Fear of the dark

Procrustes (Greek: Προκρούστης Prokroustes, "the stretcher [who hammers out the metal]"), was a rogue smith and bandit from Attica who, in Greek mythology, had a stronghold on Mount Korydallos at Erineus, on the sacred way between Athens and Eleusis. There he had a bed, in which he invited every passer-by to spend the night, and where he set to work on them with his smith's hammer, to stretch them to fit in the bed. If the guest proved too tall, Procrustes would amputate the excess length; nobody ever fitted the bed exactly. Procrustes continued his reign of terror until he was captured by Theseus, travelling to Athens along the sacred way, who "fitted" Procrustes to his own bed. Thus, the phrase Procrustean bed, signifies a scheme or pattern into which someone or something is arbitrarily forced, as confirmed by the Merriam Webster dictionary. Following this brief introduction into a part of Greek mythology, we can try to use this phrase in relation to the cyber insurance industry nowadays. 

First of all, what is cyber insurance? It is an insurance product intended to protect businesses, and individuals providing services for such businesses, from Internet-based risks, and more generally from risks relating to information technology infrastructure, information privacy, information governance liability, and activities related thereto. So, in short, insurance cover protecting your digital “life”, primarily businesswise but in recent times personal as well.

Therefore, one would assume that, as with all insurance products, the best way would be to start with a neat proposal form to be filled out by the one seeking insurance. Then followed by the insurance company, or more precisely, the insurance underwriter, ticking some boxes and pricing your risk accordingly. After that the client receives an insurance policy confirming cover, pays the premium and voila, everyone’s happy. Well, that is the way to go, and it is something that would be the normal way to do it. But, scratching the surface a bit more, the aforementioned starts to look like a Procrustean bed situation.

First of all, we're talking about protecting the “digital”. So why not at least start with a digital proposal form? When you think about it, how can you entrust your cyber security risks to someone who is asking you to fill out a paper proposal form? Ok, it's the industry standard for now and maybe I’m overreacting but wouldn’t it be cool if you could start your cyber insurance quest with something that is “cyber” related, a digital application form?

Moving along, the underwriting - it cannot be done the “traditional way”. Reliance on historical data is the foundation of underwriting. With cyber, a major problem appears, lack of historical data. But, on another level, historical data doesn’t even matter that much in cyber underwriting. Cyber risks are dynamic, very dynamic. The digital world is constantly evolving, ever-changing and going forward, even without the “push” forward brought on by the Covid pandemic. Cyber underwriting of the future needs to focus on dynamically managing the risk data using digital tools such as AI, data science, machine learning and so on. Fight fire with fire approach, right?

Ok, in any case, moving further along, the industry is overwhelmed by fear. Fear of the unknown. We could compare it to the one of most ingrained fears to humans, fear of something unfamiliar, fear of the dark. 

We need time, I know, to develop the products, to gain experience, data and so on. But, one quite important thing to note here is that time moves faster in the digital world. Much much faster. The rapid digitalization of practically the whole world doesn’t stop. Just go pay a visit to this website https://www.internetlivestats.com/, you get the gist?

Another cool example is the crypto domain. DeFi (decentralized finance) is a few years old - and it already has a functioning insurance product, built on Ethereum, covering hacks and smart contract vulnerabilities, basically providing cyber risk cover. Look it up - it’s quite fascinating.

One positive example comes from the leading streaming platform in the world - Netflix. By embracing a different approach, Netflix developed software that attacks its own network more than 1,000 times a week, called Chaos Monkey. By forcing Netflix engineers to recover from small failures that customers won't notice, the company hopes to prevent major outages in its video streaming service. Netflix is not only building a robust system here, they're building an antifragile system, one which benefits from the stressors forced upon it. By embracing chaos and constant failure, but without major consequences, Netflix team learns constantly and ultimately makes their systems more resilient, harder to break and finally, antifragile.

“There may be more beautiful times, but this one is ours.”

— Jean-Paul Sartre

Challenging times are upon us. For now, we got what we've got, we are where we are. But, no doubt, the industry will find its way, it always has. Embracing change, transforming, adapting to new challenges will bring interesting times going forward. A lot is happening as we speak. Initiatives, trials and errors, all of this will build the future of underwriting. 

Since we're talking about the future, the key is to take action. Embrace the change! And do remember that Procrustes reaped what he sowed, ending his existence by his own method. So kick out the Procrustean bed, let’s all "lay on the floor" for a while if needed, and try to build a better future together.

Until then, look into cyber insurance, embrace it and be careful, always having in mind that feeling when walking the dark road of cyber risk nowadays, feeling a little strange, a little anxious, there in the “dark”, that constant fear that something, some cyber issue is always near, a phobia that someone, some hacker is always there.

 Fear of the dark.