Getting to Know the Corvus Scan
The Corvus Scan is what enables us to quickly provide customized price and coverage options for brokers and helps to make our form one of the shortest in the industry.
A High-Level Overview of the Corvus Scan
If you work with Corvus, you know that the Corvus Scan is a critical part of what makes our Smart Cyber Insurance policies work. It’s what enables us to quickly provide customized price and coverage options for brokers and helps to make our form one of the shortest in the industry.
What you might not know is exactly what goes into each scan, behind the scenes.
How the Corvus Scan Works
The Corvus Scan is a non-invasive test of an organization’s web-facing assets. Since it doesn’t involve penetrating an organization's IT systems, we don’t require a password or any special access. All of the information we need is out in the open -- you just have to know where to look, and what to do with it.
Finding out where that information is -- all of the IT "exposure" the organization has in terms of infrastructure they own or use -- is what takes place in the first phase of the scan: the Discovery phase. After that, the Testing phase involves running vulnerability tests against the assets that have been identified in order to assess security.
Finally, the results of the tests are aggregated and weighted appropriately given their severity. And once the policy is in effect, further monitoring takes place on a continuous basis. If any external events occur that may jeopardize the organization, they will be notified. This all takes place during the Recommendations and Ongoing Monitoring phase.
While those are the basics, many brokers and policyholders we talk to are interested in getting deeper into what goes into the scan. That’s why we created a document that covers it all: from how the scan works, to the three phases in the scan process, and how the results are turned into our Dynamic Loss Prevention Reports.
It starts with 5.25-inch floppy disks. Cue up Every Rose Has Its Thorn by Poison -- because it’s 1989. Computers aren’t a household necessity quite yet, the AIDS epidemic is ablaze, and a Harvard-taught evolutionary biologist, Dr. Joseph Popp, has mailed 20,000 copies of a computer-based questionnaire to the recent attendees of the World Health Organization AIDS conference.
A fresh face compared to other lines, cyber has taken many forms before — an easy add-on, a profitable afterthought, a tech-heavy nuisance — but was never a top priority. However, after headline-worthy ransomware attacks, data breaches, and serious losses for insurers, cyber insurance is getting the main character treatment.