This article was produced with Munich Re US.
Gia Snape of Insurance Business sat down with Paul Needle, senior vice president, cyber treaty underwriter at Munich Re US, to discuss the importance of a strong feedback loop between claims, actuarial, and underwriting teams in facilitating a stable and resilient cyber re/insurance market.
As cyber threats increase in sophistication and frequency, the need for collaboration among key players—underwriting, actuarial, and claims—has never been more urgent.
An organization’s industry's ability to develop strong communication and feedback mechanisms can be critical in managing risks and ensuring stability in the market, according to Paul Needle (pictured), senior vice president, cyber treaty underwriter at Munich Re US.
The main stakeholders of the cyber ecosystem include underwriting, claims, and actuarial teams, but it's also essential to recognize external contributors such as digital forensics and incident response teams, who are on the front lines, and data breach coaches, who are also crucial in the cybersecurity ecosystem.
“The feedback loop within cyber insurance companies is vital to improving the process, while everyone understands its importance, the real value lies in refining how we implement it,” said Needle.
Cyber insurance carriers will derive consistent and timely risk indicators by implementing a common vernacular in their own internal feedback loop leading to efficient and scalable operations.
Underwriting, actuarial, and claims teams all play essential roles in cyber insurance. Within cyber insurance companies, these teams, though distinct in their functions, should work in tandem to develop accurate risk assessments, price policies appropriately, and respond to claims efficiently.
Threat actors, technological advancements, complex supply chains, and regulatory changes create a dynamic risk landscape for cyber insurers. A feedback loop founded on structured data will position cyber insurance companies to react quickly in a shifting environment.
“If cyber insurance carriers can structure their claims data in a way that is sustainable over time, it could reduce volatility across the entire line.”
Actuary models are based on data consistency. Any change in data input will affect the output. Consistent and structured claims data to compare with detailed underwriting strategy over time may empower actuaries to differentiate development patterns and loss distribution.
The goal isn’t to eliminate cyber risk but rather create a reasonable level of assurance in anticipating risk and reacting to trends effectively. Efficient reaction and anticipation starts with a structured feedback loop that matures over time.
An insurance company’s ability to aggregate claims data on how threat actors exploit vulnerabilities with tactics, techniques and procedures is crucial to their ability to predict trends in both the threat landscape and the cyber insurance market,” he said.
The need for cyber insurance claims, actuary, and underwriting teams within an organization to collaborate effectively in defining documentation objectives is an important factor in closing communication gaps in the cyber re/insurance ecosystem. With support from underwriting and actuary, claims teams should consider a proactive approach in defining specific data points to capture. Understanding why the data is necessary and how it’s used helps guide their claims adjusters.
“A possible solution to establishing a structured digest of claims information that can efficiently be aggregated is to implement a framework that defines how and what information is captured,” Needle said. A simplified version of the MITRE ATT&CK (Adversarial Tactics, Techniques, & Common Knowledge) and VERIS (Vocabulary for Event Recording and Incident Sharing) frameworks could be utilized in the formation of critical data points. Aggregated claims data structured in this type of format can increase correlation confidence between loss mitigation and underwriting controls.
While techniques and sub-techniques vary by adversary, the basic tactics deployed in cyber attacks, regardless of industry or size, have been relatively uniform. Capturing data based on tactics will create consistency for actuarial pricing models. Viewing risk along a cyber kill chain will add granularity for underwriters in determining probability and impact. Trend analysis developed with input from claims, actuary and underwriting, all utilizing a common vernacular, will add material insights for portfolio steering.
An added complication is the ability to obtain information through data breach coaches employed by the insurer on behalf of the insured in the course of a claim. Often, information collected during forensic investigations is protected by attorney-client privilege and the work product doctrine, limiting what can be shared with insurers. One possible solution could be for a cyber insurance company to partner directly with their digital forensic and incident response firms outside the tripartite relationship (insurer – data breach coach – insured). In this scenario, the insurer could potentially receive aggregated, anonymized, structured data points to augment their own claims data. An industry-wide recognized standard like MITRE ATT&CK or VERIS can simplify the ask and provide structure in requesting anonymized data on a regular basis.
Reinsurers provide additional sources of collaboration for cyber insurers. Part of this collaboration is with underwriting and claims audits, not merely as a formality but as an opportunity for both sides to learn from one another. Audits present opportunities for reinsurance carriers to further supplement the feedback loop. Discussing the flow of structured data in claims and underwriting audits invites dialog leading to enhanced iterations of the insurance carrier’s feedback loop.
Tracking data in a consistent manner throughout the feedback loop will provide key risk indicators for underwriters in a timely manner. Loss correlation with underwriting controls will promote precision adjustments rather than large changes in strategy, and monitoring results will lead to stronger iterations of the feedback loop. All of which is dependent upon the level of collaboration within the claims, underwriting and actuarial units of an insurance company.
“The goal is to reduce volatility,” Needle said. “As we better manage our portfolios, based on quantifiable data, it allows us to refine our approach and limit swings in cyber insurance pricing and underwriting."
Stability and consistency in the primary markets founded on structured data that is tracked and correlated to underwriting strategy can attract additional capital and competition in both reinsurance and insurance creating a healthy and stable cyber insurance market.
Learn more about Munich Re US’ cyber solutions here.
