A Holistic Approach to Cyber Insurance: Why Having a Cyber Risk Engineer in Your Pocket Goes a Long Way in Security
Businesses today are becoming all too familiar with the never-ending cyber insurance application. Risk management executives and their insurance brokers might find they’re filling out question after question on cybersecurity controls before carriers will even consider offering coverage.
Increasingly frequent cyberattacks in recent years caused many carriers to become more discerning when selecting the risks they underwrite. Many have raised rates and tightened terms and conditions in order to remain profitable. Global cyber insurance prices increased 28% year-over-year in the fourth quarter of 2022, per reporting from the Wall Street Journal. These rate hikes come after a 48% increase in Q3, compared to the previous year, and a 79% increase in Q2.
“We saw a rapid hardening of the market conditions with a contraction of terms and conditions, contraction of limits and massive increases in prices,” said Jamie Schibuk, EVP of PL & Cyber at Arch Insurance Group Inc.
In addition to helping carriers decide what risks they want to underwrite, these questionnaires offer carriers data on potential clients’ cyber exposures. When paired with cyber risk engineering, insurance applications can provide insurers with a starting point for helping clients improve their cyber risk profiles — potentially preventing attacks and leading to a more profitable line in the long-term.
“Clients today are answering, in many cases, in excess of a hundred different security control questions as part of the application for insurance,” Schibuk said.
“Through that process, we’re getting a really great view into their security controls, understanding where they’re strong and where they may have deficiencies, to the extent that we can identify where there’s opportunities for improvement.”
What Is a Cyber Risk Engineer?
Cyber risk engineering is the process of improving a company’s cyber exposures in order to make their business more attractive to potential carriers. Insureds can access these services through carriers, like Arch Insurance, which use the cyber insurance application process as a stepping stone for assessing exposures.
“A lot of what we’re doing is based upon the information that we’re already getting as part of the application process, and then we use that information to consult with the client and make recommendations and provide potential solutions that could help them improve in certain areas, making them a better risk,” Schibuk said.
Once a client fills out an application, Arch’s team of cyber risk engineers reviews it to see whether there are any security controls the company could implement to make them less vulnerable to cyberattacks.
Starting with the data from an insured’s application, Arch Insurance then seamlessly integrates its risk engineering services, enabling clients to easily access cyber risk management resources and recommending service providers that can help the company implement controls.
Cyber risk engineers go beyond broad strokes of advice and help insureds develop truly customized solutions to their unique problems: “We very much take a consultative and individualized approach to risk,” Schibuk said.
Partnering With Brokers and Clients to Increase Security Controls
Through offering cyber risk engineering services, Arch Insurance works closely with insureds and brokers to make sure they’ve implemented cybersecurity controls that are both cost effective and beneficial to an organization’s reputation.
“Our goal is to really add value both to the broker and to the client,” Schibuk said.
Insureds that act on the cyber risk engineers’ recommendations are able to reduce their cyber risk, enabling carriers to offer competitive insurance rates and fewer restrictions on their coverage. Implementing these controls may also help prevent breaches from occurring, thereby preserving a company’s reputation.
“If you’re able to put these key controls in place, you may get access to more limits of coverage, more expanded coverage,” Schibuk said. “You’re going to be viewed as a better risk overall, so that’s going to result in potentially lower premiums in the future.”
Partnering with a carrier to improve cybersecurity controls can give small- to mid-sized companies access to services they might otherwise be unable to afford or staff in-house. Arch Insurance partners with several different cybersecurity providers, like 24/7 network monitoring services, to offer their clients needed security controls at excellent rates.
“Many smaller companies don’t have the internal security resources to monitor their networks in real time 24/7,” Schibuk said. “So, we partnered with a number of companies that can provide that type of service at a rate that’s more competitive than a company would be able to get if they went out and got it on their own.”
Arch Insurance works closely with insureds and their brokers to find cyber risk solutions to help make their businesses more insurable in the future.
Oftentimes, carriers will decline to provide coverage rather than providing a detailed response to insureds on how to improve their cybersecurity posture. If they do identify needed improvements, they may not recommend service providers. Arch Insurance’s program does both, enabling Arch to build sustainable partnerships with its cyber insurance clients.
“We tried to bridge that gap and say, ‘Here’s what we think you need and here’s actually a quote for it’ or ‘here’s where you can get it at a competitive rate for your client,’” Schibuk said.
“It creates a much closer relationship between the carrier and the client. It’s not just engaging with them at the time of quoting and binding an account; it’s engaging with them in a more holistic way.”
A Cyber Insurance Partner for the Long-term
Arch Insurance is committed to offering individualized cyber insurance and risk management solutions to its clients through its cyber risk engineering support services.
In today’s hard market, Arch recognizes the necessity of taking a holistic approach to underwriting cyber insurance policies. Part of that method includes aiding clients with risk management efforts to make their exposures more attractive to insurers.
“We really saw an opportunity to be a bigger solution provider to our clients in difficult market conditions,” Schibuk said. “We’re not afraid to go after the tougher segments of the insurance market and take a unique approach.”
Clients that take advantage of Arch Insurance’s cyber risk engineering services are able to reap the benefits of an improved cybersecurity posture and cyber insurance program. The company’s effective and efficient cyber risk engineering solutions have helped Arch build a loyal clientele.
“They get to leverage our expertise in reducing their risk and improving their risk profile, but then there’s also a benefit for us in being able to have a more holistic relationship with the client, and we find that then can result in the business sticking with us,” Schibuk said. “We have a relationship beyond the transaction for the insurance.”
To learn more, visit: https://insurance.archgroup.com/north-america/united-states/offering/cyber/.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Arch Insurance Company. The editorial staff of Risk & Insurance had no role in its preparation.