Are your underwriters using the right signals for risk selection?

Are your underwriters using the right signals for risk selection?

A recurring problem for cyber underwriters is not having the right cyber risk analytics to ensure that they are making informed, consistent, and efficient data-driven risk decisions. A single-risk underwriting tool should provide the most relevant cyber risk signals, helping underwriters to better assess the security posture of their client. 

At CyberCube, we provide industry-leading cyber risk analytics with the aim to help insurers underwrite accurately and make informed risk decisions, even in a hardening market. Account Manager, our single-risk underwriting tool, is made with underwriters in mind. With ~50 security signals that span different areas of control, underwriters can ensure they have the data they need to detect higher-risk organizations.    

We conducted a study based on our entire company-specific signal set and were able to derive the top ten (10) risk signals that are most indicative of having a cyber incident. 

What was the goal of the study?

CyberCube aimed to identify if the risk signal set used in Account Manager can truly detect higher risk organizations — which in turn can assist underwriters in making informed cyber risk decisions. 

In this study, we wanted to call attention to the top 10 cyber risk signals with the strongest correlation to incidents. We wanted to determine if there was statistical evidence showing that the right cyber risk analytics can truly provide insights that can help underwriters improve and streamline risk selection and detect drivers of underperforming segments. 

Our goal was to arm underwriters with data-driven analytics to determine which signals to consider before making a decision. 

How did we conduct the study?

The detailed methodology can be found in the referenced report, however here is a high level overview. The CyberCube team compared all company-specific signals to a dataset of organizations that experienced cyber incidents. The dataset we used consisted of millions of organizations spanning multiple industries and regions internationally to represent a broad and robust population. 

First, we categorized companies into two cohorts: those with risk signals observed as ‘riskier’ and those without as ‘less risky’. We then looked at events occurring in the subsequent months after the observation of a signal. By presuming a time dependency and looking only at observations of signals present prior to an incident, we were able to reflect not only their predictive power, but also their relevance for insurance applications. 

Next, we further studied both cohorts — those with risk signals observed and that subsequently experienced a cyber event, and those companies that did not have a risk signal observed prior to a cyber incident — and made another calculation of an average risk signal multiplier for each signal.

As a final step, we evaluated and ranked our entire set of signals based on this multiplier value to derive those most critical and contextualized the findings. 

What were the findings?

The study found that the top 10 risk signals detected were indicators of a cyber incident, and therefore indicative of increased claim frequency. Within Account Manager, organizations presenting one of these risk signals would indicate a poorer cybersecurity posture, meaning they are more vulnerable to cyber incidents. The top ten risk signals identified were: 

- Ransomware Extortion

- Infrastructure Abuse

- Ransomware Toolkits

- Ransomware Infections

- Malware Infections

- Software Vulnerabilities

- Infrastructure Infections

- End-of-Life Products

- Exposed Credentials

- Open Ports

CyberCube’s previous cyber risk signals study

In September 2021, we conducted a similar study looking at the effectiveness of our risk signals. When comparing the two studies, we’ve observed consistency for six out of the ten risk signals. Additionally, four different signals have emerged in the updated study, drawing attention to the changing cyber threat landscape. For example, the addition of the ‘Ransomware Toolkits’ signal highlights the increase in ransomware extortion attacks compared to last year. 

The overall findings of the latest study mean that there is a stronger correlation between incidents experienced and organizations with risk signals observed than without risk signals observed. Hence, CyberCube’s risk signals are in fact effective in assessing potential loss and identifying higher risk organizations — so underwriters who utilize the risk signals within Account Manager can make more informed risk decisions. 

Utilizing cyber risk analytics effectively

At CyberCube we believe that when used effectively, cyber risk analytics can enhance how underwriters address their risk selection process. Utilizing data-driven insights can supplement application info with data that cannot be obtained from a paper application. This can help underwriters get a better picture of the potential loss that could impact differing organizations, and underwrite accordingly. 

If you’d like to learn more about the study we conducted, you can check out the report here — Evaluating Cyber Risk Signals as Indicators of Future Incidents. We cover the methodology and evaluation of the study in more depth, and compare our last risk signal study findings, all of which highlight the effectiveness of CyberCube’s risk signals. 

Evaluating Cyber Risk Signals as Indicators of Future Incidents