The market for cyber insurance continues to gain momentum. A 2019 Allianz survey of risk management experts across 86 countries ranked cyber incidents as the biggest single point of risk for an organization, thus highlighting the need for an effective insurance policy to transfer risk from potentially damaging effects of a cyber-attack. It seems daily, a new high-profile data breach is reported. These breaches are costly for both the bottom line and the firm’s reputation. This is why the cyber insurance market is forecast to grow to $20bn or more by 2025, as organizations seek ways to minimize risk.
However, with a lack of reliable information available to feed into the underwriting process, how can insurance companies find an accurate way to assess the policy buyer’s risk profile? This is especially true for smaller firms where lower premiums will dictate a lower-touch, lower-cost assessment of risk during underwriting. Regardless of the size of the insured, cyber risk scores can be an effective tool, by providing the insurer with an accurate picture of the relative cyber risk of an individual company, or an aggregated view across a book or subset of business. Cyber risk scores have the benefit of being able to assess risk for both the organization being insured (first party) as well as their associated partners and suppliers.
The cyber insurance market growth and need for effective assessment is reflected in the increasing number of insurance companies that are using the FICO® Cyber Risk Score to enable underwriting decisions. FICO has a growing global network of insurance partners that are leveraging the FICO® Cyber Risk Score for individual policy underwriting, risk selection, portfolio management and risk aggregation.
The value of cyber risk scores is clear; however, insurance carriers must think carefully when choosing a scoring service provider. Instead of relying on expert views, and subjective comparisons with industry benchmarks, the FICO® Cyber Risk Score is the only predictive cyber security score that provides clear transparency of breach risk odds to underwriting and actuarial teams to help drive better decisions. The FICO data-driven, empirical, analytic score leverages the latest in machine learning techniques.
Organizations can also leverage tools such as the latest U.S. Chamber of Commerce Assessment of Business Cyber Risk [ABC], which provides an overall assessment of cyber health. The National Risk Score is a revenue-weighted average of the FICO® Cyber Risk Score for nearly 2,400 U.S. companies in three size categories and across 10 sectors. The most recent ABC score, for the first half of 2020, is 694. For an individual organization, and depending on size and sector, a score of 694 represents a level of risk that is considered moderate to low.
For more insights, rewatch my discussion with experts from RAND, RLI, and Zurich at the U.S. Chamber’s Cyber Series (here).