July 14, 2023 — IN 2022, Gallagher Re built a machine-learning model and combined it with historical data to better understand which elements of external scanning are more predictive of cyber insurance claims at the point of underwriting.
The broker said in a recent ‘Cyber IQ’ report that it found external scanning excels at identifying the worst 20% of risks, which appear more likely to suffer a cyber-related insurance claim.
External scanning is a term used for collecting and analyzing data from outside sources to assess and manage cybersecurity risks. It involves using technology and tools to gather information about potential risks, vulnerabilities and attack vectors that could harm an organization’s digital assets.
Gallagher Re said the use of external scanning technology is evolving rapidly in the insurance industry.
Insurers leverage the tool to enhance risk analysis, refine underwriting processes and manage cyber threats.
While challenges exist, insurers who strategically integrate external scanning into their operations stand to gain a competitive advantage in providing accurate and sustainable cyber insurance coverage, the broker said.
By leveraging machine learning algorithms and combining cybersecurity ratings with firmographic and claims data, the research shows that certain ‘technographic’ data — such as web security, patching cadence and port security — hold promise for assessing cyber risks.
Gallagher stressed that it is important to only use external scanning as a complementary tool alongside traditional underwriting questionnaires.
It said external scanning gives insurers the same data that attackers use to choose and breach targets, allowing them to understand how security protections are applied in practice.
“With real-time input, insurers may proactively identify developing risks, assess portfolio exposures, and assist insureds in limiting possible threats before they become claims,” the broker said.
It said the adoption of external scanning technology does come with some challenges.
Gallagher said insurers must carefully evaluate vendors and their methodologies to ensure data reliability and accuracy. The complexity of combining data, limiting false positives and dealing with enormous amounts of information all offer challenges to obtaining valuable insights, it said.
Additionally, integrating technology into existing systems and overcoming legacy infrastructure limitations require investment and strategic planning.
The broker said that despite these challenges, insurers recognize the value of external scanning in improving risk selection and attack management capabilities.
According to its research, insurer capacities will split in 2023 with an increasing minority of carriers employing scanning data for focused risk analysis and decision-making and the rest focusing on integrating technology into existing processes.
According to Gallagher, insurers will see ‘attack management’ become a routine element of their cyber insurance services, allowing them to identify vulnerable insureds and provide proactive risk reduction advice. Insurers with close relationships with their insureds will profit the most from the new technology.
(For more independent coverage of Canadian p&c industry news and trends, please choose the ‘Subscribe’ tab on our main page or email mpub@rogers.com for more information).