This article was provided by Coalition.
Adapting to deliver quality insurance at speed has been a challenge for insurance providers.
Traditional insurance organisations have gathered data using manual processes, resulting in a significant lag between what they have collected and what is happening in real time. This delayed approach has hindered the industry’s ability to provide speedy quotes and other services. In fact, a recent Gracechurch UK Insurers Monitor report identified speed of response as the most critical improvement area for insurers in the next year.
Fortunately, the entire market has recognised that speed must be a guiding principle throughout the policy lifecycle. And that data and technology are key. That’s why organisations like Coalition have created a new approach: Active Insurance, an insurance policy built with data and technology. This new method can help the industry make massive strides to improve the speed of quoting a policy, speed to improve policyholder defences, and speed to deliver meaningful coverage.
Cyber insurers need considerable data on their insureds to accurately quote and underwrite a policy. Determining an individual organisation’s risk from the outside has traditionally been very difficult. This approach often requires insurers to send a policyholder a long list of difficult-to-answer questions to gather knowledge about the organisation’s risk. This makes quoting and binding processes unacceptably slow and also results in inaccuracies if the organisation incorrectly self-reports information.
To hasten this process, Coalition has put data at the centre, not only collecting it but actually implementing it in ways that help the insurer, broker, and policyholder better understand cyber risk. We perform external security scans on all our insureds before and during their policy periods to check for open vulnerabilities and other security weaknesses.
Our risk assessments help policyholders understand their existing security posture and learn where to reinforce or strengthen their defences. This allows Coalition to identify potential issues that organisations can then fix to improve their insurability, receive an accurate quote, and quickly bind a policy.
Cyber threats move at speed, so cybersecurity services offered by insurers must do the same. Policyholders need a risk management platform that helps them detect, assess, and mitigate their cyber risk. Policyholders should be able to access the most up-to-date data on their organisation’s security posture, including critical security issues and exposures or vulnerabilities that leave them open to attack. While most insurers only offer organisations a view of their risk profile during quoting and see risk assessment as the final step, Coalition empowers organisations to see how their risk evolves in real time.
Through Coalition’s award-winning cyber risk management platform, Coalition Control™, we continuously scan and monitor any organisation’s evolving risk posture. Control™ provides an actionable, ‘hacker’s eye view’ of the organisation and its vendors’ cybersecurity postures to alert them to any cyber threats to their networks.
A strong risk management platform should also give policyholders the information needed to quickly resolve any security risks it has identified. At Coalition, we do this by providing personalised alerts to critical issues and active threats, helping policyholders prevent threats from escalating into full-blown incidents. Through explanations of the concern and recommendations for how to remediate it, improving security defences becomes more efficient. Coalition also offers a team of security analysts that policyholders can contact for support should they need aid in remediating a concern.
Nobody expects to be the victim of a ransomware attack, a funds transfer fraud event, or a data breach. But, once an incident occurs, policyholders need to know they have a team of experts they can rely on to help them figure out what happened — and what needs to happen next.
Insurance providers must deliver security alerts at speed to help organisations combat a threat. Threat intelligence services linked to cyber insurance must also move at speed. With any cyber incidents, time matters, and the timeliness of an organisation’s response to a cyber threat can be the difference between a non-event or widespread, persistent access to all parts of the network.
Monitoring and investigating threats that could impact policyholders and alerting them in time for them to do something about them can be the difference between remaining secure or experiencing an attack. Real-time alerts are critical for preventing incidents.
Every second counts when dealing with a cybersecurity incident, and speed on both sides matters. If something is suspicious, a policyholder should report it to their insurer immediately. In return, an insurance provider’s claims and incident response teams must respond quickly to help minimise the damage and restore normal business operations as soon as possible.
For example, threat actors hit one Coalition policyholder with a ransomware event over a weekend. Because the company had viable backups, its IT consultant was able to format the server and restore the files with no issues. However, they did not further analyse the breach to identify the root cause or report the matter to Coalition’s claims team.
Two weeks after the initial event, the threat actors used the same access vector to re-encrypt the network, taking care to also access all backups. The organisation had no choice but to pay the ransom to recover its data. This real-world example demonstrates that even if you think you have resolved the incident, reporting it swiftly to the insurer is still crucial for the short and long term.
Cyber risk moves quickly and evolves, and it’s our job as coverage providers to stay on top of that and respond just as quickly to better support brokers and policyholders.
As traditional insurers evolve to improve their understanding of sophisticated and swift cyber risk, they have also evolved to generate more accurate quotes, improve policyholder defences, notify them of security concerns, and deliver meaningful coverage. With Coalition’s Active Insurance, risk assessment, protection, and response are all built into a policy. These characteristics are paramount to being a world-class cyber insurance provider and will lead the future of managing—and preventing—cyber risk.
For more information on Coalition, click here.