A recent article highlighted the fact that only 29 percent of businesses buy cyber insurance. Assuming this number should be higher (it should -- nearly all businesses rely on computers), I already knew one of the reasons why cyber policies are not being purchased.
Cyber insurance policy language varies greatly between insurance carriers. When policy language varies, it's more difficult for brokers and consumers to evaluate coverage and value. If you can’t compare one carrier policy against another, it’s difficult to know which one to buy.
We are undertaking a large project to demonstrate the variability of cyber insurance policies. The RiskGenius team has collected 50+ cyber insurance policies. We are going to compare all categories of cyber insurance language. And we are going to write a report about it.
Sign up for our Cyber Insurance Deconstructed Report that is scheduled to publish in April.
A Simple Example
Below, you will see five clauses that are definitions of “Malicious Code” or a similar concepts. We actually applied machine learning to 136 of these clauses to determine how similar or different they were to each other.
The clause at the top is what I like to refer to as a “Control Clause.” This is the clause that gets scored against all other clauses. Don’t think of the Control Clause as the best clause -- it’s just the clause being used to analyze other clauses.
You will notice a “Concept Score” at the top of each clause. A score of 100 suggests the concepts in the control clause and the secondary clause are the same. As the score drops, the less similarity between the concepts in the two clauses. As a rule of thumb, if the RiskGenius algorithms are 90 or more, the concept correlation is very high.
I would love to hear your thoughts on what you notice between these clauses. Do you think the Control Clause and Clause 1 have the highest correlation? What else do you notice?
I’m sure there is a cyber expert that can explain how “Malicious Code” and “Virus” are two separate things. There may even be someone out there that can explain how “Computer Virus” and “Computer Malware Virus” cover different things.
Four of the five clauses mention "Trojan Horse."
The bottom right clause seems to be the most broad as it includes: "and other malicious unwanted software."
Can you imagine a judge trying to determine what constitutes "malicious"?
Until this type of language becomes standardized, it’s impossible for the average business owner or the average insurance broker to properly compare cyber insurance coverages made available in the market.
And, until this language becomes standardized, insurance carriers and customers will be at the mercy of the courts to interpret these clauses.
Where We Are Going with Cyber Analysis
Comparing one category of clauses, like Malicious Code, is fairly difficult. Doing it to hundreds of categories of clauses is a more significant undertaking. That's what the RiskGenius team is working on.
Sign up for our Cyber Insurance Deconstructed Report that is scheduled to publish in April. We are using machine learning to:
- Determine the cyber insurance clauses that are most similar and different across carriers;
- Show specific examples of divergent cyber insurance clauses; and
- Interpret cyber insurance clauses as they would apply to a catastrophic cyber event.
You can sign up here to receive the report: Sign Up Now.
Please send me an email if you have any questions. firstname.lastname@example.org