Recently, many leading insurance companies have implemented transformative solutions to enhance their cyber offerings. As the cyber insurance market is expected to Will double to $29B by 2027we explore what makes up market-leading cyber claims management.
In this blog, we’ll dive into the complexities of responding to cyber claims, the essential skills a claims adjuster needs, and what insurers must do to achieve excellence in cyber claims management.
The Complexity of Cyber Claims
The most comprehensive cyber insurance covers a wider range of dangers than most other insurance products:
- first party reporting: This includes equipment damage, network damage, physical property damage, and digital asset damage. It also covers damage or theft of intangible assets, theft of funds, and costs associated with recovery, restoration, and remediation. Financial losses due to business interruption, lost business opportunities, reputational damage, ransomware and extortion are also included. Additionally, costs associated with investigation, notification to affected third parties, and intellectual property damage such as patents and trademarks are covered.
- third party underwriting: These coverages include contractual and legal liability, regulatory proceedings and multimedia liability. They also include civil damages, compensation, payment card loss, errors and omissions, technical professional liability, miscellaneous professional liability, and cybersecurity and privacy liability.
When the policyholder of an integrated network product is a large multinational enterprise with both B2B and B2C customers, handling potentially large claims becomes very complex for claims adjusters. Cyber claims are similar to oil spills in that they are catastrophic in nature, do not respect geographic boundaries, and are constantly evolving and unpredictable. Cyber breaches can have severe impacts on businesses, society and critical national infrastructure, including hospitals, water and wastewater systems, and airports.
However, the complexity extends further. Cyber claims present unique challenges to today’s claims adjusters due to the complex technical nature of claims, involving IT systems, tangible and intangible assets, cybersecurity protocols, digital forensics, and the ever-changing regulatory and legislative environment regarding data protection, AI protection and privacy laws in all affected jurisdictions.
Additionally, cyber claims adjusters must be adept at coaching and managing diverse teams of experts, from IT forensics experts, data experts and forensic accountants to credit monitoring experts, legal breach consultants, public relations experts, crisis management professionals and ransomware attack experts.
Online Claims Adjuster Skills
The skills of an online claims adjuster are multi-faceted and require a detailed understanding of each aspect:
Knowledge requirements: Cyber claims adjusters must possess industry-recognized advanced qualifications and typically have a background in errors and omissions (E&O), trade credit, political risk and/or crisis management. They need to apply practical knowledge of first-party and third-party cyber insurance, retention, assessment and risk management processes, often gained from previous roles in cyber claims or broker advocacy.
Experience required: The industry faces challenges due to a limited talent pool. It is critical for claims adjusters to understand the roles and responsibilities of the various experts involved in cyber claims. Their practical experience is critical in effectively supervising and managing these specialists to ensure claims are responded to quickly, effective mitigation actions are taken to prevent further losses, and claims are resolved completely. Cyber claims are increasing in complexity and volume, but many adjusters come from ancillary operations. A key skill that is often missing is proficiency in IT systems, cybersecurity protocols, digital forensics, intangible assets, and a deep understanding of the ever-changing regulations and legislation around IT, artificial intelligence, GDPR, and consumer privacy. This is especially important when insurance covers technology-based companies, where coverage is often customized and niche.
Operational Responsibilities: Claims adjusters must effectively determine the existence, cause, and scope of a breach and manage key activities in cyber claims management. This includes selecting and managing an appropriate incident response team, assessing ongoing or closed breaches, assessing the impact on customer business, and assessing breaches of cybersecurity protocols. It also includes responding in line with current data protection and privacy regulations, identifying and responding to fraud triggers, and providing feedback to underwriting risk controls and actuarial tables.
Customer base knowledge: Proficient knowledge and experience of a range of customer segments, from SMEs to multinationals and large corporate clients, is also critical for online claims adjusters. Because cyber is a rapidly growing product and is still small compared to many other product lines, insurers are faced with a difficult question: whether to organize their cyber claims teams as line-of-business CoEs or whether to stick with existing CoEs centered on SMBs, mid-market, multinational customers, etc.
Emerging risks and challenges
The task of determining the existence, cause and scope of a breach has become increasingly complex due to the breadth of cyber insurance coverage, the rapid evolution of technology and data platforms, the catastrophic and systemic risks associated with breaches, and the impact of artificial intelligence. Gen AI creates new opportunities and challenges, enhancing the capabilities of cyber attackers and defenders, leading to more sophisticated attacks almost every day.
Strategic choice to become the market leader in online claims
In summary, there are four key components that need to be done:
- Insurers need a claims application that supports adjusters to effectively manage incident response teams and experts. The application needed to be network-friendly, which meant comprehensive master data management to coordinate more than 100 relevant network claims data points as well as expert-specific document access.
- Insurers need a comprehensive, ongoing development plan to stay versed in the opportunities and challenges presented by evolving cyber risks, technological change, and especially artificial intelligence.
- Insurers need a comprehensive cyber security room that provides a safe space for pre-incident advice and training, incident response planning, notification services and more. The safe room must have appropriate guardrails to support cooperation with an independent legal violation attorney.
- Insurers need a continuous feedback loop of claims master data to inform actuarial tables and risk control in underwriting. Market-leading insurers achieve this through scalable infrastructure and architecture to provide real-time visibility into technology pricing across all variables based on loss history.
