Cyber Threats & SMBs | Chubb & SentinelOne Expedite Access to Cyber Insurance

In late 2024, Chubb, the largest US commercial cyber insurance provider, entered a partnership with SentinelOne to offer small and medium businesses (SMBs) – organizations with less than $100M in annual revenue – a streamlined means of securing affordable cyber insurance, loss mitigation, and incident response services.

As part of the partnership, SentinelOne customers can quickly obtain qualifications and quotes for cyber insurance through Chubb’s customized platform, which assesses their security posture using an instantly generated Insurance Posture Report from the SentinelOne Singularity platform.

This blog provides some background on the cyber threats and related risks facing today’s SMBs and the types of coverage these companies are looking to add to mitigate financial risk.

Barnaby Page at S1 (BP @S1): What challenges does Chubb see for SMB clients and cybersecurity?

Craig Giuliano at Chubb (CG @Chubb): Smaller businesses are highly vulnerable to cyber incidents. In fact, according to Chubb’s Cyber Index, 58% of cyber claims reported to Chubb in 2023 came from clients with less than $150 million in revenue. Further, 29% were from companies with under $25 million in revenue. For those businesses with $25 million or less in revenue, 74% of cyber incidents were caused by an external threat.

BP @S1: What are the business impacts of cyber attacks on SMB clients?

CG @Chubb: These claims are not only frequent, they can also be severe. According to NetDiligence’s 2024 claims report, first party incident response costs following a cyber event for a small or midsize enterprise are, on average, $325,000, before any business interruption loss or third-party liability costs kick in. Many of the small business claims studied resulted in losses exceeding $1 million. These incidents also disrupt operations and cause reputational damage resulting in customer retention issues and difficulty winning new contracts. Cyberattacks can be catastrophic for SMBs without the right safeguards in place.

BP @S1: Can you provide a general explanation of how insurers assess risk for cyber insurance?

CG @Chubb: There are a number of risk characteristics contemplated when assessing an insured’s cyber exposure including but not limited to revenue size, class of business, record count, claims history and security control posture. From a portfolio management perspective, it’s important to have a diverse mix of industry classes and customer sizes.

We then look at the technical controls present in the organization to determine if they practice strong cyber hygiene: security controls like MFA, phishing training, offline back-ups, patch management, secure remote access for RDP, incident response plans, and use of EDR tools. SentinelOne clients have the option of sharing their “inside-out” telemetry with Chubb and this can speed our analysis of tech controls and risk.

BP @S1: What programs does Chubb have for SMBs?

CG @Chubb: We have a holistic, three-pronged approach to help small businesses manage cyber risk. We pair tailored cyber insurance with pre- and post-breach services, including our complimentary Vulnerability Outreach program. This program provides proactive notification and response services to cyber policyholders if a known, exploited vulnerability is discovered in a customer’s environment.

BP @S1: How will clients know which coverages are most applicable to them:

CG @ Chubb: In today’s evolving threat landscape, it’s more important than ever for SMBs to protect themselves against rising costs following a cyberattack. For example, the SentinelOne threat intelligence teams are increasingly seeing data exfiltration following malware and ransomware attacks. First-party costs like digital forensics and incident response expenses and/or business interruption costs can add up quickly. Also, third-party liability expenses that may arise due to the compromise of sensitive data can be costly. Our core cyber insurance products are customizable to address the specific needs of SMBs, tailored to their industry, organizational size, and unique exposures.

BP @S1: Can you expand on the standard offering? How does Chubb ensure that SMB client critical exposures are managed and their balance sheets secured?

CG @Chubb: Chubb’s robust coverage offering includes first-party and third-party coverages so policyholders can rest assured following an incident. Those coverages include:

First-Party Coverage

  • Cyber Incident Response Expenses – Covers legal, forensics, notification, credit monitoring, and public relations fees.
  • Business Interruption – Covers loss of net profits and continuing operating expenses necessitated due to interruptions of the insured’s systems. Contingent Business Interruption adds downstream losses due to interruption of outsourced technology providers’ systems.
  • Digital Data Recovery – Covers costs to restore or replace lost or damaged data or software.
  • Network Extortion – Reimburses extortion payments and reasonable and necessary expenses following a cyber extortion threat.

Third-Party Liability Coverage

  • Cyber, Privacy and Network Security Liability – Liability for failure to protect private or confidential information of others or failure of network security.
  • Payment Card Loss – Contractual liabilities owed to payment card industry firms due to a cyber incident.
  • Regulatory Proceedings – Covers defense for regulatory actions and fines and penalties, where insurable by law.
  • Media Liability – Liability arising from printed and online defamation or copyright and trademark infringement costs.

BP @S1: Do Chubb cyber policies distinguish between theft of data and theft of money. If so, how?

CG @Chubb: Yes, SMB clients that are worried about a business email compromise scam or similar can elect to purchase Cyber Crime coverage via endorsement. Coverage includes:

  • Computer Fraud – Responds when a third party accesses the insured’s computers to steal money.
  • Funds Transfer Fraud – Responds when a bank, acting on fraudulent instructions by a third party, transfers funds from an insured’s account.
  • Social Engineering Fraud – Responds when a third party tricks an employee into transferring company assets.

BP @S1: How does Chubb’s partnership with SentinelOne help SMBs secure favorable coverage?

CG @Chubb: We utilize the SentinelOne Insurance Posture Report as an assessment of our policyholders’ cybersecurity posture. Chubb is able to provide SentinelOne customers with favorable terms, as the technology reflects a strong commitment to managing cyber risk and maintaining a strong cyber hygiene.

Chubb’s partnership makes it easy to fortify your cyber risk management plan and secure competitively priced cyber insurance.

BP @S1: How do you recommend SMBs using SentinelOne get started on securing cyber insurance coverage?

CG @Chubb: All companies should review the guidance above for proper technical controls in place (back-ups, MFA, etc.). They can then visit the Chubb site for companies <$100 Mil in revenue for an expedited quoting experience. Request your quote here.

Disclaimers

SentinelOne, Inc. is not an insurance provider, broker, or agent and does not offer, sell, or underwrite insurance policies. The information in this article is for informational purposes only and should not be construed as professional advice, an offer of insurance, or an endorsement of any specific insurance product or provider. Decisions regarding insurance coverage, terms, and conditions are solely determined by Chubb or its affiliated underwriting companies and are subject to Chubb’s independent evaluation, underwriting criteria, and applicable laws. SentinelOne is not responsible for any decisions, actions, or claims related to Chubb’s insurance offerings.

Chubb is the marketing name used to refer to subsidiaries of Chubb Limited providing insurance and related services. For a list of these subsidiaries, please visit our website at www.chubb.com. Insurance provided by ACE American Insurance Company and its U.S.- based Chubb underwriting company affiliates. All products may not be available in all states. This communication contains product summaries only. Coverage is subject to the language of the policies as actually issued. The information contained in this document is intended for general informational purposes only and is not intended to provide legal or other expert advice. You should consult knowledgeable legal counsel or other knowledgeable experts as to any legal or technical questions you may have. Neither Chubb nor its employees or agents shall be liable for the use of any information or statements made or contained in any information provided herein. SentinelOne is a third-party vendor not affiliated with Chubb. The fact that offers and potential discounts may be made available by the third-party vendor is not an indication that insurance coverage is available under any Chubb policy for any particular incident. Discounts on products and services offered by this vendor are available only to Chubb policyholders with current in-force policies and are subject to applicable insurance laws. For products and services provided, the policyholder and third-party vendor would enter into a vendor relationship directly. Chubb will not be involved in the policyholder’s decision to purchase services and has no responsibility for services that may be provided. Surplus lines insurance sold only through licensed surplus lines producers. Chubb, 202 Hall’s Mill Road, Whitehouse Station, NJ 08889-1600.