When Change Healthcare was hit by a ransomware attack in early 2024, the financial fallout was staggering.UnitedHealth Group reported losses exceeding $870 million in the first quarter alone. But the breach didn’t come out of nowhere.
Before the attack, the warning signs were likely already visible: compromised credentials, unpatched vulnerabilities, and chatter across hacker communities. The intelligence probably already existed. It just never reached the people making underwriting decisions.
This is the fundamental problem with cyber underwriting today. It’s not a pricing problem. It’s a cyber risk visibility problem.
The insurers outperforming in cyber are the ones operating with continuous intelligence, not static data.
Why Cyber Underwriting Doesn’t Work with Point-in-Time Data
Traditional cyber insurance underwriting relies on questionnaires, historical claims data, and point-in-time assessments. That works for property. It doesn’t work for cyber.
A company’s digital exposure can change dramatically in days, hours, or even minutes. Employee credentials appear on dark web marketplaces. New vulnerabilities are disclosed. Ransomware groups actively scout targets using publicly available data.
Yet most underwriting decisions are still treated as snapshots, a single moment frozen in time. The result is a growing gap between what was underwritten and what actually happened.
The Hidden Cost of Poor Cyber Risk Visibility
Without continuous visibility, underwriters face three recurring problems.
Preventable cyber claims. DynaRisk intelligence has identified cases where compromised credentials were visible 90, 120, and even 402 days before an attack took place. These are months of warning that never reached the underwriter.
Invisible cyber risk accumulation. A single software vulnerability can affect dozens of insured businesses at once. Without portfolio-wide monitoring, these concentrations only become apparent after multiple claims land simultaneously.
Backward-looking cyber underwriting decisions. Claims history tells you what has already gone wrong. It doesn’t tell you what’s about to go wrong. Without forward-looking intelligence, underwriting decisions are made in the rear-view mirror.
From Point-in-Time Cyber Underwriting to Continuous Risk Monitoring
The shift reshaping the market is a move from point-in-time underwriting to continuous, intelligence-led monitoring.
When underwriters can see real-time exposure across their portfolio: stolen credentials, unpatched systems, and active threats, three things change. Risk selection becomes evidence-based rather than assumption-based. Portfolio management becomes proactive rather than reactive. And loss ratios start to reflect prevention, not just pricing.
This doesn’t replace underwriting judgment. It strengthens it.
How to Improve Cyber Underwriting
Improving cyber underwriting requires continuous visibility into risk. By combining cyber risk monitoring, threat intelligence, and portfolio-level insights, insurers can move from reactive underwriting to proactive risk management.
How DynaRisk Powers Smarter Underwriting
DynaRisk’s intelligence engine supports cyber underwriting and cyber risk monitoring by continuously tracking over 1,000 hacker communities and tracking more than 34 billion stolen records across 450 million domains. These signals are transformed into actionable risk scores and alerts that help underwriters see what questionnaires miss.
By embedding this intelligence into the underwriting workflow, insurers can identify concentrations of risk before they become concentrations of claims, flag compromised insureds before incidents escalate, and make portfolio decisions based on evidence rather than assumptions.
Because in cyber insurance, you can’t underwrite what you can’t see.
Want to find out more? Get in touch with our team or book a demo of Breach Check and see how cyber underwriting becomes measurable with real-time risk visibility.