As a cyber insurance company, it’s Corvus’s job to care deeply about the cybersecurity of its policyholders. Its security team places a strong emphasis on the company’s own security fundamentals as well.
The Corvus security team knows that advancements in security engineering are significant contributors to the company’s success. Jason Rebholz, Chief Information Security Officer (CISO) for Corvus, also understood that as the company grows, it needs robust detection and response capabilities. He explains, “We’re a small but mighty team. We must balance our time in securing our environment with effective monitoring it to protect against the latest security threats. We knew right off the bat that we wanted to rely on outside experts to handle detection and response. Looking outside our organization for trusted vendor partners to augment our security needs provides us with more resources and capabilities to properly monitor our environment and identify potential issues.”
Policyholders rely on Corvus to help them understand complex risks, and to provide ongoing cyber-threat monitoring and risk alerts. In the event of a claim, Corvus offers customers incident response support throughout the claim lifecycle, assisting with the engagement of vetted and trusted partners, such as breach counsel and forensics firms, to ensure success.
Of course, to do all of this and properly serve its customers, Corvus must be able to effectively manage risk and mitigate its own security vulnerabilities.
When Rebholz joined Corvus in 2021, he took a hard look at the cybersecurity posture of the organization to determine potential gaps, weak spots, and vulnerabilities. It wasn’t long before he realized that the managed security services provider (MSSP) Corvus had in place wasn’t the right fit.
“Trust is the single most important thing we look for when we’re outsourcing a capability,” says Rebholz. “We wanted a vendor partner that would guard our house the same way they’d guard their own.”