Cyber Insurance Underwriting
Generating an accurate pricing scheme and providing appropriate coverage when underwriting policies relating to digital risks is an onerous process. Cyber insurance is a new product with limited historical data covering constantly evolving risks. Underwriters are often limited to point-in-time data from questionnaire-based assessments and annual penetration tests rather than continuous risk intelligence from automated assessments.
- Subjective reporting
Applicants self-report, potentially misrepresenting the data and leading to adverse selection.
- Lack of historical data
Cyber insurance is a relatively new segment; therefore, cyber underwriting lacks historical data on which to evaluate risk and accurately price.
- Static data vs. dynamic risk
Underwriting is based on point-in-time intelligence; however, security risks and vulnerabilities are constantly evolving.
- Manual cyber risk assessments
Underwriters depend on applicant assessments and penetration testing, but these processes are still manual and infrequent.