Login Register Subscribe
Current Issue

Chubb taps into historic method to underwrite cyber risks

Reprints

Chubb Ltd. said it has introduced a new model for underwriting cyber insurance that is intended to simplify and improve cyber and privacy risks assessments and is based on a methodology that has been used effectively by property underwriters for nearly 300 years.

Russ Cohen, Chubb’s Philadelphia-based director of cyber/privacy services, said in an advisory issued Monday that property underwriters have long used the construction, occupancy, protection and exposure — or COPE — methodology.

 Under the Cyber COPE methodology, the acronym now stands for components, as in number of endpoints and network connections; organization, referring to factors including the policyholder’s industry and quality of information technology and security-related policies; protection, including data retention policies, firewalls, monitoring and incident response readiness policies; and exposure, including political or criminal motivation, types of outsourcing and types and amount of sensitive information. 

In property insurance, “The COPE methodology has been effective because it uses simple, straightforward questions to gather both objective and subjective data to more accurately assess risk,” states the advisory.

Likewise, Cyber COPE “has been designed to be simple to use and to provide the right balance of objectivity for the underwriter,” states the advisory.

Chubb says in the advisory that Cyber COPE was first leveraged as the basis for the insurance application for its Global Cyber Facility, which offers up to $100 million in primary capacity in a single policy purchase. 

Chubb said it worked with strategic allies within the cyber security industry to develop a set of questions that provides the necessary data elements to help underwriters comprehensively assess cyber risk.