April 28, 2022 –Applications to acquire insurance policies serve two primary purposes. First, they allow underwriters to assess an organization’s risk profile to approve or disapprove an insurance application. Second, they attest to an organization’s cybersecurity posture made on an application to validate that proper cybersecurity controls have been maintained at the time of a claim. Chief information security officers are accountable for properly characterizing their organization’s security posture when applying for cyber liability insurance.

This report looks at questions that underwriters use to evaluate the data protection efficacy of potential customers before binding a cyber liability insurance policy. Aite-Novarica Group reviewed nearly 40 applications for cyber liability insurance, selecting 15 for comparative analysis based on the rigor of their underwriting questions related to cybersecurity. This report will interest CISOs, insurance managers, and underwriters, as security controls are integral to the policy risk rating process.

Clients of Aite-Novarica Group’s Cybersecurity service can download this 16-page Impact Brief. To learn more about the topic covered in this Impact Brief, please contact us at [email protected].

This report mentions AIG, A.M. Best, American Academy of Actuaries, AXA Group, AXIS Capital Holdings Limited, BCS Insurance Company, Beazley, Center for Internet Security, Chubb Limited, Cincinnati Insurance Companies, CNA Financial Corporation, Fairfax Financial Holdings, Hartford Steam Boiler Company, Hiscox Ltd., National Association of Insurance Commissioners, National Institute of Standards and Technology, Travelers Indemnity Company, Sompo International Holdings Ltd., Tokio Marine Holdings Inc., and Zurich Insurance Group.