In a time when cyber risk has become one of the major threats to organizations, E-Comply — a joint venture formed by ESCS and Comply Solution — is introducing to the Brazilian market a solution that promises to transform how cyber insurance is assessed and priced.
The new system developed by the company uses artificial intelligence, Machine Learning algorithms, and a methodology of continuous and automated assessment, aligned with the main international security frameworks. The result is a more fair, technical premium calculation based on updated evidence — a significant advancement in an industry where subjectivity is still common in risk analysis.
According to Allan Kovalscki, CEO of E-Comply, the main differential of the solution lies in the objectivity of the process. “Our system continuously evaluates the cybersecurity maturity level of the insured organization based on the risk domains defined by the insurer. This reduces the risk of claims, improves technical response, and increases precision in premium definition.”
Through algorithms based on machine learning that interpret data collected about policies, technologies, vulnerabilities, and processes, AI can analyze a wide range of data, assisting in the dynamic calculation of insurance premiums.
“The system cross-references technical data with market benchmarks, similar historical behaviors, and applies statistical models such as decision trees, logistic regressions, and neural networks. All of this to generate updated and reliable risk scores.”
Built on information security frameworks like NIST CSF v2 (2024), CIS Controls, ISO/IEC 27001/27002, ISO 27701, and LGPD/GDPR requirements. “Each domain we assess is directly mapped to these standards, ensuring not only technical excellence but also regulatory compliance for the insured and the insurer,” highlights Kovalscki.
Furthermore, the tool classifies maturity levels according to the CMMI framework, which is a model for measuring and improving the maturity of an organization’s processes, focusing on delivering products and services predictably, efficiently, and with controlled quality, offering a clear view of customer evolution over time.
With a modular architecture and open API, the system can be easily integrated into insurance platforms, governance risk management systems (GRC), ITSM, and policy repositories. This makes the tool a strategic component not only in underwriting but also in monitoring security posture during contract validity. “By monitoring control maintenance, we deliver a continuous governance tool, with a direct impact on risk and cost reduction for the insurance market.”
Another point emphasized by the executive is the tool’s potential in expanding the national cyber insurance market, still largely unexplored. E-Comply’s solution eliminates technical barriers for insurers and allows the creation of customized products by sector, maturity level, or company size — including small and medium enterprises.
“This opens up space for the development of innovative products, such as modular policies, sector-specific or maturity level-specific ones, as well as facilitates compliance with minimum regulatory requirements (such as those required by ANS, Susep, and Bacen) and future technical standards on cyber insurance,” states.
The platform also constantly updates, incorporating bases such as CVE/CVSS and sources of Cyber Threat Intelligence (CTI). Thus, the threat score and generated reports reflect the digital environment scenario, which increases the reliability of the data used in underwriting and pricing.
