Scanning tech can predict cyber claims

In the realm of cyber insurance, the integration of technology and data has become synonymous with the rapid adoption and versatile application of external scanning methods by (re)insurers.

However, it is important to note that access to data alone does not guarantee success, according to a new study by Gallagher Re. Insurers must possess the capability to effectively translate this access into actionable insights throughout their operations.

In 2022, Gallagher Re undertook the development of a machine-learning model that, when combined with historical claims data, aimed to enhance the understanding of which aspects of external scanning could offer more accurate predictions of cyber claims during the underwriting process.

The resulting report encapsulates the key insights derived from the study, shedding light on the data's potential to forecast cyber claims and outlining emerging trends in insurers' adoption of outside-in technology.

The report's key findings highlight several significant points:

• Certain technographic data exhibits the ability to predict cyber claims, positioning it as a potent tool for insurers.
• External scanning data proves particularly valuable in identifying the top 20% of risks, allowing insurers to prioritise their focus accordingly.
• Factors such as web security, patching cadence, and port security emerge as the most predictive risk indicators for claims.
• A growing number of carriers are shifting away from relying solely on an overall score as a means of validating questionnaire responses. Instead, they are embracing the concept of working with specific "risk factors."
• "Attack management" is becoming an integral component of standard cyber insurance offerings, reflecting the evolving landscape of risk mitigation strategies.
• The future adoption of AI tools could help vendors reduce their dependence on URLs, opening new avenues for enhanced analysis and assessment capabilities.

“Our findings indicate that external scanning is a particularly valuable tool for identifying the worst 20% of risks, which appear to be materially more likely to suffer a claim,” the report said. “Therefore, despite only a small percentage of external scanning data being predictive of claims, it appears to be an invaluable tool for underwriters, capturing complementing aspects of a company’s cybersecurity posture to questionnaires and evidencing whether insureds are applying their security policies in practice.”

Have something to say about this story? Let us know in the comments below.