Insurtechs and cyber insurance as a whole have been battle-tested over the past 12 months, and 2023 is expected to be another formative year for the industry.
As we approach the year’s end, we spoke to experts at Corvus Insurance about the tech innovation trends, insurance underwriting, the cyber threat landscape, and the cyber insurance market at large for the coming year.
#1 Insurtech 2.0 will focus on data and technology to mitigate risk for policyholders
“Looking ahead to 2023, the “insurtech 2.0” landscape will continue to mature, with companies focusing more on profitability and honing in on areas with the biggest gap between customer needs and current capabilities. We see huge demand paired with limited supply; a result of relying on traditional questionnaire-based methods to gather data for underwriting. These methods have failed to appropriately quantify risk, leading to a chain reaction of underpricing, losses, and market pullback. An insurtech 2.0 approach will leverage the data and technology to properly assess and price risk and even go beyond the insurance application to help proactively mitigate risk for policyholders.
Insurtechs will also need to assess risk from a global perspective, especially when it comes to cyber. By leveraging data from varied sources — including not only claims but also automated scans of organizations beyond the book of business, as well as data from inside the firewall gathered through partnerships with cybersecurity vendors — insurtechs can gain a more comprehensive understanding of where cyber risk is headed and help keep policyholders safer from threat actors.” Madhu Tadikonda, Chief Executive Officer
#2 Expect continued growth and heightened demand in the global cyber insurance market.
“As threat actors and their attack vectors evolve along with the changing cybersecurity landscape, we can anticipate that the demand for cyber insurance will continue to grow on a global basis. With the global cyber insurance market forecasted to triple in size by 2027, it's critical for cyber insurers to possess the infrastructure, resources, and coverage capabilities required to meet this demand. At the same time, providers will also need to overcome challenges related to capacity, since coverage supply continues to lag behind demand — creating greater opportunities for the insurance-linked securities (ILS) market and other forms of alternative capital.”
#3 Insurance-linked securities and cyber insurance markets will work together more closely.
“With digital security now at the forefront for business leaders and organizations, the insurance-linked securities (ILS) market is beginning to look to cyber insurance as an area of opportunity for 2023. Although ILS markets have largely been used for property catastrophe claims and historically have not had the same level of cyber awareness as traditional reinsurers, this is changing rapidly. The market is beginning to emerge as a potential new form of capacity that can help meet rising coverage demands in many jurisdictions. This will help to ease the pressure felt by cyber insurers, in addition to creating opportunities for enhanced security protections and coverage capabilities.” Lori Bailey, Chief Insurance Officer
#4 In light of rising premiums, insurance underwriting will be forced to adapt in 2023
“Forward-thinking cyber underwriters are already using data analytics to inform their underwriting decisions. However, these tools and datasets must keep improving to keep pace with dynamic cyber risks. By enhancing risk selection through threat intelligence expertise and encouraging proactive policyholder engagement, underwriters and their teams can help policyholders mitigate cyber threats. The current challenge for cyber underwriters will continue in 2023: to stay ahead of cyber criminals looking to exploit their targets’ vulnerabilities. In order to be successful at risk mitigation, this challenge requires a multifaceted strategy with input from data scientists, cybersecurity experts, and breach response specialists.” Mike Karbassi, Chief Underwriting Officer
#5 Digital transformation will continue to create challenges for cyber insurers
“I expect the volume of virtual-first business operations to increase in the year ahead. In turn, cyber insurers will need a deeper and more dynamic understanding of organizations’ cybersecurity risks and IT systems in order to reduce cyber risk and build resilience. By partnering with third-party cybersecurity solutions providers, insurers will gain greater risk insights and leverage these to set new expectations for potential policyholders and help raise their cyber posture.
As digital transformation initiatives accelerate throughout the next year, more organizations will also migrate to cloud-based IT environments. As a result, they must be prepared to face the new challenges in managing and mitigating the cyber risks that accompany digitization. Threats can come in the form of sophisticated ransomware attacks or even basic business email compromise (BEC) attacks — both of which can cause debilitating harm. In the new year, building cyber resiliency will be a critical priority business leaders won’t be able to ignore. This can take a variety of forms, from developing larger initiatives and partnerships with insurtechs — to understand threat patterns and improve cyber risk assessments for the long-term — all the way down to building cyber skills through regular employee training.” Vincent Weafer, Chief Technology Officer
#6 Data sprawl and borderless networks will necessitate the need for true risk quantification of security controls.
“The 2023 cybersecurity landscape will continue to see the ripple effects from significant changes in the threat landscape throughout 2022. The fallout from the Russian invasion of Ukraine, the rising threat of multi-factor authentication bypass attacks, and an increase in hacktivist groups will shift how organizations view risk — a view that has been shaped over the last five years, primarily by ransomware.
The shift in the threat landscape is amplified by changing external security parameters. An organization’s boundary is no longer defined by its office network location. The external boundary is now amorphous. It extends to the user account, third parties, and wherever the organization’s data resides. We have entered a time in which networks are formless and data sprawl is near limitless.
This borderless nature of networks, coupled with a threat landscape that is less predictable, necessitates the need for true risk quantification of companies’ security controls now more than ever. With that, I expect to see more investment in quantifying cyber risk. This will drive better collaboration and data sharing between security companies. Cyber insurance carriers will lean into partnerships with technology companies to fuse security data with insurance and risk modeling insights. The net result is more accurate risk quantification, which will in turn help keep policyholders safer.” Jason Rebholz, Chief Information Security Officer