Improving Cyberinsurance with APIs
Having cyberinsurance should be a requirement for any organization’s security plan, especially for SMBs. In case of a data breach, cyberinsurance could be the safety net that keeps the company in business by handling the costs involved with a breach. It should also provide support for the organization in any legal battles resulting from the breach.
By now, most organizations seeking cyberinsurance know that it is a separate policy from their other insurance. More difficult to understand is what the insurance should cover—and what isn’t covered.
Insurance has typically lagged behind other industries in the adoption of technology, said Dan Law, Cowbell Cyber’s VP of national accounts, in an email interview. Digital transformation has both complicated how to determine cybersecurity risk for organizations and also made it even more important to add technology into the insurance industry.
“Cyberinsurance sits at the crossroads of the cybersecurity and insurance industries,” said Law. “To deliver a compelling cyberinsurance offering, you need to blend the two disciplines in innovative ways rather than taking the best of both industries.”
And like the constant evolution and sophistication of cybersecurity threats, cyberinsurance is changing faster than any other insurance segment. Add in the pandemic, which has instantly disrupted the infrastructure that security professionals had to protect, and cybersecurity issues are even more critical. “In 2020,” said Law, “The digital footprint of every business expanded while their security efforts struggled to catch up, especially with remote work.” At the same time, insurance agencies also needed to move their operations online, creating the need for a digital rate, quote and bind process. AI makes this process run more smoothly.
Linking AI with Data
“Data is the lifeblood of any line of insurance. As an insurer, the more data and insights you have about the risk you are asked to cover, the better you can calibrate the coverage that you can offer,” said Law. This is even more important with cyberinsurance, since it is the most technical type of insurance. Because IT systems and the digital infrastructure that support the global economy are made up of billions of systems customized and deployed in a unique fashion for each organization, companies offering cyberinsurance must first make sense of the data and information within these systems. The ability to recognize whether the systems are configured to follow security best practices is a challenge that only AI can tackle. Being able to analyze and bring to bear the relevant insights out of 600 data points on each account enables underwriters to operate with precision and speed, Law pointed out.
Next Step: Using APIs in Cyberinsurance
There are three pillars of insurance coverage—underwriting, distribution, and claims or loss control. Technical innovations are needed to allow cyberinsurance coverage to be adopted more broadly, and this is where API development comes in.
APIs bring flexibility to digital insurance aggregators who serve independent insurance agents with various carrier insurance programs. Along with immediate quoting, agents and their clients benefit from an immediate assessment of risk.
“APIs contribute to the distribution aspect of cyberinsurance where modern platforms designed to deliver insurance quotes and policies digitally are now able to tap directly into Cowbell’s own platform to also digitally deliver cyberinsurance policies,” said Law.
By enabling digital platforms to integrate through APIs, insurance companies can offer cyberinsurance coverage with a much-improved user experience. “Risk rating and quotes are made available instantly, shortening and simplifying the process of obtaining coverage,” said Law.
And that makes it a win-win opportunity for everyone. The insurance agents can be more efficient in the distribution of cyberinsurance, allowing them more time to devote to policyholder service. The policyholders benefit from a faster, simplified application process while getting more value through the additional risk assessment and insights shared back with them as part of the insurance process.
“Standalone cyberinsurance is a traditionally difficult type of coverage to place, especially for small and medium-sized enterprises,” said Jim Struntz, chief operating officer of Bold Penguin, in a formal statement. “APIs have allowed us to put comprehensive cyberinsurance coverage minutes away for the thousands of agents in our network.”
Considering how quickly cybercriminals are able to work, a more efficient, expedient way of determining the right cyberinsurance could be the difference between saving or losing a business due to a data breach.
