As an underwriter who’s constantly trying to balance being both quick and careful, the worst thing you can do is treat every single applicant the same. Doing so can ultimately be setting you up to take on more risk than you’d expect. Of course, the more experience you have, the better you’re able to quickly assess a company’s risk posture.
But you should never compromise on either speed or quality when it comes to determining what a company does, it’s risk posture, and what sets that company apart from others in your book of business. Take a look at the following three things that can help you with this tightrope walk.
The biggest challenge, risk, and opportunity for any underwriter—both new and experienced—is understanding quickly and completely what an applicant’s company does. This process can be time-consuming and difficult to understand, but its importance cannot be understated. If you are underwriting a new company, it’s far more critical to understand what the company does than it is to review all the responses on their application. As an insurance company, you essentially underwrite an applicant’s business operations, the services they provide, and how they make money. Certain responses on their application form may help you better understand the coverage they’re seeking and the limits you want to provide them—but without a good understanding of how the applicant’s business operates, you’re in the dark.
Next, you need to quickly understand whether the information the applicant provided you with is critical or not. For example, if you’ve done your homework on a company and know they have strong retail exposure, it would be good to know if they didn’t provide you with their PCI compliance data or records. But if your applicant was a manufacturer, PCI information and records may not be that critical. At this stage, you can begin seeing how speed and thoroughness are not at odds—they complement each other in this process.
There are certain vulnerabilities that companies are more susceptible to depending on their industry type and certain risk vectors that may align more closely to a particular applicant once you better understand the nature of the company’s operations. For example, if your applicant heavily relies on a single hosting provider and that provider isn’t available for a period of time, that could affect the applicant’s ability to deliver to their customers. Significant botnet activity associated with a company’s network over a period of time indicates a higher likelihood of compromised systems to data breach, business continuity loss, and ransomware.
BitSight Security Ratings help you uncover any vulnerabilities on your applicant’s network, and BitSight Discover allows you to instantly see which third parties your insureds are using. Using a combination of BitSight technologies, risk vectors that reflect endpoint vulnerabilities that the applicant might have, and your applicant’s critical service providers, you can hit the ground running quickly. Armed with this information, you’ll be able to determine if it’s a good idea to continue the underwriting process or whether the applicant presents more risk than you’re willing to take on.
Your goal should be to underwrite to the applicant while keeping in mind all the related risks around them. In simpler terms, don’t just consider what’s right in front of you—research the context, surrounding relationships, and implications. When you follow the advice above, you’ll accomplish both speed and thoroughness in your cybersecurity underwriting practices.
The SolarWinds breach is already one of the most significant cybersecurity incidents ever. And as with any unprecedented cyber event, this will have long-term effects on the way businesses and government consider their security programs....
This post was originally published July 18, 2016 and has been updated for accuracy and comprehensiveness.
Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469