Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients.
The common underwriting practice, Yampolskiy says in an interview with Information Security Media Group, has been for insurers to use "pen-and-paper questionnaires where they would ask various questions about how those companies protect themselves, and then they would blindly trust the answers the companies provided."
Now, some insurers are taking a different approach, he says.
"Insurance companies started discovering as the breaches continued to intensify that they were sitting on billions of dollars of [potential] exposure. ... It's very much like the mortgage meltdown crisis where they have no idea of the risk that they could bear. So insurance companies are beginning to think about objective ways to measure cybersecurity."
For example, AXA Insurance is partnering with SecurityScorecard to incorporate a cybersecurity grading system into the insurer's underwriting methodology.
In this interview (see link below), Yampolskiy discusses:
- The state of cybersecurity insurance;
- Challenges for underwriting cybersecurity;
- The evolving threat landscape.
Yampolskiy is co-founder and CEO of Security Scorecard. He has led the company since its beginning in 2013. He has a Ph.D. in cryptography from Yale University: