Nathan Smolenski

Corvus vCISO: Your Clients’ New (Virtual) Cybersecurity Pro


[DIAGRAM] Corvus vCISO: Your Clients’ New (Virtual) Cybersecurity Pro

Today we’re announcing an exciting new phase in our risk mitigation efforts at Corvus: the vCISO experience for policyholders. 

Corvus was founded on the idea of building a safer world. While we’ve pursued a number of initiatives to further our mission over time, the heart of our efforts remains the education and personalized data we provide brokers and policyholders to reduce cyber risk.  

From the very first Smart Cyber Insurance policy, we’ve offered IT security reports that provide scores, benchmarking and recommendations. Over time we’ve refined and added to these reports based on the findings of our data science team — additions that include pre-filled risk calculators, a ransomware risk score and more. 

Today we’re announcing an exciting new phase in our risk mitigation efforts at Corvus: the vCISO experience for policyholders. 

What is vCISO?

vCISO is a dynamic view of cybersecurity recommendations that have been consolidated from multiple sources. Every policyholder now has a vCISO tab in their Policyholder Dashboard. There, they’ll see recommendations sourced from:  

  • The Dynamic Loss Prevention Report

    • the output of our proprietary IT security scan that locates vulnerabilities by looking at an organization’s IT system from the outside-in (refreshed quarterly, at minimum)

  • Cybersecurity Alerts

    • dynamically updated alerts regarding recent, severe cybersecurity issues

  • The vCISO Assessment

    • a review of security policies and programs at the policyholder’s organization (recently launched along with the vCISO experience)

[DIAGRAM] vCISO Policyholder Dashboard


Each recommendation contains specifics about what Corvus found, what steps policyholders should take next, and links to further resources developed by our Risk & Response team. It will also mention if there are any Risk & Response services (complimentary or reduced cost benefits for policyholders) that will help with the particular issue at hand.  

Upon viewing the vCISO tab, some recommendations may show as “locked” if the policyholder has not yet filled out the vCISO Assessment. This series of questions takes only a few minutes; anything that’s unknown may be left blank and returned to later. The vCISO tab will automatically update with the results from the assessment once it’s complete.

[DIAGRAM] vCISO Policyholder Dashboard - Recommendations

As a policyholder’s IT team or provider works through the vCISO’s list of recommendations, they may mark each complete to remove it from the priority list. The actions found in vCISO potentially improve the policyholder’s Corvus Score, placing them in a better position upon renewal of the policy. And most importantly, they will make the policyholder’s organization safer. 

[DIAGRAM] vCISO Policyholder Dashboard - No Action Needed Items

Why Did We Build vCISO?

We’ve had the honor of helping countless policyholders discover previously unknown vulnerabilities with the help of our Dynamic Loss Prevention reports. But when it comes to prioritization, a few missing pieces of the puzzle could often hinder the delivery of complete information that a policyholder needs.  

Especially when it came to internal policies and practices — whether an organization performs regular phishing tests on its employees, for instance — we often gathered information via direct conversations with policyholders, and provided on-the-fly adjustments to our recommended steps based on what we learned from them. While this was effective, it wasn’t always fast, and made it difficult for policyholders to get a full picture of their security in one place that they could reference again and again.  

Now, a policyholder can find the most up to date (and complete!) information available about their security posture with just a few clicks. vCISO automatically updates based on new DLP reports (re-scanned each quarter), new alerts added by the Risk & Response team, or changes to the Assessment answers.

Hands-on Help

The personal touch of Corvus’s Risk & Response team isn’t going away. Far from it. With vCISO, discussions with policyholders are more productive. Rather than going through a series of basic questions over the phone or email, our experts jump straight into the good stuff: reviewing recommendations and providing any additional insights and detail needed to make sure that policyholders are equipped to take action. Access to the team, as always, is available directly from the platform or by email.  

[DIAGRAM] vCISO Policyholder Dashboard - Help Section

Next Steps for Brokers

See a quick preview of what’s available with vCISO in the video below or click here for our deep dive for policyholders in our Knowledge Nest. 

If you'd like to see a full breakdown of vCISO from Lauren Winchester, VP of Smart Breach Response, and me, Nate Smolenski, stream the on-demand recording here!


[RELATED POST] Prioritize Patching: A Risk-Based Vulnerability Management Approach

Prioritize Patching: A Risk-Based Vulnerability Management Approach

Risk-Based Vulnerability Management (RBVM) - a better way to add context to your vulnerability management program. 

[RELATED POST] How Tech Companies Can Enhance Their Security: 5 High-Impact Practices

How Tech Companies Can Enhance Their Security: 5 High-Impact Practices

At Corvus, our risk & response experts work with policyholders and cybersecurity partners to implement measures that mitigate risk for their organizations, including with Smart Tech E&O policyholders.