Insurers have struggled to find a common baseline to measure cyber risks. Changes in technology, hacking and other data security risks and the shifting legal landscape concerning liability for data breaches have made the terrain particularly uncertain. Because of the unique and changing nature of cyber risks, current risk models used for pricing and measuring risk aggregation do not provide the level of confidence insurers want and need. To date, most insurers have used internally-developed and proprietary models that rely on insureds’ responses to application questions that vary widely, and other data collected and stored in a non-uniform fashion. That variation, added to the continually evolving nature of cyber risks, impairs an insurer’s ability to accurately (a) price the risk for insureds, and (b) gauge the appropriate level of cyber risk in its overall portfolio – potentially limiting capacity.
InsurTech
