At a time when cyber risk has become one of the greatest threats to organizations, E-Comply — a joint venture formed by ESCS and Comply Solution — introduces to the Brazilian market a solution that promises to transform how cyber insurance is assessed and priced.
The new system developed by the company uses artificial intelligence, Machine Learning algorithms, and a continuous and automated assessment methodology aligned with leading international security frameworks. The result is a fairer, more technical, and evidence-based premium calculation — a significant advancement in a sector where subjectivity is still common in risk analysis.
According to Allan Kovalscki, CEO of E-Comply, the solution’s key differentiator lies in the objectivity of the process. “Our system continuously evaluates the cybersecurity maturity level of the insured organization, based on risk domains defined by the insurer. This reduces the risk of claims, improves technical response, and increases accuracy in premium determination.”
Using machine learning-based algorithms, it interprets data collected on policies, technologies, vulnerabilities, and processes, as the AI can analyze a wide range of data, aiding in the dynamic calculation of insurance premiums.
“The system cross-references technical data with market benchmarks, similar historical behaviors, and applies statistical models such as decision trees, logistic regressions, and neural networks. All this to generate updated and reliable risk scores.”
Built based on information security models, such as NIST CSF v2 (2024), CIS Controls, ISO/IEC 27001/27002, ISO 27701, and LGPD/GDPR requirements. “Every domain we assess is directly mapped to these standards, ensuring not only technical excellence but also regulatory compliance for both the insured and the insurer,” highlights Kovalscki.
Additionally, the tool classifies maturity into levels, in accordance with the CMMI framework — a model for measuring and improving an organization’s process maturity, focusing on delivering products and services predictably, efficiently, and with controlled quality — providing a clear view of the client’s evolution over time.
With a modular architecture and open API, the system can be easily integrated into insurers’ platforms, risk management systems (GRC), ITSM, and policy repositories. This makes the tool a strategic component not only in underwriting but also in monitoring security posture during the contract term. “By tracking the maintenance of controls, we deliver a continuous governance tool with a direct impact on risk and cost reduction for the insurance market.”
Another point emphasized by the executive is the tool’s potential in expanding the national cyber insurance market, which is still underdeveloped. E-Comply’s solution eliminates technical barriers for insurers and enables the creation of customized products by sector, maturity level, or company size — including small and medium enterprises.
“This paves the way for the development of innovative products, such as modular policies tailored by sector or maturity level, while also facilitating compliance with minimum regulatory requirements (such as those demanded by ANS, Susep, and Bacen) and future technical standards on cyber insurance,” he states.
The platform also updates constantly, incorporating sources like CVE/CVSS and Cyber Threat Intelligence (CTI) feeds. Thus, the threat scores and generated reports reflect the current digital environment, increasing the reliability of the data used in underwriting and pricing.
