What does market-leading cyber claim management look like? | Insurance blog

Recently, many leading insurers have applied transformative solutions to improve their cyber products. With the cyber insurance market designed to doubles to $29 billion by 2027we explore what constitutes market-leading cyber claims management.

In this blog we will delve into the complexities of cyber claims response, the essential skills required of claims adjusters, and the steps insurers must take to achieve excellence in cyber claims management.

The complexity of cyber claims

The most comprehensive cyber coverage covers a wider range of perils than most other insurance products:

1. Primary coatings: This includes damage to devices, damage to the network, damage to physical materials and damage to digital assets. It also covers damage or theft of intangible assets, theft of funds and costs associated with recovery, restoration and remediation. Also included are financial losses due to business interruption, lost business opportunities, reputational damage, ransomware and extortion. In addition, expenses related to investigations, notification of affected third parties and damages to intellectual property such as patents and trademarks are covered.

1. Third Party Coverages: These coverages include contractual and legal liability, regulatory proceedings and multimedia liability. It also includes civil damages, compensation, payment card loss, errors and omissions, technology professional liability, miscellaneous professional liability, and network security and privacy liability.

When the policyholder of a comprehensive cyber product is a large multinational company with B2B and B2C customers, handling a potential large-scale claim becomes extremely complex for claims adjusters. Cyber ​​claims, similar to oil spills, are catastrophic in nature, recognize no geographic boundaries, and are continually evolving and unpredictable. Cyber ​​breaches can have a critical impact on businesses, societies and critical national infrastructure, including hospitals, water and sanitation systems and airports.

The complexity, however, extends even further. Cyber ​​claims present unique challenges for today’s claims adjusters due to the complicated technical nature of claims involving IT systems, both tangible and intangible assets, cybersecurity protocols, digital forensics, and the ever-changing regulatory and legislative landscape around protection data, AI protection. and privacy law in all affected jurisdictions.

In addition, a cyber claims adjuster must be adept at training and managing a diverse group of specialists, ranging from IT forensics experts, data experts and forensic accountants to credit monitoring experts, legal breach counsel, relationship experts public, crisis management professionals and ransomware. attack experts.

Skills of a Cyber ​​Claims Adjuster

The skills of a cyber claims adjuster are multiple and require a detailed understanding of various aspects:

Knowledge requirements: a cyber claims adjuster must possess advanced, industry-recognized qualifications and typically have experience in errors and omissions (E&O), trade credit, political risk and/or crisis management. They need working knowledge of the application of primary and third party cyber coverages, booking processes, assessments and risk management, typically gained from previous roles in cyber claims or broker support.

Experience requirements: The industry faces challenges due to a limited talent pool. It is critical for adjusters to understand the roles and responsibilities of the various experts involved in cyber claims. Their hands-on experience is vital to the effective supervision and management of these experts to ensure prompt response to complaints, effective mitigation actions to prevent further losses and complete resolution of complaints. Cyber ​​claims have grown in complexity and quantity, but many adjusters come from ancillary lines of business. A key skill that is often missing is proficiency in IT systems, cyber security protocols, digital forensics, intangible assets and a deep understanding of ever-evolving IT, AI, GDPR and consumer privacy regulations and legislation. This is especially critical when insurance covers technology-based companies, where coverage is often customized and niche.

Operational Responsibilities: Adjusters must effectively determine the existence, cause and scope of a breach and manage key activities in handling cyber complaints. This includes selecting and managing the appropriate incident response team, assessing ongoing or completed breaches, assessing the impact on the client’s business and assessing breaches of cyber security protocols. It also covers responding to current data protection and privacy regulations, identifying and responding to fraud triggers and providing feedback on underwriting risk controls and actuarial tables.

Knowledge of customer segment: Competent knowledge and experience with a wide range of client segments, from SMEs to multinational clients and large companies, is also essential for a cyber claims adjuster. Because Cyber ​​is such a fast-evolving product and still sub-scale to many other lines, insurers face the difficult question of whether to organize their cyber claims team as a line of business CoE or whether to adhere to existing CoEs focused on on SMEs, medium. market, multinational customers, etc.

Emerging risks and challenges

The task of determining the existence, cause and scope of a breach is becoming increasingly complex due to the expanding coverage of cyber insurance, the rapid evolution of the technology and data platform, the catastrophic and systemic risks associated with breaches and the implications Gen AI. Gen AI presents new opportunities and challenges, improving capabilities for both cyber attackers and defenders, leading to more sophisticated attacks almost daily.

Strategic choices to become a market leader in cyber claims

In summary, there are four key components to getting it right:

1. Insurers need a claims application that supports adjusters in effectively managing their incident response team and experts. The application must be cyber-fit for purpose, which means comprehensive master data management to orchestrate the 100+ data points relevant to cyber claims, as well as expert-specific permission access to documents.
2. Insurers need a comprehensive and continuous development program to remain competent in the evolution of cyber risk, technological changes and, in particular, the opportunities and challenges that Gen AI presents.
3. Insurers need a comprehensive cyber security room that provides a secure space for pre-incident counseling and training, incident response planning, notification services, etc.
4. Insurers need a continuous feedback loop of underlying claims data to inform actuarial tables and underwriting risk controls. Market leading insurers achieve this with a scalable infrastructure and architecture so that technical pricing for all variables is informed in real-time based on loss history.