Hartford Financial Services Group said it will consider the scores in determining premiums for cyberinsurance.

Aldrin Brown, Editor-in-Chief

February 10, 2017

2 Min Read

Microsoft today began scoring the security settings of commercial customers that use Office 365, and at least one insurer said the ratings would be considered in the pricing of cybersecurity policies.

Microsoft’s Secure Score API had been in preview availability since early August. At the time, users were measured on just 27 security configurations and behaviors that impact the security of data in an organization’s Office 365 environment.

Today’s general release grades users on up to 77 factors, and instructs them on how changes in behaviors and security settings – like activating multi-factor authentication – can impact their scores. 

“The core idea is that it is useful to rationalize and contextualize all of your cloud security configuration and behavioral options into one simple, analytical framework, and to make it very easy for you to take incremental action to improve your score over time,” said a blog post by Microsoft program manager Brandon Koeller. “Rather than constructing a model with findings slotted into critical, moderate, or low severity, we wanted to give you a non-reactive way to evaluate your risk and make incremental changes over time that add up to a very effective risk mitigation plan.”

Microsoft launched the general availability to coincide with the RSA digital-security conference, which starts Monday at the Moscone Center in San Francisco.

In a blog post today announcing the broader release, Microsoft suggested four use cases for the score data:

  1. Monitor and report on your secure score in downstream reporting tools.

  2. Track your security configuration baseline.

  3. Integrate the data into compliance or cybersecurity insurance applications.

  4. Integrate Secure Score data into your SIEM or CASB to drive a hybrid or multi-cloud framework for security analytics.

Secure Score will allow administrators to compare their security scores with those of 85 million other commercial customers of Office 365, according to a report in the Wall Street Journal.

Also according to that article, Hartford Financial Services Group Inc., is the first company to publicly announce it will consider Microsoft’s security score as a factor in determining premiums for cyberinsurance.

“It gives us insight and comfort that you are doing some risk management,” Tom Kang, Hartford’s head of cyberinsurance, told the Wall Street Journal.

Kang would not say how much weight the score would be given.

Corporate cyberinsurance is the fastest-growing insurance product in America, with PriceWaterhouseCoopers projecting premiums to grow from the current $3 billion a year, to $7.5 billion by 2020, the journal reported.


Send tips and news to [email protected].

Read more about:


About the Author(s)

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.


Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like