Cyber insurance for all
Small and medium businesses (SMBs) often lack dedicated IT staff, making it hard for underwriters of cyber insurance to understand their risk and price policies accordingly. Using traditional methods of gathering data, insurers may face a stark choice: offer insurance without truly understanding the exposure, or walk away from the opportunity. How can cyber insurance underwriters quote rapidly and accurately for SMB policies?
AON predicts that cyber insurance premiums will be the fastest growing in the industry by 2021, and this revenue opportunity for insurance firms is not limited by sector or company size. Attacks are usually automated and indiscriminate, so all organisations are potentially at risk of cyber crime. However, small and medium businesses (SMBs) are particularly exposed: according to a 2016 IBISWorld report, SMBs account for 72 percent of recorded US cyberattacks.
While SMBs may be diminutive, the value and sensitivity of their systems and data can be disproportionately large. In the UK, even the smallest SMBs can have greater cyber security needs than many large enterprises. The sector includes huge numbers of law firms, accounting firms, financial advisors and medical practices that are subject to the most stringent standards in data protection. On average, such organisations employ just a handful of people, so their internal capabilities for protecting themselves against cyber crime are likely to be extremely limited.
Although the NHS looks from certain angles like an enormous monolithic organisation, it operates as a set of semi-independent entities, many of which would qualify as SMBs.
In England alone, there are almost 7,500 GP practices, many with no dedicated IT personnel, but holding some of the most valuable and sensitive data around. The WannaCry ransomware attack of 2017 highlighted their vulnerability and brought large numbers of NHS organisations to a standstill for days, at an estimated cost of £92 million.
SMBs represent a large and mostly untapped market for underwriters of cyber insurance, but also a risky one. As SMBs often seek cyber insurance simply to comply with their customers’ procurement policies, they may not go to same lengths as enterprises in providing information about their security systems and policies. Indeed, smaller SMBs without dedicated IT staff may simply not be able to answer underwriters’ questionnaires accurately.
Insurers need to understand the risk of dealing with SMBs, but neither side wants to spend significant time and money at the estimation stage. Current manual approaches to gathering information are too slow and unwieldy, leaving traditional underwriters struggling to compete with insurance-tech startups.
Northdoor has a solution that automates the generation of 360-degree cyber risk ratings, using powerful AI to map each organisation’s security posture and discover connected parties in the broader ecosystem. In addition to helping underwriters provide rapid, accurate and consistent pricing quotations – especially valuable in securing SMB business – detailed ongoing risk assessments allow insurers to build closer relationships with policyholders.