The introduction of the public internet and its associated risks have given birth to a new growth opportunity within the insurance industry: cyber insurance underwriting. Companies of all sizes now need cyber insurance alongside liability and other forms of coverage. And like any other type of insurance, the amount organizations pay for cyber insurance is directly related to individual risk profiles.
The Auto Insurance Comparison
Risk assessments are a normal part of cyber insurance underwriting. To better understand what it is all about, consider auto insurance. As a driver, you represent a certain amount of risk to your insurance company. The level of that risk plays heavily into your annual premiums.
Your insurance company conducted a risk assessment when you first applied. A new assessment is conducted every time your policy renews. What does the insurance company look at? An endless list of things including:
- Your accident and claims history
- Any citations since your previous renewal
- The type and age of the car you drive
- Your average weekly mileage
- All the drivers with access to your car
- Where you park your car at night
The list goes on and on. By looking at a long list of parameters, the insurance company can create a reasonably accurate risk profile that represents how likely you are to file a claim. Then your premiums are determined accordingly.
The Foundation of Cyber Insurance
Cyber insurance works the same way in terms of risk assessment. One could even make the case that risk assessments are the foundation on which cyber insurance underwriting is built. Underwriters are compelled to identify and evaluate all potential vulnerabilities within an organization’s digital infrastructure. They lean on historical data and predictive analytics for more accurate profiling.
DarkOwl is a dark web intelligence firm that provides services to cyber insurance underwriters. They explain that one of the things insurance companies do is attempt to understand a company’s darknet exposure risk over time. This is accomplished through a comprehensive audit looking at historical data.
Such actions amount to an attempt to understand not only the likelihood of an organization filing a claim, but also the potential value of any such claim. Organizations at higher risk of significant claims automatically pose more risk to the insurer.
Insurance Companies Can’t Afford Losses
To the insured, an insurance company attempting to mitigate losses may appear to be acting solely on greed. But there is another perspective to consider. Although insurance companies do have to turn a profit to stay in business, a greater concern is the possibility of significant losses inhibiting their ability to protect other customers.
Simply put, insurance companies cannot afford to sustain huge losses. Multiple smaller losses can be managed in a given period of time. But an excessively large loss can jeopardize an insurance company’s cash position, thereby inhibiting its ability to pay out future claims.
It’s a Balancing Act
Cyber insurance underwriting is truly a balancing act. Insurance companies must keep premiums in check while still providing adequate coverage to clients. And in the event claims are made, they need to maintain cash reserves in volumes large enough to pay out. In the meantime, their premiums cannot be so low as to endanger their own existence.
It is for this reason that risk assessments are so vital to cyber insurance underwriting. Risk is the entire game in insurance. When an insurance company understands its risk, it can protect itself accordingly. The opposite is also true. When risk remains unknown or misunderstood, an insurance company is as vulnerable as the clients it is being paid to protect.