(Maple Leafs and Canadiens prepare for the national anthem on opening night of the 2008/09 season, at the Air Canada Centre in Toronto, home of Creechurch Underwriters. Photo credit: EternalSleeper.)
Creechurch Underwriters, a Toronto-based managing general underwriter, has implemented Insurity subsidiary Oceanwide’s Cyber Risk Assessment Tool for assessing cyber risks for the company’s brokers and insureds.
“We selected the Oceanwide tool to help us better manage the unique challenges of cyber risk,” coments Phil Baker, president, Creechurch. “The dimensions in measuring risks are far more exhaustive for cyber than for a traditional property and casualty insurance product.”
Creechurch will use the Oceanwide solution offer its risk assessment capability to consumers through their broker. A vendor statement asserts that the tool’s ease-of-use obviates the need for additional training and requires no complicated registration. Creechurch will add a custom scoring and weighting model to the standard assessment, which will apply numerical values to responses as scores, rather than simply subjective responses recorded in a form.
With the Cyber Risk Assessment Tool’s ability to collect the scores, perform weighting across security domains and industry sectors, and aggregate assessment data, Creechurch will be able to better leverage data to gain a greater understanding of industry and organizational risks, Oceanwide reports. As a result, Creechurch will have an improved ability to tune its rating and premium calculations, providing superior benchmarking analysis of its customers, the vendor asserts.
“Coupled with an ever evolving threat matrix, the cyber risk assessment task is complex,” adds Creechurch’s Baker. “Without any empirical evidence, building efficient and effective rating models and benchmarking analysis without a tool like Oceanwide’s is a shot in the dark at best.”
Getting Ahead of the Competition
Oceanwide’s chief security officer Mark Orosz characterizes Creechurch’s use of the tool as taking steps to better service its clients and get ahead of the competition by integrating cyber security assessment based on government recognized standards as part of the quoting process. “Insurers, brokers and MGUs can best help organizations manage cyber risks by establishing and utilizing cyber security best practices. It just takes asking the right questions and getting everyone well educated – whether insurer, broker, MGU or the client,” Orosz comments. “We are pleased that they have selected Oceanwide to help achieve their cyber risk assessment goals.”
When offering a cyber risk insurance product, the vendor notes, it’s important for insurers to leverage existing well established governmental or regulatory guidelines such as OSFI, NIST, and ENISA when assessing an insured. Oceanwide says its Cyber Risk Assessment tool is designed to be flexible to adapt to different guidelines based on local requirements. The vendor describes the tool as a web-based solution which can be customized to accommodate country-specific regulatory standards and language requirements to make it easier for an insurer to improve its cybersecurity posture in real-time.