Traditional underwriting methods are out. With cyber attacks on the rise, many industry experts have lamented the case for cyber risks being ‘uninsurable’ due to the catastrophic claims and insurance payouts experienced to date.
As threat actors increase in sophistication by adopting new technologies, it is unsurprising that many insurers and capacity providers are likely to back out of protecting organisations against cyber incidents, unless a major overhaul of underwriting processes comes into play in the near future. This article highlights the importance of collaboration between underwriters, cyber security experts, and other professionals to innovate and develop effective cyber insurance policies.
Innovation
Cyber risk insurance is a complex and rapidly evolving field that requires a new approach to underwriting. Underwriters must embrace new technologies and work collaboratively to develop policies that provide adequate coverage and protection to businesses in the face of ever-evolving cyber threats. These include machine learning and the use of artificial intelligence (AI) to evaluate and score cyber risk and speed up underwriting processes.
Most recently, we have seen reports of threat actors using ChatGPT to write accurate phishing emails and of unsophisticated threat actors making use of AI to write malware. This means that the barrier to entry for cyber crime has and will become much lower than before.
On the other hand, the use of AI can also help the cyber insurance industry by automating many processes that would otherwise be time-consuming and costly. For example, machine learning can be beneficial tools for underwriters to boost efficiency, understand cyber risks, and recommend mitigating measures for insureds before binding coverage. Various aspects of the underwriting process, such as data collection and analysis, risk assessment, and policy pricing, can be automated to reduce the time and resources required. AI algorithms also allow underwriters to analyse large amounts of data to quickly identify potential risks and vulnerabilities in an insured's network environment. This improves the accuracy of underwriting decisions by providing more detailed and nuanced risk assessments to tailor policies to meet the specific risks and needs of each client.
Collaboration
At Pandamatics Underwriting, we are building an AI-driven insurtech platform for the holistic examination of an organisation’s cyber risk, supplemented by data we gather through compromise assessments provided to non-insured clients. A compromise assessment is an inside-out investigation and security audit of an organisation’s internal environment, applications, infrastructures, and endpoints that aims to identify ongoing or past threat actor activity in an organisation’s network environment. By conducting an internal examination of an organisation’s system, specialists search for malware that has attempted to or successfully compromised the network to provide insights on which vulnerabilities are being exploited. Results are based on suspicious user behaviours, an extensive log review, Indicators of Compromise (IOCs), and any other evidence of malicious activity (past or present) to identify attackers residing in the current environment. Such data justifies better security investments for the insured and informs underwriters of the insured's current security posture for policy recommendations. In the event of a breach, Pandamatics Underwriting also uses a digital forensics-led claims process to verify the validity of an insurance claim and the extent of the damages caused.
This is accomplished in collaboration with Blackpanda, Asia’s leading Digital Forensics and Incident Response team, enabling Pandamatics Underwriting to provide all its policyholders with the full suite of post-breach incident response capabilities and additional cyber security services in order to prevent an unsustainable number of insurance claims.
Check out our incident response capabilities
curated specially for SMBS here:
Conclusion
With the ever-evolving nature of cyber threats, the need for a paradigm shift in the insurance industry's approach to cyber risks cannot be overstated. Underwriters should be looking to collaborate more closely with cyber security experts and professionals that are well-versed in handling various kinds of business losses arising from a cyber incident. By leveraging advanced technologies, it's time that underwriters take proactive steps to adopt a more flexible and dynamic underwriting model to develop policies that protect businesses in a sustainable manner.