Visualize: Insights that power innovation

Untangling cyber insurance confusion

By Caitlin Plunkett October 16, 2018

Cyber riskCyber risks and coverages are complicated. In a recent Advisen survey of brokers, agents, and underwriters from around the world—all involved in cyber—77 percent said one of the biggest obstacles to sales is the fact that potential insureds don’t understand the exposures.

Further, 56 percent indicated that prospects don’t understand the coverages offered.

Interest in cyber growing

Nevertheless, interest in cyber is growing. ISO MarketStance – Commercial Insight estimates that written premium for commercial cyber liability could reach $6.2 billion by 2020—up from about $2.5 billion in 2016.

A lack of standardization with respect to cyber terminology and limited cyber data availability present challenges for many insurers. With more traditional property and casualty exposures, insurers typically have relied on vast amounts of data collected over many years to develop tools based on statistically significant results. With cyber, another approach is often warranted because many insurers either have just entered the market and have no data or they’ve been writing cyber for a while but find that historical claims data alone often can’t ensure solid underwriting.

Cracking the Cyber Risk Comprehension Code—a report recently published by ISO, a Verisk business—explains how this lack of standardization and limited data conspire to further constrain data availability in a vicious cycle. Uncertainty about a portfolio’s risk aggregation can prevent managers from taking on more risk, which, in turn, can keep many insurers from collecting more data on cyber risk.

To help address the lack of standardization, ISO has developed a flexible cyber program that can be written in admitted or non-admitted markets. The report describes how ISO leveraged a data set with more than 32,000 historical cases to create this program, and Verisk’s AIR Worldwide business has tackled the data challenge with its cyber risk analytics platform, ARC. ARC analytics inform risk selection, portfolio management, and risk transfer.

Verisk’s suite of cyber insurance products is evolving to help insurers underwrite and rate coverage more effectively based on the specific risk characteristics of their policyholders.


Caitlin Plunkett is the cyber lead for Verisk's commercial lines coverage products. You can contact Caitlin at CPlunkett@verisk.com.