The cyber underwriting process is a comprehensive assessment by insurers of a company’s risk monitoring software, breach history, data management, and more when determining appropriate insurance policy coverage.
This detailed process informs firms about existing security posture and potential risks associated with your business, all of which impact liability, deductible, and overall ability to obtain coverage.
While insurance is currently a buyer’s market, underwriters are paradoxically becoming more selective, asking for more detail to fully understand companies’ associated risks and cybersecurity presence. In fact, some insurance firms will not meet with organizations lacking robust cybersecurity monitoring systems in place.
Through utilizing tools such as non-invasive scans, continuous monitoring assessments, breach history reporting, compliance verification, benchmarking, and cyber risk quantification, underwriters can effectively determine appropriate policy coverage to insure your business in a cyberattack.
The Cyber Underwriting Process
Thorough underwriting not only assesses your company’s security posture, but the associated risks, by proxy, to the insurance firm providing coverage. This means it is more affordable—for your business and for insurance firms—if your company is low risk.
To determine potential exposures and stipulations, underwriters typically evaluate the following:
- Existing Cybersecurity Monitoring: whether your organization has continuous monitoring software in place
- Basic Business Information: your industry, the nature of your company, and what types of information you store (Social Security numbers, phone numbers, customer names, addresses, etc.)
- Data Backups & Management: how and where you store sensitive information, such as data backups, segregation across multiple interfaces, and disaster recovery plans, if any
- Security Policies & Procedures: habitual routines around password protection, email literacy, two-factor authentication, use of personal devices for work purposes, and more
- Breach History: consideration of historical security breach data to determine the effectiveness of current methods and likelihood of repeat attacks
- Relative Benchmark: comparison of your security posture alongside other related companies to understand how your risks measure against industry standards
Essential Tools During the Cyber Underwriting Process
To effectively evaluate items including but not limited to those listed above, insurers leverage a series of essential tools to gauge risk, security posture, and other pertinent details throughout the underwriting process, including:
Non-Invasive Security Scanning
To generate full visibility into a company’s security posture, underwriters utilize non-invasive assessment techniques, scanning IP addresses, domains, networks, and more for exposed credentials, vulnerable posts, SSL credential validation, and whether secure email gateway (SEG) and DDoS (distributed denial-of-service) are employed, according to an analysis from cyber insurance training organization Cyber Insurance Academy.
Following this thorough evaluation, firms score the company’s security posture and report findings, the study continues, both of which will be pivotal in determining liability and coverage.
Continuous Monitoring Assessment
Perhaps one of the most fundamental aspects underwriters gauge is whether your business already has a robust, 24/7/365 solution to monitor endpoints, detect vulnerabilities, and curb threats before they become attacks. Without cybersecurity software, your organization remains fundamentally vulnerable to threat adversaries and a liability for firms to insure.
According to the 2020 IBM Security “Cost of a Data Breach Report,” companies with security automation services saved around $3.58 million in data breach costs compared to those lacking continuous monitoring.
Given U.S. data breaches average around $8.64 million—substantially higher than the global average of $4.62 million, according to IBM Security’s 2021 “Cost of a Data Breach Report”—it is crucial businesses invest in cybersecurity software, not only for underwriting purposes, but to avoid joining the 65% of other U.S. companies to have suffered from ransomware.
Breach History Reporting & Recent News Research
With 80% of organizations suffering reinfection after paying ransom during an attack, vulnerable businesses are prime candidates for repeat strikes, and underwriters are aware of this prevalence.
Whether due to the absence of continuous monitoring or proper controls in place, or because the threat actor never left, cyber reinfection rates are increasingly common in companies today, a primary reason why underwriters may generate breach history reports to reflect loss history.
Insurers might also additionally rely on recent news research for any suggestion that your organization might be at a heightened attack risk, according to the cyber underwriting report by data analytics and risk assessment firm Verisk titled “Solving for Cyber: How a Security + Insurance Approach Can Help Cyber Underwriters Tame a Tough Market.”
Compliance Verification & Benchmarking
It is essential companies comply with cyber-related legislation. Underwriters will likely inquire into your compliance with regulatory frameworks, as well as whether you are involved with privacy or outside security groups, or use dated hardware and software, reads a brief from independent insurance agency The Insurance Exchange.
In this process, firms may also use a benchmarking tool to compare your overall security stature and risk management strategies against that of other related companies. This enables insurers to gauge how your posture relates to standards in the industry, continues the aforementioned Cyber Insurance Academy analysis.
Cyber Risk Quantification
Cyber risk quantification empowers companies and underwriters to understand the projected losses and different financial impacts associated with various cybercrimes including ransomware, data exfiltration, extortion, and more, the report reads.
In doing so, insurers might collect all relevant data points to effectively communicate and itemize these varying impacts to businesses, as the predictive cyber risk modeling platform Kovrr discusses in its case study titled “No More Black Boxes.”
With 22% of companies reportedly possessing “no confidence” they would be able to respond to or recover from cybercrimes, states global professional services firm Marsh McLennan‘s 2019 “Global Cyber Risk Perception Survey,” it is crucial to quantify projected losses from the variety of prevalent cyber events.
The Role of Continuous Monitoring
Through utilizing these tools and others, underwriters can effectively gauge the appropriate insurance policy for a given business. However, in today’s evolving threat landscape, the role of preventative action through continuous monitoring software is more important than ever.
Cyberattacks occur every 39 seconds, and amid a 105% surge in ransomware during 2021, cybercrimes are projected to cost the world an unthinkable cumulative $5.2 trillion between 2019 and 2023, according to Accenture Security’s 2021 “The State of Ransomware” report conducted by independent research center Ponemon Institute.
Anticipating the inevitability of ransomware and other crimes goes beyond applying for cyber insurance, which aids businesses following an attack—when millions of dollars have already been lost.
To comprehensively protect your business against the devastating financial and reputational blows associated with a breach, it is paramount to invest in cutting-edge cybersecurity that monitors endpoints for vulnerabilities, detects threats, and contains them before adversaries have opportunities to strike.
Cybersafe Solutions is a state-of-the-art managed security provider specializing in Security Operations Center as a Service (SOCaaS). With more than 20 years of experience in the online threat landscape, our expert team leverages cutting-edge technology to safeguard your organization’s important assets. Contact us today to learn more about how to strengthen your security strategy with continuous monitoring software.