According to Cowbell’s recently released cyber insurance report dedicated to SMEs, Cyber Round-Up, 79% of policyholders believe that cyber insurance is worth the cost. Additionally, 71% of respondents want their cyber insurer to give recommendations to minimize risk exposure. These data points are particularly important given how rapidly the cyber insurance, cybersecurity, and cyber threat landscapes change. Specifically, like cybersecurity vendors, cyber insurance providers need to keep pace with the ever-evolving criminal tactics. In the past, cyber insurance applications involved lengthy applications, ambiguous coverages, and no customer contact until a breach actually occurred. This approach simply does not work anymore, but underscores the importance of continuous underwriting. 

Continuous underwriting as a concept is not unique to cyber insurance. It has a historical precedent in other lines of insurance, to include workers compensation insurance and life insurance. What is different for cyber insurance, however, is how quickly risk changes. For other lines of insurance, risk can be assessed with decades of historical data and change on a monthly basis at most. For cyber, risk can change daily. With the rapid evolution of technology, cyber insurance needs to depart from the way things have been done in the past, and become more dynamic and progressive to outpace cyber criminals. 

Continuous risk assessment, or reassessing one’s risk profile on a continuous basis is a required and foundational component of continuous underwriting. Therefore, continuous underwriting and continuous risk assessment go hand in hand. 

Underwriting using up to the moment data collected when quotes and policies are generated directly closes gaps between the dynamic nature of a company’s risk profile and the insurance coverage offered. Once the policy is issued, policyholders benefit from continuous and immediate updates on their risk profile with recommendations and resources to improve their risk profile, reduce their exposures and do the best they can to keep their organization safe throughout the lifecycle of the policy. 

In parallel, if only checking their risks once a year, cyber insurance providers might be overlooking new exposures, security gaps, and types of incidents and lose visibility into their risk portfolio. Furthermore, the additional data collected as part of a data-driven continuous risk assessment process can directly enrich risk aggregation analysis, support predictive risk analysis and even provide visibility into the exposure to systemic risk.  

Overall continuous underwriting presents benefits to all stakeholders in the cyber insurance value chain. 

In order to enable continuous risk assessment, Cowbell Cyber created a set of proprietary multivariate risk ratings , or Cowbell Factors. Through the use of AI and Machine Learning, Cowbell Factors rate businesses’ risk exposure along eight areas, as well as creating a company and industry aggregate. Based on the ratings, appropriate policies can be issued and policyholders are able to better understand their cyber risk. 

It’s worth noting that, at Cowbell,  continuous underwriting is getting better and more refined by the week. Cowbell’s risk pool of 23 million U.S. SMEs, a number that grows daily, is used to benchmark individual organizations and the set of risk signals and data points (1,000 as of Q1, 2022) and is expanding and augmented on a continuous basis.

At Cowbell, we regularly point back to the Cyber Insurance Risk Framework put forward by the NY Department of Financial Services in February 2021 and applaud many of the recommendations made. One example is ”Insurers that offer cyber insurance have an important role to play in educating their insureds about cybersecurity and reducing the risk of cyber incidents.” We take this very seriously. 

Cyber insurance must shift from providing financial coverage when an incident happens to also providing resources to help policyholders improve their risk profiles to prevent further incidents from happening again. Cowbell’s closed-loop risk management is especially useful on this front, with applications and benefits extending beyond continuous underwriting. It is clear that Cowbell is offering continuous underwriting and continuous risk assessment. Moreover, Cowbell is offering a continuous process of risk improvement. This is what is most important when it comes to cyber resilience.

Get Your Individual Risk Assessment (button)

With Cowbell Factors, Cowbell is not only able to continuously underwrite risk but also enable businesses to continuously improve their risk profile. We invite all organizations to get their risk ratings and enter a virtuous cycle where they will continuously understand where their cyber risk posture stands in comparison to peers as well as what to do to improve and remediate cybersecurity weaknesses.