We’ve reported on AON’s new cyber risk report with posts including one on the drop in ransomware payments made by clients of the cyber insurance broker. Another element of the report that struck us as interesting: details on AON’s “Cyber Quotient Evaluation (CyQu), a patented global cyber e-submission platform,” the key part of the broker’s cyber insurance intake process.
Cyber Insurance Intake Process Benchmarks Client Security
Cyber insurers are using more and more sophisticated technology for their cyber insurance intake processes, underwriting controls and continous risk mitigation. One interesting recent example is a solution that identifies the presence of leaked data online to predict claims by cyber liability insurance customers. Now AON reports its CyQu assessment “evaluates risk across 35 critical controls within nine security domains, providing insights into significant risks and control effectiveness (and) benchmark(ing) over 10,000 clients and has 20,000 client users.”
The broker explains its system “transcends traditional paper applications by providing peer comparisons and security control benchmarks as part of the submission process. It uses analytics and a comprehensive evaluation framework to offer detailed insights into cyber risk posture, enabling vulnerability identification and risk mitigation prioritization.” 65 cyber insurers accept the CyQu process, according to AON.
Cybersecurity Insurance Intake Process
With the proliferation of often complex cyber security standards (AON says its system is mapped to ISO and NIST frameworks) and constant increase in the number and variety of cyber threats, even large, sophisticated insurance customers benefit from threat and controls analysis from their cyber insurers. For many smaller companies, their broker and/or insurer probably provides far more valuable cyber security analysis and advice than their own IT teams. As with fire safety and other traditional risk areas covered by P&C insurance, de facto minimum standards for cyber security will increasingly be dictated by the insurance industry and its intake, underwriting and continous monitoring systems.
RELATED CYBERSECURITY INSURANCE INTAKE PROCESS NEWS:
