The Darker Side of Cyber Insurance: Beyond AI Buzzwords In every online discussion related to cyber insurance, there always seems to be the same Power Point slideshows. Risk assessment, threat detections, and claims management according to AI capabilities. But behind all the hype, AI powers surprisingly little of the innovation in cyber insurance. Instead, three crucial areas define its less glamorous face. Silent Cyber: The Invisible Problem In this case, the underlying issue is the silent cyber coverage that emanates from cyber attacks in standard property and liability insurance policies without cyber coverage. The property policy kicks in if there is a fire accident brought about by a server acting up. What happens in case of a ransomware attack affecting business continuity? In order to get to digitized cyber insurance, the first step would be to clear the above mentioned mess. It is necessary to go through decades-old non-cyber insurance policies manually to determine whether there is any silent cyber exposure. Manually – and not automatically – done. Spreadsheets, lawyers, and reams and reams of paperwork make this happen. Only when insurance companies have finished their manual work will it be possible for machines to calculate any aggregative risk at play. The exposure gap between the two is huge, and many executives do not know about it. Silent Cyber Insurance Manual Work: The Accumulation Nightmare No AI Can Model Unlike hurricanes and earthquakes that are independent risks, cyber risks are dependent. In case one area in the system of a service provider is at risk, then all the clients using the service provider’s services would be equally at risk. These types of risks cannot easily be modeled, not even by artificial intelligence. A more secure method of solving this problem is to apply manual dependency modeling. Contemporary industrial sociologists study supply chains, software vendors, and data exchange, filling Excel spreadsheets on what factories and what hospitals utilize common software or machinery. Dependency modeling illustrates that one cyberattack can cause an increase in claims by more people. However, the problem here is that all information used in the analysis is confidential and unstructured. The Quality of Underlying Data In every cyber risk insurance scheme, the company trusts the self-evaluation provided by the policyholder. Do you use multi-factor authentication? Do you have a patch management system in place? The response might be false, but not intentionally so – just out of ignorance. The small business does not know if its IT service provider uses multi-factor authentication. It puts down a yes simply because it is done for it. The collection of audit-quality information follows from this digital transformation process. Here, the insurance companies employ lightweight agents that will constantly be on the lookout at the network of their insureds concerning their security controls. This does not require any sophisticated machine learning. All we need are sensors that provide us with true information: is the port 3389 open or shut down? Has the administrator changed his password? Despite all the resistance to these systems because of privacy concerns, there is no other way. Conclusion Eventually, AI will be advanced enough to aid in cyber risk pricing and management. However, at this stage of the game, the grunt work associated with the profession, cyber silent risk mitigation, accumulation analysis, and data validation is something that is going to demand human labor. It’s those organizations that are ready to do the drudgery work that are going to succeed. Post navigation Life Insurance Digitization: Beyond the Algorithm