Smart Underwriting for Cyber Risk in the Small Business Market

  • Michael Lin

October 17, 2019

To quickly grow their business in a highly competitive market, insurers frequently consider adding a new insurance line or entering a thriving new market. Why not do both? For example, they can launch an insurance product that covers new and evolving cyber risk specifically for the underserved market of small and medium-sized enterprises (SMEs).

Saying that insurers are hesitant about this business idea is an understatement, as many would simply reject the proposal. The data limitation is stringent. The challenge of not having authoritative data sources for cyber risk in the SME segment is of course a limiting factor. More importantly, however is that insurers cannot find and collect any relevant information at all.

A Fine-Tuned Model

Guidewire Cyence™ for Small Business for Cyber is uniquely engineered to focus on cyber data that is relevant to SMEs, and the model is fine tuned to reflect the risks presented in this segment. We developed the SME model by using historical data from hundreds of thousands of SMEs. We then trained and refined the model by using information from hundreds of data-breach incidents.

Accessed via a RESTful API, this risk assessment engine collects and analyzes data on demand and returns an SME risk rating, risk factors, and peer comparison in less than two minutes after users submit information about a particular company. The risk assessment is based on looking up and identifying the company’s external network and then running a variety of network assessment tests.

Based on the insurer’s risk appetite and the intended target market, the SME cyber risk rating can be used to identify outliers to enable a more streamlined and frictionless underwriting process—while also providing a unique risk assessment for each submitted company. For example, low-risk companies can go through the automated guidelines, but high-risk companies are flagged for further review by an underwriter.

In addition, by delivering risk factors for the company being examined, we enable insurers to provide value-added service to the insured, including a detailed Cyber Health Check report about its cyber hygiene. SMEs are generally less experienced with cyber security and need information that is easy to digest. The availability of this report not only educates insureds and brokers with better understanding of their cyber hygiene, but also helps establish insurers as trusted advisors in this new insurance class and market.