Cybercrime is a rapidly growing challenge for businesses, one that is estimated to cost companies worldwide $10,5-trillion annually by 2025, up from $3-trillion in 2015.
By Amritesh Anaand, practice lead for unified communication at In2IT Technologies
South Africa is by no means excluded from this statistic, and is in fact ranked third in the world for the highest number of users experiencing targeted ransomware attacks. Cyber insurance has thus become an increasingly necessary part of doing business, to help mitigate the financial risk associated with a successful attack.
However, underwriting of cyber insurance is a challenge on a number of levels. Next-generation technology has become essential not only for the accurate and timeously underwriting of policies, but for the development of the products themselves in a rapidly evolving technology world.
New insurance, new opportunity
Cyber insurance presently constitutes a relatively small but growing portion of the overall non-life insurance market. As digitisation, interconnectedness and cyber threats continue to expand, cyber insurance has the potential to become an increasingly more significant part of the non-life market.
It is poised to play a greater role in mitigating the primary risks associated with cyber incidents, including network security and privacy liability, network business interruption, media liability, and errors and omissions.
Cyber insurance is designed to provide first- and third-party coverage to mitigate risk exposure by offsetting the costs involved with the recovery of cyber losses. Coverage may include losses from network security breaches, data and systems recovery costs, legal expenses and third-party indemnification related to data breaches, as well as business interruption costs. If insurers can effectively introduce cyber insurance, it could be an important new product set that will become essential for business in future.
New products, new problems
While cyber insurance could become a differentiating product offering, it is also a new market, and one that can be challenging to get right. One of the most important challenges around underwriting cyber insurance is the ability of insurers to accurately measure their exposure to underwritten cyber risk.
Identifying accurate cyber risk measurement is made difficult by the evolving nature of cyber risk; limited cyber loss experience; difficulties in assessing policyholder vulnerabilities; accumulation risk; and non-affirmative exposure.
Measuring cyber risk is critical for sustainable pricing of cyber insurance, allowing for sufficient premium income to cover expected losses and capital remuneration, in addition to operational costs and commercial margins. It is also key to inform the amount of capital that insurers should set aside to protect themselves from unexpected losses and to help define risk management approaches, including coverage offered, retained and transferred to reinsurance markets.
Challenges ahead
As technology has evolved, business has evolved, and the underwriting process needs to change as well. It is no longer sufficient to evaluate underwriting decisions after the fact, particularly with regards to cyber insurance. In a fast-paced world, foresight is critical, and portfolios need to be actively monitored, to understand the impacts of risks added to their books of business in real time.
In addition, while underwriting will always be partly judgement-drive, underwriters need to be able to bring more science to the art of underwriting. This requires access to more data and insight, to drive more accurate decisions.
Adding to this, the nature of risk itself is changing. Underwriters will need to adapt to the evolution of risk to remain relevant and stay competitive. In the future, historical data alone may not be enough to underwrite an evolving set of risks, particularly in commercial lines.
Digitisation is the key to enhancing underwriting capabilities with more advanced technology and expanded data sources. Not only will this facilitate the development of more accurate and effective new products such as cyber insurance, it will also help to improve efficiency and meet evolving customer expectations.
A digital solution for a digital problem
Next-generation technology platforms enables insurers to use bespoke data enrichment scanning for basic underwriting information, so they do not have to ask for it up front. In fact, technology platforms can connect to get most of the required information with a business domain name. This allows insurers to gather vital information about their customers’ risk profile from the very start, while enhancing the customer experience.
Security ratings help insurance companies better price their cyber risk policies to reduce risk in their portfolios. Security ratings use publicly available information and assess the potential data breach risks arising from control weaknesses. Cybersecurity insurance providers can use such security ratings to gain insight into the way their policyholders and their supply stream partners secure data so that they can write policies based on metrics, not just guesses.
Technology has become an essential tool in determining whether an organisation is a worthwhile risk or not. Cyber insurance exacerbates this trend and presents both a threat and an opportunity for insurers. Having the right technology, and importantly the right technology partner, is critical in meeting the evolving underwriting needs of today and the future.