AWS’ New Cyber Insurance ‘Industry-Shaping’ Program: 5 Big Things To Know

‘Customers who choose to leverage hardened infrastructure on AWS, coupled with a partner who can guide and implement the right security posture with AWS-backed cyber insurance as the backstop, is an untouchable offering in the market,’ says Justin Copie, CEO of AWS partner Innovative Solutions.

Amazon Web Services is diving headfirst into the cyber insurance industry by launching a new program that guarantees customers a security insurance quote within two days, tied with massive revenue opportunities for the channel.

“I call this an industry-shaping moment,” AWS’ Ryan Orsi, worldwide head of cloud foundations for the AWS Partner Network, told CRN. “At this company, we do have a history of looking into market segments and technologies that are in need of reinvention. I would say the cyber insurance industry is in need of reinvention for the era of cloud.”

At AWS re:Inforce Tuesday, the $85 billion global cloud market-share leader unveiled its new AWS Cyber Insurance Program. The program is aimed at helping AWS customers improve their security posture and get insured as quickly as possible—streamlining the sometimes-painstaking process of getting a customer the cybersecurity insurance it wants or needs.

[Related: The 10 Coolest New AWS Tools Of 2023]

Cyber Insurance Premiums High, Coverage Limits Low

AWS’ Orsi said current cyber insurance policies include “a ton” of paperwork and back-and-forth communications that can last months, while at the same time there’s a general lack of understanding of how things operate in the cloud between the two companies. “So unfortunately, it’s resulted in insurance premiums being higher than expected and insurance coverage limits being lower than expected,” he said. “The biggest [group] of companies that are affected by this manual process are the small to medium enterprises around the world. There’s millions and millions of them.”

The new AWS Cyber Insurance Program streamlines the entire procedure, thanks in part to the AWS Security Hub, with partners reaping the benefits.

Justin Copie, CEO of Innovative Solutions, an AWS partner, said many small to midsize businesses are struggling to obtain, and even keep, their cyber insurance in 2023.

“It’s been increasingly difficult due to the overall increase in threats,” said Copie. “AWS launching this program aimed at making it easier for customers to get better, faster cyber insurance will be met with significant praise and excitement. … Customers who choose to leverage hardened infrastructure on AWS, coupled with a partner who can guide and implement the right security posture with AWS-validated cyber insurance as the backstop, is an untouchable offering in the market.”

Here are the five most important things partners, insurers and Amazon customers need to know about AWS’ new Cyber Insurance Program in terms of which insurance providers will be included, official designations and the channel opportunities ahead.

Cyber Insurance Quote ‘Guaranteed In Two Days Or Less,’ AWS Security Hub

Instead of businesses working for weeks or months trying to obtain cyber insurance, AWS guarantees a quote within two days.

“We’ve taken a pretty big leap forward. For AWS environments, the process for a customer to receive a quote is guaranteed in two days or less. Instead of that manual back and forth between customer and insurance company, it’s a one-time upload from AWS,” said Orsi.

“From the AWS Security Hub, the customer takes a certain security posture report from Security Hub and delivers it to the insurance companies that have been trained by our security experts on how to evaluate a risk based off of those security indicators,” he said. “So there’s a very simple approach for the insurance companies to underwrite the risk, understand what’s running in AWS, how everything’s configured, and they’re also trained to provide different recommendations for the customer to increase their security posture in their AWS account.”

For these recommendations, AWS will typically seek out channel partners to fulfill the customer’s security needs.

Program Will Include Large And Small Insurers: ‘Dozens Being Added’

To obtain the AWS Cyber Insurance Program designation, a company must be an insurance company—a broker or an actual provider.

“So that designation will be reserved for, just to name a few potential names: Marsh [Marsh McLennan], Cowbell [Cyber Insurance] or Cover Genius. So the actual insurance companies will be will be badged AWS Cyber Insurance Providers,” said Orsi.

“You’ll see logos from about five or six very large companies that operate globally in the coming weeks,” he said. “Then you’ll see the following months, dozens being added.”

AWS isn’t just catering to large enterprises and giant cyber insurance companies.

“The program is open to not just individual insurers, but also to the brokers and the dealers that are aggregating many smaller companies together. So all the smaller companies will also be eligible to be a part of the program,” said Orsi. “Because we would love to see a diverse ecosystem—those that specialize in different levels of risks, different business categories out there. It is truly going to be quite a diverse ecosystem here of insurance providers.”

Channel partners do not need to achieve a designation and can leverage the list of AWS-designated Cyber Insurance Providers. (More information on next slide.)

Partners Don’t Need Certifications, Badges To Join

Although insurance companies need to be certified and badged to be part of the program, channel partners don’t need to jump through any hoops.

“Partners don’t have to go get badged. They don’t have to go get validated. They just need to come forth with a compelling service like an assessment or advisement service that is compelling for the insurance companies and for us to start recommending,” said Orsi. “So it’s a much lower lift on the channel to get involved.”

All channel partners need to have security offerings—from professional and managed services to third-party software offerings—that AWS can recommend.

“It’s what partners do great today: They are great at assessment, advisement, providing a scope of work to the customer to improve whatever they found was potentially not at the quality bar. That’s what they need to do,” he said.

AWS To Help Facilitate Partner-Insurance Company Relationship

One of the most important aspects of the new program is that AWS will help facilitate new relationships and integrations between channel partners and cyber insurance companies that join the program.

“Partners can speak with our business development folks and our partner folks within AWS and get themselves integrated with those [insurance] companies,” said Orsi.

When a cyber insurance company offers recommendations to customers about how to improve their security posture, channel partners can snap up those sales opportunities.

“I think partners are going to find the value proposition and the message is going to be really strong on the channel because they’re the ones with the expertise to actually increase that security posture. It’s not the insurance companies’ job to go do that, it’s just their job to go recommend and advise,” he said.

AWS Leaning Into The Channel’s ‘Superpower’

AWS spent two and a half years investigating the current status of the cyber insurance industry, the ecosystem of partners in the industry such as systems integrators, resellers and MSPs, how they interact with each other, and how they’re interacting with AWS.

“We uncovered that the process is kind of archaic,” said Orsi. “The biggest [group] of companies that are affected by this manual process are the small to medium enterprises around the world. There’s millions and millions of them. A lot of them are being now mandated under different government regulations to obtain cyber insurance. The process is not easy. They’re often not able to get the coverage limit required for their business from a single provider. So they’re aggregating from multiple providers, if they can at all.”

By launching the new program, AWS will streamline this process and funnel security services and customer opportunities via the channel.

“This is a big entry point for the channel. Recommendations can include maybe a third-party software to consider, or a systems integrator or reseller to go speak with for advice on how to deploy a better endpoint solution with monitoring and response inside their accounts,” said Orsi. “Or how to deploy database security if the customer, for example, is running a heavy public website with a database back end. So there’s a whole ecosystem related to this that the channel is really going to enjoy now that AWS is bringing this more modern cloud process into the mix, and bringing forth recommendations with these various companies that they can all participate in.”

Orsi said many AWS partners have their own unique angle and differentiators out there” in a certain vertical or industry.

“That’s their superpower—to be one of the premier advisers for an AWS cyber insurance company related to maybe health care or retail or financial services,” he said. “They should develop those relationships and get themselves integrated into this ecosystem between AWS, the insurers and our mutual customers.”