At a time when cyber risk has become one of the greatest threats to organizations, E-Comply — a joint venture formed by ESCS and Comply Solution — introduces to the Brazilian market a solution that promises to transform how cyber insurance is assessed and priced.
The new system developed by the company uses artificial intelligence, Machine Learning algorithms, and a continuous, automated assessment methodology aligned with major international security frameworks. The result is a fairer, more technical, and evidence-based premium calculation — an important advancement in a sector where subjectivity is still common in risk analysis.
According to Allan Kovalscki, CEO of E-Comply, the key differentiator of the solution lies in the objectivity of the process. “Our system continuously assesses the insured organization’s cybersecurity maturity level based on the risk domains defined by the insurer. This reduces the risk of claims, improves technical response, and increases accuracy in premium determination.”
Using machine learning-based algorithms, it interprets data collected on policies, technologies, vulnerabilities, and processes, as AI can analyze a wide range of data, aiding in the dynamic calculation of insurance premiums.
“The system cross-references technical data with market benchmarks, similar historical behaviors, and applies statistical models such as decision trees, logistic regressions, and neural networks—all to generate updated and reliable risk scores..”
Built upon information security frameworks such as NIST CSF v2 (2024), CIS Controls, ISO/IEC 27001/27002, ISO 27701, and LGPD/GDPR requirements. “Every domain we assess is directly mapped to these standards, ensuring not only technical excellence but also regulatory compliance for both the insured and the insurer,” highlights Kovalscki.
Additionally, the tool classifies maturity levels using the CMMI framework, a model for measuring and improving an organization’s process maturity—focused on delivering products and services predictably, efficiently, and with controlled quality—providing a clear view of the client’s evolution over time.
With a modular architecture and open API, the system can be easily integrated with insurers’ platforms, risk management (GRC) systems, ITSM, and policy repositories. This makes the tool a strategic component not only in underwriting but also in monitoring security posture during the policy term. “By tracking control maintenance, we provide a continuous governance tool with a direct impact on reducing risks and costs for the insurance market.”
Another point highlighted by the executive is the tool’s potential in expanding the still-underexplored national cyber insurance market. E-Comply’s solution removes technical barriers for insurers and enables the creation of customized products by sector, maturity level, or company size—including SMEs.
“This paves the way for innovative products, such as modular policies tailored by sector or maturity level, while also facilitating compliance with minimum regulatory requirements (such as those mandated by ANS, Susep, and Bacen) and future technical standards on cyber insurance,” he states.
The platform also constantly updates itself, incorporating databases such as CVE/CVSS and Cyber Threat Intelligence (CTI) sources. Thus, the threat scores and generated reports reflect the digital landscape, increasing the reliability of data used in underwriting and pricing.
“We’ve created a pioneering global tool that automates premium calculations, delivers real technical value, and democratizes access to cyber insurance in Brazil“, concludes Kovalscki.
