CISOs and CIOs contend that cyber underwriters need to reorient their frameworks to determine whether firms are addressing vulnerabilities
Boston, Mass. (Sept. 6, 2017) — Aite Group’s latest report, The Disconnect in Cyber Insurance Underwriting, discusses how cyber insurance underwriters lack both experience with cyber issues and meaningful data during the cyber insurance underwriting process. Underwriters are asking questions that are more applicable to traditional risk instead of cyber risk, causing a disconnect and making it more difficult to find the firm’s true vulnerabilities. Carriers looking to underwrite cyber insurance need to change their approach to account for the unique risks associated with cyberattacks.
“As the world has changed in the past 20 years due to the rise and acceptance of the internet, the risks posed to businesses also have changed,” says Aite Group senior analyst Jay Sarzen. “While theft, flood, and fires are still viable threats, the new threat of cyber criminals has put firms on edge. Any firm conducting business in the 21st century is now a target for a cyberattack on many fronts.”
This report is based on 21 Aite Group interviews conducted between September 2016 and November 2016 with cyber underwriting executives and chief information security officers and chief information officers at firms in industries such as consumer packaged goods, financial services, healthcare, manufacturing, retail, and technology. The CISOs and CIOs interviewed all represent firms that generate at least US$500 million in annual revenue, with six of the firms in the Fortune 1000 (generating at least US$1.9 billion in annual revenue).
To request a press copy of this report, contact [email protected].
For relatively new risks, such as cyberattacks, underwriters in North America lack a solid set of data and information to guide the underwriting process. In fact, when asked, cyber insurance underwriters admit that many of the questions that they ask of firms do not reveal the true nature of the risk they are being asked to underwrite. How are cyber insurance underwriters attempting to address this disconnect, and what do chief information security officers and chief information officers have to say about their approach?
This report examines how cyber insurance underwriters at leading cyber insurance carriers are currently managing the lack of meaningful data during the underwriting process. It is based on 21 Aite Group interviews conducted between September 2016 and November 2016 with cyber underwriting executives and CISOs and CIOs at firms in industries such as consumer packaged goods, financial services, healthcare, manufacturing, retail, and technology.
This 29-page Impact Report contains three figures and two tables. Clients of Aite Group’s P&C Insurance service can download this report, the corresponding charts, and the Executive Impact Deck.
Click here for the table of contents or to purchase the report from Aite Group.
About Aite Group
Aite Group is a global research and advisory firm delivering comprehensive, actionable advice on business, technology, and regulatory issues and their impact on the financial services industry. With expertise in banking, payments, insurance, wealth management, and the capital markets, we guide financial institutions, technology providers, and consulting firms worldwide. We partner with our clients, revealing their blind spots and delivering insights to make their businesses smarter and stronger.
Source: Aite Group
Aite Group, Cyber Insurance, Disconnect, report, Underwriting