Cyber Insurance Underwriting: Challenges & Importance in the Digital World

Cyber insurance takes care of your business liabilities in case of a data breach. This includes all customer-sensitive information like bank details, PIN, social security number, etc. 

The cyber insurance market is huge and is expected to touch $20.6 billion by 2025.

As far as cyber insurance underwriting is concerned, it is a process carried out by insurance companies. 

  • About Cyber Insurance Underwriting:

The cyber insurance underwriting process helps insurance companies appraise the client’s risk and exposure. It also helps estimate the recovery cost from damage done by cyber-attacks, security breaches, or other suspicious activities. 

The rise in cyber-attacks has directly enhanced the rise in insurance claims, and this is the sole purpose that has led to varied amendments in the underwriting process. The other causes of these underwriting amendments are:

Enhancement in the regular occurrence of claims and the cost of ransomware attacks.

Claims under customer privacy legislation like GDPR (General Data Privacy Regulation) and CCPA (California Consumer Privacy Act).

Covid-19 has added fuel to the fire, thus forcing cyber insurance agents to revise their policy details and the risk assessment process. Cyber insurers are becoming more stringent and precise in their underwriting policies.

This blog is meant for all who plan to purchase cyber insurance or are renewing their current policy. 

So, friends, before you buy a cyber insurance policy or agree to an underwriting policy renewal, it’s vital to be aware of the cyber market, its changes, and how well your policy suffices complete coverage of your damages.

  • Importance of Cyber Insurance:

Cyberattacks spare no one. They are all prone to cyber-attacks, be they large enterprises or small-sized businesses.

Cyber insurance helps cover all the damages caused by such cyber-attacks. Let’s check out a few damages that are covered by cyber insurance.

  • Loss of Data
  • Interruption of Business
  • Loss of Profits
  • Ransom Payments or other Extortion Costs
  • Cost of Reputation Loss
  • Legal Expenses 
  • Development of Cyber Insurance Underwriting:


Ransomware accounts for 75% of cyber claims.

The above statement is enough to justify the importance of cyber insurance and the development of the cyber insurance underwriting process. 

The cyber insurance company bears huge expenses due to the rise in cyber breaches to reduce these costs and monetary losses. Insurers are coming up with strict risk assessments. The application form submitted by the policyholder and the entire policy coverage is scrutinized before releasing the policy amount.

To alleviate the impact of the cyber-attack, insurers are resorting to sophisticated technology apart from the generic underwriting questions. This sophisticated technology can help insurers evaluate the monetary impact of cyber breaches in the present and the future.

After the underwriting policy is insured, these insurers can constantly monitor the cyber-security of the business and keep an eye on the upcoming cyber threats.

Risks Checked by the Underwriters:

Cyber insurance underwriters are aware of the tricks implemented by hackers (security lapses due to outdated software, open ports, etc.) to penetrate networks. These underwriting insurers confirm with policy owners whether they are aware of these risks or not. They also check out the measures taken by them to mitigate them.

These measures include strong site and data security, SSL certificate for data encryption, MFA (multi-factor authentication), end-point security, updated systems, proper network segmentation, etc.

If these insurers fail to find the stated solutions and are not satisfied by the insuree’s actions taken against the cyber risks, they can charge high premiums or reject coverage.

Changes in Cyber Insurance Underwriting:

A few years back, cyber insurance underwriters would ask for minimal information to grant a new policy or renewal purposes. This would include the revenue details, company data, security practices, etc. 

But in the current years, this information is not sufficient to assess the risk. Hence, these underwriters are digging deep into gaining specific information, controls, security parameters, protocols, tools implemented for threat mitigations, etc. 

Accurate policy language, the reasons that can trigger an attack, precautions taken by the company, and the losses the policy will pay are all calculated and covered so that both the insurer and the insured are taken care of.

Preparing a Cyber Insurance Application:

A proper evaluation is possible only with proper preparation. 

Be it the application phase or the renewal phase of your cyber insurance policy. You need to prepare yourself and your team to resolve the queries asked by your insurer.

Common Cybersecurity Controls Insurers Look For

Steps:

The insurance process is not a one-man job. To get a favorable outcome, teams of varied departments need to be kept in the loop. Engage your IT team, legal staff, and accounting personnel for a better and perfect insurance application.

Gather and submit all the details required by the insurer like:

How is your company complying with security regulations?

How is the company addressing cyber threats? What are preventive actions taken to nullify the threat?

How employee awareness is ensured, how response plans are implemented, and how network security is monitored and tested?

  • How is secured remote working ensured in the Covid-19 phase?

Review all the security endpoints, controls, and other company policies to ensure that all these elements are in place. The underwriters will access all this stuff. If any policy is not in place or any security vulnerability is unaddressed, check out to ensure that everything is up to the mark.

Any security lapses in auditing the risk factor or the risk assessment costs must be addressed and eliminated for better insurance coverage.

Finally, spotlight the initiatives and the steps implemented by your company for nullifying or lessening the impact of cyber-attacks. 

Approach your underwriters after completing your insurance application and respond to their queries and concerns with confidence. 

Once a trust factor is developed between the parties, i.e., the insuree and the insurer, the cyber insurance process will be smooth, and the policy coverage will be gratifying.

Ensure that your Policy Covers all the Risks:

You need to research your insurer, their working pattern, and the policy suggested by them to cover your losses, i.e., you need to have a clear head about what is included in your policy and what’s not.

Example:

In case of a ransomware attack, your insurance policy should cover the financial loss in case of ransom amount paid to intruders.

In case of a cyber-attack, your policy should cover monetary damages.

  • Types of Coverage and Non-Coverage of Cyber Insurance:

Cyber insurance coverage is of 2 types:

1st party coverage wherein the company is involved, i.e., incurred expenses that need to be recovered.

3rd party coverage wherein the customer/partner/vendor/3rd party, etc. are involved, i.e., these parties need to be paid the breach expenses which need to be recovered.

Different cyber insurance underwriters may cover the ransom amount, whereas some pay covers only a part of it. Some insurers may insure less, whereas some may limit the policy amount.

Always check out your cyber insurance policy coverage and keep a note of the exclusions for better management of risk and finances.

Enhanced Cyber Insurance Rates:

Global Insurance Market Index Report indicates that the cyber insurance rates increased by 110% in the US (1st quarter, 2022)

Cyber insurance companies are going nuts with the rise in loss amounts incurred due to the heavy count of cyber-attacks. With proper planning and execution, it’s possible to lessen the cyber insurance costs to balance the high premiums.

Cyber Insurance for the Long Haul:

Congrats!! You have successfully got your cyber insurance policy.

But the celebration is a bit far since cyber insurance underwriters keep changing their policies. Your insurer may change the policy amount or the premium amount during the renewal time.

They may also expect more information or other updates during their entire tenure. Be patient and keep updating and highlighting your company’s cybersecurity practices to gain their trust and benefit.

Wrapping Up:

Cybersecurity practices need to be tightened up regularly, with or without cyber insurance. This will not only benefit your business but also help in preparing for cyber insurance in the future.

Cyber insurance is likely to turn into a big market due to cyber-attack frequency and huge damages. But this industry, too, faces many challenges like precision in risk assessment, lack of future prediction of cyber risk, uncertainties, precision in loss/damage calculations, etc., apart from the cost of legal battles and other security issues.

The future expansion of this business solely depends on how well these challenges are faced and how these issues are addressed and resolved.