The Disconnect in Cyber Insurance Underwriting
Report Summary
The Disconnect in Cyber Insurance Underwriting
CISOs and CIOs contend that cyber underwriters need to reorient their frameworks to determine whether firms are addressing vulnerabilities.
Boston, September 6, 2017 – For relatively new risks, such as cyberattacks, underwriters in North America lack a solid set of data and information to guide the underwriting process. In fact, when asked, cyber insurance underwriters admit that many of the questions that they ask of firms do not reveal the true nature of the risk they are being asked to underwrite. How are cyber insurance underwriters attempting to address this disconnect, and what do chief information security officers and chief information officers have to say about their approach?
This report examines how cyber insurance underwriters at leading cyber insurance carriers are currently managing the lack of meaningful data during the underwriting process. It is based on 21 Aite Group interviews conducted between September 2016 and November 2016 with cyber underwriting executives and CISOs and CIOs at firms in industries such as consumer packaged goods, financial services, healthcare, manufacturing, retail, and technology.
This 29-page Impact Report contains three figures and two tables. Clients of Aite Group’s P&C Insurance service can download this report, the corresponding charts, and the Executive Impact Deck.