The silver bullet view of big data is just naive thinking, say cyber experts

Cyber coverage sounds good on paper, but the industry may still not be good at delivering it.

Cyber insurance has been around for a while now – but are we actually any good at it?

That’s the question posed by the CEO of Asceris and podcaster Anthony Hess in a recent episode featuring Dan Kasper, CEO of the Qualrisk Cyber Insurance Center.

With a background in economics and a deep focus on cybersecurity, Kasper offers a frank assessment of where the market stands. “I still think nobody is really good at cyber insurance yet,” he stated early in the episode.

“Even if we understand the current threat landscape, that doesn’t necessarily tell us what’s coming,” he added – underlining a central challenge: cyber risk is a moving target.

While acknowledging the industry has made progress – particularly in its response to the ransomware surge, which he calls “a catalyst of major changes” – Kasper argued that many current approaches remain reactive, outdated or over-reliant on flawed data.

In the pursuit of better cyber insurance, data is both a tool and a challenge, and Kasper warned that “many cyber insurance models rely too much on uncertain data. There’s nothing worse, in high uncertainty environments, than a false sense of security”.

He stressed that insurers must balance leveraging data with recognising its biases and limitations. 

“The silver bullet view of big data is just naive thinking,” Kasper asserted. 

He advocated for blending subject matter expertise with available hard data to form a comprehensive perspective.

“The actionable insights from the likely data we will get in the next five years will definitely be limited,” he predicted.

Kasper drew an intriguing parallel between cyber risks and natural catastrophes, introducing the idea of a ‘cyber monitoring centre’ which would create a framework akin to hurricane scales, providing standardised measures to assess the severity of cyber events. 

“The challenges in gauging the extent of damages from a cyber event are immense,” he admitted, “but the goal is to bring transparency to cyber incidents.”

This endeavour reflects Kasper’s broader vision of evolving cyber insurance into a mature market with the tools and metrics needed for comprehensive risk assessment.

“The best quality sign of a sophisticated organisation in cyber is one that says ‘we don’t know’.”

Humility and adaptability are the key

Kasper brought up the industry's rapid evolution, particularly since 2019. “The ransomware epidemic that started mid-2019 caused rates on cyber insurance to almost triple between 2019 and 2022,” he recalled, emphasising its transformative impact. 

While this surge has fuelled market growth, it also highlights disparities in maturity and adoption across regions.

Kasper championed a mindset of humility and adaptability in navigating cyber insurance and said: “Nobody really knows too much right now about cyber, or about where it’s going.” 

This humility, he argued, is essential for staying effective and learning in a constantly shifting environment. “It’s not about perfection but making good, robust decisions with the few hard data points available.”

From acknowledging the limits of current expertise to innovating with new frameworks and adapting to a dynamic threat landscape, the path forward requires collaboration, transparency and a willingness to embrace uncertainty.

For reinsurance leaders, the call to action is clear: invest in understanding cyber risks, support initiatives such as the cyber monitoring centre and foster a culture of continuous learning. 

As Kasper put it: “The best quality sign of a sophisticated organisation in cyber is one that says ‘we don’t know’.”

To hear the full Asceris podcast or many others highlighting different issues facing the cyber insurance sector, click here.

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.