AI AND ML MODELS
AI and ML adoption will help cyber insurers bring about a force multiplier effect.
It will delineate focus areas as against perusal of low-priority areas, bringing efficiency. This will allow insurers to scale their underwriting operations and target volumes in the cyber insurance market. AI and ML models, along with relevant data, will help cyber insurers address challenges facing the industry.
Accelerate cyber underwriting with computer vision and NLP
Insurers manually process large volumes of applications, and cyber policies lack common standardized definitions for security terms. This leads to unintended coverage exposure or misinterpretation by customers, resulting in silent cyber – unknown exposure created by a cyber peril that has not been explicitly excluded.
Computer vision can extract and interpret data from applications, which can be processed through natural language processing (NLP). This would provide the means to validate the inclusion of relevant security terms and exclusion clauses, accelerating the underwriting process. For example, sentences can be identified and classified based on known clauses or verbs such as ‘will cover’ and ‘not incur’, helping streamline manual reviews.
Cyber policies are fairly consistent with respect to coverages and exclusions. The International Underwriting Association (IUA) has developed exclusion clauses to standardize them even further. This along, with their existing portfolio of policies and cyber inclusions or exclusions in other lines of business (such as commercial property and commercial general liability) can serve as training data for AI models. AI automation will enable performing reviews at a higher scale in place of time-consuming manual reviews. Using AI will help insurers eliminate coverage overlap and improve the overall quality of underwriting.
Enhance risk assessment through AI automation
Insurers use questionnaires to collect data related to data handling, incident loss history, security measures, and so on. Their corporate customers follow security standards such as International Organization for Standardization (ISO) 27000 information security standards and Secure Controls Framework. Cyber insurers must use these details and customers’ risk exposure based on size, industry, and so on as inputs to models.
Leveraging these inputs, supervised learning models can understand customers’ IT environments and determine the risk level of their portfolio. Decision trees or support vector machines can be used for more complex data to classify the risk profile with boundaries. This would enable insurers to correlate risk factors and classify them to obtain insights such as the likelihood of attacks and attack patterns and offer an optimal coverage. AI and ML model outcomes can automate assessment of the customers’ risk profile and augment manual risk assessment.
Improve cyber risk pricing to reduce premiums
Currently, the lack of standardization in pricing models and information asymmetry between the insurer and the insured are the primary reasons for higher premiums. Further, premiums are based on the base rate and factors such as revenue range, industry risk category, security weightage score, and so on. Pricing for cyber insurance is often too high because risks are broadly categorized. Unsupervised learning models, such as Markov and Markov with clustering structures, will help insurers improve pricing by considering customers’ threat exposure, network structure, and endpoints.