When cyber insurance was introduced almost 30 years ago, the cyber threat landscape looked very different. The world was far less reliant on digital technology and data, it was more difficult for threat actors to monetize attacks, and penalties for data privacy and cybersecurity failures were still in development. In addition, actuarial models adapted from traditional insurance were sufficient, but that's not the case anymore; a new era of cyber insurance is here.
The tools and data at our disposal have revolutionized how we understand risk. Remote access is now the default, not the exception. Cybercriminals operate like businesses. The prevalence of cloud-based technologies and automation makes risk aggregation a real concern. Plus,
Traditional risk models simply can't keep up. Insurance must retool its approach to actuarial science. With more data and technological advancements come more questions and bigger problems to solve. Cyber insurance is no different. But with large amounts of data to analyze and AI to assist, the industry is well-positioned to create a roadmap for tackling some of these new challenges.
Addressing the speed and volume of new threats
Despite increased cybersecurity awareness, greater spending on defense, and a maturing industry, cyber threats continue to accelerate at an unprecedented rate. The speed at which new threats develop, alongside the relentlessness of threat actors, makes assessing cyber risk at the time of underwriting a moving target.
Consider a few of the complexities actuaries and underwriters are trying to reconcile daily:
● Common Vulnerabilities and Exposures (CVEs) are
● Scans from unique IP addresses looking for risky technologies
● Overall claims severity is
Real-time data collection that's purpose-built for cyber insurance is now a necessity. It enables insurers to keep pace with changes in the cyber risk lands. When AI is incorporated, it can help detect issues early, assess potential impacts, and extract the most relevant insights to ensure informed evaluation and decisions with each new quote. Using AI, insurers can summarize key risk insights from their real-time data collection process so underwriters can make highly informed risk decisions.
Security findings unveiled during the underwriting process can also help businesses detect the exposures most likely to lead to claims before they even purchase coverage. All this contributes to helping policyholders improve security and minimize the likelihood of claims.
Analyzing an unprecedented volume of data
Access to large amounts of real-time cyber risk data is a blessing. But without an equal emphasis on analysis, it can also be a curse. To minimize the noise generated by new data sources, help avoid misuse and minimize pricing fluctuations in response to each new vulnerability, insurers should incorporate AI as an aid.
Human oversight remains essential, as humans must make decisions and modify models. However, no human alone can sort through and make sense of the vast amounts of data available to actuaries. Without AI to assist with analysis, moving at the speed required to leverage real-time insights to make timely adjustments to models and underwriting decisions would be impossible.
Smart insurance professionals paying close attention might also realize that the better we are at detecting risks early, the greater impact AI could have on pricing and insurability for clients. AI can help improve underwriting precision, too. To price cyber risks properly, we can't just look at risk factors alone; we need to align discoverable risks and exposures with factors unique to each business. This includes details collected during the application process, as well as other factors, like cybersecurity controls.
Insurers also need to consider the type of applications and systems being used, including third parties, to help assess risk aggregation exposures and latent risk factors. Behavioral characteristics differ quite a bit from one organization to the next, so accounting for things like patch cadence, M&A activity, and technology use is essential.
AI can help insurers connect these dots for each unique client to help make sure the price they pay for their policy is based on the likelihood of loss and not other factors that are less important for cyber insurance. Ultimately, cyber insurers should aim to offer the best price for the risk, incentives to improve, and fewer contingencies and declinations.
Accounting for unpredictable cyber risks
In a quest for precision, we must never lose sight of the fact that cyber risk is inherently unpredictable and dynamic. Cyber risk may be knowable at a micro level on an individual basis and with access to the right data. However, predicting cyber risk on a macro level presents a different challenge.
With the rapid technological advancements, the different ways organizations use technology, the interconnected nature of systems, vulnerability exploitation, and irrational behavior of threat actors, there are just too many variables to make precise predictions. Fortunately, we can use AI to build scenario-based models that help actuaries account for the dynamic risk variables contributing to extreme cyber events. These event sets help to improve dynamic risk modeling, so insurers are better positioned to understand event severity, quantify aggregation points, and, ultimately, the insurance impacts we care about most: claims.
Scenario-based models help us avoid blind spots and surprises, treating extreme events as the starting point rather than outliers. With the assistance of AI, we'll soon be able to build and test scenarios that help actuaries anticipate event severity and manage volatility with incremental, not reactionary, adjustments.
Harnessing the power of AI to retool underwriting
The challenges on the horizon for cyber insurance may seem daunting, but the industry is well-positioned to address them head-on. Not only do we have access to cyber threat data in near-real-time and new AI tools at our disposal to augment human expertise, but we also have actuaries with both cybersecurity knowledge and real-world cyber insurance experience to help us navigate the path forward.
By shifting the actuarial science paradigm using the power of AI, we can retool cyber insurance underwriting to help us address the speed and volume of new threats, analyze mass volumes of data, and account for unpredictable risks.
