Cyber is a new and expanding growth area with opportunities to offer compelling insurance products, particularly in the mid-market. However, the path to becoming a market-leading and profitable cyber insurance company is fraught with challenges. In this article, we outline basic strategies for developing top-tier cyber offerings, culminating in a guide for chief underwriting officers on 7 strategic cyber steps.
Why mid-market networks face unique challenges that need to be mitigated
The cyber risk landscape is evolving so rapidly that insurers need a robust framework that can, for example, enable continuous data-led learning from previous claims, provide seamless quoting and binding processes, and mitigate unexpected risk aggregation.
While the SMB market typically purchases standard network coverage directly online, the mid-sized market consists of companies serviced by brokers and agents. These companies require insurers to develop both basic and advanced capabilities to effectively address the unique challenges of mid-market cyber risk. The main challenges unique to mid-market networks are as follows:
Transparency and Clarity for Brokers and Agents: Since the mid-market is primarily served by brokers and agents, transparency into insurers’ risk appetite and underwriting methods is critical. Does the insurance company offer a dedicated online broker portal or The key to leveraging existing portals for multiple lines of business is to have transparent risk appetite and enable brokers to seamlessly compare quotes and conduct business. Additionally, accurate quotes must be provided on the same day.
Standard and custom policies are required: The mid-market consists of companies that purchase standard and customized policies. As a result, insurers need to be able to quickly reverse changes in policy terms, changes in exclusions, or different combinations of higher deductibles or sub-limits. Some mid-market companies have complex requirements for risk mitigation, prevention and incident response plans. For large mid-market clients, an in-depth risk analysis may be required to design the right coverage.
Lots of data: While SMB customers don’t require more than four data points (name, industry, revenue and customer website) in a standard network policy, mid-market customers require many more. Some data points can be obtained through open APIs and obtaining structured data from brokers, but the higher the complexity of the risk, the greater the likelihood that relevant data points will arrive in the form of unstructured documents.
Building a robust digital infrastructure for cyber insurance
Cyber insurers need foundational capabilities across distribution, quoting and bundling to ensure seamless business processes. The operating model is centered around a focus on customer and broker experience from start to finish. Whether the insurance company chooses to organize based on customer segments (e.g. mid-market) center Excellence in servicing all lines of business) or by line of business (such as a dedicated one-stop network team across distribution, underwriting and claims), it is important that this is a conscious choice made by the C-level.
All clients, regardless of whether they purchase cyber insurance or not, should quantify their cyber risks and define their key cyber risk scenarios as part of their incident response plan. If they don’t, their balance sheets are exposed to unknown, potentially significant risks. Some insurers may choose to invest in risk scenario capabilities, while others will rely on brokers or outsource to cybersecurity experts. The functionality required for in-depth analysis is similar to what some insurance companies offer in cybersecurity rooms, which provide a secure space for pre-incident advice and training, network stress testing, cybersecurity readiness verification tools, detection and response solutions, incident response plans, notification services, and embedded claims services.
A key foundational capability of the network is Strong digital core and fit-for-purpose master data management. Insurers need strategic tools such as a strong digital core and fit-for-purpose master data management to perform detailed risk analysis at the quoting stage. These tools facilitate granular risk accumulation and establish a framework for measuring and understanding overall cyber risk exposure based on various parameters including industry sector, underlying hardware and software, cybersecurity maturity, supply chain, jurisdiction, and company size. A detailed risk exposure management framework is critical to effectively reduce the risk of unexpected risk aggregation.
Build advanced market-leading network capabilities
A key component of becoming a market-leading cyber insurance company is that technology and data capabilities must be designed to work at scale and in real time. Cyber insurance is one of the most challenging industries to operate in due to the potentially catastrophic and borderless nature of breaches. Cyber incidents can be evolving and unpredictable, similar to oil spills, and can have severe impacts on businesses, society, and critical infrastructure such as hospitals, water and wastewater systems, and airports. Today, the potential for unexpected risk aggregation is a clear and present threat to insurance companies.
As mentioned above, the quoting and binding phases of mid-market network policy require capturing and modeling more data points. Furthermore, at the time of first loss notification, there may be hundreds of relevant data points, which is much more than, for example, a car claim where insurance companies typically capture 20-30 car-specific data points (vehicle details, purpose of use, witness details, IoT data, etc.). For cyber claims, there are over 100 data points that may be relevant to ongoing learning and refinement, which are fed back into Risk management, actuarial tables, and risk control in underwriting systems. This in turn enables market-leading insurers to remain profitable through a strong framework around risk appetite and pricing.
as Before But there is a lack of cyber talent who are well-versed in cybersecurity protocols and have a deep understanding of evolving regulations and legislation in the areas of IT, artificial intelligence, GDPR, and consumer privacy. While investing in talent and continually upskilling underwriters and adjusters, there are high-impact use cases for artificial intelligence and next-generation AI solutions in cyber insurance. We’ve seen AI and Gen AI save underwriters dozens of hours each month and enable them to spend their time only on Niche and hazardous risk areas that require deep human expertise.
Insurers with a strong digital core can move quickly to accelerate profitable online growth, but most are realizing the investments required to implement AI and next-generation AI at scale. According to AccenturePulse of Change Study46% of insurance executives said it would take more than 6 months to scale Gen AI technology and take advantage of the potential benefits. If applications and data are not in the cloud, and there are no strong security layers in place, it will be nearly impossible to benefit from Gen AI at scale.
7 Strategic Networking Steps for the Chief Underwriting Officer
In today’s rapidly evolving technology environment, chief underwriting officers face the critical task of guiding their organizations through the complexities of cyber insurance. The following strategic steps are a roadmap for insurance companies to not only survive but thrive in this challenging environment:
- Define who you are in cyber insurance: Decide whether you want to be a conservative insurer, a fast follower, or a market leader. This choice will guide your investment and emphasize networking as a core part of your business.
- Establish Your online brand: Identify your signature offering in cyber insurance, whether it’s leading risk advisory, competitive pricing, AI-driven streamlined processes, or a strong reputation for claims service.
- Choose a major: Choose to build a dedicated mid-market Center of Excellence (CoE), a network-specific CoE, or a hybrid operating model.
- Enhance responsiveness: Transform or deploy new capabilities to deliver accurate quotes within hours.
- Improve underwriting practices: Determining the optimal number of underwriting variables for technology pricing. Reverse engineer your processes to capture important data during the broker submission and claim notification stages.
- Evaluate network exposure management: Recruiting outside experts to assess your network exposure management can help avoid unexpected accumulations of risk.
- Investment talents: Focus on talent strategies that upskill and integrate advanced technologies like artificial intelligence and Gen AI to keep up with the ever-changing cyber risk landscape.
Measuring the path to becoming an online market leader
Designing and executing a leading cyber insurance framework presents significant challenges. A key aspect involves defining success, establishing metrics, and determining the actions needed to achieve those goals. Continuous monitoring of financial and operational metrics is critical to making timely adjustments to ensure you capture profitable growth in the mid-network market. For further discussion please contact Kamina Lees and Matthew Madsen.
