(Image source: The Digital Artist.)
Until recently, applying for cyber insurance was a painful process, and in many cases it still is. Companies often need to fill out up to 25 pages of highly-technical forms, which requires hiring an outside contractor with specialist knowledge and a substantial amount of time. Additionally, the application forms for cyber insurance include incomplete questions like, “Does your company have a firewall?”—this is like asking if a homeowner has a door. The real question needs to be: “Does the door lock?” or “what is it made of?”
When it comes to newer forms of insurance, insurance companies need to rethink how risk is assessed. While insurance brokers are familiar with the minutiae of what happens to a BMW or a Toyota in an accident, they don’t have the technical acumen necessary to assess the many forms of financial loss from a cyber attack. Although most brokers understand the cost of a cyber privacy breach, they aren’t well-versed in what happens as cyber crime expands. Cyber crime is becoming more complex, extending from simple attacks like phishing to more sophisticated attacks like ransomware and cryptojacking. In these cases, cyber insurance will cover losses like business interruption, revenue loss, costs from unauthorized use of a company’s cloud computing resources, pollution, and personal injury. Therefore, new evaluations are needed to understand the risk in these events, and in order to do this we need the right expertise. Phrased differently: engineers review buildings to evaluate the risk involved in property insurance, so why aren’t cyber security experts tapped to assess and price cyber risk?
Rethinking the Underwriting Process
The current approach to underwriting cyber risk is broken. We need to rethink the underwriting process to enable cyber experts and (friendly) offensive hackers to quickly and effectively evaluate cyber risk. Massive amounts of data need to be collected and analyzed by experts in order to make for the most effective and accurate underwriting process.
Not only do we need to improve the way that insurance professionals conduct the underwriting process, but we also need to speed it up. The lengthy underwriting process does not motivate companies to purchase cyber insurance. In order for more companies to sign up for coverage, we need to make the process frictionless.
With $2.5B invested into InsurTech in the first three quarters of 2018, technology is clearly transforming the insurance industry, from underwriting to distribution to client servicing. The impact of technology on insurance is being felt across the industry, but many professionals, including risk managers, are missing these developments because they are not in direct contact with the technological side of the industry.
Insurance professionals must introduce cyber knowledge into all aspects of the industry. In addition to bringing cyber experts into the underwriting process, brokers, insurance carriers, clients, and legal experts must increase their technical acumen when it comes to cyber. This expansion of knowledge across all levels of the industry will help improve cyber insurance policies and encourage more companies to procure policies, making businesses more secure when it comes to managing cyber’s ever-expanding threat.