Accelerating Cyber Insurance Growth Through Risk Quantification

Accelerating Cyber Insurance Growth Through Risk Quantification

Michael Lin

Blogpost Image

The adoption of cyber insurance is on the rise. According to a recent Marsh & McLennan survey, 47% of organizations indicated that they have cyber insurance, up from 34% in 2017*. In addition, 89% of them were confident that their policies would cover losses caused by a cyber event. But, although cyber insurance has gained significant momentum, investment in traditional cyber prevention technology has far outpaced cyber insurance spending. As a result, when tackling the largest organizational concerns about cyber risk, enterprises remained focused on prevention rather than resilience.

A Balanced Cybersecurity Strategy

Enterprises that want to implement a more balanced approach to cyber risk investment can pursue a strategy of determining their own risk profile and appetite. By having a thorough understanding of its cyber risk exposure, an organization can devise a more comprehensive investment strategy that addresses various concerns, such as staff training to reduce human errors or an active patching cadence to eliminate software vulnerabilities. For cyber risk that cannot be prevented or is deemed too great for enterprise IT to bear, leveraging cyber insurance policies to transfer this risk becomes a viable—and smart—option.

Another way to invest in a cybersecurity solution is to quantify the economic impact of cyber risk exposure. Organizations don’t realize the financial implications or potential monetary loss without seeing a dollar sign associated with their risk exposure. The results often shock them. In contrast, those enterprises that do adopt a quantitative measurement of cyber risk exposure realize the importance of having resilience to assure business continuity. In fact, the survey shows that organizations that use economic cyber risk assessment methods are more likely to purchase cyber insurance and increase current coverages.


  • All data and graphics in this article are from the Global Cyber Risk Perception Survey Report 2019, conducted by Marsh & McLennan in collaboration with Microsoft.

Trusted Analytics, Powered by Data

At Guidewire, we equip insurers with the most advanced data and analytics solution to provide cyber risk profiles to their enterprise customers and translate exposures into dollars and probability. Guidewire Cyence™ for Cyber Risk Management leverages a variety of econometric risk models and uses real breach data aggregated from multiple sources. Trusted by leaders across the P&C insurance landscape—from insurers, reinsurance carriers, and brokers to financial institutions and rating agencies—the solution enables users to do the following:

  • Measure and quantify companies’ cyber posture from the perspective of technology, people, and process

  • Assess adversary motivation

  • Examine attack capabilities

  • Consider the impact of a well-timed attack

A Single Solution for All Risk Assessment Needs

In addition to using the broadest and deepest collection of technology assessments of companies, we continually train and refine our predictive risk capabilities to provide customers with the best understanding of their cybersecurity risk. With these insights, insurers are able to realize these advantages:

  • Underwriters ask fewer underwriting questions, evaluate the credibility of questionnaire responses, and develop more targeted follow-up questions.

  • Product managers and actuaries leverage our economic risk modeling platform when examining and developing segmentation and pricing strategies.

  • Enterprise risk managers use our exposure data and stochastic disaster scenario models to evaluate and manage tail risks.

  • Executives benefit from a common risk language that explains exposure in terms of dollars and probabilities while enabling a data-driven approach to strategic decisions.

For an overview of Cyence for Cyber Risk Management, please watch the following short video by Phil Rosace (Global Lead for Cyence Risk Analytics Solutions).