We stand with Ukraine

How AI Can Protect Insurers Against “Silent Cyber”

Jay Selig - 7 December 2021

If we have learned anything from the widespread business transition to remote and hybrid policies, it is that fears of diminished productivity and employee satisfaction were completely unfounded. In a surprise twist, companies actually saw both measures increase. Though these primary concerns were allayed, an unforeseen issue emerged: cybersecurity exposure.

With remote work becoming a worldwide standard for businesses, cybersecurity risks have introduced a host of operational issues for business owners. These issues have created equally difficult circumstances for the companies that insure them.

 

An Evolving Cyber Insurance Landscape

One email click can bring productivity to a standstill and cost a business millions of dollars in revenue — this much has always been true. But with employees consistently operating from remote networks (often on personal devices), organizations have become more vulnerable to cyberattacks. In fact, 67% of cyberattacks targeted remote employees, according to a study by Tenable.

This increased vulnerability by businesses has proven especially costly since the onset of the pandemic. Cybersecurity Ventures estimates that ransomware attacks in 2020 cost companies around $20 billion worldwide — nearly 75% higher than in 2019.

As cybercrimes have increased, so too have insurance claims. And, not surprisingly, so too have premiums. The industry has reached a tipping point where it has become unsustainable for insurers to continue to pay out claims. Addressing the issue requires a closer assessment of policies and the cyber-specific language within them (or lack thereof).

 

The “Silent Cyber” Phenomenon

“Silent cyber” is a newly coined term to describe cyber-related losses stemming from insurance policies that neither explicitly included nor excluded cyber risk.

Silent cyber claims surged during the COVID-19 pandemic as ransomware incidents proliferated. An analysis of recent cyber trends by Coalition reported the following:

  • 57% increase in cyberattacks on small businesses
  • $1.2 million average claim stemming from ransomware demand
  • 28% increase in cases of funds transfer fraud

The upward trend in cyber-related insurance claims has shifted the weight of cyber risk and exposure onto the insurers as they continue to pay out claims. This has forced insurers to begin denying coverage in cases where a policy did not explicitly cite cybercrime as a condition for invoking the policy and filing a claim. It has also led them to increase premiums for cyber insurance.

To balance the cyber insurance equation, regulators have issued guidelines to help firms manage this risk. The European Insurance and Occupational Pensions Authority and the National Association of Insurance Commissioners in the United States issued guidelines in the past year.

In addition, the New York State Department of Financial Services published a risk framework for the insurers it regulates. The framework, written a few months after the massive SolarWinds hack, recommends eliminating “silent cyber” claims by making general liability policies more explicit. It also urges insurers to take more steps to evaluate their clients’ systemic risks, including hardware and software supply chains.

In short, there is a glaring lack of explicit language referring to cyberattacks in insurance policies, and the language needs to be reevaluated.

What “Silent Cyber” Means for Insurers

Currently, if an insured party presents a claim for a cyberattack and the corresponding contract is not explicit about what defines a qualifying event, the next step is litigation. In a worst-case scenario, when cyber is not explicitly excluded, depending on the jurisdiction, insurers are required to cover the loss automatically.

As a result, insurers face two core challenges:

  • Understanding their as-is cyber exposure
  • Evaluating the contract certainty of all new and existing policies

 

The Challenge to Addressing Cyber Insurance Issues

Underwriting an insurance policy is a delicate balance between ensuring coverage for the insured and mitigating risk for the insurance company. Recurring policy reviews are vital to achieving this balance and, unfortunately for underwriters, are needed quite frequently, including when:

  • You receive a new submission.
  • Brokers send a request for renewal.
  • Aligning local policies to your master policy for international programs.
  • Unexpected new risks or rare events (e.g., COVID-19) reveal potential areas of exposure.
  • Aligning a carrier’s binder to its own policy.

Unfortunately, reviewing an insurance policy is neither easy nor swift. Policies often exceed 100 pages of dense, textual information and may take an underwriter several hours to thoroughly review.

So, if underwriters cannot simplify policy documents, how can the process be improved? Behold the question insurers have long sought an answer to.

 

Resolving Cyber Concerns with Automated Policy Review

Automating the policy review process is the logical solution to their troubles. However, this requires AI that can read and process documents with a human-like level of understanding and specific domain expertise.

Expert.ai employs natural language understanding technology to mimic the human ability to read text and understand language at one of the highest accuracy levels available.

Our policy review and comparison solution replicates the underwriting analysis process by reading and understanding policy definitions and extracting critical information around explicit coverages, implicit coverages, exclusions, and endorsements.

The review function performs an assessment that can answer specific yes/no questions such as “Does business interruption require physical damage?” while also identifying and detecting over-exposures, misalignments and other policy “red flags.”

The comparison function analyzes documents to highlight differences between a single policy and:

  • the company’s gold standard policy guidelines
  • a competitor’s policy
  • the company’s policy from the previous year

Underwriters receive actionable insights from expert.ai in seconds, rather than hours or days.

Put time and knowledge on your side. With them, cyber concerns will be a thing of the past.

Automate Your Policy Review Process

Receive actionable insights in seconds, rather than hours or days.

Learn More