Estimated reading time: 10 minutes
Cyber insurance underwriting is changing. The old way, where applicants just checked boxes and signed forms, is being replaced by a need for real proof. This change was the main topic in a recent Cyber Insurance News and Information Podcast with Jessica Newman, Global GM of Cyber Insurance at Sophos. Newman explained that the market now wants faster decisions, better data, and more trust in the security measures buyers say they have.
For a long time, cyber insurance followed a set routine. Applicants filled out long questionnaires, underwriters checked the answers, and brokers helped buyers understand the technical terms. Carriers set prices without seeing much of what happened inside company networks. This approach helped start the market, but it also left important gaps.
These gaps are important because cyber risks can change fast. A business might face a new threat late at night, on a holiday, or right after a software update. Annual applications only show a moment in time, but attackers do not wait for renewal season. That’s why having proof of risk controls is now so important. The market wants to see that companies have the right protections, set them up properly, and use them well. On the podcast, Newman highlighted managed detection and response (MDR) telemetry as a useful way to show this proof. She made it clear: underwriters need better information, and buyers want a smoother process. Companies that can offer both may lead the next stage of cyber insurance underwriting.
Find The Podcast Here
Why The Questionnaire Model Has Reached Its Limits
Questionnaires are still useful during this transition. They collect basic information, highlight common security measures, and provide a record for underwriters. But as the market changes, relying on self-reported answers is not enough. The industry now needs more precise tools.
A checkbox can show if a company has multifactor authentication, but it does not prove the control works everywhere. A form might say a company uses endpoint protection, but it cannot show if anyone is watching alerts late at night or during holidays. This difference matters because cyber insurance risk depends on what companies actually do, not just what they plan.
Newman put the issue in simple terms. Carriers do not want to just hope for the best. They want proof. They want to know if the insured company fixed vulnerabilities, responded to important alerts, and put key protections in place in a real way. That is the difference between just having paperwork and having real evidence.
This shift also shows that the market is growing up. Early cyber insurance was based on rough guesses and not much claims history. Now, carriers have more experience, more data, and better reasons to improve pricing. There is still some uncertainty, but they are not willing to accept as much guesswork as before.
Why MDR Telemetry Has Become So Valuable
MDR telemetry gives underwriters what they have wanted for a long time. It lets them see what is happening inside a company’s network, not just outside it. Scanning from the outside is still important, and public data can show obvious weaknesses. But internal data tells a much deeper story.
MDR changes the way people talk about security. A company might have advanced tools but not use them well. Sometimes software is installed but never adjusted, and alerts can be ignored. MDR adds human oversight, constant monitoring, and better routines. Simply put, the tool is no longer ignored. This extra layer shows why underwriters value MDR telemetry. It turns buying security into actions you can see. It helps answer key questions in cyber insurance: Was the control used? Was it set up right? Was someone watching? Did the team respond to threats?
Newman described this as a game-changer, and the logic is strong. Carriers do not always want raw technical data. They want usable evidence. They want something structured, portable, and easy to consume during underwriting. That is why tokenized or packaged proof may prove so useful. It bridges the gap between technical reality and underwriting action.
How Verifiable Risk Data Could Change The Buyer Experience
This change is not just about giving carriers better data. It also makes the process easier for buyers. Small and midsize businesses often find cyber insurance applications hard because they do not have security teams or technical experts. They know the risks are real, but they may not know how to describe their security measures in the language insurers use. A model-based approach can reduce that strain. It can shorten applications and speed up quoting. It can help brokers present cleaner submissions. And it can reward buyers who invested in solid security operations. In the Sophos and Spektrum Labs example discussed on the podcast, customers can validate controls and receive quotes within minutes. That promise speaks directly to a market that wants less friction and faster answers.
The benefits go beyond just making things easier. Verification can also build trust when it is time to make a claim. Unclear information can cause disputes, but clear evidence brings understanding. When a claim happens, both sides benefit from having a solid record of what was in place and how it worked.
Why Continuous Underwriting Looks Inevitable
One of the episode’s biggest ideas is continuous underwriting. Regular insurance works on set schedules, but cyber risk does not. Threats can change quickly depending on industry, location, world events, new criminal tactics, or software issues. The risk landscape can shift in just weeks.
That reality pushes the market toward continuous evidence collection. A carrier that receives timely, reliable telemetry can make better decisions during the policy period. Over time, that could support dynamic pricing, sharper renewals, and stronger portfolio management. Newman made clear that many carriers want that future. The missing ingredient has been the data.
Continuous underwriting will not happen everywhere right away. It will probably roll out in steps. Early adopters will try it first, and others will follow once they see better results and fewer claim issues. This is how many changes happen in the market: innovation starts with a few and then spreads.
