Menu

IoT FEATURE NEWS

Cyber Survival Plan: Managing Risk in the Digital Age

By Special Guest
John Elbl, VP, business development, AIR Worldwide
March 07, 2017

In a connected world, there’s an increasing potential for a previously invisible breach to result in a wholly unexpected loss. For many insurers and reinsurers, the increasing frequency, types, and complexity of cyber attacks, the growing amount of information stored and sent digitally, and the expanding Internet of Things can coalesce to make cyber risk even more challenging to manage.

Unlike the mature property/casualty insurance market, where standard terms and policy form language evolved over time, today’s immature and diverse cyber risk market can create problems for many insurers and catastrophe modelers. Currently, policy offerings often determine to what degree various cyber-related scenarios might affect an insurer. A review of some claim types reveals how complex coverages can become—and where complexity reigns, litigation can sometimes follow. Some recent claims include a lost laptop with sensitive data; business interruption from a business’s lack of access to a credit card processing vendor; and a part-time hospital employee gaining unauthorized access to confidential records and then sharing private information with others.

Why just guess?

Rather than guessing about cyber exposure, companies might benefit from tools that allow users to determine how individual coverages could be best represented within unique coverage frameworks. Such solutions can help companies decide whether an insured’s cyber exposure might be better addressed under a cyber endorsement, E&O, D&O, GL, or some other type of policy. Further, it can be beneficial when a modeling tool supports the application of policy language, sublimits, and any additional financial vehicles so that companies can receive a more complete view of how their offerings might address a given exposure.

Many property policies tend be occurrence-based policies. An insurer can usually point to the exact date when an earthquake occurred, a flood overtopped a riverbank, or a hurricane made landfall. Similarly, by checking logs, the precise date of a cyber attack can often be identified. Unlike the chronology of natural catastrophes, however, months or years can pass before a victim becomes aware of a cyber breach. If a cyber exposure is triggered on an occurrence-based policy, the terms and conditions of the loss when the breach occurred would likely be applied to address the claim. If the cyber exposure is triggered on a claims-made policy, then the terms and conditions of such policy would likely be used with respect to any loss resolution.

As such, having the flexibility to state the limits and deductibles accurately as they appear in a company’s policies may be paramount in any cyber risk model, as opposed to models that merely assume how policy coverages are structured. Insight from insurers, reinsurers, and industry experts can help a company determine how best to model cyber risk, whether using several years of exposure data from occurrence policies or current terms and conditions of claims-made policies.

Precision counts
The importance of exposure data can’t be stressed enough for achieving accurate risk assessments. Consider, for example, a risk analysis for hurricanes reaching the United States. While most models can return a result if just the county and replacement value of an exposure are known, results will likely be uncertain if this is the only data input. If the exact address, its distance from the coast, type of construction, year built, and other pertinent information can be recorded, then a much more accurate representation of risk and expected loss is likely.

For some, the minimum information required for risk assessment might be as simple as the name of the company and its revenue. Information from additional data sources can help estimate the cloud provider, DNS server, credit card processor, security protocol, and industry segment of an insured. Still, the collection of such data by insurers should be undertaken for even more detailed model results. If a model provider has an exposure data schema, companies are recommended to use it for the collection of such data to help ensure the information is model-ready.

Cyber risk is still very much an emerging market, and it will likely be some time before it achieves a similar degree of standardization typical in the property/casualty market. Until it does, flexibility in risk modeling solutions remains vital to help companies truly and accurately “own” their cyber risk.

John Elbl is a vice president for business development at AIR Worldwide, a Verisk Analytics business.




Edited by Ken Briodagh


SHARE THIS ARTICLE
Related Articles

IoT Healthcare: Revolutionary Tracker Uses Wearable for Invictus Games Athletes and Veterans

By: Ken Briodagh    10/23/2017

The Invictus Games recently took place in Toronto, Canada, and the U.S. Team sported a new wearable technology

Read More

IoT Connectivity Standard? Still a Confusing Mess.

By: Rich Tehrani    10/23/2017

We wondered, are most recent IoT deployments LoRa-based Interestingly the answer is a resounding no.

Read More

AeroFarms and Dell Team Up to Revolutionize Farming with IoT

By: Ken Briodagh    10/20/2017

Dell is helping AeroFarms monitor growing conditions, perform analytics and identify harvest quality.

Read More

IoT Healthcare: Intel Software Platform to Help Healthcare Providers

By: Ken Briodagh    10/19/2017

Intel has announced the launch of its Intel Health Application Platform (Intel HAP), a new application software platform designed to be used by remote…

Read More

EY Alliance with Microsoft Brings Digital Solutions to Agribusiness

By: Ken Briodagh    10/19/2017

The partnership's focus on a data-driven approach enhances agricultural productivity with artificial intelligence and Internet of Things

Read More