19 April 2022Technology

How cyber risk management can reduce friction between brokers and underwriters

As cyber risk has changed, so has the cyber insurance market. Attacks make newspaper headlines almost daily, particularly the growing number of ransomware attacks. As a result of the increase in both amount and the severity of attacks happening across the world (SonicWall Capture Labs recorded  more than 495 million ransomware attacks globally in 2021—close to a 100 percent increase from 2020), the market is appearing to ‘harden’ and friction is occurring between the three stakeholders of the insurance value chain: insureds, brokers and underwriters.

Ransomware has changed everything

Ransomware is extremely lucrative for criminals and damaging to organisations—and it’s evolving. At its most basic, a ransomware attack encrypts an organisation’s files or network and renders them inaccessible. The only way to regain access (in theory) is to pay a ransom, usually in an untraceable digital currency such as bitcoin. The ransom amount can range from a few hundred to thousands of pounds.

The evolving threat exists in the rise of ‘triple extortion’. This is when, on top of a ransom demand and the publication of stolen data for profit, criminals use data stolen about the victim’s customers and suppliers to multiply the impact of the attack. Triple extortion is a more sophisticated and wider-reaching kind of attack that’s on the rise, although the threat of ‘smash and grab’ ransomware attacks isn’t going to disappear.

The global community of cyber criminals is thriving and organisations (regardless of size) are vulnerable. This vulnerability isn’t limited to ransomware: data breaches and system failures are a present risk that can affect everyone from utility suppliers to media conglomerates.

A ‘perfect storm’ of increased claim severity and frequency has left insurers with no choice but to change how they are assessing proposals, alongside the rate they’ll charge and the amount of coverage they’ll be able to offer. The knock-on effect of all of this is that the global cyber insurance market has effectively ‘hardened’, capacity has reduced and the cost of buying insurance has increased.

These insights were provided by Andy Thomas, chief executive officer and co-founder of  KYND, and Melanie Hayes, the firm’s chief marketing officer and co-founder, ahead of Intelligent Insurer’s Cyber Insurance Innovation Virtual Event (April 21–22) during which KYND will be delivering a presentation titled “Examining the role of risk management in reducing friction between brokers and underwriters”. The session is scheduled for Day 1 of the virtual conference, on April 21, 2022.

During the session, delegates will be able to gain expert insights into the cyber insurance journey; pinpoint where the friction occurs to pre-empt and solve the challenges between brokers, insurers, and the insured; hear success stories where friction has been alleviated and efficiency has been radically increased, leading to satisfied clients and much happier underwriters; and learn how to combine technology and service to create more harmony—not only during the application process, but during the lifecycle of the policy so renewals are seamless and quick.

Ahead of the session, Thomas and Hayes offered their views on risk management, friction between brokers and underwriters, broker and underwriter collaboration, and how to combine technology and service to create more harmony during the policy lifecycle.

In risk management terms, what defines friction between brokers and underwriters?

A lot of this friction can be attributed to a hardening market. It is harder for brokers to offer quotes, underwriters to guarantee them and insureds to obtain them—all of which is due to the changing landscape of cyber crime and risk assurance.

From the perspective of insureds, more is being asked of them to either receive a quote or obtain a renewal. The amount of questions they’re being asked on application forms has increased, as have the technicalities of these questions. On top of this, they’re increasingly expected to manage and improve their cyber health throughout the whole of the policy. It’s for these reasons that they’re turning to third parties for assistance in risk management. But, they’re not the only ones.

In a lot of cases, underwriters are reducing their limits and in some circumstances they’re stopping coverage completely. This is because insureds do not meet the cyber risk profile they require. Cyber underwriting has undoubtedly changed forever—they’re having to adopt more stringent risk assessment to get a better handle on the kind of risk and level of risk they may be insuring.

This assessment will often include a thorough analysis of the cyber risk profile of their potential customers. The aim is to identify risks vs underwriting standards required by the insurer and see where the customer lands, at the same time validating the prospective customer’s conformity to the policies and procedures required by the insurer.

This puts brokers in a difficult position as well. They need to be able to effectively communicate the requirements of underwriters to insureds. If they can’t, they may find themselves in a position where they’re unable to respond or explain to customers why their premium might increase, or in some cases while they’re unable to get cover at all.

It’s not a position any broker wants to be in but it is becoming increasingly common. They’ll need to be honest with clients about the different standards of cyber risk management and the level of security that will be expected of them. We’re seeing brokers take on an advisory role and this will require them to develop new skills and capabilities to provide clients with the level of the support they need.

As you can see, this shift and the hardening market can put insured, brokers and underwriters at odds and lead to friction. There is an arguable benefit to all parties to engage in the services that cyber risk management companies can provide. They can facilitate the needs of the entire insurance value chain without needing to compromise on price or service.

