Technology, transformation, and telematics: why this is the future of cyber insurance

April 18, 2024

By Emma Denny, Underwriter & UK Team Lead, Cyber

As insurers look to find new ways to understand the risks we underwrite, telematics represents an opportunity to make significant strides forward. Defined in an insurance context as the use of devices to record, transmit, and collect risk-relevant client data, telematics is already proving its value in personal lines, particularly automotive.

Through black boxes installed in vehicles to monitor driver behavior, motor insurers gain a more granular understanding of risks, enabling them to tailor policies and pricing to the individual. Risk mitigation is rewarded, since consumers who adopt safer driving habits stand to gain from lower premiums. It’s a win-win scenario.

How can such potential benefits translate to commercial lines? Cyber risk is an obvious candidate, given the need for data-driven underwriting to truly understand the breadth of exposure and shape more accurate, detailed modelling. The attraction of expanding the application of telemetry to observe the internal cyber risk state is a clear advantage for cyber carriers, compared to the current state of underwriting. It’s a toolkit to help quantify risk, narrow the information gap, and equip underwriters to make objective, more informed decisions on pricing and risk selection.

Internal network telemetry in a cyber context is data collected to monitor performance, availability, and security of controls across an entity’s IT network. There’s a substantial amount of observable data points to measure cyber-risk exposures across security tools, systems, applications, and the cloud. This makes it a good fit for telemetry-driven underwriting.

Technology has evolved, enabling internal networks to be monitored today without the need to install software or carry out expert inspections. Carriers with the capability to effectively analyze collected data can gain a clearer view of individual risks, allowing for more accurate assessments and risk selection. For clients, this unlocks the potential for tailored insurance solutions with risk-based, rather than market-based, terms and conditions.

This is a pertinent point for insurance buyers, as it offers the prospect of at least partial insulation from market volatility and a smoothing of the underwriting cycle’s peaks and troughs. In turn, that carries significant value in a market characterized in recent years by large price swings driven by a ransomware epidemic, an increasing focus around systemic risk, and the ever-evolving regulatory environment. The inclusion of telematics in the underwriting process also adds a strong risk-management element to the risk-transfer transaction an insurance policy has traditionally entailed. Network-data monitoring can expose system vulnerabilities in real time—leading to actions that can prevent costly cyber events from happening in the first place.

From an insurance perspective, this approach drives good risk selection and naturally attracts clients that place risk management at the fore, improving engagement with insurers and helping foster a proactive approach to risk through ongoing monitoring. It also helps insurers diversify their portfolios, moving away from the traditional approach of declining a specific industry vertical due to its loss history, and instead considering clients on their individual merits. It’s an approach that attracts best-in-class clients and drives growth in industries that have previously been overlooked by insurers.

From a reinsurance perspective, there’s an increasing appetite for complex discussions surrounding systemic events. The data-driven nature of this topic lends itself to insights captured by telematics to better understand technology dependencies, connections, and vulnerabilities across the portfolio, helping better inform aggregation management. Network telemetry provides valuable risk insights that enable re/insurers to manage their portfolios and improve the quality of underlying risk exposures on an aggregate level.

In tandem with the threat landscape, cyber products have swiftly evolved to address client needs—with the inclusion of “unplanned outage” language, the “operational error” trigger and coverages such as “crypto-jacking.” Question sets for clients cover key topic areas, including system failure and the unlawful collection of data. Currently, these segments of coverage actually pose challenges when using telemetry—highlighting the importance of combining traditional underwriting methods with a network-based approach to better understand an entity’s governance and risk culture.

At Mosaic, we fundamentally believe the premise of underwriting needs to shift—to move away from static questionnaires, subjective risk selection, and top-down portfolio risk management to a more dynamic, transparent, objective view. Not only can this deliver deeper portfolio-level insights to mitigate against systemic risk, but it also helps us better understand technology dependencies and single points of failure.

Last year, we teamed up with Safe Security, a pioneer in the cybersecurity risk-quantification and management field. The platform aggregates data across public cloud, software as a service (SaaS), and cybersecurity tools to provide visibility of various attack surfaces via read-only APIs. This “inside-out” assessment helps clients and Mosaic identify critical risks within an organization’s operations; we integrate the telemetry into our underwriting to create a more accurate view of risk that delivers a client’s live security posture and helps us develop solutions.

The Mosaic x SAFEinside partnership reflects what we hope to achieve with clients on a long-term basis—allowing our underwriting teams to tap into more granular data and directly correlate cybersecurity status with pricing, policy terms and conditions. The combination of outside-in scans, integrated questionnaires, inside-out telematics, and continuous monitoring should result in a far more robust risk understanding, benefiting both us and the client.

We believe this kind of multi-faceted approach represents the future of cyber insurance as a whole. Moving away from traditional, purely annual models and towards greater, longer-term collaboration between clients, brokers, and insurers promises to not only drive more accurate modeling, but also provide more tailored, suitable solutions for clients.