How to use cyber risk signals for better underwriting

Cyber threats are growing in sophistication and volume. For underwriters, the challenge is to have sufficient information and analytics to make informed data-driven decisions. While foolproof security is impossible in the digital world, as no amount of risk mitigation can eliminate cyber risk, understanding and utilising that data effectively can help insurers distinguish between good risks and bad ones.

A changing threat landscape

“From late 2019, we began to see a big rise in Ransomware-as-a-Service (RaaS),” says William Altman, Principal Cyber Security Consultant at CyberCube, a dedicated cyber risk analytics platform for the insurance industry. “The frequency and severity of attacks increased through the height of the pandemic, and the growth of the RaaS model has dramatically changed the market for cyber insurance. Brokers are taking a more proactive approach to prepare clients for conversations with insurers, while underwriters are becoming stricter in their demands for minimum levels of cyber security hygiene.”

Altman says that ransomware is the number one way to monetise cyber crime and should be top of mind for insurers. While some insurers are developing countermeasures, ransomware is a moving target. Today ransomware threat actors are increasingly incorporating extortion tactics such as threatening to publish stolen data, pressuring their victims to meet their demands.

“We should expect ransomware tactics to change dramatically over the next six months,” says Altman. "Geopolitical events including the war in Ukraine and international sanctions have greatly impacted the RaaS economic model. Threat actors will continue to adapt and innovate as they look to maintain their profits.”

Managing risk with cyber signals

Insurers must analyse a vast amount of data, including enterprise, digital supply chain, external network scan, internal behind-the-firewall security, expert intelligence and historical data to gain a comprehensive view of cyber risk.

As cyber risks are multiplying and becoming more complex, underwriters must be aware of cyber threat trends and stay abreast of the changing risk landscape. The best cyber risk signals measure cyber hygiene and equip underwriters to identify red flags. Additionally, effective cyber risk signals will enable underwriters to differentiate between seemingly similar accounts.

“Signals are generated by analysing raw data,” says Altman. “This involves scanning ports, DNS sinkholes, the dark web, remote desktop protocol (RDP) software and anything else that might increase a potential customer’s risk exposure to a cyber event.”

It is important that cyber risk signals are reflective of threat actor activity and are validated for their predictive power using analysis of historic cyber events. “Not all cyber risk signals are created equal,” says Altman. “Identifying cyber risks using the right signals is the first step to profitable cyber underwriting. Once underwriters have selected the correct signals for their strategy, they can quantify cyber risk to enable more accurate pricing.”

360-degree analysis

Altman says that to help underwriters create accurate pricing models and know when to avoid a risk, cyber signals should reveal risk factors both in absolute terms and compared with peer groups and other variables. In addition to identifying controllable security risks, underwriters need to access a company’s inherent cyber exposure. “Understanding a company’s inherent exposure is important for identifying whether or not it is an attractive target for cyber threat actors,” says Altman.

The science of signals

As cyber threats increase, insurers need up-to-date, accurate, relevant information to control risks and minimise cyber-related claims. A cyber signals strategy reinforces the art of underwriting with science and provides a more complete view of risk in one of the most challenging areas for insurers.