Automation via NLP can help understand cyber exposure/cyber silence

On March 4, 2022, Fitch Ratings reported in its FitchWire Newsletter that the Russian-Ukrainian war increases the risks of spreading global cyberattacks. The ratings agency said cyberattacks against businesses and government agencies increased after Russia invaded Ukraine, mostly indirect cyberattacks against non-primary targets.

“Increased risk exists in particular for issuers that do business in these countries or with their governments, as well as for entities or countries that impose sanctions or are known to interfere,” the report said.

“The current conflict amplifies the broader trend of increasing volume, size and sophistication of attacks, with significant financial, reputational and legal risks for issuers. Enterprise IT teams handled 623 million ransomware attacks in 2021, up 105% year-on-year, according to security vendor SonicWall.

“The company reports an 1,885% increase in attacks against government targets, healthcare (755%), education (152%) and retail (21%). Issuers that focus on cyber resilience, continuous threat assessment and business continuity/disaster recovery while working with industry partners and segmenting their IT infrastructure to reduce cyber risk should be better prepared to mitigate the damage caused by potential attacks.

Other reports contradict this view. On March 9, 2022, a article for The Wall Street Journal by Sam Schechner wrote that the EU says cyberattacks do not appear to have increased during the war in Ukraine. Schechner quoted Cédric O, France’s deputy minister for digital affairs, who suggested after a meeting with other telecommunications ministers from across the EU that there had been no increase so far. significance of cyberattacks.

“Mr O added that attacks could still happen at any time and it is possible that there were attacks that went undetected,” he wrote.

Cyber ​​threats expose risks

However real the number of cyberattacks resulting from the conflict, the threat is real and therefore cannot be ignored. James Breeze, Technical Architect for Innovation and Automation at AXA XL, therefore advises insurers on the best ways to understand and quantify what cyber exposure represents, the business sectors to focus on, the challenges and the current situation in the insurance industry.

“Insurers need to understand how “silent” their business is in cyberspace, which exposes them to cyber claims. The insurer should then adopt processes to bring the business to a cyber-affirmative position to reduce or better eliminate its cyber exposure,” Breeze said.

“Moving to cyber affirmation takes time, so each line of business will need to be prioritized. A priority can be determined using the number of contracts (low volumes may not be a priority); the premium written; and the type of product (e.g. property is at the top of the list) The main challenge is that your full exposure picture is buried in documents and not available in policy administration systems.

“In terms of reducing your exposure, identify contracts that are not cyber-affirming, i.e. they are cyber-silent, and then correct them with standard wordings and amendments. You need to put in place more rigorous wording standards and look at the potential of computable contracts to help eliminate errors,” he explained.

Breeze will speak alongside Pamela Negosanti, Insurance Manager at, at Smart insurer‘s Cyber ​​Insurance Innovation 2022 on April 21, 2022. During their Fireside Chat titled “Apply NLP to Help You Understand Cyber ​​Exposure and Silent Cyber”, they will also explore how to reduce inadvertent cyber risk exposure and similar emerging perils.

The virtual conference will offer delegates the opportunity to hear lessons learned and tips on how to successfully apply natural language processing (NLP) to turn data into knowledge and value, and understand the requirements, and they will get an overview of concrete key performance indicators (KPIs) and metrics to measure success. They spoke to Smart insurer before the event.

Why is it important to use NLP in this context?

James Breeze: NLP enables automation and scalability and frees up valuable resources. Typically, an expensive drafting expert or underwriter would have to review each contract manually. The only way to do it without NLP is to read the contracts and find the exhibits, which costs time and money. NLP can replace this need and allow these resources to focus on more useful activities.

Pamela NegosantI: There is a lot of hype around smart contracts or calculable contracts, which will be essential in the future to ensure contract certainty, but from a tactical point of view, NLP is here today and can help automate key parts of the process.

What lessons have you and insurers learned, and how have they put what they have learned into practice?

Broken: Make sure you can locate and access your final contracts. Many companies find it difficult to easily access their final contracts in force. They must be stored in a central repository and identified with accurate metadata in order to find them. If you can’t find them, you can’t treat them.

You need to secure the access and availability of a key business expert (SME). With an NLP system, you have to train and test it, and the only person to do that is an SME.

Negosanti: SMEs are rare. Specifically, with regards to cyber, the requirement is to have an SME expert in reviewing and working contracts and cyber at the same time. There is not an abundance of SMEs.

Broken: Be clear about scope and success criteria. Do you know how to identify cyber, and what is the scope of that? How accurate should the solution be and what happens if the accuracy is not as expected? Does speed of contract processing matter? Should it be processed within an hour or faster? So be clear about the scope and success criteria.

Negosanti: The lessons keep changing. It is not yet a standardized process, so it involves continuous learning. Be aware that processes may change over time as we learn together.

What advice do you have on how to successfully apply NLP to turn data into knowledge and value?

Broken: Carry out an upstream feasibility study on each field of activity in order to identify the suitability for NLP. There are a range of pre-checks you can perform to ensure it is suitable for NLP. An example, can you find all of your final contracts in the first place? If you can’t, don’t start an NLP project.

Check the format of the contracts: is there information hidden in the images? NLP is not the right technology for images. To be precise, it is also necessary to clearly define your criteria for success.

There is a prerequisite to clearly define the business process and ownership of any manual processing (the human in the loop), because NLP is never 100% accurate, but neither are humans. If it’s 80% accurate, the other 20% could go down the drain.

You need to do the checks in advance rather than after the fact. You also need to manage expectations by ensuring that all stakeholders are aligned. With different expectations, there may be a lag.

What do you consider to be concrete KPIs and metrics to measure success?

Broken: Use empirical testing and run as many contracts as possible in the testing process. You have to use blind testing on something the system hasn’t seen before to determine accuracy. For the sake of accuracy, a reality check is essential.

This requires undertaking a full volume test to do a reality check on the number of affirmative versus silent contracts.

You can set expectations by running it all in the contract database to measure the number of affirmative contracts versus silent contracts. It is then vital to incorporate a continuous quality control process through a combination of automation and manual sampling. To do this, you must ensure that the system generates the correct level of accuracy.

How can NLP help insurers and clients?

Broken: Humans can identify cyber exposure, but at great expense and time and potentially with human error. Automation through NLP enables scalability and accuracy while freeing up valuable resources to focus on their core tasks.

What takeaways would you like delegates to have from the Fireside Chat?

Broken: NLP is a key capability for unlocking valuable information stored in documents. Understanding these documents requires a significant investment of SME time for training and testing. To deliver a successful NLP solution, ensure you have the right level of commitment from your company’s stakeholders and teams.

James Breeze, innovation and automation technical architect at AXA XL, spoken on the side Pamela Negosanti, Insurance Manager at, at Smart insurer‘s Cyber ​​Insurance Innovation 2022 on April 21, 2022, in a Fireside Chat titled “Apply NLP to Help You Understand Cyber ​​Exposure and Silent Cyber”. register here

Fitch Ratings, Cyberattacks, Cybersecurity, Technology, Cyber, Sam Schechner, Cédric O, James Breeze, Pamela Negosanti, Europe

Comments are closed.