Cyber Insurance

How Mature Is Your Cyber Risk Underwriting Strategy?

Samit Shah | November 15, 2017

If I were to ask you whether your cyber risk underwriting strategy is mature, your first question would likely be: “How do you define mature?” It’s a great question! Here’s the answer: A mature cyber risk underwriting strategy considers all relevant underwriting issues when assessing an applicant's or insured’s risk profile.

4 Ways To Leverage BitSight In Your Underwriting Process

For example, a mature strategy will enable you to size up the risk exposure of an applicant, understand the consequences of the risk transfer onto your organization, and know how to price and structure the policy so it is consistent with regard to company objectives and broker expectations. Furthermore, a mature cyber risk underwriting strategy considers all these elements in a timely fashion.

You may be thinking this level of cyber risk underwriting maturity is a bit too ideal. But there are tools available that help make the underwriting process simpler and more efficient, speeding up the maturation process when used appropriately. One of those tools is BitSight’s Security Ratings platform. Consider these three ways BitSight Security Ratings for cyber insurance can help:

First off, BitSight Security Ratings allow you to take a more detailed look at your applicant’s actual cybersecurity posture.

Security Ratings enable you to break down an applicant’s cybersecurity posture, allowing you to pinpoint and focus your attention on the most critical issues. The level of detail on these technical cybersecurity aspects is simply unprecedented, and cannot be readily assessed from a traditional application form. Additionally, you can benchmark your applicant on a number of factors compared to the rest of your insureds.

Second, security ratings allow you to remain actively informed about your insured’s cybersecurity posture even after the underwriting process is complete.

In colloquial terms, Security Ratings help you to not just “set it and forget it,” but instead remain proactive in your account management. For example, you will want to be alerted if there are certain activities or trends throughout your portfolio that need attention—like a malware event—so you can take proactive measures if necessary.

This functionality is also helpful internally. For example, if a colleague asks about how a particular ransomware attack has affected your insureds, you can quickly identify the affected part of your portfolio and determine your aggregate exposure. This increased visibility and awareness is helpful from an underwriting and renewal perspective; it also makes reporting to your internal executive team far simpler.

Finally, BitSight Discover allows you to not only see your insured's cybersecurity posture but also that of their web-based vendors.

BitSight aggregates this information across your portfolio so you can focus in on concentrations of vendor dependencies and decide whether you should be limiting or building exposure. With the rise of global distributed denial-of-service (DDOS) and ransomware attacks, we’re seeing that it isn’t enough to just underwrite the risk—you have to underwrite risk within the context of your current portfolio. BitSight provides you with strong portfolio awareness so you can intentionally take on precise amounts of risk.

Keep In Mind…

A mature organization is mindful of using technology like BitSight Security Ratings & Discover consistently. Otherwise, you may have employees across your organization who analyze the same data and arrive at separate conclusions. If that is part of your strategy, that’s great. But if not, be sure to use the tool consistently so you can study the results and tweak your underwriting strategy for a more streamlined approach to cyber risk. Find out how BitSight can help proactively identify, quantify, and mitigate cyber risk throughout the underwriting process.

4 Ways To Leverage BitSight In Your Underwriting Process

Suggested Posts

A Security Score vs. A Security Rating: What’s The Difference?

This post was originally published July 18, 2016 and has been updated for accuracy and comprehensiveness.


As Cyber Insurance Claims Soar, Businesses Need to Demonstrate a Standard of Care

Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more


BitSight EXCHANGE Sound Bites: Transferring Risk Through Cyber Insurance

In the months since BitSight’s inaugural EXCHANGE forum inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together...


Subscribe to get security news and updates in your inbox.