NIBA / Special Feature
Unfortunately, for many businesses, the first time they realise the value of cyber insurance is during a live incident, when access to 24/7 specialist support becomes critical.” At Cylo, regular reports alert clients to potential vulnerabilities, with prevention being significantly better than the cure. “We do daily monitoring, to ensure the windows are locked, shutters are closed and the front door’s padlocked as well,” says Bakas. “It’s an additional level of risk management. We have automated reports that let people know if their security score has dropped by 50 points or more out of our 950 rating across 10 different risk categories, which alerts them to the fact something has changed, and they can address it with their IT people.” And the ongoing, always on nature of cyber insurance creates the opportunity to tip the typical annual insurance cycle on its head, says Langmaid. “Vulnerabilities can be identified and acted upon within minutes and closing those vulnerabilities or implementing security measures in some cases can be executed just as swiftly. This has paved the path for the adoption of an assurance layer that complements the insurance product in digital assessment or ‘always on’ monitoring.
“The ‘always on’ moniker in my experience has been more coined with the assurance capability that is coupling with insurance in the past few years, as the value proposition for the risk has been bolstered by these types of solutions. “What is starting to emerge is the need for continuous compliance monitoring. If cyber threats can be identified and manipulated quickly, then an annual audit or compliance measurement isn’t entirely viable moving forward. So, if our assurance monitoring and compliance monitoring is moving outside of the traditional framework, maybe it is time to review how the contract cycle for insurance operates.” Kallegris agrees that the way cyber insurance operates outlines a view of how insurance more broadly could operate in the future, but believes it’s some way off. “We are seeing early innovation globally around continuous risk monitoring and dynamic underwriting, but in Australia annual policy periods remain the practical and regulatory norm,” he says. “That said, many insurers now use continuous risk assessment tools behind the scenes, meaning a client’s security posture is effectively being monitored throughout the policy term. Over time, this
may influence pricing, coverage terms or renewal outcomes. “For now, annual renewal remains the most effective way to review risk, update controls and reset coverage, but the direction of travel is clearly towards more dynamic models.” Changing dynamics That continuous risk assessment and ‘always on’ aspect of cyber insurance is forcing insurers to rethink how cyber is managed and presented, as its service offering, risk prevention and incident reaction requirements are different to most other lines of insurance. As a result, a number of cyber insurance agencies are emerging with a nimble and agile approach capable of responding to the needs of businesses. The IAG-backed Cylo is an example, with Bakas saying, “Cyber’s evolving so quickly you need the nimbleness of an agency that’s not locked in like a large organisation, which can’t make quick decisions on pricing, coverage or even the way you pay claims. “Cyber is a very different risk to manage, and that shows with the market share predominantly being through agencies.”
50 / INSURANCE ADVISER FEBRUARY/MARCH 2026
Made with FlippingBook Digital Publishing Software