7 Strategic Cyber ​​Steps for the Chief Underwriting Officer | Insurance blog

Cyber ​​is an expanding net-new growth area with the opportunity to provide a compelling insurance proposition, particularly in the mid-market. However, the path to becoming a profitable and market-leading cyber insurer is fraught with challenges. In this article, we outline the essential strategies to develop a leading cyber offering, culminating in a guide to the 7 strategic cyber steps for the Chief Underwriting Officer.

Why midmarket cyber has unique challenges to mitigate

The cyber risk landscape is evolving so rapidly that insurers need a robust framework to, for example, enable continuous learning based on data from past claims, provide a seamless quote and underwriting process, and mitigate unintended risk aggregation .

While the SMB market will typically purchase standard direct and online cyber coverage, the mid-market consists of businesses that are serviced by brokers and agents. These companies require insurers to possess both foundational and advanced capabilities to effectively address the unique challenges of cyber risk in the middle market. Key challenges that are unique to mid-market cyber are as follows:

Transparency and clarity for brokers and agents: Since the middle market is primarily served by brokers and agents, it is essential that the insurer’s risk appetite and underwriting approach are transparent. Whether the insurer offers a dedicated cyber broker portal or uses existing portals for multiple lines of business, the key is to have a transparent risk appetite and make brokers compare quotes and place business seamlessly. In addition, it is imperative that you return accurate quotes on the same day.

The need for standard and custom policies: The middle market consists of companies that purchase both standard and customized policies. Therefore, insurers need to be able to quickly change changes to policy terms, changes to exclusions, or a different mix of higher deductibles or sublimits. Some mid-sized companies have sophisticated risk mitigation, prevention and incident response planning requirements. For large mid-market customers a thorough exposure analysis may be required to design the right insurance coverage.

Significant amounts of data: While no more than four data points are needed from an SMB customer for a standard cyber policy (customer name, industry, revenue, and website), mid-sized customers need many more data points. Some data points can be obtained through open APIs and by fetching structured data from brokers, but the higher the complexity of the risk, the more likely the relevant data points will end up in unstructured documents.

Establishing a robust digital infrastructure for cyber assurance

Cyber ​​insurers need core capabilities in distribution, quoting and bonding to ensure a seamless business process. The operating model starts and ends with being focused on the customer and broker experience. If insurers choose to organize by customer segment (eg, a mid-market Center of excellence serving all lines of business) or across lines of business (eg a single specialist cyber team dealing with distribution, underwriting and claims), it is important that this is a conscious choice made at C- level.

All customers, regardless of whether they purchase cyber insurance, should quantify their cyber risk and define their key cyber risk scenarios as part of their incident response planning. If they don’t, they run an unknown and potentially significant risk through their balance sheet. Some insurers may choose to invest in risk scenario capabilities, while others will rely on brokers or outsource to cybersecurity experts. The capabilities required for in-depth exposure analysis are similar to those offered by some insurers in a cyber safe room that provides a safe space for pre-incident counseling and training, cyber stress tests, cyber security readiness verification tools, solutions for detection and response, incidents. response planning, notification services and built-in complaint services.

A key fundamental capability for cybernetics is a powerful digital core and master data management that is fit for purpose. Insurers need strategic tools such as a robust digital core and proper underlying data management to perform detailed exposure analysis at the quote stage. These tools facilitate granular risk accumulation and establish a framework for measuring and understanding aggregate cyber risk exposure based on various parameters, including industry sector, underlying hardware and software, cybersecurity maturity, supply chains, jurisdiction and company size. A detailed exposure management framework is crucial to effectively mitigating the risk of unintended risk aggregation.

Building advanced, market-leading cyber capabilities

A critical component to becoming a market-leading cyber insurer is that technology and data capabilities must be designed to operate at scale and in real time. Cyber ​​insurance is among the most challenging sectors due to the potentially catastrophic and limitless nature of breaches. Cyber ​​incidents can be continuously evolving and unpredictable, similar to oil spills, and can have a critical impact on businesses, societies and critical infrastructure such as hospitals, water and sanitation systems and airports. Today, the potential for insurers to face the unintended pooling of risks is a clear and present threat.

As mentioned above, significantly more data points need to be captured and modeled in the rating and linking stage for middle cyber policies. In addition, when the loss is first reported, there may be hundreds of relevant data points, which is much more than, for example, in the case of a car claim, where insurers typically capture 20-30 data points that are engine-specific (vehicle details, purpose of use, witness details, IoT data, etc.). For a cyber claim there are more than 100 data points that can be relevant for continuous learning and refinement that feeds exposure management, actuarial tables and risk controls in the underwriting system. This, in turn, is what allows a market-leading insurer to remain profitable through a robust framework around risk appetite and pricing.

That previous covered, there is a shortage of cyber talent with deep proficiency in cyber security protocols and a deep understanding of ever-evolving regulations and legislation in IT, AI, GDPR and consumer privacy. While investing in talent and continuously improving underwriters and claims adjusters, there are high-impact use cases in cyber insurance for AI and Gen AI solutions. We’ve seen AI and Gen AI save underwriters tens of hours a month and empower them to spend their time only on niche and dangerous risk areas that require deep human expertise.

Insurers with a strong digital core can move quickly to accelerate profitable growth in cyber, but most insurers fall short of making the necessary investments to deploy AI and Gen AI at scale. percent from AccentureThe Pulse of Change research46% of insurance industry leaders say it will take more than 6 months to scale Gen AI technologies and take advantage of the potential benefits. If the applications and data are not in the cloud and if there is not a strong security layer, then it is virtually impossible to benefit from Gen AI at scale.

The 7 Strategic Cyber ​​Steps for the Chief Underwriting Officer

In today’s rapidly evolving technology landscape, insurance executives are faced with the critical task of leading their organizations through the complexities of cyber insurance. The following strategic steps provide a roadmap for insurers to not only survive, but thrive in this challenging environment:

1. Define your identity in cyber insurance: Decide whether you want to be a conservative insurer, a fast follower or a market leader. This choice will guide your investments and emphasize cyber as an essential part of your business.
2. establish your cyber brand: Determine your signature offering in cyber insurance, whether it’s leading risk consulting, competitive pricing, optimized and AI-driven processes, or a strong reputation in claims service.
3. Opt for specialization: Choose between establishing a dedicated mid-market Center of Excellence (CoE), a cyber-specific CoE, or a hybrid operating model.
4. Improve responsiveness: Transform or implement new capabilities to deliver accurate quotes within hours.
5. Refine your underwriting practices: Decide the optimal number of subscript variables for the technical price. Reverse engineer processes to capture critical data at the broker submission and claim notification stages.
6. Assess cyber exposure management: Engage external experts to assess your cyber exposure management, helping to avoid unintended risk aggregation.
7. Invest in talent: Focus on a talent strategy that improves skills and integrates advanced technologies like AI and Gen AI to keep pace with the evolving cyber risk landscape.

Measuring the path to becoming a leader in the cyber market

Designing and executing a governance framework for cyber assurance presents significant challenges. A crucial aspect involves defining success, establishing metrics for measurement, and determining the actions needed to achieve those goals. Continuous monitoring of financial and operational metrics is essential for timely adjustments, ensuring profitable growth is captured in the cyber midmarket. For further discussion, please get in touch Carmina Lees and Matthew Madsen.