Security ratings have a ’dual benefit for insurers and the brokers that act on behalf of insureds,’ says vice president

Security ratings are “becoming a bigger part of insurers’ profitable growth strategies” following an increase in ransomware attacks.

That was according to the Marsh McLennan Global Cyber Risk Analytics Centre and SecurityScorecard, which assessed how cybersecurity ratings correlated with reduced cyber insurance risk in its new report Reduce Cyber Risk.

The report, which was published yesterday (12 April 2023), claimed that a recent increase in ransomware attacks had led to a sharp uptick in claims.

A SecurityScorecard spokesperson also told Insurance Times that compared to 2018, businesses in the UK insurance sector were 84% more likely to suffer a cyber-attack than they were four years ago.

“As a result, the cyber (re)insurance industry is looking for ways to help its customers increase their resilience, reduce their premiums and improve their overall cyber hygiene,” the report said. 

It highlighted that security ratings were an important factor used by the cyber (re)insurance industry in assessing cyber risk.

Security ratings are measurable performance indicators that are intuitive and can serve as a common language for communicating.

“Cyber insurers can use security ratings in their underwriting strategies to more accurately evaluate a company’s cyber risk exposure and use that insight to inform risk selection decisions,” the report said.

“Moreover, security ratings are becoming a bigger part of insurers’ profitable growth strategies.”

‘Dual benefit’

Meanwhile, vice president of data science at SecurityScorecard Mike Woodward said security ratings have a “dual benefit for insurers and the brokers that act on behalf of insureds”.

“In addition to providing a way to quantify and assess risk, security ratings go a long way towards augmenting missing or incomplete information on policy application forms by giving all parties a shared view of risk,” he added.

“This can reduce information asymmetry and change how insureds, brokers and carriers think about and communicate cyber risk since everyone is speaking a common language.”