Phdream vipslot login.Enjoy Free 888+200 Daily Legal Bonus

Co-Authored by: Mohammed Ali LSSBB and Dev Jadeja

“It is not if you will be a victim of a data breach, but when”

According to Allianz Risk Barometer, cyber risks, such as IT outages, ransomware attacks or data breaches, rank as the most important risk globally for the year 2023. According to survey respondents, 53% percent of companies see data breaches as a topmost concern in 2023.? A recent study by IBM estimated that annual cost of a data breach reached an all-time high in 2022 of $4.35 million and is expected to surpass $5 million in 2023.

The COVID pandemic has been a super accelerator for the surge in cyber security incidents. In 2021, researchers saw a 50% increase in weekly attacks on corporate networks compared to 2020.?? Cyber-attacks have become more pervasive and sophisticated with advancing technologies.? As per a recent report, ransom demand has gone up from an average of $1000 in 2017 to $10M in 2020 1.? Experts believe that the upward trend will continue with the following predictions:

?

?With potential losses at such a magnitude, the challenges in front of insurance companies writing cyber risks are enormous in terms of assessing the depth of the risks and pricing the risk in absence of meaningful historical claims data.? This has resulted in insurance companies writing policies with limited scope, lower policy limits and a substantial number of exclusions.? This paper explores the current trends in Cyber Security including the types of and the impact of the various threats.? It also reviews the preparedness of insurance companies that underwrite these risks and lastly, will provide perspective on what insurance companies should and should not do to write profitable and broader coverages with lesser exclusions to be better prepared for cyber security claims

Looking at the trends the Global Cyber Insurance Market is forecasted to reach USD 27.83 billion by 2026

?

?Cyber threats and implications:

The two key drivers that affect cyber security insurance are:

A.??? ?Ransom – Ransomware threats have seen an exponential rise year over year for business organizations.? These ransom requests can be of several types –

1)??? Confidential information

2)??? Re-routing of commodities

3)??? Flight/Transportation Disruption

4)??? Personal Information Leakage

5)??? Breakage in supply chain

6)??? Shutting down of Organizations IT infrastructure

B.??? Business Interruption – The research shows the main cost impact driving increasing claims due to cyber security are from Business Interruptions.? As digital as well as physical assets are targeted during cyber-attacks, businesses can experience significant down time to operational production.? These Business interruptions are the primary cost driver for 57% of claims per a recent Allianz study.? The main causes of business interruptions are:

1)??? Malicious code rending websites unusable

2)??? Distributed denial of service attacks

3)??? Viruses, Trojans, etc. that delete critical data that is essential to running operations

Understanding these two drivers is critical for insurers of cyber risk to evaluate, measure and these risks accurately.

Preparedness of Insurance Companies

Cyber Insurance Underwriting Expertise

Insurance companies increased focus on improving cyber insurance capabilities are challenged by the rapid pace that cyber threats are increasing and the growing scale of monetary loses involved.? This has led to coverages that are insufficient as insurance companies struggle to develop the ability to cover the ever-changing potential risks.

This has led to a risk where the coverage requirements of the clients are more than what insurers can current offer with existing products / underwriting.? Cyber risks are complex and there is little or no historical claims data available across industries posing challenges for insurers in modeling the accurate pricing for cyber risks.? This in turn forces insurers to write limited scope coverages that leave the client with exposed financial risk and the underwriters unable to tap into the full potential of the cyber insurance market.

The underwriting of cyber risk has transferred over the last year in two key aspects that also must be considered.? First is the upsurge in claims frequency and severity from ransomware outbreaks, which have led to more business interruption losses.? The second, claims under new and evolving consumer privacy legislation, such as the General Data Privacy Regulation (GDPR), Biometric Information Privacy Act (BIPA), and California Consumer Privacy Act (CCPA).

As a result, cyber insurers need to improve and build their underwriting expertise and clarify coverage intent in their policy language.

?

Essential Underwriting Practices for the Future

Innovative approaches and methods need to be developed by the insurance industry to stay relevant to the needs of the market.? One of the approaches is to provide restricted coverage and lay low, which is what most of the industry is doing right now.? During this time, collect data and use the data to estimate future risk exposure, which as done for CAT risks like earthquake, wind and flood during the early years of property insurance.

Analyzing data is only part of the solution, an integrated approach and method is required to understand assess the risk of ever-changing technologies.? It is also part of a network of tech companies, such as Microsoft, Cisco, and mobility providers to support cyber security initiatives.? It is important to understand how the technology of our environment is changing and translate that into prevention services and into insurance product development.

