Getting to know the Corvus Scan
The Corvus Scan is what enables us to quickly provide customized price and coverage options for brokers and helps to make our form one of the shortest in the industry.
If you work with Corvus, you know that the Corvus Scan is a critical part of what makes our Smart Cyber Insurance policies work. It’s what enables us to quickly provide customized price and coverage options for brokers and helps to make our form one of the shortest in the industry.
What you might not know is exactly what goes into each scan, behind the scenes.
How the Corvus Scan works
The Corvus Scan is a non-invasive test of an organization’s web-facing assets. Since it doesn’t involve penetrating an organization's IT systems, we don’t require a password or any special access. All of the information we need is out in the open -- you just have to know where to look, and what to do with it.
Finding out where that information is -- all of the IT "exposure" the organization has in terms of infrastructure they own or use -- is what takes place in the first phase of the scan: the Discovery phase. After that, the Testing phase involves running vulnerability tests against the assets that have been identified in order to assess security.
Finally, the results of the tests are aggregated and weighted appropriately given their severity. And once the policy is in effect, further monitoring takes place on a continuous basis. If any external events occur that may jeopardize the organization, they will be notified. This all takes place during the Recommendations and Ongoing Monitoring phase.
While those are the basics, many brokers and policyholders we talk to are interested in getting deeper into what goes into the scan. That’s why we created a document that covers it all: from how the scan works, to the three phases in the scan process, and how the results are turned into our Dynamic Loss Prevention Reports.
A hacked power grid turning the lights out for millions, a dam being controlled by an adversary — these are the kinds of nightmare situations cybersecurity researchers often talk about in the context of cyber warfare or state-sponsored terrorism.
As ransomware rose to become the single biggest driver of cyber insurance claims in 2020, we felt that this aspect of cyber risk deserved more detailed reporting for brokers and policyholders. So we got to work. We decided to re-create one aspect of our overall cyber risk score, adding more detail and providing a separate report page in Smart Cyber quotes. You can read about the specifics of the score here.