve the SMBs.

The platform can do two things. The first is to profile and provide underwriting recommendations based on a specific client based on data and limited breach historical data. The second is to enable an agent to sell a cyber policy. The agent can provide his customer with an “easy to read” report that estimates monetary damage in case of an attack or a breach. The overall goal is to enable small and medium businesses to purchase the right coverage for them. Without such tool, the insurance company does not feel comfortable providing the policy and the agent lacks the means to service the customer.

This type of insurance product wasn’t common 2-3 years ago. Today, there are new products. Insurers are making a great effort to offer new exciting products to customers to win this great opportunity. Cyberwrite is here to provide technologies to enable them to gain this market.


[G] Tell me a little bit about the leadership of CyberWrite?
[N] Besides me, the company is led by Mr. Rami Parient who brings extensive knowledge and experience as a P&C chief actuary and Chief Risk Officer with over 20 years of experience in the market. We are a great match as I bring cyber risk management experience and Rami brings decades of experience in the insurance industry. Our combined knowledge and expertise are fundamental to the success of the company because CyberWrite delivers a platform that collects relevant data in real time and translates it from cyber data to insurance coverage score dedicated to the policy of our customers. We are proud to have a team of amazing engineers in Israel and Europe, and we have an active advisory board including insurance and cyber security executives from Silicon Valley and Israel.

[G] What is your advantage and uniqueness?
[N] Our platform collects the much-needed data on the fly, analyzes it using machine-learning techniques, and provides a benchmark of the insured to over 50,000 other similar companies and a financial impact assessment in several minutes. One of our unique characteristics is that our platform conducts risk profiling and scoring for each coverage of the insurance policy! Not one score. Both insurers and broker love our concept and product for our scoring capabilities.

Also, we offer a dedicated, tailored algorithm to each insurance company implemented into our system. We developed a unique methodology and workshop to assess a cyber insurance policy of a company, and then we develop the analytics needed to adapt our system to that specific policy. No two insurance companies will get the same report.

Eventually, our capability to provide analytics in minutes enables insurers to sell more while keeping the risk under control.

“If you have customer data, or your business depends on internet services, you should consider buying cyber insurance.”

[G] What do you think about Cyence acquisition by Guidewire for $300mm after just two years of activity in the cyber insurance market?
[N] It is a validation for us that the market needs cyber technologies. It is a great motivator for us because we recognize the acquisition as a very positive signal of the need for the technology that we provide.

[G] How complicated is your product to use?
[N] Using the platform is straightforward and the best part is — you do not need to be a cyber expert to use it. The insurance agent enters the company’s name, website, and a couple of other inputs and within several minutes, the platform presents the report.

Our report has three parts. The first section of the report displays the insurer’s policy coverages, and it breaks them down to the coverage level, and a calculated cyber risk score. We add a graph to visualize the comparison between the customer and the average. It is easy to identify for which coverage the customer is riskier than the market and vice-versa.

The second section provides a more detailed risk domains analysis. For example, social exposure and security patching or regulatory risks level. In essence, our product is a benchmark platform. The third section is financial impact estimator. In this section, the agent can help the customer to digest the risk report and apply the coverage that she is looking for based on her business goals. Furthermore, the agent can present market insights and recommend coverage to meet the customer’s business risk and objectives.

All of the data we collect is public data. We do not have access to internal networks. However, because of the nature of security level in SMB’s which lacks the budget to implement an effective cybersecurity defense, this data is sufficient for us to assume the risk levels of the reviewed customers.

[G] Who is your target audience? Who is going to use CyberWrite?
[N] It varies. Our potential clients are with carriers, MGA’s, agents and even re-insurance companies.

Cyber Insurance

[G] Can you talk about your current customers?
[N] We made a soft launch two months ago (December 2017), and we are working with several large carriers. We founded the company in January 2017 and are very satisfied to see this adoption of our solutions

[G] How businesses purchase cyber insurance?
[N] There are different types of Cyber insurance customers. The enterprises would use one channel which the SMB’s would probably use another. The small business owners usually approach an insurance agent who sold them their business owner insurance for example. The problem is knowledge and data. Most agents want to provide excellent service to their clients but don’t know cyber risk and cybersecurity. We recognized this issue and made sure that our report is readable and understandable by everyone, agent and customer alike. Both can use the report as a base for discussion. As I mentioned earlier, our technological advantage is that we can “translate” cyber data into insurance coverages and map it to a policy.

[G] What does it mean?
[N] We developed algorithms that analyze which cyber data impacts which coverages and in what way based on machine learning and actuarial science. We collect cyber data and translate it into insurance policy meaningful insights that the agent, their customers, and the underwriters can use. It is a capability that currently doesn’t exist in the market. It is important to understand however that we benchmark the risk. We don’t know who will get breached; no one can provide that.

[G] There is very little information or historical actuarial tables for cyber insurance. What type of other cyber insurance products did the insurance companies use?
[N] So far, the focus in the Insurtech innovation was on large companies. Several firms provide a cyber score report such as Security Scorecard, BitSight, and Guidewire. These firms generate a very detailed report on a large company with detailed cyber data. We created something agile, on-demand which does not require you to be an expert to use. We did this based on interviews with potential clients and mapping their needs.

Regarding the historical data, the more we collect data, the more we can bridge this gap.

[G] At what stage, do you think, a business should buy cyber insurance?
[N] I believe that every business that stores his customers’ data, or any company that relies on the internet to sell or makes transactions,  needs to hedge the risk and buy a cyber risk coverage. Even a coffee shop that has a website needs one. It can be for coverage of $100,000 that will cost them $500 a year and if it is a chain of coffee shops that need coverage of $3mm what will cost about $3,000 a year. The bottom line is that every company that has customer data and do business on the internet should buy cyber insurance.

It is the only solution that would pay back damages – your anti-virus and firewall are important, but will not pay you back in case of a breach.

[G] National Institute of Standards and Technology (NIST) and the Federal Financial Institutions Examination Council (FFIEC) released guidelines and tools Cybersecurity Assessment Tool (CAT) do companies use them?
[N] Enterprise most certainly do, and they use compliance and consulting services from big4 and other consulting companies to implement such frameworks into their operations. For small businesses, well… if they use anti-virus and a firewall and have a backup that’s great. But nothing near the NIST framework to the best of my knowledge. They can use the guidelines in the limitations of their budget and actual needs.

[G] What do you think about the risks that mobile devices and IoT introduce?
[N] Mobile is not a new issue. There are many cybersecurity solutions available to deal with mobile related threats for about ten years now. Companies such as Good and other Mobile Device Management (MDM) and Mobile Application Management (MAM) tools cover most of the risks and enable, for example, BYOD programs for enterprises. I rarely see this with SMB’s.
IoT is a different story. It is still an iceberg. I don’t think that we know the depth of the risk that the “IoT” is going to present. Think about a smart house that contains a smart refrigerator, a smart A/C, and a smart dog.

Our dependency as humans on these devices increases year by year. The ability of attackers, whether those who want to gain economic value or state-sponsored attackers with a goal is to cause harm to another country, to use IoT as an attack vector, increases with direct correlation to our dependency. There is still many places for improvement regarding standards business owners should be concerned about how this might impact their businesses.

I assume we will see in the next couple of years additional security solutions to deal with IoT and Personal Cyber Insurance policies to cover the risk to the household and smart-home.

[G] Thank you very much for your time, Nir.
[N] Thank you.