At a glance.
- Turn/River Capital completes acquisition of Tufin.
- Cyberstarts raises $60 million.
- Cyber insurance exclusions – is a policy still worth it?
Mergers and acquisitions.
Investments and exits.
Israeli cybersecurity-centric venture capital firm Cyberstarts has raised $60 million in seed funding. The funding will be used to invest in early-stage cybersecurity companies. This funding brings the firm’s total assets to $374 million.
Intelligent Access Governance platform BalkanID, based out of Austin, Texas, has raised an additional $2.36 million in seed funding bringing the total raised to $8.1 million. The round was funded by K2G Tech Fund, GIT1K Club, Firsthand Ventures, MGV, NKM Capital, as well as existing investors. The funding will be used toward company growth, as well as a buffer for market fluctuations if necessary.
One Identity has appointed three new people to their executive team: Tat Ng as Vice President of Global Engineering, Darren Thomson as Vice President of Product Marketing, and Ken Evans as Vice President of Global Demand Generation & Field Marketing.
Johnson Controls has signed a framework agreement with Nozomi Networks that allows for Johnson Controls to use the Nozomi Networks toolset for its customers. This follows Johnson Controls’ investment in Nozomi Networks’ funding round last year. Vijay Sankaran, Chief Technology Officer at Johnson Controls, said, "Johnson Controls is at the forefront of digitizing the built environment through our innovative OpenBlue platform, and we are continuously looking for opportunities to maximize safety, improve efficiency and ensure business continuity. Our investment in Nozomi Networks' leading threat assessment toolset reflects the importance of cybersecurity in this digital transformation."
Cyber insurance exclusions – is a policy still worth it?
Following the news of Lloyd’s Marketing Association mandating exclusions of state-backed cyber attacks, the question is asked – is cyber insurance still worth it? Risk experts told Dark Reading that the answer may be no. "Insurance works on trust, [so answer the question,] 'will an insurance policy keep me whole when a bad event happens?'” says Pankaj Goyal, senior vice president of data science and cyber insurance at Safe Security. "Today, the answer might be 'I don't know.' When customers lose trust, everyone loses, including the insurance companies." Additionally, defining what even qualifies as a “state-based cyberattack” is difficult. "Even if a computer involved in the attacks was traced back to an IP address located in an Iranian or North Korean military base, that doesn't necessarily mean that it was an attack done with the knowledge of or at the direction of the government's authorities. It could have been compromised by hackers in other countries [as a false-flag attempt],” says James Turgal, vice president of cyber-risk and strategy for Optiv.
Marsh has worked with re/insurer Munich Re to address concerns with the Lloyd’s exclusions, discussing themes such as:
- “The endorsement should not serve as a catastrophic risk catchall.”
- “The endorsement should clarify the scope of coverage provided resulting from state backed cyberattacks.”
- “The endorsement should bring clarity to what constitutes war, and avoid conflation with the concept of a cyber operation.”
- “The introduction of new concepts like “cyber operations,” “major detrimental impact,” “impacted state,” and “essential services” should be as clear and unambiguous as possible in order to avoid or minimize disputes as to the meaning of the wording.”
- “The inclusion of references to attribution of cyber operations should not change the legal burden of proof, nor should it alter how the policy responds. Attribution of cyber operations to a sovereign state should not automatically trigger an exclusion of coverage.”
- “The endorsement should clearly delineate between cyberattacks that constitute or are deployed as part of an ongoing war — and thus are beyond the scope of coverage — and cyberattacks that are not related to a war and so should not be inadvertently excluded.”