Cyber Underwriting: How underwriting trends and cyber modelling/data analytics from reinsurers can help underwriters make more accurate decisions.
Keeping pace with the rapid evolution of cyber risk is a constant challenge for underwriters offering cover of this unique peril. The ever-changing nature of the risk combined with the lack of historical data available in a relatively new line of business means that underwriters are being relentlessly tested.
However, (re)insurers can meet this challenge through diverse teams of experts that keep a watchful eye on the latest developments and utilise the latest analytics to decipher what they mean in terms of risk.
Successful underwriting in the cyber sector begins with the composition of the teams themselves. Cyber underwriting teams are increasingly drawn from a wide talent pool boasting varied backgrounds. In addition to people with a sound experience in traditional underwriting there are now experts in IT security, or cyber risk engineering.
What is key is a really good collaboration within the underwriting network within every insurer and reinsurer. Underwriters can learn and benefit from close link ups with IT –security functions, especially in the field of risk engineering.
It is incumbent on the cyber underwriters working in those teams to keep abreast of the latest developments, whether that means technological advances, actual security breaches, hacking incidents or changes to the legal and regulatory frameworks.
It is their duty to keep their eyes and ears open to read reports, court proceedings and go to conferences. They must do what it takes to keep up-to-date in what is happening in the cyber and information security world as well as the world of cyber insurance.
As a science, modelling cyber risks is still in its infancy. Although the (re)insurance industry has become relatively comfortable using models to simulate natural catastrophes there are a number of hurdles to overcome before the same can be said of cyber models. Natural catastrophes have geographical boundaries that facilitate a reliable analysis of their footprint. By contrast the confinement zones in cyber are much more difficult to assess.
In addition, the risk of change is much larger for cyber than natural catastrophes. When natural catastrophes change it is gradual, through climate change or the rising of sea levels, for example. In cyber change happens very, very rapidly and change is constant.
Cyber models must also consider the actions of malicious parties, bad actors in these scenarios that are trying to cause an IT security failure by searching for the weakest link. Most statistical models take an agnostic view on where are the weakest or strongest links in the chain.
The concept of using cyber models first as a triage is one possibility. The other one is to look at which tools give a proper costing framework. All underwriters use a costing framework for single risks and many have also a vendor’s scoring tool, dependent on risk characteristics.
Swiss Re offers our clients a cyber analytics platform. It is a scoring tool for risks that our clients can use for deciding their underwriting positions. They can use it to understand accumulations and to have a better view on their portfolio.
We have also buildt up a comprehensive risk assessment framework that we are sharing with our clients. They can understand how we would rate a risk and take a decision in cyber underwriting.
Minimal IT and information security standards, as well as risk adequate certifications, used at the market level can aid insurability by increasing cyber hygiene and decreasing information asymmetry. That would allow the market to develop in a more resilient way.
There is need on the larger scale to have an information exchange for cyber incidents, which should be a collaboration between insurers and reinsurers. It must conform to any type of confidentiality, competition and anti-trust laws and regulations. No player in the cyber insurance eco-system sees enough claims to statistically build a relevant database that’s why cyber incident exchange and data sharing is paramount.