Small cyber-exposed businesses are being subjected to the dual disruption of a rapidly changing risk landscape and the lack of knowledge and resources to mitigate these risks. The insurance industry is facing these disruptions with the goal of figuring out how to efficiently underwrite these risks, while simultaneously accessing relevant information on cyber vulnerability data and risk mitigation processes.
At the recent NetDiligence Conference in Santa Monica, several panel sessions addressed the issues with insuring the small business market. Modeling and data solution delivery technologies are seen as key influencers in introducing both efficiencies and greater confidence in the underwriting process. Following are some of the common themes:
- Efficient access to key information and data is critical. According to Tim Francis (Travelers) on the Challenges of Underwriting: Smaller Risks panel, “easier will win business”. This is driven by contracting time frame requirements for binding business in an increasingly competitive environment where there is too much capacity and not enough buyers. In addition, SMB is not one business category, and there is a significant difference in how micro and small businesses are defined and underwritten. Tools that deliver access to company size specific data and business process information via a streamlined workflow that is bespoke to brokers and underwriters is highly valued.
- A high-quality affordable insurance product is in demand. Given the paucity of trusted information from insureds, tools that provide data and metrics for a relevant understanding of company risk to support pricing are critical. This includes technographic information as well as tools that capture key cyber mitigation business processes. At the Innovation in Insurance: Insurtech, Modeling & API’s session most of the panelists agreed that models and data are key to delivering risk-based pricing insight.
- According to a recent Verizon 2019 Data Breach Investigations Report, 43% of all data breaches target small businesses. However, cyber-attacks are not limited to data breaches and underwriting requires a comprehensive assessment of total cyber risk. In this framework, treating cyber as a peril where a standardized insurance product does not exist is an increasingly common theme. This is where models and cyber risk hazard metrics are critical tools to not only understand the overall hazard and modeled loss metrics, but also to be able to “drill down” into the data to understand the risk drivers and what are the critical questions to ask the insured.
- Mini-aggregation events on first-party coverages and the ability to address multiple cyber-specific coverage types are top of mind. Underwriting guidelines driven by portfolio level analyses at the coverage level can deliver critical underwriting guideline insights.
CyberCube is actively addressing these small business pain points with cloud-based high-performance tools that capture inside-out and outside-in technographic and firmographic data along with business process information to deliver drill-down exposure, hazard, security hazard and loss metrics. These tools deliver value for the full underwriting value chain from brokers to insurance underwriters.