There is always a fine balance to maintain between taking on too much or too little risk. MGAs and (re)insurers who write cyber insurance have a lot of factors to consider to maintain a profitable loss ratio. After all, insurance companies are in the business of paying out valid claims but a few wrong moves and loss ratios can rise significantly. Here are some ways you can keep your loss ratio for cyber insurance healthy.
Validating The Proposal Form
The first, and one of the simplest, ways of leveraging technology is to validate a proposal form. While not all (re)insurers and MGAs require one, most do for larger risks. One of the usual questions on the proposal form is some variation of “has your company experienced a cyber attack in the last 12 months?”. Many submissions will respond with “no” to this question.
By leveraging data from a company like DynaRisk, you can easily check if the information on the form is accurate by checking our dataset for evidence that a company has been attacked in the past. Sometimes the person completing the proposal form simply didn’t know their company was attacked. Other times companies might be attempting to bend the truth to get a policy bound because they need it to secure a major contract with a government entity or large corporate client.
While no cyber-insuretech company could ever claim to know about every company that has been attacked, our data will provide a good indication if something happened and is certainly better than relying on a yes/no answer in a proposal form!
Check a Company’s Cyber Risk Exposure
In the old days, a broker would submit a proposal for insurance, and the decision on whether to insure the customer would be based on answers to questions without any validation of their cyber risk exposure. Those days are long gone.
When a proposal is received, check that company’s risk exposure to see if they have vulnerabilities, open high-risk services, hacker chatter, and leaked and stolen data records. These are some of the key factors to understanding if they are highly likely to get hacked or not.
Many (re)insurers and MGAs perform some sort of check but this varies wildly and there are various maturity levels. It’s best to speak to the experts about the different options available which are suitable for differing levels of risk appetite.
Not all tools for cyber risk exposure checking are equal. Scanning for open high-risk services and vulnerabilities is fairly simple to do. The more difficult-to-find, and valuable, insights come from data gleaned from Cyber Intelligence & Dark Web monitoring activities.
DynaRisk is the only Intelligence led cyber-insurtech company with a massive proprietary dataset of intelligence that can predict attacks and help to prevent claims.
Monitor Your Portfolio
Risk changes over time, a low-risk company you wrote a policy for 6 months ago may have become super exposed to a hack because of changes in their digital footprint. Don’t get caught off guard by these changes, monitor for things changing in your portfolio over time.
Insureds love it when their insurer reaches out directly or through a broker to give them a heads-up that there is a security issue they should address. “A problem well-defined is a problem half solved.” – John Dewey.
DynaRisk identifies critical risk signals on 15%-25% of companies which means that over a 3-year period 50%-75% of your policyholders will have had something serious occur which should be managed.
Alert Your Insureds
Have you spotted a new hacking trend that is going around? Have you seen common activity which is driving claims? Market leading insurers and MGAs are proactive in their communications with insureds.
Sending alerts to insureds needs to be targeted and on time. Everyone is busy and let’s face it, companies are usually focused on growing their business and less focused on managing risks. If you are going to send an alert to your customers, make sure it’s relevant to them. Untargeted messages are ignored, and targeted hard-hitting messages get actioned.
If there’s a new hacker technique that’s being used against a particular type of technology, send a targeted message to the companies you know use that technology. That way you can shape your message around practical things they can do right now to reduce their risk.
Gather Actionable Insights
Data is a commodity, insights are valuable. By leveraging technology you can look for themes emerging from your book of business or your prospects. Here are some example insights you could glean from scanning and monitoring portfolios of companies.
5% of the companies we insure are 3x riskier than the other 95%.
Companies using Microsoft Exchange servers for email are targeted more frequently by hackers than those that use another technology.
Government websites are targeted 5x more than the websites of other companies.
These insights can help shape every aspect of your proposition from underwriting to client engagement, risk monitoring, and your sales & marketing messaging.
(re)insurers and MGAs who leverage technology and insights in these ways have market-leading loss ratios. No client switches on all the capabilities all at once, they go on a journey of turning on capabilities one step at a time.