In many lines of insurance, it’s possible to physically inspect or audit a company’s loss exposures. If a commercial property inspector walks into a wooden building and sees piles of gasoline-soaked rags, a broken sprinkler system, and exposed electrical wires, they can form a reasonably sound estimation of the risks and classify accordingly.
But what of a company’s cyber defenses? The same company that owns this fire-prone building may have nearly impeccable cybersecurity practices, but you’d be hard pressed to tell by simply examining their IT hardware or interviewing IT personnel.
Some of the central challenges when underwriting cyber risks include the relative opacity and rapidly evolving nature of the exposures. Companies may assert that they follow best practices when it comes to securing their networks, training their employees to detect social engineering attacks, or keeping their software and operating systems up-to-date, but how can you tell? Just as importantly, how can you make this determination quickly to underwrite a prospective cyber risk in the accelerated environment that so many commercial lines operate in? How can you achieve underwriting speed without sacrificing underwriting accuracy?
Cybersecurity analysis meets insurance analytics—in real time
For cyber underwriters, the foundation of solid risk assessment includes the following inputs:
- firmographic data
- cyber loss history
- business insights
- cyber exposures
- cybersecurity analysis
- threat intelligence and recent news
- cyber risk selection
Verisk’s Cyber Underwriting Report helps captures all of the above, in real time, and delivers a report to insurers that scores and analyzes a prospect’s cyber risk.
Through this inspection, the Report can provide critical details on a prospect’s cybersecurity practices, including:
- whether they’re using proper email protocols and security features to safeguard against phishing and spam attacks
- the security technology employed on their networks and email systems
- whether they’re using of out-of-date and unsupported operating systems and browsers
- a threat analysis of inbound adversarial activity including botnet, malware, spam, and ransomware activity
- evidence of traffic to known phishing websites and evidence of brute-force login attempts
The Cyber Underwriting Report returns a score summarizing the prospect’s risk relative to its industry and revenue peers, plus scores focusing on just the prospect’s risks relative to its industry peers and relative to its revenue peers. These scores are supplemented with extensive qualitative findings on the company’s cybersecurity posture.
Flexible delivery
Available from Verisk’s ProMetrix website, delivered directly to an insurer’s policy administration or underwriting system via API, or as a downloaded file, the Cyber Underwriting Report can be pulled using a few basic pieces of company information. As insurers embrace accelerated underwriting for a greater share of their commercial lines, the Cyber Underwriting Report can help bring both efficiency and efficacy to their cyber underwriting efforts.
To learn more about how the Cyber Underwriting Report can enhance your cyber business, please email cplunkett@verisk.com.