With cysmo, the insurance company was able to expand its risk assessment to include an objective view of an interested party's IT infrastructure that is visible from the outside. This enables them to confirm positive initial impressions or uncover negative technical weaknesses in advance in less than a minute.
In order to prevail in competition, it is not only the insurance companies' products that have to convince the customer. The processes running in the background and their greatest possible optimisation are also becoming increasingly important. A comprehensive risk assessment is essential, especially in the field of cyber insurance. However, identifying such risks can also be a rather complex process.
For small and medium-sized enterprises, it is often not economically feasible to conduct elaborate IT audits or penetration tests in addition to risk questions.
On the contrary – customers expect a quick risk assessment, few questions and, above all, lean processes. As a result, risk questionnaires are shortened and trimmed down so that the manual effort for customers is not too great. In addition, process expectations on the part of insurance companies are also shifting in the direction of increased efficiency and automation.
This increases the risk that some important information is lost and that an underwriter can no longer make a risk-adequate assessment of a company. On top of that, the answers to risk questions alone only represent a subjective picture of the insurance holder.
The fully automated solution cysmo enables the insurance company to generate a risk report of the insurance holder at the touch of a button and to include the results as supplementary information in the risk assessment. The risk report considers the external view of a company's IT infrastructure and thus makes it possible to reflect the view of a potential attacker. The vulnerabilities found are evaluated according to their criticality and presented in a PDF report.
In order to optimise the process even further, we analysed the results together with the insurance company and specified individual criteria that were defined as mandatory by the insurance company in the initiation process. This represents a significant improvement in process optimisation and partial automation.
Expired software, infected systems or compromised data lead to an early rejection or referral to manual underwriting. The assessment is objective and transparent. The report also helps the customer understand the decisions.
Benefits and advantages
The synergy from the evaluation of the risk questionnaires and the cysmo results enables the underwriter to get a more comprehensive picture of the insurance holder. At the same time, customers can much better understand a decision made from an underwriter's perspective. Furthermore, additional expenses can be avoided by ruling out interested parties in advance in case of non-compliance with criteria. This means that they do not have to go through the risk questionnaire process, which would also lead to a rejection. Moreover, added value in underwriting can be combined with added value in sales. With cysmo, there is no either-or for the cooperation between sales and product areas, but a hand-in-hand.