How can insureds, brokers and underwriters collaborate to reduce friction?

It seems obvious that the current process is anything but sustainable. The best (albeit most radical) fix is to greatly simplify the application and renewal process. We don’t mean going back to the way things were before—that’s impossible.

Instead, the insured, broker and insurer need to engage across the entirety of the insurance value chain, and not just as a one-off. This engagement needs to take place throughout the life of the policy. When this happens the renewal stops being a huge, singular event, rather it becomes part of the day-to-day administration of the policy. This is where tools like our own are coming into play.

How can insurers, brokers and underwriters combine technology and service to create more harmony?

There are a few key steps to broker this sense of harmony. First, there are new and proven tools that allow every stakeholder to get instant visibility of the current cyber risk profile of any new insured that is proposed to an insurer. If you’re the latter, you should be prepared to share the finer points of this risk analysis with a potential insured as this gives them a better understanding and opportunity to respond. Insured organisations suffer the same time constraints as insurers and brokers, and this transparency allows better collaboration across the value chain.

Once this engagement issue has been tackled, a key part of the policy should be to give existing insured organisations the ability to monitor, manage and even curate their exposures to and posture of cyber risk. This should be on a continual basis and for the entire lifespan of the policy, and they should be able to share back this behavioural, qualitative and quantitative data with their insurer.

For the most part, organisations would be happy to engage in this process as it means they’ll have access to simpler renewals and better terms for their policy.

Can you describe some success stories where friction has been alleviated and efficiency has been increased?

The one which immediately comes to mind is when a US broker was having a lot of trouble getting coverage for a client which had fallen victim to a cyber attack the year before. After trying a number of different carriers and filling in a huge amount of forms, the client was still being refused coverage.

The broker and client weren’t taking into consideration the client’s relatively poor cyber posture in several areas that were immediate red flags for underwriters. This actually presented more of an issue than the attack that took place.

Upon learning this, the broker approached KYND and we were able to help using the  KYND Ready Service. By utilising our advanced cyber risk technology and deep cyber expertise it was easy for us to guide the client through the application process and assist them in putting in measures so they were able to secure coverage at terms that were very favourable to them. These measures improved their cyber risk profile not only at the point of application but also throughout the following year.

What is the role of risk management in reducing friction between brokers and underwriters?

Risk management via technology like that discussed above will continue to be a contributing factor in reducing friction throughout the entire process—particularly in the professional relationship of brokers and underwriters.

To keep this friction reduced we recommend actions from all parties in the value chain. This includes:

  • The client shares its risk profile with both underwriters and brokers.
  • Continual transparent communication throughout the policy lifecycle.
  • Full visibility of the client’s cyber risk management that shows arising issues as well as those that have been dealt with.
  • Brokers being made aware of red flags that could affect the insurable status of the client.

Cyber risk management is the perfect, impartial secret weapon. Technology such as KYND’s can not only provide instant visibility of an organisation’s cyber posture but also help it to mitigate the cyber risks that are likely to mean it will be declined cyber insurance.

It will also help the business keep on top of its cyber risks during the lifecycle of the policy, so the renewal process is seamless. Everyone in the cyber insurance value chain can use it, and it will help to alleviate the friction in the process.

What are the key takeaways you’d like delegates to have from the cyber event?

From this session, delegates will learn to ease the friction, simplify the whole process and always focus on the end client. This means helping the clients prepare before they submit an application, as it will assist them in improving their cyber risk posture and increase the chances of obtaining adequate cyber risk coverage. It also makes them less likely to suffer a cyber attack! This and helping every member of the chain understand that better communication means less friction between brokers and underwriters.

We want to position cyber risk management services as the value-add it really is for clients. It doesn’t have to be a chore or super-complicated (we’ve seen that countless times). Brokers and underwriters can both provide this in their offering and it helps keep clients up-to-date and safe from cyber attacks.

Andy Thomas, chief executive officer and co-founder of KYND, and Melanie Hayes, the firm’s chief marketing officer and co-founder, are speaking at Intelligent Insurer’s  Cyber Insurance Innovation Virtual Event (April 21–22) in a presentation titled “Examining the role of risk management in reducing friction between brokers and underwriters”. The session is scheduled for Day 1 of the virtual conference, on April 21, 2022. Secure your place now—it’s free for insurers and brokers.

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk


More on this story

Insurance
15 September 2022   The partnership aims to improve the risk profiles of US private/public sector organisations.
Insurance
20 June 2022   KYND’s CEO Andy Thomas explains how brokers and underwriters must work with clients to improve cyber resilience in the future.
Insurance
17 January 2022   The company has partnerships with high-profile insurers and brokers, such as Beazley, Howden, Paragon and Alliant.