Cyber Insurance , Incident & Breach Response , Security Operations
Arctic Wolf CEO on Incident Response, M&A, Cyber InsuranceNick Schneider Shares How His Firm Can Help Clients Prepare for a Security Incident
Arctic Wolf has taken advantage of acquisitions to expand its security operations platform into threat intelligence, incident response and cyber insurance, says CEO Nick Schneider.
The Minneapolis-area vendor has introduced new offerings focused on putting organizations in the best possible position to answer questions from insurance carriers following a security incident, Schneider says. Arctic Wolf has the opportunity to capture new geographies and customer types as the company expands beyond its heritage of providing managed detection and response to midsized organizations.
"We are continuing to invest in security expertise and threat intelligence to ensure that our customers are able to improve their security posture over time," Schneider tells Information Security Media Group. "I would expect to see Arctic Wolf continue to expand its breadth within security operations. What other areas of cybersecurity operations can Arctic Wolf add value to on top of our core platform?"
Arctic Wolf has over the past two or three years expanded upmarket and gained more traction with large, sophisticated organizations, Schneider says. Big enterprises have taken advantage of Arctic Wolf's new data exploration module to do some of their own work on security data and investigate potential threats, he adds.
"They engage with the concierge security team differently than an SMB account," Schneider says. "That's just because of the type and volume of resources that they might have at their disposal. They just have different requirements for how they want to engage."
Here is a look from Schneider at Arctic Wolf's biggest expected areas of innovation in 2023 (see: Arctic Wolf Gets $401M From Owl Rock to Pursue Acquisitions).
Being Prepared When a Security Incident Occurs
Arctic Wolf has focused on more effectively leveraging the information it obtains from incident response activities as part of the company's threat intelligence services, Schneider says. As a result, he says, Arctic Wolf's entire client base - from the threat researchers at Arctic Wolf Labs to consumers of the company's managed detection and response tool - benefits from the company's incident response caseload.
Many organizations struggle with preparing for a security incident even if they have an internal security team and have procured cyber insurance, Schneider says. Businesses often haven't prepared their systems or documented escalation paths or how their environment is set up, which makes it nearly impossible to quickly get information over to an incident response provider in the event of an attack, Schneider says.
"The less time that you're spending on compiling information, the more time you're able to spend on remediating the threat and the less time you've taken between an incident occurring and the beginning of a response," Schneider says.
Most companies don't know what they need to have documented or prepared in the event of a security incident and therefore end up reaching out to their insurance provider or incident responder while an attack is taking place to see what questions they have, Schneider says. Although the answers to these questions are relatively static, he says it takes a lot of time to gather the information needed to respond (see: Looking Beyond Silicon Valley for Cybersecurity Talent).
Arctic Wolf this year debuted an Incident Response JumpStart Retainer, which Schneider says appeals primarily to new prospects who haven't done much IR planning to date. People often assume that small and midsized businesses would be less likely to have their incident response plans documented, but Schneider says even really sophisticated customers haven't written all this stuff down.
Bringing Customers, Insurance Carriers to the Table
The vast majority of Arctic Wolf's incident response programs and services come through the company's relationships with the insurance ecosystem, and Schneider says the company has seen a dramatic uptick in activity after adding a mechanism for channel partners to engage with incident responders. The company plans to keep investing with the insurance and channel ecosystems around incident response.
Clients historically viewed cyber insurance as a way of offloading risk to a third party, while insurance carriers gave policies to businesses that weren't investing enough in security, Schneider says. But in recent years, he says, customers have realized they need to do more of their own work around security posture, while insurance carriers have realized that not everyone who asks for a policy should get one.
"The less time that you're spending on compiling information, the more time you're able to spend on remediating the threat."
– Nick Schneider, president and CEO, Arctic Wolf
Both sides therefore need a mechanism that ensures that when organizations make the necessary investments to be insurable, they can indeed access a cyber insurance policy, Schneider says. Arctic Wolf can help, thanks to its understanding of the customer's environment, what's required to be insurable and a suite of offerings that can be used to fill in any gaps in coverage that insurance carriers need addressed.
Schneider says Arctic Wolf also has really strong relationships with insurance carriers, brokers and privacy attorneys that give the company a good understanding of what a provider needs to insure an end user.
"It's all about making sure that you know everyone goes into those relationships and engagement eyes wide open," Schneider says. "I think we serve that purpose."
Mergers and Acquisitions Expected to Accelerate
Schneider says there are more opportunities for mergers and acquisitions and more people willing to engage in conversations today than there were 12 or 18 months ago. Most potential acquisition targets understand that valuation multiples have changed as a result of the economic downturn, and Schneider expects the volume of M&A across the security industry to pick up dramatically over the course of 2023 (see: Arctic Wolf's Dan Schiappa on Cloud Security in a Recession).
Arctic Wolf has leveraged expertise from its September 2021 acquisition of Habitu8, which has a managed security awareness training offering, and technology from its February 2022 purchase of Tetra Defense, which has an incident response business, to strengthen its ties with insurance carriers. Then in September 2022, Arctic Wolf bought vxIntel to gain more capabilities in threat intelligence.
"We continue to be opportunistic," Schneider says. "We look for the right opportunities that fit into our overall strategy of security operations. When they match up, we're a willing participant."