Cyber insurance is in a transformative phase. As businesses of all types and sizes slowly wake up to the serious potential of cybersecurity threats, more and more are turning to their insurers for cyber risk transfer and mitigation advice.
Despite growing awareness of the risk, cyber insurance as a product is still very new. It’s difficult for underwriters to assess and quantify cyber risk because they don’t have access to the same amount of data they use to underwrite more traditional P&C policies.
Furthermore, it’s important to note that awareness doesn’t necessarily equate to understanding. Businesses are aware of cyber as a threat because they’ve read news articles about the Equifax data breach or the WannaCry ransomware – but not all are aware of how that cybersecurity threat relates to their business or what they need to do to become more cyber secure.
Global security ratings firm SecurityScorecard has created a platform that quantifies cyber risk and rates companies’ security structures on an easy to understand A-F scale. The firm continually monitors over 200,000 businesses across the world and provides security analytics to help businesses manage their risk.
SecurityScorecard was recently selected by global insurer AXA to provide security ratings as part of the underwriting process for AXA’s rapidly growing cybersecurity business. The platform will provide AXA’s underwriters with an overall risk rating and detailed view into the cyberhealth of their insureds, which should help underwriters determine insurability, as well as to evaluate premiums for new policies and renewals.
“From an insurance perspective, it’s still very difficult to assess the risk of cyber. Underwriters need data for the underwriting and pricing process, but in the new and emerging cyber space that data hasn’t always been easily accessible,” said Scott Sayce, global chief underwriting officer of cyber at AXA.
“Our partnership with SecurityScorecard is going to help us better understand cyber risk. The processing and scoring capabilities of the SecurityScorecard platform combined with the expertise of our underwriters is going to be a key asset in terms of differentiation in the cyber insurance market. It will also enable AXA to establish more of a consultative position with insureds, where we can help them to assess and mitigate their cybersecurity risks.”
The SecurityScorecard platform comes with an easy to understand rating scale. A company that scores a D-F is 5.4 times more likely to be breached than a company that rates as an A or a B. The firm has been running its rating technology for four and a half years and has therefore collected enough data to confirm whether ratings are accurate and make probabilistic inferences about a company’s exposure. Logic dictates that if SecurityScorecard picks up a cyber vulnerability within a company, then bad actors will be quick to spot them too.
“AXA and SecurityScorecard are pioneering the cyber insurance industry. It’s a privilege to work with such a visionary brand,” said Aleksandr Yampolskiy, CEO and co-founder at SecurityScorecard. “This partnership demonstrates the value of our platform and the trust top business leaders have in our score. Our vision is to create a ubiquitous language for cybersecurity that facilitates collaboration and communication between business partners.”