Navigating the Cyber Insurance Data Dilemma: A Comprehensive Guide

Navigating the Cyber Insurance Data Dilemma: A Comprehensive Guide

Understanding the Evolving Nature of Cyber Risks

Cyber risks are opportunistic and indiscriminate, exploiting random system flaws and lapses in human judgment. Unlike most insured risks, these threats are designed. They’re intentional, unconstrained by geography or cost. They’re opportunistic and indiscriminate, exploiting random system flaws and lapses in human judgment. Cheap to develop and deploy, they adapt quickly to our efforts to defend ourselves.

The Challenge of Underwriting Cyber Risk

Underwriting cyber risk is beyond difficult. It’s a newer peril, and the nature of the threat is constantly changing. One day, the biggest worry is identity theft or compromise of personal data. Then, suddenly it seems, everyone is concerned about ransomware bringing their businesses to a standstill. Now it’s cryptojacking and voice hacking – and all I feel confident saying about the next new risk is that it will be scarier in its own way than everything that has come before.

Bridging the Cyber Insurance Data Gap

In an asymmetric scenario – where the enemy could as easily be a government operative as a teenager in his parents’ basement – the primary challenge is to have enough data of sufficiently high quality to understand the threat you face. Catastrophe-modeling firm AIR aptly described the problem cyber insurers face in a 2017 paper that still rings true: “Before a contract is signed, there is a delicate balance between collecting enough appropriate information on the potential insured’s risk profile and requesting too much information about cyber vulnerabilities that the insured is unwilling or unable to divulge…. Unlike property risk, there is still no standard set of exposure data that is collected at the point of underwriting.” Everyone wants more, better data; no one wants to be the first to share it.

To help bridge this data gap, Verisk – parent of both AIR and insurance data and analytics provider ISO – yesterday announced the launch of Verisk Cyber Data Exchange. Participating insurers contribute their data to the exchange, which ISO manages – aggregating, summarizing, and developing business intelligence that it provides to those companies via interactive dashboards. Anonymity is designed into the exchange, Verisk says, with all data aggregated so it can’t be traced back to a specific insurer. The hope is that, by creating an incentive for cyber insurers to share data, Verisk can provide insights that will help them quantify this evolving risk for strategic, model calibration, and underwriting purposes.

In conclusion, while the cyber insurance landscape is complex and ever-changing, leveraging data and collaboration can help insurers better understand and mitigate risks. For readers, it’s crucial to stay informed about the latest trends and developments in cyber insurance, and to consider participating in data-sharing initiatives to contribute to a more robust and informed industry.