This is the biggest gap in underwriting today

What fire was to the 1900s, cyber risk is to insurers today. Premiums for the same jumped nearly 20% in 2023, while ransomware alone drained over $30 billion worldwide.

For underwriters, the challenge is that cyber risk isn’t static. A business might look secure today, and tomorrow it’s exposed, maybe because someone clicked a phishing link or skipped a routine patch.

So, unlike property or fire, there’s no century of data to lean on. That’s why cyber is now considered the toughest risk to underwrite, because the rules keep changing while you’re still writing them.

Why the old way isn’t working? The real reason

Most underwriting models still rely on two things: historical loss data and annual questionnaires. On paper, it sounds reasonable. 

In reality, it’s falling short.

Cyber insurance is barely two decades old. 

Compare that to property or auto insurance, which have over 100 years of loss records to lean on.

Experts have thus mentioned that the lack of reliable data is already causing underpricing and forcing reinsurers to hike rates.

SolarWinds, Kaseya, and MOVEit are reminders of how one breach can spiral into thousands of claims worldwide.

Supply chain risks on this scale expose just how outdated the old frequency-severity models have become.

For example, a property or liability policy might unintentionally cover cyber losses. 

In many cases, insurers didn’t even realize they were on the hook until claims started piling in. So, premiums that were never priced for cyber suddenly had to cover multi-million-dollar payouts.

A company’s security posture today might not be the same three months later. 

A patch missed, an untrained employee, or a new vendor could drastically change exposure. 

Thus, pricing cyber risk once a year is like trying to predict next year’s weather by looking at last year’s forecast.

So, what do you need to change in 2025?

Here are the key things that need to be changed:

Transform annual snapshots to live checks

Threats move too fast. So, leading insurers now plug into security-rating platforms and run their own continuous scans. 

They flag open ports, weak passwords, unpatched software, and even stolen credentials being sold on the dark web.

Now, instead of relying on self-reported questionnaires, underwriters get live data that updates weekly or even daily.

There should be clearer policies

“Silent cyber” coverages have caused big disputes after claims. 

To fix this, insurers are carving out cyber risks from traditional property or liability policies and offering them as standalone products. 

Others are adding explicit cyber riders, with clear exclusions and limits for ransomware or systemic events. 

That way, both insurer and client know exactly where they stand.

And, there should be a model for any “cyber catastrophe”

A single cyberattack can ripple across thousands of firms at once. 

Traditional models can’t fully capture this kind of systemic exposure. 

To close that gap, insurers are now building catastrophe models for cyber, much like those for hurricanes or earthquakes. 

These rely on a mix of historical breach data, simulated attack scenarios, and network interconnectivity maps that show how malware could spread across industries. 

Some even incorporate third-party vendor dependencies. And you already know Underwrite.In got all this sorted for you. 

What’s the next step? 

Cyber underwriting won’t get easier, but it can get smarter.

Insurers who use adaptive models will not only protect themselves from outsized losses but also win client trust in a market that desperately needs it.

That’s why we built Underwrite.In to make cyber underwriting faster, sharper, and fully compliant. With:

• 85% faster processing

• 60% lower costs

• 3x more accuracy

Team Underwrite.In