When dealing with new and less-understood risks such as cyber, many brokers and risk managers have their work cut out for them. When up against a risk that often involves sophisticated technology, expanding beyond traditional methods is a must.
According to Phil Edmundson (pictured), CEO of Boston-based insurance start-up Corvus Insurance, artificial intelligence, specifically techniques like machine learning, can help companies to gather, process, analyse, and make actionable huge amounts of data. He said that the ability to handle data at scale is critical for underwriting cyber risk, because it deals with web-connected, always-on information technologies, which by their nature involve the creation of troves of data.
“Every millisecond that an organization is online, it produces records of digital events, digital processes, digital transactions – and in that never-ending stream of data, there are keys to more accurate risk assessment,” Edmundson told Corporate Risk and Insurance. “But it’s only useful if we have the help of techniques like machine learning that can take over the process of gathering and analyzing the data.
“Once we have the results of the data science, it’s not actually that different from traditional underwriting: the risks have been quantified, and rating decisions are made with the input of expert underwriters. The key difference is the unique types of data we can apply those underwriting principles to, thanks to AI, to produce better outcomes.”
This shift, he said, will create faster, more accurate underwriting that will lead to better pricing of risk, as well as a change in the role of brokers. This goes beyond cyber risk, into other areas where data is created through sensors, other digital activity, or digitized data.
“Insurers and brokers can expand beyond the traditional boundaries of underwriting to help organizations actively mitigate risk and prevent loss,” he said. “The same lessons we learn from AI-driven underwriting can also be deployed as advice for reducing risk, and brokers are the best conduit for that educational process.”
Edmundson said that different types of organizations often encounter different pitfalls. For organizations with large, sophisticated IT functions, the pitfall is most likely the lack of productive communication between the IT experts and other executives concerned with managing enterprise-wide risk and buying insurance.
“Without understanding the risk, the insurance buyers will struggle to make the right decision, which is why providing accurate security analysis along with a policy can help facilitate a conversation,” he said.
On the other hand, many small and medium enterprises (and sometimes even large companies) continue to engage in poor IT security practices that cause major vulnerabilities.
“The pitfall there is really a lack of will or ability to invest in IT security, and we can help uncover those vulnerabilities and point the team in the right direction with recommendations for specific steps to mitigate risk,” Edmundson said. “Businesses also lack current benchmarking data which machine learning provides.”
Corvus, which was co-founded by Edmundson in 2017, sees a future where brokers act as educated advisors on cyber risk, equipped with better options for risk assessment, coverage, and risk management for their clients.
“We are already empowering brokers to provide this kind of service to clients of all sizes, and are pleased to have support from investors who want to help us expand on this vision,” he said.