Cybercrime is on the rise globally. Intrusions are becoming more common, more dangerous and more sophisticated, the FBI warns, and critical national infrastructures and businesses are all subject to the risk of an attack that could halt electricity supplies or expose sensitive corporate data.
The breach of Sony’s PlayStation network in 2011 compromised more than 77 million personal accounts and cost Sony an estimated $170 million, according to TechCrunch. And smaller companies, too, are exposed to the risk of a cyberattack.
Cybercrime will cost businesses over $2 trillion by 2019, market analysts Juniper Research said in a report, almost four times the estimated cost of breaches in 2015. As a result, businesses are starting to protect themselves by buying cyber-insurance.
Into this niche steps CyberWrite, a Tel Aviv-based startup that is developing a platform for the underwriting of cyberinsurance policies. The platform aims to provide the underwriter information and tools needed to make data-driven and evidence-based decisions as to which coverage they should offer businesses worldwide.
“We translate cybersecurity-related data we collect from various sources using our innovative tools and algorithms into cyberinsurance policy recommendations in an agile, scalable and cost-effective manner,” said Nir Perry, the 33-year-old CEO and founder of the company. “We do so using a combination of big data tools and unique cyber know-how.”
The underwriter can use the tools and technology provided by CyberWrite to simulate what is the most suitable coverage to offer their clients, said Perry. “As this market is expected to reach $20 billion of annual premiums in several years, according to Allianz, there is a great need for our platform and technology.”
The R&D is led by the chief technology officer and co-founder, Rotem Kerner, an industry expert who joined the company from RSA, a data and information security company.
Insurance underwriting is historically done using actuarial data. The problem is, said Perry, there is a lack of 20 years of such data for cyberinsurance policies. Today, underwriters decide the price based on a questionnaire and sometimes based on actual risk assessment teams sent to the customer.
“This is too costly and time-consuming and the process is not scalable. Because there is no 20-year history of actuarial data to draw upon, and cyberattacks are constantly changing, it is hard to assess risk based on actuarial data,” Perry said.
In addition, each company has a unique information technology architecture. “We provide an automated tool that gives insurance companies and underwriters a platform for cyber underwriting — estimating the risk and deciding the type of coverage they should offer and premium they need to set for a specific client.”
The solution is a cloud-based platform; data is collected on several levels including customer specific data and industry data. “Our platform searches for relevant data online that could indicate the levels of risk posed for a company and how that might translate into policy activation,” Perry said. “There is a lot of information available and we map, filter and decide to present the underwriter with digested information that will serve them best. We provide the underwriter a report within days or hours on the risk they face and using this report the underwriter can understand what the cyberrisk means for them in insurance terminology they are used to working with.”
Perry, who formerly worked in cyberrisk management for the insurance and banking industry on behalf of Accenture and PwC, noticed a gap between the information and technology insurers have and what they need in order to make an informed underwriting decision for cyberinsurance coverage.
CyberWrite plans to launch the product in the beginning of 2017 and is currently raising its seed round. The company is taking part in the Citi Israel’s Financial Technology Accelerator program in Tel Aviv, a mentoring course that lasts four months and aims to foster technology in the financial sector.
The cyberinsurance market is a potentially huge but still untapped market for insurers, according to a report by PWC. The report estimates that annual gross written premiums will increase to $7.5 billion by the end of the decade, from around $2.5 billion in mid-2015.
Businesses across all sectors are beginning to recognize the importance of cyberinsurance in today’s increasingly complex and high risk digital landscape,” the authors of the PWC report say.
But many insurers and reinsurers who perceive the opportunity are wary, as cyberrisk is still unknown territory. There is limited publicly available data on the scale of the businesses attacked and the financial impact of the attacks. Moreover, cyberthreats are evolving at a high speed, making it difficult to assess the risk at hand. To cushion some of this uncertainty, insurers and reinsurers are charging high prices for cyberinsurance compared with other liability coverage, just to protect themselves from this uncertainty, the report said.
“We are in contact with re-insurers and insurers in Switzerland, the US, the UK and France and the reaction is very positive,” Perry said. “Because cyberinsurance is so different from other fields there is no ‘one-size fits all’ process and policy for the client and we try to address this difference by giving the underwriter the tools and access to knowledge they need to provide the best coverage, reduce the risks, and increase sales for the insurers.”