Can we predict where cyber claims might emerge?

Data culled from external scanning systems and other tech tools can help insurers improve underwriting by showing where cyber claims might emerge.

But only if the companies develop methods for making proper use of that data, said a recent Gallagher Re report Can Scanning Technologies Predict Claims?

Systems designed to scan for risk scrape data on specific regions, economic sectors and other factors to assemble risk pictures beyond what insurers might gather from questionnaires conducted with their insureds. This data is often then run through algorithms and machine-learning tools to try and predict claims trends.

That can help risk managers work more efficiently by providing them with more comprehensive data sets. Beyond cyber risks, the scanning systems have been applied to fire, explosion, NatCats, intrusion and theft, storage sites and other areas.

The downside, though, is the systems often scrape so much data (as well as duplicate data) that interpretation becomes difficult. Over time, the report noted, AI and other filtering systems will help insurers sort the wheat from the chaff.

Despite present challenges, though, Gallagher’s research determined current scanning systems can help insurers spot the highest 20% of risks that can lead to claims.

“Despite only a small percentage of external scanning data being predictive of claims,” the report said, “it appears to be an invaluable tool for underwriters, capturing complementing aspects of a company’s cybersecurity posture to questionnaires and evidencing whether insureds are applying their security policies in practice.”

Among carriers now using scanning systems, a small number are moving away from using overall scores as a check on underwriting decisions – and towards “working with ‘risk factors’ and individual data points for targeted and repeatable/automated decision-making.”

But that minority is growing, said Gallagher.

“This marks an evolution in how insurers are using scanning data for risk selection…,” the report said. “This targeted use of the data lays the foundations for insurers to circumvent insignificant data and focus on only data that adds value.”

Right now, the report said, web security remains a material driver of cyber claims.

“Web security aims to represent the security posture of an organization’s external web presence, highlighting use of outdated protocols, poor certificate management practices and exposure to web-based attacks,” it added.

Examples include cross-site scripting, where an attacker impersonates a victim by using malicious web code on the client side; and man-in-the-middle attacks, where someone intercepts traffic between a client and a web server to capture login information or other sensitive data.