Insurance is all about risk. Whether a company ensures automobiles, homes, businesses or even lives, making money depends on managing risks so that claims do not exceed income. All the same principles that apply to underwriting traditional insurance products also apply to cyber insurance underwriting.
The interesting thing about cyber insurance is that it is comparatively new. It has not been around as long as car and homeowner’s insurance. Carriers are still finding their way. In doing so, they are learning the importance of active monitoring.
What is active monitoring? It is the practice of continually monitoring both the traditional internet and the dark web for any information that might indicate an imminent attack. Cyber insurance carriers conduct active monitoring themselves. They also encourage policyholders to do it as well.
Potential Losses Are Staggering
The big concern among cyber insurance carriers is the potential for staggering losses. Despite profits soaring and premiums stabilizing, an insurance carrier is just one or two ransomware attacks away from catastrophic claims. Significant financial loss does not even have to be due to a cyber threat. Consider 2024’s Crowdstrike-Microsoft debacle that shut down Windows 10 and 11 machines worldwide.
Estimates from last summer suggested that total losses could be in the neighborhood of $5.4 billion. The cyber insurance industry was expected to lose $1.5 billion covering up to 20% of their customers’ claims. That is a lot of money. There is no other way to describe it.
Cyber Insurance Underwriting Gets More Strict
With every successful ransomware attack or Crowdstrike-like glitch, insurance carriers are forced to up their games in order to prevent staggering losses. The result is that underwriting rules get stricter.
For example, insurance carriers are continually adding more exclusions to their policies. One of the most common exclusions relates to policyholder cybersecurity practices. If a policyholder is victimized by a cyber-attack after demonstrating inadequate security prior to the attack, insurance will likely not cover the losses.
Meanwhile, insurance companies are engaging in active monitoring to detect threats as early as possible. If they can do it, so can policyholders. Failing to conduct active monitoring could constitute a lack of appropriate security measures, thereby preventing a victimized company from filing a claim.
How Active Monitoring Works
Active monitoring is a simple enough principle to understand. It is conducted by in-house cybersecurity teams or organizations like DarkOwl. Another option is for an organization to utilize DarkOwl’s OSINT platform while handling the actual work in-house. Regardless, active monitoring involves utilizing a variety of software tools to constantly monitor the internet – on both sides.
What you and I know as the internet is the light side of things. Intelligence gathering tools constantly crawl and scrape the internet looking for all sorts of valuable information. The other side of that coin is the dark web, also known as the darknet.
The dark web is populated by networks, websites, forums, and marketplaces that are intentionally hidden from public view. You need specialized software and a bit of knowledge to find these online destinations. Then you need to be able to log on. It is not something just anyone can do.
Active monitoring involves constantly scanning these hidden destinations for information. You are looking for stolen credentials, chatter among hackers, products, and services for sale on marketplaces, and so forth.
Managing Insurance Costs
Cyber insurance is getting more expensive every year. So from the policyholder’s perspective, active monitoring is a way of managing insurance costs. The insurance carrier’s perspective is similar: active monitoring is a way to avoid losses by identifying activities that could ultimately lead to claims.
