While carriers are rushing to enter a burgeoning cyber insurance market, estimated to be worth more than $3.25 billion in gross written premium, cyber experts fear that insurers cannot adequately gauge cyber risk, ultimately leading to poorly written cyber policies. Chief Operating Officer at A.M. Best, Matthew Mosher explains that this risk is so new and unpredictable that insurers cannot yet accurately model and rate the risk. “The insurance industry has taken a slow path to engage with cyber because they’re not sure of the risk and aren’t completely able to provide a quantitative perspective of it. Carriers are working with different modelling firms and viewing risk from an aggregation basis to limit their exposure, but they lag somewhat in getting some of the best information available from models,” said Mosher. Another concern is that carriers often do not consider the possibility of an aggregated attack or an organization getting hit multiple times. Additionally, an attack on a system such as Microsoft would pull millions of users together, something that is not considered when underwriting a policy.
To combat this issue, insurance companies are partnering with data firms such as Cyence to collect data and better evaluate cyber risk for underwriting purposes. If done properly, Mosher believes this would increase limits in the cyber insurance market and lead to a more “mature stage in cyber underwriting.”