Risk engineering at Coalition: Collaboration to solve, mitigate cyber risk
Coalition has a unique approach to underwriting cyber insurance and evaluating the risk of our policyholders. Traditional cyber insurers will typically ask insureds to fill out long applications detailing their information technology and security practices. At Coalition, our innovative underwriting process is aided by our scanning technology that collects and correlates data from internet accessible devices. This helps us see an insured’s internet-facing attack surface and what they are potentially exposing to hackers. Think of this as a property inspection, but for cyber exposures.
Essentially, we underwrite cyber risk through the lens of a hacker. Our feedback loop is informed by our various insurance and technology processes: we use ongoing data collection and threat intelligence combined with select questions on the insured’s cybersecurity practices to make informed underwriting decisions on risk acceptability.
The feedback loop: Collaboration is key
Collaboration is one of our greatest strengths; every team at Coalition is in constant communication, which helps inform our feedback loop to improve our underwriting and risk selection. For example, in risk engineering, we collaborate closely with the security engineering team to review and analyze cyber and technology errors and omissions (tech E&O) accounts to determine risk acceptability and discuss emerging trends in the cyber threat landscape.
Our claims team also plays a significant role in these discussions, offering valuable insights from what they see as emerging threats and loss trends to inform our underwriting. Our work with the customer success and engineering teams aids our brokers with new business and renewals and improves the overall broker experience. We also work alongside our business development and sales teams to help support and strengthen Coalition’s broker partnerships, which plays a crucial role in our success in a constantly evolving cyber market.
The underwriting team, known as risk engineering, also collaborates with our actuarial team to improve our underwriting and pricing model to better reflect the current and future reality of cyber risk. Lastly, within the underwriting team, we work together on risk selection and underwriting strategies. Everyone on the team has a unique perspective, experience, and background, and working together and sharing ideas has been one of our key assets at the core of what we do at Coalition.
Facing risk daily and staying ahead of the curve
I genuinely believe that at Coalition we have some of the best minds in the industry propelling us forward. Our proactive approach to risk assessment and risk management combined with the tools and services we offer our insureds allow us to make informed underwriting decisions. At Coalition, we offer a product that will not only help mitigate the risk of an attack, but one that will also be there for an insured to help pick up the pieces should an attack happen.
When a cyber incident is happening, it’s key to act as swiftly as possible. The Coalition Incident Response (CIR) team allows us to respond to a cyber event in minutes (not days) and work swiftly to remediate any potential damage to the insured.
As the number of funds transfer fraud (FTF) cases increase we continue to work with our insured to recover lost funds. In the cases where Coalition’s Claims and Incident Response teams have managed to claw back funds, we’ve recovered 95% in H1 2021. – Coalition Claims Report
This is especially important for our small and midsize enterprise (SME) clients, where a cyber incident could be devastating to their business. These organizations are also increasingly finding themselves to be the targets of cyber opportunity. Small and midsize businesses continue to be impacted by cyber crime, with the frequency of claims increasing significantly (by 57%) for companies with 250 employees or less from the first half of 2020 to 2021.
Better underwriting, better tools = better risk
Coalition’s holistic approach to risk management and mitigation allows us to build out our unique underwriting processes, strategize our approach to emerging threats, loss trends, market changes, and brainstorm approaches to individual accounts.
Our claims frequency stands at 2.4%, a small increase from the 1.6% we saw earlier last year. This increase is still significantly below the claims frequency of the overall cyber market, which the National Association of Insurance Commissioners (NAIC) reported to be 5.9% in 2020.
We have the data to show that Coalition’s approach works. Our policyholders experience one-third the frequency of claims when compared to other carriers in the market. We also provide our insureds the option to take direct control of their risk through Coalition Control, our platform that lets organizations review the results of their regular scans, add their trusted vendors or third-party partners to a monitoring list, and access discounts on tools and services provided by our security partners.
Through tools like Coalition Control, we proactively notify our insureds of vulnerabilities as they happen. For example, as a result of the shift to work-from-home culture, we saw an increase in risks related to remote desktop protocol (RDP). The percentage of businesses that had open RDP at the time they applied for insurance has nearly doubled from H1 2020 to 7% in H1 2021. Because we scan (and alert) for RDP we ask that prospective insureds remediate this critical vulnerability prior to proceeding with insurance coverage. Coalition Control provides alerts for vulnerabilities like RDP to policyholders so they can address these risks in real time, protecting their organization and preventing issues during renewal.
One team, one dream
Solve cyber risk — that’s been the goal from day one, and although we continue to evolve as a company and add to our capabilities, solving cyber risk is still at the core of what we do. The level of support we have as risk engineers at Coalition is beyond compare. Of course, underwriting cyber and tech E&O risks comes with its challenges. However, it’s incredible what a truly diverse team of individuals from different backgrounds and experiences can accomplish when working towards a common goal. The Coalition culture feels like a family, and despite how far we’ve come as a company in the last few years, I genuinely believe we are just getting started.
If these types of challenges sound interesting, or you’d like to learn more about risk engineering and underwriting at Coalition, visit our careers page for more information and open opportunities.