Learn how NLP can help to understand the cyber-exposure and the silent cyber
On March 4, 2022, Fitch Ratings reported in its Fitch Wire Newsletter that the Russia-Ukraine war increases the spillover risks of global cyber attacks. The credit rating agency claimed that cyber attacks on businesses and government agencies had increased following Russia’s invasion of Ukraine—mostly spillover cyber attacks against non-primary targets.
“Heightened risk exists particularly for issuers conducting business in these countries or with their governments, as well as for entities or countries that impose sanctions or deemed to interfere,” said the report.
“The current conflict amplifies the broader trend of increased volume, size, and sophistication of attacks, with corresponding significant financial, reputational, and legal risks to issuers. Corporate IT teams handled 623 million ransomware attacks in 2021, up 105 percent year on year, according to security vendor SonicWall.
“The firm reports an 1,885 percent increase in attacks on government targets, healthcare (755 percent), education (152 percent) and retail (21 percent). Issuers that focus on cyber resilience, continual threat assessment and business continuity/disaster recovery while working with industry partners and segmenting their IT infrastructure to reduce cyber risks should be best prepared to mitigate the damage from potential attacks.”
Other reports contradict this view. On March 9, 2022, an article for The Wall Street Journal by Sam Schechner wrote that the EU says cyberattacks don’t appear to have increased in the Ukraine war. Schechner cited Cédric O, France’s junior minister for digital affairs who suggested, after a meeting with fellow telecommunications ministers from across the EU, that there hadn’t to that point been any significant increase in cyber attacks.
“Mr. O added that attacks could still be coming at any time and that it is possible that there have been attacks that went undetected,” he wrote.
Cyber threats expose risk
No matter the actuality of the number of cyber attacks as a result of the conflict, the threat is real, so it can’t be ignored. James Breeze, innovation and automation technical architect at AXA XL, therefore advises insurers on the best ways to understand and quantify what cyber exposure represents, which lines of business should be prioritised, what the challenges are, and where the insurance industry is today.
“Insurers need to understand how much of their business is ‘silent’ cyber, leaving them exposed to cyber claims. The insurer should then adopt processes to move the business to a cyber-affirmative position to reduce or better eliminate its exposure to cyber,” Breeze said.
“Moving to cyber-affirmative takes time so each line of business will need to be prioritised. A priority can be determined by using the number of contracts (low volumes may not be a priority); the written premium; and the type of product (eg, property is high on the list). The main challenge is that your full picture of exposure is buried in documents, and not available in the policy admin systems.
“In terms of reducing your exposure, identify contracts that are not cyber-affirmative, ie, they are cyber-silent, and then remediate with standard wordings and endorsements. You need to put in more rigorous wording standards, and to look into the potential for computable contracts to help eliminate errors,” he explained.
Breeze will be speaking alongside Pamela Negosanti, head of insurance at Expert.ai, at Intelligent Insurer’s Cyber Insurance Innovation 2022 conference on April 21, 2022. During their Fireside Chat titled “Apply NLP to Help You Understand Cyber Exposure and Silent Cyber”, they will also explore how to reduce unintended exposure related to cyber risk and similar emerging perils.
The virtual conference will offer delegates an opportunity to hear lessons learned and tips on how to successfully apply natural language processing (NLP) to transform data into knowledge and value, and understand the requirements, and they will gain insights into concrete key performance indicators (KPIs) and metrics to measure success. They spoke to Intelligent Insurer ahead of the event.
Why is it important to use NLP in this context?
James Breeze: NLP enables automation and scale and frees up valuable resources. Typically, an expensive wordings expert or underwriter would need to review each contract manually. The only way we can do this without NLP is to read the contracts and find the exposures, which costs time and money. NLP can replace this need and enable those resources to focus on more valuable activities.
Pamela Negosanti: There’s a lot of hype around smart contracts or computable contracts, which will be key in the future to guarantee contract certainty, but from a tactical standpoint NLP is here today and can help automate key parts of the process.
What lessons have insurers and you learned, and how did they put what they learned into action?
Breeze: Make sure you can locate and access your final contracts. Many companies struggle to easily access their final, in-force contracts. They need to be stored in a central repository and identified with accurate metadata to be able to find them. If you can’t find them, you can’t process them.
You need to secure access and availability to a key business subject matter expert (SME). With an NLP system you have to train it and test it, and the only person do that is an SME.
Negosanti: SMEs are scarce. Specifically when it comes to cyber the requirements is to have SME who is expert in contracts review and working and cyber at the same time. There is no abundance of SMEs.
Breeze: Be clear on the scope and success criteria. Do you know how to identify cyber, and what is the scope of that? How accurate does the solution need to be and what happens in the situation when accuracy is not as expected? Is the speed of processing the contract important? Does it need to be processed in an hour or quicker? So, be clear on the scope and success criteria.
Negosanti: The lessons continue to change. It’s not a standardised process yet, so it involves continuous learning. Be aware that the processes may change over time as we are learning together.
What tips do you have on how to successfully apply NLP to transform data into knowledge and value?
Breeze: Carry out a feasibility study upfront on each business area to identify suitability for NLP. There is a range of pre-checks you can do to make sure it’s suitable for NLP. An example, can you find all your final contracts in the first place? If you can’t, don’t start an NLP project.
Check the format of the contracts: is there information hidden in images? NLP is not the right technology for images. To achieve accuracy, there is a need to be clear about your success criteria too.
There is a prerequisite to clearly define the business process and ownership of any manual processing (the human in the loop) as NLP is never 100 percent accurate—but neither are humans. If it is 80 percent accurate, the remaining 20 percent could fall to the wayside.
You need to do the checks upfront rather than after the fact. You must also manage expectations by making sure all stakeholders are aligned. With different expectations there may be a misalignment.
What do you consider to be concrete KPIs and metrics to measure success?
Breeze: Use empirical testing and run as many contracts through the test process as possible. You should use blind testing on something the system hasn’t seen before to determine accuracy. For the sake of attaining accuracy, it’s vital to conduct a reality check.
This requires undertaking a full volume test to do a reality check on the number of affirmative versus silent contracts.
You can set expectations by running the whole thing through the contract base to measure the number of affirmative versus silent contracts. It then vital to build in an ongoing quality control process through a combination of automation and manual sampling. To do this you need to be sure that the system is generating the right level of accuracy.
How can NLP help insurers and clients?
Breeze: Humans can identify cyber exposure but at great expense and time and potentially with human errors. Automation through NLP enables scale and accuracy while freeing up valuable resources to focus on their core tasks.
What takeaways would you like delegates to have from the Fireside Chat?
Breeze: NLP is a key capability to unlock valuable information stored in documents. Understanding these documents requires a significant investment in business SME time for training and testing. To deliver a successful NLP solution, ensure you have the right level of commitment from your business stakeholders and teams.
James Breeze, innovation and automation technical architect at AXA XL, spoke alongside Pamela Negosanti, head of insurance at Expert.ai, at Intelligent Insurer’s Cyber Insurance Innovation 2022 conference on April 21, 2022, in a Fireside Chat titled “Apply NLP to Help You Understand Cyber Exposure and Silent Cyber”. Register here www.cyber-insurance-innovation.com
