How to use cyber risk signals for better underwriting
Insurers who use cyber risk signals can craft more profitable underwriting strategies. William Altman, Principal Cyber Security Consultant at CyberCube, highlights key considerations when identifying and avoiding bad cyber insurance risks.
Cyber threats are growing in sophistication and volume. For underwriters, the challenge is to have sufficient information and analytics to make informed data-driven decisions. While foolproof security is impossible in the digital world, as no amount of risk mitigation can eliminate cyber risk, understanding and utilising that data effectively can help insurers distinguish between good risks and bad ones.
A changing threat landscape
“From late 2019, we began to see a big rise in Ransomware-as-a-Service (RaaS),” says William Altman, Principal Cyber Security Consultant at CyberCube, a dedicated cyber risk analytics platform for the insurance industry. “The frequency and severity of attacks increased through the height of the pandemic, and the growth of the RaaS model has dramatically changed the market for cyber insurance. Brokers are taking a more proactive approach to prepare clients for conversations with insurers, while underwriters are becoming stricter in their demands for minimum levels of cyber security hygiene.”
Ransomware can be defined as any type of malicious software that is designed to infiltrate and block access to a computer system until a sum of money (the ransom) is paid. The RaaS model is where bad actors industrialise and sell ransomware technology and techniques. RaaS kits are now prevalent on the dark web and can be bought relatively easily by threat actors who want to launch a cyber attack but lack the expertise to do so.
Altman says that ransomware is the number one way to monetise cyber crime and should be top of mind for insurers. While some insurers are developing countermeasures, ransomware is a moving target. Today ransomware threat actors are increasingly incorporating extortion tactics such as threatening to publish stolen data, pressuring their victims to meet their demands.
“We should expect ransomware tactics to change dramatically over the next six months,” says Altman. "Geopolitical events including the war in Ukraine and international sanctions have greatly impacted the RaaS economic model. Threat actors will continue to adapt and innovate as they look to maintain their profits.”
Managing risk with cyber signals
Insurers must analyse a vast amount of data, including enterprise, digital supply chain, external network scan, internal behind-the-firewall security, expert intelligence and historical data to gain a comprehensive view of cyber risk.
As cyber risks are multiplying and becoming more complex, underwriters must be aware of cyber threat trends and stay abreast of the changing risk landscape. The best cyber risk signals measure cyber hygiene and equip underwriters to identify red flags. Additionally, effective cyber risk signals will enable underwriters to differentiate between seemingly similar accounts.
“Signals are generated by analysing raw data,” says Altman. “This involves scanning ports, DNS sinkholes, the dark web, remote desktop protocol (RDP) software and anything else that might increase a potential customer’s risk exposure to a cyber event.”
DNS sinkholes: A method of redirecting traffic from one Domain Name Service (DNS) server to another.
Dark web: Hidden internet sites that can only be accessed by a specialised web browser. Often used for illegal activity.
Remote desktop protocol (RDP): A Microsoft protocol that enables remote connections to other computers.
It is important that cyber risk signals are reflective of threat actor activity and are validated for their predictive power using analysis of historic cyber events. “Not all cyber risk signals are created equal,” says Altman. “Identifying cyber risks using the right signals is the first step to profitable cyber underwriting. Once underwriters have selected the correct signals for their strategy, they can quantify cyber risk to enable more accurate pricing.”
360-degree analysis
Altman says that to help underwriters create accurate pricing models and know when to avoid a risk, cyber signals should reveal risk factors both in absolute terms and compared with peer groups and other variables. In addition to identifying controllable security risks, underwriters need to access a company’s inherent cyber exposure. “Understanding a company’s inherent exposure is important for identifying whether or not it is an attractive target for cyber threat actors,” says Altman.
The science of signals
As cyber threats increase, insurers need up-to-date, accurate, relevant information to control risks and minimise cyber-related claims. A cyber signals strategy reinforces the art of underwriting with science and provides a more complete view of risk in one of the most challenging areas for insurers.
CyberCube’s analytics platform was launched in 2015 as part of NortonLifeLock Inc. (formerly called Symantec), a consumer cyber safety company. Now operating as a standalone company exclusively focused on the insurance industry, CyberCube provides data, signals and models to help quantify cyber risks. It enables insurers to make better decisions about risk selection, monitor cyber risk trends and optimise portfolios.
Blog posts
User questions
Answered questions
Unanswered questions
Views: 5809
Downloads: 0
0 % | |
0 % | |
0 % | |
0 % | |
0 % |
Page is favored by 0 user.
Contact inquiries: 0