By Lukas van der Merwe
Cyber threats are becoming more pervasive and persistent and are growing increasingly sophisticated. In the wake of the COVID-19 crisis, the volume of attacks has also accelerated dramatically. Breaches have become a matter of ‘when’ and not ‘if’, and the cost of a breach can cripple a business that is not prepared.
Cyber insurance is therefore a must, but as a relatively new product on the market, the process of underwriting it is not yet mature. This leaves insurers open to potentially high levels of risk. Intelligent technology solutions can assist insurers to more effectively assess customers, so that premiums can be quoted accurately, and processes automated, improving both risk exposure and efficiency.
High risk potential
According to IBM’s 2019 Cost of a Data Breach Report, a successful breach in an organisation with fully-deployed security automation costs $2.65 million. In an organisation without security automation, this cost was 95% higher at $5.16 million. This is a staggering figure and highlights exactly how ruinous a data breach is.
Effective security is evidently critical to mitigating the effects of a data breach, however, the costs are still extremely high even with the best less costly security solutions, the maturity of their security strategies is reduced. For insurers, this makes accurate underwriting absolutely imperative, however, the current processes are problematic.
More effective assessment means reduced risk exposure
The most common current practice, which undertakes to assess risk by way of a very brief questionnaire with basic questions around security, is extremely generic but also high level rather than granular. The problem is that two businesses could present almost identical risk profiles on paper, but in reality represent radically different risk profiles.
The risk assessment questionnaire is too high level to identify differences in the actual protection solutions being used and the maturity of security controls. While this risk can be mitigated to some extent by qualifying claims as part of terms and conditions, this can also alienate customers when it comes time for them to claim.
Addressing these gaps during the underwriting process rather than retrospectively is key, with more in-depth assessment to actively identify the maturity of security solutions on an ongoing basis. Intelligent technology and specialised tools can help insurers to more accurately determine risk profiles and offer premiums based on the actual risk.
Improving efficiency and customer service while de-risking underwriting
An end-to-end insurance underwriting platform built on intelligent technology can assist not only with the initial underwriting process, but also in managing the policy over its lifetime. Technology platforms can enable continuous self-assessments for clients to ensure their profiles are always up to date. They can also assist with cyber security event management in case of a breach, to ensure the appropriate workflows are followed, assisting in remedial activities and claims submission.
Automating the assessment process not only ensures more accurate premiums can be quoted, reducing risk and actively improving services and product offerings, it can also speed up processes. This in turn means improved customer satisfaction and greater efficiency. It also empowers insurers to develop more tailored solutions and enhanced product offerings, based on the granular insights they can obtain.
More holistic and granular assessments of security environments significantly reduce risk in the cyber insurance underwriting process. However, without technology solutions this type of assessment is not cost effective, nor is it feasible from a time perspective. By leveraging intelligent technology, insurers can effectively de-risk cyber insurance underwriting while improving efficiency and enhancing customer service.
Lukas van der Merwe is a Specialist Sales Executive: Security at T-Systems South Africa