Just like other insurance markets, subjectivities have become a staple of cyber insurance. When a cyber insurance underwriter issues a quote to the broker and insured, there may be additional requirements that must be met before the policy and coverage are activated. The management and resolution of these subjectivities creates friction for all stakeholders involved. It takes longer for insureds to obtain coverage, for underwriters to collect premiums, and for brokers to earn their commission.
The problem with subjectivities is not that they exist, it’s that they take too long to resolve. Cyber risk is so dynamic that it’s hard for the market to completely eliminate them. Once a broker gets a feel for the subjectivities defined by most underwriters, that trend can easily shift as new risks and threat actor behaviors emerge.
The current state of subjectivity management hurts the growth of the cyber insurance market. Inefficiencies in the underwriting process put pressure on limited resources available to deliver coverage and frustrate customers who have already spent a lot of time and effort preparing for underwriting.
Therefore, it’s essential to rethink subjectivity management to ensure that the cyber insurance market can achieve its potential.
Rethinking Subjectivity Management
When the topic of subjectivity management comes to mind, some of the most common words to describe it are: manual, overwhelming, perplexing, and messy. This is not a good look. That’s because the process relies on heroic efforts that are hard to repeat every time.
The first step, defining the subjectivities, is based on past experience and judgment. Although there are a lot of underwriters and brokers skilled at assessing cyber risks, there simply aren’t enough for the industry to create a consistent experience for policyholders. Even if there were, the human mind isn’t capable of processing the vast amounts of data needed to stay on top of the myriad issues that drive cyber risk. As a result, subjectivities that don’t meaningfully reduce cyber risk can’t be prioritized.
Next, underwriters and brokers rely on slow and unreliable channels for resolving subjectivities. This collaboration is typically done via back and forth emailing. Unfortunately, emails can quickly become outdated and easily lost in inboxes. An underwriter will never know the actual state of subjectivity resolution since the broker can’t constantly send updates, and the broker can’t constantly check on their client.
And while these subjectivities are getting resolved, and coverage is placed, it does come at a cost. Everyone in the process spends too much time trying to figure out where they are and what to do next. This issue gets compounded with every additional insured that is quoted with subjectivities—thus creating an administrative burden that limits productivity.
Introducing Action Plans
To enable the cyber insurance market to resolve subjectivities as fast as possible, SecurityScorecard is introducing Action Plans.
Action Plans can drive a fundamental shift in subjectivity resolution with:
- Data-driven selection and prioritization of subjectivities. Using machine learning, SecurityScorecard identifies the issues that are predictive of breach and ranks them according to impact.
- Real-time visibility of resolution by all stakeholders. The SecurityScorecard platform offers a shared collaboration space where all stakeholders can stay equally up to date on progress, allowing issues or roadblocks to be communicated.
- Scalable workflow for managing the resolution of multiple insureds with pending subjectivities. This holistic view of the status of all subjectivities helps underwriters, brokers, and insureds know where their attention is needed to drive resolution.
Watch this demo video to see how Action Plans work.
With Action Plans, SecurityScorecard wants subjectivity management to be seen as an easy, transparent, dynamic, and coordinated process. as a process that is easy, transparent, and coordinated. Action Plans are available today. To learn more, contact us to schedule a live demo.