At a time when cyber risk has become one of the greatest threats to organizations, E-Comply — a joint venture formed by ESCS and Comply Solution — introduces to the Brazilian market a solution that promises to transform how cyber insurance is assessed and priced.
The new system developed by the company uses artificial intelligence, Machine Learning algorithms, and a continuous and automated assessment methodology aligned with major international security frameworks. The result is a fairer, more technical, and evidence-based premium calculation — a significant advancement in a sector where subjectivity is still common in risk analysis.
According to Allan Kovalscki, CEO of E-Comply, the solution’s key differentiator lies in the objectivity of the process. “Our system continuously assesses the insured organization’s cybersecurity maturity level based on the risk domains defined by the insurer. This reduces the risk of claims, improves technical response, and increases accuracy in premium determination.”
Through machine learning-based algorithms, it interprets data collected on policies, technologies, vulnerabilities, and processes, as AI can analyze a wide variety of data, assisting in dynamic insurance premium calculation.
“The system cross-references technical data with market benchmarks, similar historical behaviors, and applies statistical models such as decision trees, logistic regressions, and neural networks. All this to generate updated and reliable risk scores.”
Built based on information security models such as NIST CSF v2 (2024), CIS Controls, ISO/IEC 27001/27002, ISO 27701, and LGPD/GDPR requirements. “Each domain we assess is directly mapped to these standards, ensuring not only technical excellence but also regulatory compliance for both the insured and the insurer“, highlights Kovalscki.
Additionally, the tool classifies maturity levels according to the CMMI framework, which is a model for measuring and improving an organization’s process maturity, focusing on delivering products and services predictably, efficiently, and with controlled quality, offering a clear view of the client’s evolution over time.
With a modular architecture and open API, the system can be easily integrated with insurers’ platforms, risk management systems (GRC), ITSM, and policy repositories. This makes the tool a strategic component not only in underwriting but also in monitoring security posture during the contract term. “By tracking control maintenance, we deliver a continuous governance tool with a direct impact on risk and cost reduction for the insurance market.”
Another point highlighted by the executive is the tool’s potential regarding the expansion of the national cyber insurance market, which is still largely untapped. E-Comply’s solution eliminates technical barriers for insurers and enables the creation of customized products by sector, maturity level, or company size — including small and medium-sized ones.
“This opens space for the development of innovative products, such as modular policies tailored by sector or maturity level, in addition to facilitating compliance with minimum regulatory requirements (such as those required by ANS, Susep, and Bacen) and future technical standards on cyber insurance“, he states.
The platform also updates constantly, incorporating databases like CVE/CVSS and Cyber Threat Intelligence (CTI) sources. Thus, the threat score and generated reports reflect the digital environment’s scenario, increasing the reliability of data used in underwriting and pricing.
“We’ve created a pioneering tool worldwide that automates premium calculation, delivers real technical value, and democratizes access to cyber insurance in Brazil“, concludes Kovalscki.
