Authors: Ed Pocock James Poynter
Many cyber insurers make use of external scanning data — that is, external assessments of the strength of companies' cybersecurity posture — to help inform their underwriting in this market. At Gallagher Re, we have been exploring its potential since 2021.
Building on previous work, in early 2024 we conducted the largest study of this data yet published. Using a machine-learning model, we compare security controls at point of underwriting to the insurance claims that have arisen from assessed firms.
Using results from the cybersecurity firm Bitsight, our independent analysis has set out a number of key market 'firsts'; exploring new aspects of how this data can be decision-useful to insurers.
Our study shows how targeted use of this data can help (re)insurers reduce loss ratios, as well as identify 'pockets of value' for underwriting teams. Commercial insurers and reinsurers play a role in raising awareness around the importance of good cybersecurity and cyber hygiene. Outside-in scanning is one of the tools at the industry's disposal to increase our ability to assess risks.
