Underwriting cyber risk comes with many challenges, whether you’re underwriting cyber risk in a soft or hard market. Hard markets with limited capacity, restrictions on coverage, and pricing challenges create additional pressures.
After conversations with a variety of clients, four major challenges consistently crop up. These revolve around data, the cyber threat landscape, systemic risk and claims handling.
In this article, I will outline some of the challenges underwriters are facing right now and what needs to be considered in order to successfully underwrite cyber risk.
1. The right data is difficult to attain
One of the biggest challenges cyber underwriters have revolves around data. There is a vast amount of data out there, and you don’t necessarily have the time to delve into it to find out the information you need to make informed risk selection decisions. You must get access to good quality data, understand that data, and know what to do with it.
Data is hard to access
In a time when cyber threats are constantly evolving, getting access to relevant data is difficult. What’s more, underwriters must ensure that the data they do access is good quality. This includes firmographic, internal and external security, historic loss event, and supply chain dependency data.
Data can be conflicting
You want to ensure that the data you use is from reliable sources and verified to help you gain a complete picture of a company’s cyber risk posture and make the best underwriting decisions. This is especially true regarding the security signals you’re using to determine how to best select risks — they can be conflicting. You must be able to discriminate between the signal and the noise to understand what signals are material to your exposure. This can vary for different industries and size companies.
Data is difficult to understand
Getting good quality data and understanding the signals you need is only part of what’s needed to make informed underwriting choices. Being able to contextualise that data and know what to do with it is crucial to underwriting cyber successfully in the long term. Actionable insights can help you make those critical decisions.
2. The cyber threat landscape is evolving
Here at CyberCube, we regularly talk about the latest cyber threat trends as we understand just how crucial it is to understand the changing landscape. However, it’s tricky to be able to keep on top of it all, especially as we recognise that cyber events are inevitable.
With the increase in ransomware attacks, businesses need to be more prepared than ever to mitigate risk. It’s also worth paying more attention to potential cyber attacks that could affect the supply chain.
I typically tell clients that there’s an element of ‘whack-a-mole’ with the evolving cyber threats — once you think you’ve covered one issue, another one pops up! What’s important is that underwriters understand these changing issues and take them into consideration when underwriting risk. Given the speed of the changing threat landscape, the issues that caused the most impact in previous years may not be the same ones that drive losses in the future.
3. Systemic risk is growing
As I mentioned, you should be paying attention to any potential supply chain attacks. Because of our collective reliance on technology, Single Point of Failure (SPoF) attacks are becoming increasingly common.
The increase in these kinds of attacks is apparent. The Microsoft Exchange attacks, the Kaseya attack and, more recently the Colonial Pipeline attack, showcase just how much damage can occur for businesses. That’s why it’s vital that insurers are taking supply chains, and the potential for accumulation into consideration when underwriting risk.
Learn more about SPoF and supply chain attacks in our free downloadable report — Building Blocks of a Catastrophe Scenario.
Systemic risk has the potential to impact capital allocation and the overall portfolio management strategy so it is an important topic to get a handle on.
4. Claims handling requires specialist expertise
Another challenge that insurers face is around claims handling. There are many varied experts you need to deal with a cyber claim (notification providers, credit monitoring experts, forensic providers, a PR team, lawyers, etc), it's difficult to create a team that works effectively and is able to scale — whether that's by using an outsourced provider or building a team in-house.
Insurers need to build efficient access to the right resources and experts in order to be able to deal with the diverse ledger of cyber risks that occur. These specialists should also be on the pulse of any evolving cyber threat trends so that they can react appropriately when a claim occurs.
How can underwriters solve these challenges?
The diverse range of challenges cyber underwriters face today will inevitably continue to evolve, and underwriters must evolve with them. This means adopting simple solutions that will continuously ease your underwriting workflow.
One solution that addresses many of these issues is cyber modeling software. At CyberCube, we understand the cyber insurance market and have created analytics tools to help insurers tackle the obstacles they face and underwrite cyber successfully. It can provide the right kind of data and actionable insights, help you understand changing cyber threats, and takes systemic risk into consideration when underwriting risk.
If you’d like to learn more about choosing the right cyber risk analytics tool for your organisation, check out our blog — Underwriting cyber risk: 5 features to look for in a cyber modeling solution.