18/Nov/2019
As with all industries today, cyber insurance is being shaped and changed by digital transformation. Technologies are faster and more impressive than ever, but data breaches and other cyber attacks are now much more commonplace. It is presently more complex than ever for insurers to accurately assess a cyber asset and fairly price the ensuing policy.
There is much that can be improved upon within the insurance market, from effective risk assessment and monitoring to updated underwriting practices.
At the moment, underwriting cyber insurance operates like the rest of the insurance market, using a point-in-time questionnaire about an applicant’s general data privacy and cyber security posture. This is then used to price an insurance policy that will cover the applicant for a certain amount of time. The models that are used for pricing are not often complex – they are sometimes even calculated and stored in an Excel spreadsheet.
However, technology is now rapidly advancing and the challenges and dangers that organisations face can change incredibly quickly. The current system lacks accurate visibility into an organisation’s cyber security stance (since it is self-reported) and the potential risks that organisations face. Within this system, there is no way to account for ongoing risk and security data. The process of underwriting, in its current practice, is woefully outdated and unprepared for the realities of the current digital market.
There needs to be a significant shift in cyber insurance to effectively respond to these changes. Here are a few ways the cyber insurance market can use new technologies to revolutionise their underwriting practices:
- Insurers can purchase data feeds, giving them access to various sources of information (such as open source or enterprise data). This can then be analysed and implemented into their underwriting algorithms.
- Using a vendor risk management platform, such as CyDesk, insurers can maintain their cyber security posture within their third-party ecosystem. Maintaining this posture is key, as insurers hold sensitive financial, personal and confidential data, and are therefore subject to severe fines and business interruptions in the case of a data breach.
- Insurers can also use CyDesk to continuously identify and analyse the risks of their clients, sending them updates or warnings if there’s an indication of a risk change that conflicts with an agreed policy. Concurrently, clients of insurers could also use their own subscription to CyDesk to track and manage their risks, ensuring that they maintain the posture needed for their insurance policy.
Following these suggestions, cyber insurers can establish an improved and practical process to create accurate policies, while maintaining their own cyber security posture. Don’t get left behind – insurers that adapt to and effectively use these digital transformations will be able to increase their revenue and efficiency, becoming leaders in the cyber insurance market.
