How Security Ratings Can Make Renewals More Effective

How Security Ratings Can Make Renewals More Effective
Written by Samit Shah

Most insurers find that the cyber insurance renewal process is fairly efficient from a time perspective—but it’s not very effective. In other words, they are able to quickly re-underwrite a company in their portfolio, but don’t have any better understanding about the insured’s security posture to see whether the risk has changed and is still suitable to keep on the books.

Bitsight Security Ratings for cyber insurance can help make this process more effective.

Below, we’ll walk through the traditional cyber insurance renewal process—and show how that process changes when your organization uses Bitsight Security Ratings.

Cyber Insurance Renewal Without Security Ratings

4 ways to leverage bitsight in your underwriting process

Do you know how much risk a cyber insurance applicant could pass along to you? Security Ratings give you the verifiable data you need.

When an insured comes up for renewal, the underwriter typically pulls the file from the previous year and reviews the application responses. They’ll check back in on any concerns at that time. Additionally, they’ll check if there are any incidents or open claims on file. Finally, they’ll research for updates about the company over the past year. For example, they look for news about company operations, mergers or acquisitions, or anything with regard to security.

From all this information, they then send a few specific questions to the insured (or the insured’s broker) along with a renewal application. Ideally, this questionnaire and renewal application form will be completed and returned 30 days prior to the policy anniversary.

The difficulty with this renewal process is that, if nothing has changed operationally, the underwriter is limited to making changes based on annual revenue. The renewal application tends not to focus on controls—but the controls allow you to better understand any changes in risk exposure so you can adjust the rate accordingly. In other words, it’s quite difficult to understand if anything has changed and gain insight so you can underwrite to those changes and new risks.

This is where Bitsight Security Ratings can help.

Cyber Insurance Renewal With Security Ratings

The data is based on the insured’s current security posture.


Using Bitsight Security Ratings, you can see the actual security activity associated with your insured for the previous 12 months. This allows you to make an informed decision during renewals. For example, you can see whether your insured’s maintained a constant security posture, improved, or declined while the policy was active—and see what factors that may have led to that change.

The data enables you to benchmark your insured’s security performance.


It’s critical to understand whether the insured party is outperforming or decreasing compared to peers in their industry or other active insureds in your portfolio. Fortunately, Bitsight Security Ratings make this benchmarking process simple. Instead of having a simplistic conversation with the insured about revenue changes, you can have a more substantive talk about things like compromised system activity and diligence trends, which will give you valuable insights for the renewal process.

The data allows you to better understand your evolving risk aggregation exposure.


Risk aggregation is becoming a significant concern for insurance organizations, who want to understand the concentration risk an insured’s service providers adds to their overall portfolio. Therefore, when an insured comes up for renewal, take the time to evaluate the impact it and its third and fourth parties will have on your portfolio’s risk aggregation.

For example, your insurance company may have decided to take on a billion dollars of aggregate risk on Amazon-related fourth-party relationships. Let’s say you have an existing customer up for renewal along with a potential new opportunity. Both companies use Amazon Web Services and both fill the $10 million-slot. You need to decide if you should modify pricing or terms for one of them and see if you can be compensated for the limited capacity—and this information becomes clear once you use Bitsight Discover. This means you’ll price and write risk optimally knowing your aggregation exposure to your service providers.

In summary, during the renewal process, you’ll want to assess if you need to minimize exposure to a particular service provider, and then consider how the applicant (or current insured) brings that exposure up or down.

In Conclusion

Bitsight Security Ratings & Discover allow you to make a more informed, risk-centered decision during the cyber insurance renewal process. Simply rolling over information from year to year may be easy, but it’s careless. With Bitsight, you’ll have the detailed trailing data, benchmarking information, and risk aggregation perspective you need to understand the impact your insured will have on your portfolio—and to make a more informed renewal decision. Learn more here.