Traditional underwriters or underwriting skills may not be best suited for cyber risks’ underwriter.? A cyber risk underwriter will have to be someone who has in-depth understanding of the technology landscape and emerging technologies in cyber security industry.

Insurers will have to look at new avenues when pricing and underwriting risks such as developing a dedicated Cyber Risk Engineering practice that can evaluate IT architecture and systems of a prospective client to provide necessary recommendations and Cyber Security Score Cards to improve their Cyber Security infrastructure.?

To understand the dearth of data, insurers will have to solve the four-piece puzzle:? The superlative approach to cyber risk is not just to sell cyber insurance or reinsurance policies but a comprehensive package including advice for prevention, modeling services and risk management services to understand cyber accumulations.

Cyber Security Framework:

There is now emphasis on not just providing a cyber risk policy but a model that helps organizations to tackle cyber threats.

?

The Four Key Elements of the Cyber Risk Model

1.???? Mitigation

As cyber threats have increased, we have seen institutions being increasingly transparent with their data and their IT systems/architecture.? This is a welcome change which the market has seen in the past 1-2 years.? The insured would get a complete view with respect to where they stand in terms of Cyber Security, they would be provided with Cyber Risk Reports, Score cards and recommendations to help make the necessary changes to better equip for any cyber threats.? Insurers per the recommendation implementations could charge a premium and structure the policy conditions accordingly.?

2.???? Support

Insurers will have to step in to help provide consultation when the insured needs help precautionary measure against a specific cyber threat or when a security issue has occurred.? This could be to improve their current cyber security infrastructure or minimize the damage of an on-going cyber threat.? Third Party Cyber Assessments etc…

3.???? Continuity

Through the recommendation made to the client such as implementing Cyber security tools, Multi-Factor Authentication (MFA), Remote Desktop Protocol (RDP), etc… would ensure there is no impact to the operations of the insured.? Using AI/ML algorithms for cyber security practices add a layer of protection for the insured organization.? Post cyber-attack assistance is key and the insurer would need to provide all necessary support to ensure minimal impact to insured’s business operations.

4.???? Accountability

The insurer would provide claims per the policy conditions and loss incurred by the insured.? This would be indemnifying the client that they are back in business pre-cyber-attack state and legal and damage claims.? Post loss assessment – a full postmortem would need to be completed to ensure all areas of cyber risk are covered, and recommendations are implemented else the insurer may walk-away if any key recommendations are not implemented.

?

Addressing Minimal to No Historical Claims Data

How to underwrite risks with informed decision without access to sufficient data and pricing models based on historical data:

Assess the risk in consideration of the following factors:

Industry of the potential insured

o?? Availability of cyber risk claims data or trend from that industry

o?? Assessment of insured’s cyber security practices

o?? Identify salient risks7 are managed

·?????? Determine self-insured retention or deductible amount to be based on potential insured’s ability to accept risk mitigation suggestions by the underwriter.? If the organization buying insurance intends to not implement the advised security practices and technologies, then both the premium charged should be higher and SIR / deductible amounts should be increased with lower limits of insurance coverage.

·?????? When solving the cyber security puzzle two measures that should be part of insurers strategy are to get critical chunks of data and more access to meaningful data.

·?????? Define strategies for using unsupervised machine learning to better underwrite cyber risk products.?? The graphic below illustrates defining a data model for underwriting cyber risk models.

Examples of models that would work best for insurance companies or underwriters:

1.???? A model that can test the likelihood of an attack and financial risk of an attack ?

2.???? Annual probability of a data compromise

3.???? Cloud downtime score

4.???? A score that predicts the measures that should be taken by the organization

?

Conclusion

Insurers writing cyber risks need to focus their attention on solutions that allows them to write broader coverages and more profitable risks.

·?????? Develop underwriting practices that create a view for underwriters to understand the technicalities of a cyber threat and its various impacts on business and customers. Make available relevant historical data and models around AI\ML for sound pricing decisions

·?????? Partner & collaborate with different experts from the industry including cybersecurity, risk management, technology design and implementation, consulting et al firms. The objective should be to not just write a risk and forget it until renewal. Cyber risks must be evaluated at regular intervals to assess coverages; risk mitigation status acquired by insureds

·?????? Provide embedded and add-ons insurance coverages to provide an option of acquiring services from its partner risk management and consulting firms who can continuously help monitor the threat risks and provide mitigation solutions.