Last updated on April 9, 2020.
The global cyber insurance market is booming. Fuelled by a demand for standalone cyber insurance policies, the industry is expected to grow to around $24 billion by 2024, at a compound annual growth rate (CAGR) of 27% between 2018 and 2024.
Clearly, there is a need for highly customized and dynamic cyber insurance products for each consumer. Small and medium businesses and even individuals are joining larger enterprises in demanding comprehensive cyber insurance to mitigate risk. Each of these business types have their own cyber risk exposure, and the industry these segments thrive in play an important role in underwriting cyber insurance. Factors like physical location, local regulations, and data privacy laws play an important part in determining which product meets the needs of consumers and remains profitable for the insurer.
These five questions can help insurers craft policies and products
1. How do I know I have the right product for my customers?
A well-designed comprehensive cyber product should be able to:
2. How do I design a bestselling cyber insurance product?
A well-designed cyber insurance product should be comprehensive enough to stand the test of time, and should be able to address the risk exposures of all different industries and geographies in which they are located. The product should have innovative loss prevention tools to educate and potentially prevent a breach; and in the event of breach there should be a dedicated breach resolution team so that insureds receive responsive guidance at every step.
Cyber threats are a highly complex, technical, and dynamic issue. Any response must be sophisticated, technically advanced, and constantly evolving. The ‘Digital First’ approach to designing a cyber insurance product line uses design thinking methodologies to help digitally transform the business and address the unique challenges of the cyber insurance market. This process should be led by an experienced, multidisciplinary team of strategists, designers, cyber security technologists, and cyber underwriters who work with the insurer’s product development, marketing, underwriting, and service teams, as well as insureds to (re)design an entirely new experience.
A good cyber insurance product must be highly contextualized to the needs of consumers and offer varying degrees of cyber protection. It should be offered as a bundle with flexible pricing options to make it attractive, affordable and reliable.
While cyber insurance can reimburse the costs an affected consumer pays to respond to a cyber-incident (including litigation fees and damages, and reimbursing revenues lost or expenses incurred due to a disruption related to cyber incident), the key lies in preventing that scenario in the first place.
Often, a cyber-protection bundle offering a continuous threat surface and vulnerability assessment, targeted threat intelligence from dark and deep web, cognitive detection and on-demand consultative remediation support and advisory services serves as a solid add-on. An automated cognitive technology-enabled solution that respects the privacy of the insured, along with an option of a comforting human touchpoint makes a cyber insurance product holistic and attractive to consumers.
3. What are the key success factors of cyber insurance?
4. How do I augment my underwriting expertise?
Cyber Bots can be leveraged to perform non-intrusive assessments, and can gravitate to intrusive assessment depending upon the size of the risk to be covered.
AI/ML techniques to proactively assess and predict cyber risk using data from both structured and unstructured sources is crucial. Not only must the technical data be analyzed and assessed, data from security governance reports, annual reports, and vendor contracts can be used to construct a model to uncover hidden risks associated in processes and controls, even assess third/fourth party risks.
If you use an industry product or a solution to construct your risk model and scoring, it's vital to consider whether it is fully transparent to the underwriter. Every insurer has its own business strategy, risk appetite, procedures, and controls to be considered while using the risk model and scoring. If the commercially provided model is not fully transparent and hides the parameters into recommending a decision, it would be better to assign a lower weightage, and should allow configuration of the model parameters to suit your company’s risk appetite.
5. How can I be continuously vigilant and profitable?
The innate nature of cyber risk continuously evolves. The risk posture of a cyber insurance-covered entity can adversely change any time after the policy has been issued. This puts both the insurer and insured at a significant disadvantage and can have serious repercussions on their business and profitability. A good cyber insurance policy should offer post-contract risk monitoring, assessment, and on-demand remediation should the scores fall below a certain threshold. This will encourage responsible behaviour from both the insurer and insured. If the risk posture increases, the insurer can increase the premium to cover the additional risk and make the insured aware so that he/she can take mitigatory measures. If the risk posture decreases, the insurer can offer discounted premiums and earn customer loyalty.
Reference
Industry :
Pankaj Misra
Global Head of Insurance Digital & Consulting at Wipro
Pankaj has over 25 years of experience in a variety of roles in the Insurance industry and is a strategic advisor to CXOs in ensuring successful Digital First insurance journeys.