Underwriting guidelines allow you to choose the minimum grades for each risk vector that can be used to compare against a company’s risk vector grades.
Many insurance carriers have their own nuanced view of what makes an insurance applicant risky through the lens of Bitsight data. Not every risk vector (graded good or bad) is relevant in making an underwriting decision.
Use the Underwriting Guidelines page in the Cyber Insurance application [ Program Setup ➔ Underwriting Guidelines] to pick and choose which risk vectors to include in an underwriting decision.
Guidelines
Default Guidelines: The default settings are configured based on the 2022 Bitsight study with Marsh McLennan which found a correlation to breach with 13 Bitsight risk vectors.
Admin-Defined Guidelines: Underwriting guidelines defined by Admin. Only Admins are authorized to modify admin-defined guidelines.
Risk Vectors
To set guidelines for risk vectors:
- Use the checkbox next to each risk vector to select it.
- Use the grade dropdown to set the minimum grade for that risk vector.
- Use the checkbox in the header of each table to bulk select & deselect risk a category of risk vectors.
- Select Save to save the changes.
Exposure Data
To incorporate exposure data (vulnerabilities and vulnerability groups) in your guidelines, select Configure Exposure Guidelines at the bottom of the Underwriting Guidelines page.
In the Select vulnerabilities page, use the search at the top or use the filters on the left to refine your search for vulnerabilities and vulnerability groups to apply to the guidelines.
Select Vulnerabilities Filters
- CVSS Score
- Filter by severity, which is based on the CVSS scoring system.
- Severity
- Filter by severity, which is based on the CVSS scoring system.
- Vulnerability Number
- Filter by CVE ID or vulnerability name.
- April 23, 2024: Exposure data.
- April 28, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.