In the months since BitSight’s inaugural EXCHANGE forum inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together security executives from all over to discuss the challenges they face in their roles every day.
One session that stood out was the discussion between Graeme Newman (Chief Innovation Officer at CFC Underwriting) and Jake Olcott (VP of Corporate Communications & Government Affairs, BitSight), which focused on how cyber insurance has developed and changed in the past few years, as well as their thoughts on the future of the market.
Below, Newman shares his thoughts on the cyber insurance underwriting process.
“I suppose what we're really looking for is very much, like, the BitSight kind of philosophy. We try and look on the outside to see what we can see, and then make inferences about how that means that a business operates. So a few of the questions are just trying to gauge a level of security maturity, as much as we can see from the outside. Because we can't micro underwrite businesses. The economic model doesn't stack up for us to do weeks and weeks of review internally for us to ascertain a price, also remembering that we're not trying to price for your day to day operational risk. That's not what insurance is about.
You shouldn't be looking to get an annual return on investment on your cyber insurance spend. What we're looking to do is price the kind of one in 100, the one in 250-year event. When you're pricing what we call the tail of the distribution, right, the cat event, we tend to focus less on the control environment and more on the exposure environment, right? So we're looking for risk characteristics that will tell us how bad an event is in that one in 100, one in 250-year event, because that's the thing that we're worried about and that's the thing that we're pricing for.”
Thank you to Graeme and Jake for an extremely informative discussion!