Traditional underwriting cannot be applied to cyber risks

Cyber attacks will one day become uninsurable unless the industry embraces a new approach to underwriting, one which is a world away from the idea of an annual renewal, and is willing to evolve, Bethany Vohlers (pictured), vice president, strategic initiatives, SecurityScorecard, told delegates at Cyber Risk and Insurance Innovation Europe 2023, a conference held in London on Tuesday, February 7.

Echoing the comment made by Mario Greco, CEO of Zurich Insurance, Vohlers, speaking in a session called ‘Building a Sustainable Cyber Insurance Market’, acknowledged that cyber is changing and evolving constantly. She compared this with other parts of the insurance market, such as property, where natural perils only evolve slowly and in a relatively predictable way.

“Cyber is different. It is now less a question of insurability and more one of whether insurance can keep pace with the rate of evolution,” she said. “Existing strategies in cyber are outdated, ineffective and unsustainable. For the cyber market to keep pace it needs to evolve fast, just like the risk itself.”

She said the core issue is that traditional insurance practices do not apply to cyber and argued that the future viability of the market is at risk if changes are not made. “It is so much easier and cheaper to prevent a claim than deal with the aftermath. But insurance policies tend to be linked to annual policies. But to underwrite profitably in cyber, you need responsive strategies that respond to risk in real time.”

She said most successful carriers in this space do embrace change. She said they do this in three ways: through continuous underwriting, by effectively communicating the risk and by incentivising stronger underwriting.

She advocated the idea of continuous underwriting in particular, arguing that insurers must learn to constantly monitor risk, instead of looking at it at a single point in time. “If you do that, you will be in a stronger position to manage a risk like cyber. It allows insurers to continually re-evaluate risk – not just at an annual renewal. It allows carriers to keep pace with changes in technology, risks and trends. It helps foster collaboration and prevent claims before they occur.”

She concluded by warning the audience that standing still was not an option in this market. “Innovate or die. To not just survive but to thrive in this sector you have to be innovative,” she said. “Traditional insurance strategies on their own will not ensure the long-term viability of the cyber insurance market. It can seem a lot but it is possible to change the speed and frequency of risk management practices.”

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.