Strengthening Insurers' Understanding of Cyber Risk

Cybersecurity risks pose a significant threat to businesses – and the insurance industry has an obligation and an opportunity to help stem the impact of these attacks.

Business demand for cyber insurance coverage has risen 47% over the last several years, while the costs of cyberattacks has also increased significantly. In this environment, there is growing pressure on insurers to find new ways to mitigate cyber-related risk and protect policyholders.

Guidewire Cyence and At-Bay recently collaborated on a whitepaper to examine the fallout and potential responses to the rise in cyber risk titled “The Future of Cyber Insurance: Active Scanning and Continuous Monitoring of Cyber Risk for Improved Loss Ratio.” The paper considers the results of employing a more proactive strategy involving active scanning during underwriting paired with continuous monitoring over the policy period.

For insurers to effectively navigate the cyber risk environment, it is critical to practice risk selection that considers the latest threat environment at the time of underwriting. This involves:

• Maintaining constant awareness of the digital assets insured.

• Continuously scanning for emerging risks.

• Identifying vulnerable companies quickly and accurately.

• Proactively helping insureds implement patches and solutions as quickly as possible.

Underwriting a cyber policy without a timely scan of an organization’s network is similar to underwriting a property policy without fully understanding the property’s risks. Unfortunately, many traditional cyber insurance policy processes and applications do not gather essential security details, such as the software and tools employed by the insured. This often leads to over-reliance on security questionnaires that may not be completed by the correct technical professionals.

Guidewire Cyence and At-Bay collaborated to quantify the financial impacts of active scanning and continuous monitoring solutions. Instead of relying on organizations to accurately report their own digital infrastructure, cyber insurers can perform active scanning to determine the digital assets and overall security posture of each applicant. This process provides insurers with real-time views into a company’s digital assets and vulnerabilities. This can be complemented with continuous risk monitoring which enables insurers to keep pace with the ever-changing threat landscape and technological evolution of companies – and provides a better understanding of the overall risk profile of insureds.

In an era of fast-evolving cyber risk, insurers would be well advised to undertake both active scanning and continuous monitoring. To learn more about this vital topic and the solutions that Guidewire Cyence and At-Bay offer, download the whitepaper: “The Future of Cyber Insurance: Active Scanning and Continuous Monitoring for Improved Loss Ratio.”