E-Comply revolutionizes Cyber Insurance with AI and fair pricing

At a time when cyber risk has become one of the biggest threats to organizations, E-Comply — a joint venture formed by ESCS and Comply Solution — presents the Brazilian market with a solution that promises to transform how cyber insurance is assessed and priced.

The new system developed by the company uses artificial intelligence, Machine Learning algorithms, and a continuous and automated assessment methodology, aligned with the main international security frameworks. The result is a fairer, more technical, and evidence-based premium calculation — an important advancement in a sector where subjectivity is still common in risk analysis.

According to Allan Kovalscki, CEO of E-Comply, the main advantage of the solution lies in the objectivity of the process. “Our system continuously assesses the cybersecurity maturity level of the insured organization, based on the risk domains defined by the insurer. This reduces the risk of claims, improves technical response, and increases accuracy in premium setting.As part of the project, an

Through algorithms based on machine learning, it interprets data collected on policies, technologies, vulnerabilities, and processes, since AI can analyze a wide variety of data, assisting in the dynamic calculation of the insurance premium. 

"The system cross-references technical data with market benchmarks, similar historical behaviors, and applies statistical models such as decision trees, logistic regressions, and neural networks. All of this to generate updated and reliable risk scores.As part of the project, an

Built based on information security frameworks, such as NIST CSF v2 (2024), CIS Controls, ISO/IEC 27001/27002, ISO 27701, and LGPD/GDPR requirements.Each domain we evaluate is directly mapped to these standards, which guarantees not only technical excellence but also regulatory compliance for the policyholder and the insurer.", highlights Kovalscki.

Furthermore, the tool classifies maturity into levels according to the CMMI framework, which is a model for measuring and improving the maturity of an organization's processes, with a focus on delivering products and services in a predictable, efficient, and quality-controlled manner, offering a clear view of the client's evolution over time.

With modular architecture and an open API, the system can be easily integrated with insurance platforms, risk management systems (GRC), ITSM, and policy repositories. This makes the tool a strategic component not only in the underwriting but also in the monitoring of the security posture during the contract term.By monitoring the maintenance of controls, we deliver a continuous governance instrument, with a direct impact on the reduction of risks and costs for the insurance market.As part of the project, an

Another point highlighted by the executive is the potential of the tool in terms of expanding the national cyber insurance market, which is still underexplored. The E-Comply solution eliminates technical barriers for insurers and allows for the creation of customized products by sector, maturity level, or company size — including small and medium-sized businesses.

"This opens up space for the development of innovative products, such as modular policies, specific by sector or by maturity level, in addition to facilitating compliance with regulatory minimum requirements (such as those required by ANS, Susep, and Bacen) and future technical standards on cyber insurance.”, he says.

The platform also updates constantly, incorporating databases such as CVE/CVSS and sources of Cyber Threat Intelligence (CTI). Thus, the threat score and the generated reports reflect the scenario of the digital environment, which increases the reliability of the data used in underwriting and pricing.