Understanding cyber risks: an underwriter’s perspective
Cyber is one of the fastest-growing areas in insurance. In today’s digital world, cyber risks are an ongoing threat, evolving rapidly and presenting challenges for businesses and insurers. Cyber insurance is not one-size-fits-all. For underwriters to understand and manage cyber risk, they require deep knowledge of traditional underwriting principles, as well as a forward-looking approach to anticipate and mitigate the unique threats posed by cyber vulnerabilities.
Submission quality is vital in cyber risk assessment
Risk assessment requires having appropriate and relevant data to answer underwriting questions. These questions help assess a client’s cyber hygiene, and identify potential risks and vulnerabilities within their digital infrastructure, allowing for more precise risk assessment.
However, the challenge lies in collecting good quality and accurate data. Incomplete or poorly detailed applications can hinder the underwriting process, leading to gaps in coverage or mispriced policies. Therefore, it is essential for both underwriters and brokers to prioritize thoroughness and accuracy, and for brokers to help guide clients in understanding and answering underwriting questions.
Data plays a crucial role
Today, businesses rely almost entirely on technology. Data has become a strategic asset in underwriting and when it comes to cyber, data plays a pivotal role in an underwriter’s understanding of both frequency and severity of potential threats.
The vast amounts of data generated by digital activities provide valuable insights into patterns of cyber incidents, allowing underwriters to identify trends and vulnerabilities with greater precision. However, highly sensitive data amplifies the risk: a single breach can expose vast quantities of sensitive information, leading to significant financial and reputational damage.
Key factors influencing cyber insurance premium
The most important factor influencing premium is exposure reflected in the size and nature of the insured business and its industry sector. Type of data handled, and the attractiveness of this data to criminals are also crucial. For instance, the healthcare industry often deals with highly sensitive data, as do financial institutions, making them prime targets for cyber attacks.
Other important factors include cybersecurity measures in place such as firewalls and encryption; employee training programs; history of cyber incidents; claims experience; coverage limits requested; and the types of cyber risks covered.
HSB provides loss prevention recommendations to help clients mitigate potential cyber risks and improve hygiene. Our pillars are: Identify, Prevent, Protect and Respond. We consider a client’s cybersecurity protocols and what, if any, tools and controls are currently used to protect themselves and their networks from cyber threats. Rigorous protection may also help to lower premium.
Coverage requires constant evolution
Cyber risks are not static. Cyber threats are becoming increasingly sophisticated and criminals continually refine their tactics to exploit emerging vulnerabilities.
As threats evolve, so must the solutions designed to mitigate them and stay ahead of the bad guys. Underwriters need to commit to ongoing education to update their knowledge and keep pace with evolving threats.
An example of evolution in HSB’s cyber coverage is Misdirected Payment Fraud, where funds are transferred to fraudulent accounts due to compromised email or payment systems. This form of fraud has become increasingly prevalent, leading to substantial financial losses. The HSB underwriting team recognized this growing threat and moved quickly to provide it as an essential coverage.
Stay vigilant
Looking ahead, the future of cyber insurance lies in proactive risk management. We are exploring ways to help clients actively monitor their networks for vulnerabilities, aiming to prevent breaches in the first place. This approach represents a shift from reactive to proactive risk management.
By leveraging advanced technologies and collaborating closely with clients, underwriters can help organizations strengthen their cyber defenses. Cyber risk assessment is a complex and evolving field, requiring underwriters to continue to be vigilant, informed, and adaptive.
Reach out to Leila on LinkedIn
