Examining the evolution of cyber risk in insurance
The pandemic has elevated cyber risk, and insurers will need to shift their strategies to combat rising premiums and confusion in the marketplace.
According to InformationWeek, in just the first half of 2021, global cybercrime increased 29%, ransomware attacks rose 93% and demands increased by a remarkable 518%. Actual payments, they found, increased by more than 80%.
A new Expert IQ report from expert.ai delves into this disturbing increase in cybercrime during the pandemic. The report was created using expert.ai’s natural language understanding (NLU) technology.
“Natural language technology basically is an ambitious software that is trying to mimic what humans are doing while communicating, which is the most complicated activity we are doing as humans,” explained expert.ai head of sector strategy for financial services and insurance Pamela Negosanti. “Natural language is language that is used without any pre-defined format… On the other hand, if you have a database, if you have a spreadsheet, these are not natural language documents, so this is a structured type of information. Natural language processing and understanding is really a technology that is helping understanding automatically the meaning of unstructured documents.”
Basically, NLU technology helps turn unstructured, natural language into quantifiable data. For the report, NLU was used to analyze around 1,130 articles published across insurance industry outlets between January and November 2021 in order to examine changes in cyber insurance throughout the year.
‘Silent cyber’
The increase in cyberattacks presents a new challenge for insurers who previously may not have had to consider these perils as they related to their policyholders. Many of these companies are struggling with what expert.ai calls ‘silent cyber.’
Silent cyber refers to policies that neither explicitly cover cyber risks nor exclude them. This can lead to a plethora of problems when an insured suffers a cyber loss and files a claim in hopes their policy will cover it. In many jurisdictions, Negosanti explained, if the peril is not explicitly excluded it may be ruled as a covered loss.
“Cyber is a new peril,” she said. “It’s not like a natural catastrophe or a fire that is well-recognized by companies, by carriers. They can quantify the damage. With cyber, it’s extremely complicated to quantify the potential damage and how to price it. So, if you think about insurance, it’s about evaluating the potential maximum loss and defining a premium.”
Since it is so difficult to anticipate how much a cyber risk loss could cost an insurance company, many end up under-charging for premiums and paying out disproportionately large claims. This has led to an increase in premiums that, according to the report, has been as high as 100% for some customers.
Negosanti said she believes this increase in cyber risk would have happened regardless of the pandemic, but that an increase in business and activities conducted remotely fast-tracked the process. Many businesses were unprepared for this sudden shift to virtual, which made them more vulnerable to cyberattacks.
According to Expert IQ’s report, around 14% of the articles they examined addressed cyber insurance market value. These articles slightly trended toward discussing cyber insurance in a positive light, but often took a more negative stance toward regulations within the cyber insurance market.
NLU and other artificial intelligence (AI) technology could continue to play a part in streamlining insurance and creating a more subjective claims process, as well as helping insurers keep an eye on emerging risks like cyber threats so they can stay ahead of them.
“To me, what is happening is that it’s still an emerging risk, and some small carriers probably not with all the means in terms of really being able to evaluate and assess the cyber risk… are running away because it’s not worth it for them,” Negosanti explained. “In this specific area of new emerging risk, the role of insurance is the prevention, more and more. That’s happening also in the cyberspace, so carriers are helping their customers to prevent cyberattacks somehow, so it’s more a consulting and prevention role, rather than detect and repair as it was traditionally for insurance.”