This also explains why scale matters. A vendor with a large MDR footprint can generate richer telemetry and broader threat intelligence. That scale helps carriers trust the signal. It also helps the market move from theory to practice.
Get The CyberInsurance News Upload Delivered
Subscribe to our newsletter!
The Next Phase Of Cyber Insurance Underwriting
The next stage of cyber insurance underwriting will still focus on familiar controls like MFA, backups, incident response plans, and security training. What will change is how underwriters judge these controls. Instead of just asking, “Do you have it?” they will now say, “Show me how it works.” This change is bigger than it sounds. It rewards real security, links resilience to insurance results, gives brokers better tools, helps buyers get better terms, and lets carriers price risk more confidently.
The episode also highlighted another truth. Cyber insurance remains a people business. AI may streamline manual work and improve analysis, but trust still drives transactions. Buyers need advisors who can explain risk. Brokers need clear stories for clients. Carriers need confidence in the evidence before them. Technology improves that exchange. It does not replace it.
Jessica Newman’s journey from educator (shes is a former principal) to cyber insurance leader shows this well. Complex markets need people who can translate technical details into practical choices. That is exactly the skill set needed in cyber insurance underwriting today.
The main lesson is clear. The market is shifting from just making claims to proving them. It is moving from yearly check-ins to ongoing evidence, and from guessing to seeing real risk. The key point: Cyber underwriting is moving to ongoing, verifiable checks. This change will take time and will not solve every problem, but it will raise the standard for how cyber risk is measured and insured.
That is why this is an important moment. Cyber insurance underwriting is at a turning point, moving toward valuing real-time evidence instead of just paperwork.
Watch the Podcast on YouTube – Other Options Below
Also, get it at these spots
This Transcript has been checked for accuracy, but confirm any elements against the recording.
FAQ – About Cyber Insurance Underwriting
Cyber insurance underwriting is the process insurers use to evaluate a company’s cyber risk before issuing a policy. Underwriters review security controls, operational practices, and industry exposure to determine coverage terms and pricing. The goal is to estimate the likelihood and cost of cyber incidents such as ransomware, data breaches, or business interruption.
Traditional questionnaires rely on self-reported information. Companies answer “yes” or “no” to questions about security controls like MFA or backups. Insurers now want stronger evidence because cyber threats evolve quickly. Verifiable data provides a clearer picture of how security tools operate in practice.
MDR telemetry comes from Managed Detection and Response services that monitor networks around the clock. These services collect operational data about threats, alerts, and system activity. Underwriters value this information because it provides insight into how a company’s security defenses actually perform.
Verifiable risk data refers to measurable evidence that cybersecurity controls exist and function properly. Examples include system logs, monitoring data, and operational metrics. This evidence allows insurers to confirm security practices rather than relying only on statements from the applicant.
Telemetry provides real-time visibility into security operations. Insurers can see whether security tools are configured correctly and actively monitored. This data helps underwriters evaluate risk more accurately and reward companies with strong security practices.
FAQ Future Trends In Cyber Insurance Underwriting
Continuous underwriting refers to evaluating cyber risk on an ongoing basis rather than once per year. Instead of relying only on renewal applications, insurers may review telemetry or security data throughout the policy period. This approach better reflects the constantly changing cyber threat environment.
Some industry experts believe cyber insurance pricing may eventually adjust more frequently as new risk data becomes available. If insurers receive reliable telemetry signals, they may update pricing models or risk assessments more often. This concept remains in early stages but reflects growing interest in data-driven underwriting.
Brokers act as intermediaries between businesses and insurers. They help companies understand policy requirements, gather underwriting information, and compare coverage options. In cyber insurance, brokers often translate technical security details into terms that underwriters can evaluate.
Small businesses can improve insurability by implementing core security controls. These include multifactor authentication, regular data backups, employee security training, and incident response planning. Many insurers also view managed security services like MDR as strong indicators of risk reduction.
Cyber insurance underwriting will likely rely more on operational data and verifiable evidence. Technologies such as MDR telemetry may help insurers understand risk in greater detail. As the market evolves, underwriting will continue to shift toward real-world security performance rather than simple questionnaire responses.
Related Cyber Liability Insurance Posts
- Tax Identity Theft: Why a Seasonal Scam Has Become a Year-Round Cyber Risk
- Breach Containment Breakdown: New Research Shows Detection Outpaces Defense
- Personal Cybersecurity: 7 Powerful Ways to Stay Safe and Confident Online
- Sophos And Spektrum Labs Launch FastTrack Program Linking MDR To Cyber Insurance Policy Approval
- Cyber Insurance Carriers Increase Role in Incident Response and Not Everybody’s Happy
