CISO Guide to Cyber Liability Insurance Applications: Think Like an Underwriter

An existential threat is emerging for cyber liability insurance carriers that do not understand how to properly evaluate their insured’s risk.

April 28, 2022 Applications to acquire insurance policies serve two primary purposes. First, they allow underwriters to assess an organization’s risk profile to approve or disapprove an insurance application. Second, they attest to an organization’s cybersecurity posture made on an application to validate that proper cybersecurity controls have been maintained at the time of a claim. Chief information security officers are accountable for properly characterizing their organization’s security posture when applying for cyber liability insurance.

This report looks at questions that underwriters use to evaluate the data protection efficacy of potential customers before binding a cyber liability insurance policy. Aite-Novarica Group reviewed nearly 40 applications for cyber liability insurance, selecting 15 for comparative analysis based on the rigor of their underwriting questions related to cybersecurity. This report will interest CISOs, insurance managers, and underwriters, as security controls are integral to the policy risk rating process.

Clients of Aite-Novarica Group’s Cybersecurity service can download this 16-page Impact Brief. To learn more about the topic covered in this Impact Brief, please contact us at [email protected].

This report mentions AIG, A.M. Best, American Academy of Actuaries, AXA Group, AXIS Capital Holdings Limited, BCS Insurance Company, Beazley, Center for Internet Security, Chubb Limited, Cincinnati Insurance Companies, CNA Financial Corporation, Fairfax Financial Holdings, Hartford Steam Boiler Company, Hiscox Ltd., National Association of Insurance Commissioners, National Institute of Standards and Technology, Travelers Indemnity Company, Sompo International Holdings Ltd., Tokio Marine Holdings Inc., and Zurich Insurance Group.

Related Content

Cyber Risk Scoring and Modeling: Overview and Prominent Providers

Get Summary Report

"*" indicates required fields

This field is for validation purposes and should be left unchanged.