To close the widening cybersecurity insurance gap that’s stopping firms from purchasing or renewing policies, risk assessments based on real-time AI-powered insights must first be conducted.
Cyber insurers are focused on helping their clients reduce the likelihood of a breach by continually improving and expanding their cybersecurity strategies. Real-time risk assessments, underwriting improvements, streamlined claims processing, and resilience planning all must be improved, with AI offering solid advantages in all areas.
“It reduces the associated fee of claims, which in turn reduces insurance premiums. We can offer cheaper rates and higher coverage by ensuring they’ve good endpoint detection and response (EDR). And that's the hope, to make it more accessible to those smaller organizations and increase awareness overall. Nobody desires to have incidents,” said Anthony Dagostino, Global Chief Cyber Underwriting Officer for Commercial Lines at AXA-XLsaid VentureBeat in a recent interview.
The current state of cyber insurance
Ransomware, social engineering, phishing and privileged credential attacks are driving up premiums and making cyber insurance unaffordable for a lot of firms. Ransomware attacks were the leading reason behind cyber insurance claims in early 2024, followed by supply chain attacks and business email compromise (BEC) attacks. BEC attacks have doubled in 2023, based on Verizon. Attacks on the provision chain proceed to extend, with twice as many happening in 2023 in comparison with the last three years combined. Software Supply Chain Costs Companies 46 billion US dollars in 2023.
“Cyber insurance is usually viewed as a voluntary insurance purchase. It's not mandated like staff' compensation within the U.S. or property insurance. Either you’ve got a contract that requires it, you've had an incident and know you would like it, or certainly one of your competitors has had an incident and you realize you almost certainly need it,” Dagostino told VentureBeat.
An industry ripe for AI-powered improvements
Almost all organizations are struggling to afford cyber insurance as a consequence of rising premiums, with small and medium-sized enterprises (SMEs) particularly affected. More than 1 / 4 or 28% of SMEs surveyed were denied insurance coverage. If they do receive a policy, SMEs usually tend to face significant exclusions from insurance coverage and to must make multiple claims.
In total, 67% of organizations reported that their premiums had increased by 50 to 100% when applying for or renewing their policies within the last 12 months. All respondents to a recent survey had New exclusions of their policies, although some attack-related costs should not covered.
Organizations are sometimes forced to make trade-offs by purchasing cyber insurance or adding more applications and services to guard against attacks. “We work with clients to estimate the return on investment in dollars and cents and determine where they need to really focus their energy to extend their security,” Ann Irvine, chief data scientist and vice chairman of product management at Resilience Insurance, told VentureBeat. “This way, we can assist them resolve whether to take a position in latest tools or improve the management of existing tools.”
“The higher we understand what tools a customer uses and the way they use them, the more effectively we will work with them on an ongoing basis to make sure they mitigate their cyber risk throughout the policy term,” Irvine said.
Cyber insurers are also using AI to scale back the time and price of real-time risk assessments that happen between $10,000 to $50,000 per assessment and take between 4 and 6 weeks. AI also streamlines the underwriting process and shortens the standard workflow from weeks to days, increasing efficiency by as much as 70%Traditional claims processing costs an insurer a median of $15,000 per claim because manual processing can take as much as six months.
AI-based systems reduce the processing time of claims by over 80%. And-Bay, Corvus Insurance, Cowbell Cyber, Paladin Cyber And Resilience insurance offer AI-based solutions to optimize cyber insurance.
CrowdStrike’s platform technique to improve insurability
CrowdStrikes Start of Falcon for insurability defines a brand new era in the best way AI and LLMs are revolutionizing cyber insurance. The latest program is designed to present cyber insurers the pliability they need to offer AI-native cyber protection to their customers and prospects by CrowdStrike Falcon Cybersecurity Platform at preferential rates. Daniel Bernard, chief business officer at CrowdStrike, told VentureBeat in a recent interview that he predicts a premium reduction within the range of 10 to 30%.
