Cyber Underwriting: Identifying a Business’s True Digital Risk
In conversation with Antony Xavier, CEO of SimpleSolve inc. He heads their 20-year evolution of Enterprise Insurance Solutions built by Insurance Professionals
Over the last year, it’s no longer business as usual, and the business world and each of us are adapting fast to evolving global scenarios. One of the biggest changes has been the high pace of digitization across industries and consumer groups. With this shift, however, comes a greater risk of cyber threats. It’s not surprising then that there has been a huge spike in ransomware attacks, leading to a loss of critical information for businesses and they are turning to insurance to cover them. Insurance companies are still navigating the waters when it comes to cyber underwriting for the new breed of threats.
Cyber underwriting is a whole different ball game for insurers as it is intangible, borderless, and fast-changing. Yet, investing in cyber underwriting can be well worth it for insurance providers as it is estimated to be a $70 billion service within the next 10 years. Currently, only an estimated 28% of small business owners have opted for commercial insurance policies. This means there’s a sizable portion of the market to be tapped into. How are cyber insurers preparing themselves to make the most of this opportunity?
Cyber underwriting
Cyber underwriting is by no means a ‘new’ service (it has been around for about 10 years) but as cyber threats have been getting more sophisticated, cyber insurers need to keep one step ahead. Definitely is a difficult ask when the enemy is like the Green Goblin supervillain (Norman Osborne) who can hack into the most advanced technology on the planet and make it his own secret weapon.
That’s why the one key difference in the modern cyber insurance underwriting process is the extent of information requested at the time of underwriting. Originally, only surface-level actuary information such as the revenue of a company, number of data records, and existing cybersecurity measures in place were requested. Today’s cyber risk underwriters, MGAs, and agents need a lot more data to be able to make an accurate estimation of risk. They often go deep into the company’s technological infrastructure, including the complete list of domains, details of the email servers, and the type of cybersecurity software used.
Additionally, the nature of commercial insurance policies offered is also changing from ‘recovery’ to ‘protection’. Rather than simply offering resources to businesses to mitigate losses from a cyberattack, cyber insurers are promoting preventative measures that can help avoid these attacks in the first place. This change in approach can make cyber insurance more profitable for insurers. This also means that underwriters need to be even more aware of the different types of cyber threats posed and the efficacy of various cybersecurity measures. This is the only way for a cyber underwriter to accurately understand cyber risks and price them. Cyber threat underwriters need to be grounded in technology.
Given the huge demand cyber insurance is predicted to generate, insurers need to create a strong cyber underwriting process to be able to successfully meet this demand.
The complete conversation along with the three key steps to boosting your firm’s insurance underwriting process is available here…
Originally published at https://www.simplesolve.com on December 28, 2021.
