Cyber Insurance

Risk Mitigation Services in Cyber Insurance Underwriting

Noah Simon | June 2, 2015

Last week, BitSight co-sponsored a webinar with Advisen on the use of risk mitigation services for cyber insurance underwriting. Ira Scharf, GM of Cyber Insurance at BitSight, joined Tracie Grella of AIG and Neeraj Sanhi of Willis Group to discuss several topics in this emerging field. Here are some of the highlights:

Coverage for cyber insurance has progressed

As risks are becoming more complex, so is cyber insurance coverage. In the past, coverage was typically given for external breaches of company networks. Insurers are now giving coverage for employee misconduct, negligence, and disclosure - all of which account for a large portion of breaches. Coverage is also being expanded to cover the risks of third parties and cloud providers.

The process of underwriting has also changed. Underwriting used to be a laborious and expensive process where insurers would travel and conduct on-site due diligence processes. In years past, this process became more refined: insurers used questionnaires and assessments to understand the level of risks for potential clients.


The value of risk mitigation services

Now insurers are increasingly partnering with technology vendors in the underwriting process to further gauge risk. In addition, they are now offering these services to clients so they can improve their cyber posture. As the cyber insurance market is becoming more competitive for carriers, risk mitigation services are also being used to select clients with low levels of risk in an effort to reduce claims and losses.

Vendor risk management is critical for cyber underwriting

Watch this webinar A company that holds cyber insurance can have extensive controls in place to monitor their own security, but they still may have vulnerabilities within their business ecosystem. Brokers and carriers now realize that in order to minimize risk for clients, they also need to ensure that clients are taking steps to mitigate third party risk. As a result, brokers and carriers are now increasingly recommending the implementation of vendor risk management programs for their clients and insureds.

Risk mitigation services benefit everyone

Risk mitigation services are lowering the risks for both clients and insurance carriers. Clients can now use these services to improve their security performance, while insurance providers can gain greater insight during the underwriting process. Greater adoption of these services should result in a safer cyber ecosystem.

For more information on these topics, you can watch the webinar here.


Suggested Posts

A Security Score vs. A Security Rating: What’s The Difference?

This post was originally published July 18, 2016 and has been updated for accuracy and comprehensiveness.


As Cyber Insurance Claims Soar, Businesses Need to Demonstrate a Standard of Care

Hardly a day goes by without the emergence of a disturbing new trend in cyber crime or headline-grabbing hack. Hackers are getting smarter and threat vectors are constantly evolving. The escalating threat is forcing businesses to file more


BitSight EXCHANGE Sound Bites: Transferring Risk Through Cyber Insurance

In the months since BitSight’s inaugural EXCHANGE forum inaugural EXCHANGE forum, we have been digesting and processing the incredible sessions and discussions that came about from this forum. It was a great event that brought together...


Subscribe to get security news and updates in your inbox.