The average ransomware loss hit $353,000 this year 📈
Cyber Incident? Get Help

AI and the Future of Actuarial Science

AI and the Future of Actuarial Science

When cyber insurance was first introduced almost 30 years ago, the cyber threat landscape looked much different. We were far less reliant on digital technology and data, it was much more difficult for threat actors to monetize attacks, and penalties for data privacy and cybersecurity failures were still being developed.

The actuarial models adapted from traditional insurance were sufficient during the foundational years, but a new era in cyber insurance is upon us. In fact, we’ve been living in it for a while now.

The tools and data at our disposal have revolutionized the way we understand risk. Remote access is now the default, not the exception. Cybercriminals operate like businesses. The prevalence of cloud-based technologies and automation makes risk aggregation a real concern. Plus, artificial intelligence (AI) has introduced a whole new set of exposures we’re still trying to understand.

Traditional risk models simply can’t keep up with the dynamic cyber risk landscape. We need to retool our approach to actuarial science — and AI can help.

With more information and advancements in technology come more questions and bigger problems to solve. Cyber insurance is no different. With access to data and AI to assist, here are some of the new challenges and a roadmap for how we can confront them.

Addressing the speed and volume of new threats

Despite increased cybersecurity awareness, greater spending on defenses, and a matured cybersecurity industry, cyber threats continue to accelerate at an unprecedented rate.

The speed at which new threats develop, alongside the relentlessness of threat actors, makes assessing cyber risk at the time of underwriting a moving target. Consider just a few of the complexities actuaries and underwriters are trying to reconcile on a daily basis:

  • Common Vulnerabilities and Exposures are expected to increase by 25% in 2024.

  • Scans from unique IP addresses looking for risky technologies increased by 59%.

  • Overall claims frequency is up 13% across all industry segments, while the severity of ransomware (28%) and funds transfer fraud (24%) attacks have also spiked.

Real-time data collection that is purpose-built for cyber insurance is now a necessity. Coalition relies on the Active Data Graph to keep pace with changes in the cyber risk landscape, then uses AI to help detect issues early, assess potential impacts, and extract the most relevant insights to help make sure we are making informed risk decisions with each new quote.

The speed at which new threats develop, alongside the relentlessness of threat actors, makes assessing cyber risk at the time of underwriting a moving target.

Security findings surfaced during the underwriting process can help businesses detect exposures most likely to lead to claims before they purchase coverage. We use AI to summarize key risk insights collected by our Active Data Graph so underwriters can make highly informed risk decisions. We also continue assessments and alerting throughout the policy period because cyber threats don’t stop after binding.

All of this contributes to helping our clients improve security and minimize the likelihood of claims in the face of an increasingly complex threat landscape.

How AI is driving data collection forward →

  • Honeypot tagging helps us detect the vulnerabilities that have the largest potential impacts on insurability earlier.

  • The patented Coalition Exploit Scoring System (ESS) uses machine learning to assess impacts and rank known CVEs to help actuaries prioritize and rate new vulnerabilities.

Analyzing an unprecedented volume of data

Access to real-time cyber risk data is a blessing. But without an equal emphasis on analysis, it can also be a curse. No human alone has the ability to sort through and make sense of the vast amounts of data that’s now available to actuaries.

To minimize the noise generated by new data sources, help avoid misuse, and minimize pricing fluctuations in response to each new vulnerability, we’ve begun to incorporate AI as an assistant. Human oversight remains essential, as the decisions and modifications to models must be made by humans. However, without the use of AI to assist with analysis, it would be impossible to move at the speed required to leverage real-time insights to make timely adjustments to models and underwriting decisions.

Smart insurance professionals who are paying close attention might also realize that the better we are at detecting risks early, the greater impact AI could have on pricing and insurability for clients.

AI can help improve underwriting precision, too. To price cyber risks properly, we can’t just look at risk factors alone; we need to align discoverable risks and exposures with factors unique to each business. This includes details collected during the application process, as well as other factors, like cybersecurity controls.