“This initiative enables large portions of the market to be eligible for cyber insurance. For those with Falcon, it should be more cost effective to get the cyber insurance they need and wish. Insurers can now quantify risk in ways they couldn't before and make smarter insurance decisions,” Bernard told VentureBeat.
Accordingly IDCOrganizations can Detect 96% more threats in half the time in comparison with competitors and complete investigations 66% faster with the Falcon platform. CrowdStrike's goal with Falcon for Insurability is to enable insurers reminiscent of Ascot Group, AXA XL, Beazley Insurance, Berkley Cyber Risk Solutions, Coalition and Resilience to scale back underwriting risk knowing their insured customers have a market-proven AI platform that continues to scale and delivers improved cyber resilience.
“I feel what we're finding now’s that we're bringing these sorts of partnerships together. It's lowering the associated fee of claims, which in turn lowers insurance premiums. We can offer cheaper rates and higher coverage by ensuring they’ve good EDR solutions. And that's the hope, to make it more accessible to those smaller organizations and increase awareness overall. Nobody desires to have accidents,” Dagostino said.
To properly use AI in cyber insurance, people have to be at the middle
It has change into a given to have human-in-the-middle AI workflows and architectures in cybersecurity, and that’s permeating cyber insurance as well. CrowdStrikes' Managed Detection and Response (MDR) service is an example of why human-in-the-middle is so necessary. “Our AI-powered defenses, combined with human expertise, create a continuous loop where every part is constantly improving. That's why cyber insurers are keen to hitch us,” Bernard told VentureBeat.
Resilience's Irvine agrees. “We take a really structured approach to getting information from experts. We have exercises, so to talk, to evaluate experts and help them think probabilistically. Then we ask them very targeted questions, the answers to which will be used directly as data to influence our models,” Irvine said.
“One of the points of cyber insurance that makes it so sophisticated as an industry and sets it aside from all other varieties of insurance out there’s the actuarial calculation,” Elia Zaitsev, CTO at CrowdStrike, told VentureBeat.
Zaitsev continued: “The reason traditional insurance works is because you may socialize the chance, right? And you don't have all of the risks at the identical time. But when you consider how cyber insurance works, you consider things like WannaCry and NotPetya, that are more of a world, systematic problem. If everyone gets hit by the identical ransomware at the identical time, the potential for that destroys the actuarial map of cyber insurance.”
Knowing predictive attack paths is vital
Traditional insurance models that socialize risk and canopy individual cases don't work for cyber insurance. What's needed are advanced AI and Large Language Model (LLM) technologies that help discover and anticipate potential paths attackers could take to use vulnerabilities in an organization's infrastructure. Zaitsev told VentureBeat that predictive attack paths are critical for cyber insurers because they supply proactive fairly than reactive cyber defense.
Predictive attack paths provide the real-time insights needed to scale back the chance and likelihood of an attack. By reducing risk, premiums remain inexpensive and policies viable for a broader customer base. They also bring greater stability to cyber insurers by reducing the potential for widespread risk of simultaneous, large-scale cyber events.
Falcon for Insurability is addressing these challenges, leveraging the corporate's long history of using AI to stop breaches. Zaitsev told VentureBeat, “We will significantly lower your rates when you use technology like CrowdStrike, because otherwise the systematic risk makes it very difficult for us to issue policies which can be, frankly, inexpensive for the common company.”
Making cyber insurance more accessible
Businesses can spend months going through the cyber insurance application process, only to be denied without explanation. A shared vision amongst all providers is to scale back the hurdles for businesses which were denied coverage previously. The goal is to discover what tools, apps and platforms their customers need to scale back the likelihood of a breach.
VentureBeat believes more cybersecurity platform providers will follow Falcon's lead on insurability, in search of a win-win situation that reduces the chance of a security breach, lowers premium costs, and increases market share amongst SMB, midsize, and huge customers served through the channels and shared with cyber insurers.
