A loss trend can be defined as a projected loss expectation based on historical data. If you find that past losses might be indicative of potential future losses, you can then use this information to price your services accordingly.
Three elements typically contribute to a loss trend:
From an underwriting perspective, the lack of data on frequency, severity, and exposure makes it difficult for loss trends to be sufficient for cyber underwriting decisions.
It’s always important to underwrite to the risk, which means underwriting to the applicant’s exposure. But applying loss trends as they relate to the applicant is more difficult. For example, if your application process requests information on past breaches (or loss runs if currently insured), your applicant is likely to provide information on their current incidents over the past year. This makes it challenging to assign the applicant to the right class of risk based on frequency and severity as you are working with very limited information. You may ask if the applicant has done anything to mitigate future risks after a reported incident. But even then, you have little visibility into the impact of their actions and will need to trust that their effort actually made a difference in decreasing overall risk.
So as an underwriter, it’s critical for you to be thoughtful during the underwriting process. You can contemplate the information you’re provided regarding frequency and severity (and how those things impact your risk exposure), but without access to any hard data on these points, loss information alone isn’t enough to make cyber underwriting choices.
This is a great question—and the answer is through BitSight Security Ratings. If you use the BitSight portal, you can gain more insight on frequency, severity, and exposure that will allow you to make better decisions during the underwriting process.
For example, you can use the Security Ratings portal to see the number of incidents of compromised systems as well as how long the activity lasted on the applicant’s network. This unique view into the frequency and severity can be benchmarked to the applicant's industry and your overall portfolio, giving you objective insight that goes beyond a subjective application form. You can also see the impact of any actions they say they’ve taken after a publicly disclosed incident on their overall security rating. Using Security Ratings for cyber insurance will enable you to be more nuanced in assessing risk, asking targeted questions, and make more data-driven decisions.
The SolarWinds breach is already one of the most significant cybersecurity incidents ever. And as with any unprecedented cyber event, this will have long-term effects on the way businesses and government consider their security programs....
This post was originally published July 18, 2016 and has been updated for accuracy and comprehensiveness.
Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469