We also take into account the type of applications and systems being used, including third parties, to help assess risk aggregation exposures and latent risk factors. Behavioral characteristics also differ quite a bit from one organization to the next, so we also need to account for things like patch cadence, M&A activity, technology use, as well as others.

To price cyber risks properly, we can’t just look at risk factors alone; we need to align discoverable risks and exposures with factors unique to each business.

AI helps us connect these dots for each unique client to help make sure the price they pay for their policy is based on the likelihood of loss and not other factors that are less important for cyber insurance. Ultimately, we are working to make sure we are offering the best price for the risk, incentives to improve, as well as fewer contingencies and declinations.

How AI is enhancing data analysis

  • Risk quintiles help drive risk decisions based on the risk profile of each client and the most relevant factors that increase the likelihood of claims.

  • Decision hierarchy frameworks will soon enable us to offer clients multiple coverage options based on budget, risk tolerance, security posture, and needs.

Accounting for unpredictable cyber risks

In a quest for precision, it’s essential that we never lose sight of the fact that cyber risk is inherently unpredictable and dynamic. Cyber risk may be knowable at a micro level on an individual basis and with access to the right data, but predicting cyber risk on a macro level presents a different challenge.

With the rapid technological advancements, the different ways organizations use technology, the interconnected nature of systems, vulnerability exploitation, and irrational behavior of threat actors, there are just too many variables to make precise predictions.

Fortunately, we don’t need to predict the next major outage or vulnerability to improve our approach.

Instead, we can use AI to build scenario-based models that help actuaries account for the dynamic risk variables contributing to extreme cyber events. These event sets help improve dynamic risk modeling so we are in a better position to understand event severity, quantify points of aggregation, and ultimately the insurance impacts we care about most: claims.

Scenario-based models help us avoid blind spots and surprises, treating extreme events as the starting point rather than outliers. With the assistance of AI, we’ll soon have the ability to build and test scenarios that help actuaries anticipate event severity and manage volatility with incremental, not reactionary, adjustments.

Scenario-based models help us avoid blind spots and surprises, treating extreme events as the starting point rather than outliers.

How AI helps us prepare for the unknown →

  • Catastrophic risk modeling allows us to better anticipate claim severity by manually tracking where cyber risk is aggregating in our portfolio and applying event sets, curated by our security experts.

  • Coalition’s Active Cyber Risk Model will soon apply AI to help dynamically build event sets, track portfolio aggregation, and quickly incorporate real-time risk data so we can better anticipate extreme events and the potential impacts on claims.

Harnessing the power of AI to retool underwriting

The challenges on the horizon for the cyber insurance industry may seem daunting at times, but we’re well-positioned to address them head on.

Not only do we have access to cyber threat data in near-real time and new AI tools at our disposal to augment human expertise, but we also have actuaries with both cybersecurity knowledge and real-world cyber insurance experience to help us navigate the path forward. 

Visionary leaders in actuarial science are shifting the paradigm by harnessing the power of AI to retool underwriting specifically for cyber insurance.

Interested in advancements in our industry? Join us in exploring the Future of Cyber Insurance, Coalition’s ongoing series that discusses what’s next in cyber risk — and what you can do about all of it today.


This blog post is designed to provide general information on the topic presented and is not intended to construe or the rendering of legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The views and opinions expressed as part of this blog post do not necessarily state or reflect those of Coalition. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. The blog post may include links to other third-party websites. These links are provided as a convenience only. Coalition does not endorse, have control over nor assumes responsibility or liability for the content, privacy policy or practices of any such third-party websites.
Insurance products are offered in the U.S. by Coalition Insurance Solutions Inc. (“CIS”), a licensed insurance producer and surplus lines broker, (Cal. license # 0L76155) acting on behalf of a number of unaffiliated insurance companies, and on an admitted basis through Coalition Insurance Company (“CIC”) a licensed insurance underwriter (NAIC # 29530). See licenses and disclaimers. Copyright © 2024. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc.