Targeted Risk Assessment and Aggregation for Cyber Insurance Underwriting

When assessing cybersecurity risk, each policy may present a very different profile to insurance underwriters. Unlike mature insurance business lines, the lack of actuarial data is a major issue for insurance underwriters attempting to accurately model cyber risk scenarios. Traditional underwriting practices face critical challenges in assessing cyber risk. Standard “market share approaches,” where the risk exposure of a policy portfolio or a given individual policy is assessed based on what is known about the broader market averages, can be a poor indicator for a specific set of cyber policies and don’t operate well in fast-changing environments such as the cyber world. The presence of external dependencies in an entity’s cyber health — whether contractors, vendors, or service providers — extends an entity’s risk profile, and a general lack of visibility into end-to-end cybersecurity practices and postures makes it hard to accurately determine cyber risks for a given set of policies.