The Current Model Is Broken
Cyber insurance underwriting relies on annual questionnaires. The policyholder checks boxes. The insurer prices risk based on self-reported answers.
The problem: 70% of cyber claims involve controls that were reported as compliant but were not actually enforced at the time of the incident.
Questionnaires measure intent. They do not measure reality.
Continuous Verification Replaces Periodic Assessment
HATS (H33 Attestation Trust Standard) produces continuous, cryptographic proof of policyholder security posture:
- MFA status — not what they said in the questionnaire, what Okta actually reports right now
- EDR coverage — not a checkbox, a live connector verifying CrowdStrike/SentinelOne status
- Backup configuration — cryptographically attested retention policies and test results
- Patch management — continuous vulnerability scan integration
Each control state is captured by the HATS Terminal, signed with three independent post-quantum signature families, and committed to a 74-byte attestation.
What Insurers Get
The HATS Insurer Dashboard provides:
- Real-time portfolio risk scores across all policyholders
- Cryptographic proof of control state at any point in time
- Automated alerts when controls degrade
- Claims evidence that is independently verifiable — not self-reported
What Brokers Get
The HATS Broker Platform enables:
- Verified quotes based on proven (not reported) security posture
- Differentiated pricing for continuously verified policyholders
- Reduced E&O exposure from inaccurate questionnaire responses
The Fraud Detection Angle
Cross-vendor inconsistency is the fraud signal. Claimant says MFA was active. The HATS attestation from Okta shows it was downgraded to SMS a week before the incident. That is not a log — it is a cryptographic contradiction.
Continuous Monitoring Deep Dive · HATS Demo · Cyber Insurance Overview · Schedule Demo
Patent pending. SOC 2 Type II. 20,000+ tests.
Top comments (0)