Patent Issued for Platform For Live Issuance And Management Of Cyber Insurance Policies (USPTO 10,970,787)

2021 APR 19 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Alexandria, Virginia, by NewsRx journalists, a patent by the inventors Crabtree, Jason (Vienna, VA); Sellers, Andrew (Monument, CO), filed on March 4, 2018, was published online on April 19, 2021.

The assignee for this patent, patent number 10,970,787, is QOMPLX Inc. (Tysons, Virginia, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “Field of the Invention

“The disclosure relates to the field of automated computer systems, particularly to autonomous issuance and management of insurance policies for computer and information technology related risks.

“Discussion of the State of the Art

“In a typical insurance business, vast amounts of data may be required to be analyzed to determine underwriting offers that would be suitable for both an insured and an insurer. This may include associated risks, premium pricing, pending offers, verifying damages, and the like. It may also be time-consuming to consider all the factors needed to determine the best possible outcome for both parties.

“Another issue in typical insurance may be the wait to process a claim. The industry is already moving towards greater automation, and the move has already shown marked improvements in both convenience for the insured as well as quicker turnaround. The WALL STREET JOURNAL recently reported that four in ten insurers have moved to a more automated process to inspect damages not requiring on-site inspection by an employee, and also that claims processing with a greater level of automation can be handled in two to three days as opposed to 10 to 15 days. However, there is still room for improvements. While many aspects may presently be automated, there are other aspects that may benefit from greater automation.

“Particularly in the field of cyber insurance (policies related to computer and information technology related risks, such as interruption of cloud server access or malicious hacking) there is a substantial gap between the rate at which the risks evolve and the rate at which policies can be updated to address the evolving risks. Unlike insurance policies for traditional risks such as fire, flood, automobile, etc., where the risks are largely fixed in nature, the risks associated with cyber-related insurance polices are constantly evolving as both the technology used by businesses changes (for example the move to cloud-based computing) and the methods of cyber attack evolve (because they are driven by malicious human actors, and not natural events). Cyber-related risks can change on a weekly, daily, and even hourly basis, whereas traditional underwriting methods evolve on the order of years to decades. Thus, insurance policies for cyber-related risks can lag substantially behind the risks they purport to cover, creating potential coverage gaps for the insured and additional risk for the insurer.

“As examples of such policy gaps in the field of cyber insurance, in the 2013-2014 underwriting years, many significant data breaches plagued the market and large, sophisticated corporates with security budgets in the hundreds of millions (e.g. JP Morgan Chase) fell victim to hackers. This resulted in significant underwriting losses, pushing insurance rates up three separate times in a matter of months. Subsequently, since 2015, risk became decoupled with policy coverage as perpetrators found new financially rewarding attack vectors. SWIFT hacks turned out to generate an even higher return than selling stolen credit card numbers. This risk was not covered under cyber insurance, which spared the insurance markets, but left insureds with major uncovered losses. These policy gaps, or disconnects between risk and coverage, occurred because underwriting methods for cyber policies could not keep pace with the evolution of cyber related risk.

“What is needed is a system that automates the process of underwriting insurance policies for cyber-related risks. This system should be able to automatically gather and assess near real-time information regarding the risks associated with insurance policies for cyber-related risks, and issue policies, adjust premium pricing, process claims, and seek re-insurance opportunities with a minimum of human input. Ideally, to protect both the insurer and insured, such a system would additionally make efforts to mitigate the impact of evolving cyber security risks, such as notification of current threats and recommendation of mitigation measures.”

In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “Accordingly, the inventor has conceived, and reduced to practice, a system and method for autonomous issuance and management of insurance policies for business interruption and loss associated with computer and information technology related risks, including but not limited to: system availability, cloud computing failures, current and past data breaches, data integrity issues, denial of service attacks, and other accidental events and malicious activity. This system will start with traditional underwriting information such as questionnaires, and will add insurance-specific instrumentation and internet-enabled scanning to automatically analyze cyber insurance risks. The system will assess the likelihood of business interruption or loss due to both accidental issues such as data loss, loss of access to cloud computing platforms, etc., and malicious activity such as hacking, various forms of cyber attacks, and data theft. As part of its analysis, the system will create matrices designed to assess threat profiles, propensity to be attacked, and potential for loss, including in its analysis factors such as cloud-based application and usage, perimeter security, stack security vendors and configurations, internal network topologies and segmentation, anti-virus and endpoint prevention capabilities, identity and privilege management, endpoint software, and types and value of data stored, along with information about active and potential modes of attack, redundancy of systems, and similar factors. Based on these assessments, the system will be able to autonomously issue policies, adjust premium pricing, process claims, and seek re-insurance opportunities with a minimum of human input.

“According to a preferred embodiment, a client portal is provided through a network-connected server, which allows the client to manage its insurance policies, including but not limited to applying for insurance coverage, making premium payments, submitting claims, and receiving claim payouts. Information from the portal is sent to the underwriting processor, which performs automated management of the underwriting process. For insurance policies involving computer and information technology related risks, the underwriting processor sends relevant information to the cyber risk analysis engine. Based on queries by the cyber risk analysis engine, a deep web extraction engine gathers a variety of near real-time information from a plurality of online sources related to the status of networks, availability of cloud computing platforms, active and potential cyber attacks, and other information relevant to the query. The deep web extraction engine feeds the gathered information back to the cyber risk analysis engine, which performs assessments using machine learning algorithms to assess risks due to both accidental causes and malicious activity. The results from the risk analysis are fed back to the underwriting processor, which uses those results to perform automated underwriting management.

“In another preferred embodiment, a method autonomously issuing and managing insurance policies for computer and information technology related risks would be used, comprising the steps of: (a) providing a network-connected portal for clients to manage their insurance policies; (b) gathering a variety of data from about a plurality of potential risks related to use to computer and information technology; © analyzing the likelihood of business interruption or loss from a plurality of computer and information technology related risks; (d) creating a contract block by compiling the request into a computational graph-based format, with an automated underwriting processor; (e) linking the contract block to the requester, with the automated underwriting processor; (f) storing the contract block into memory, with the automated underwriting processor; (g) retrieving a plurality of available underwriting agreements from memory, with the automated underwriting processor; (h) creating an offer list by performing computational graph operations on the contract block to determine at least a risk-transfer agreement based at least on calculated risk associated with the request, contextual consideration of an existing contract portfolio, and the plurality of available underwriting agreements, with the automated underwriting processor; and (i) presenting the offer list to the requester, with the network-connected server.”

The claims supplied by the inventors are:

“What is claimed is:

“1. A system for autonomous issuance and management of insurance policies for business interruption and losses associated with computer and technology related risks, comprising: a network-connected server comprising a memory and a processor; a deep web extraction engine comprising a first plurality of programming instructions stored in the memory and operable on the processor, wherein the first plurality of programming instructions, when operating on the processor, cause the network-connected server to gather data about a plurality of potential risks related to use to computer and information technology; a cyber risk analysis engine comprising a second plurality of programming instructions stored in the memory and operable on the processor, wherein the second plurality of programming instructions, when operating on the processor, cause the network-connected server to analyze the likelihood of business interruption or loss from a plurality of computer and information technology related risks by utilizing machine learning to predict risk from both accidental events and deliberate malicious activity; a customer portal comprising a third plurality of programming instructions stored in the memory and operable on the processor, wherein the third plurality of programming instructions, when operating on the processor, cause the network-connected server to provide a portal for clients to manage their insurance policies; and an automated underwriting processor comprising a fourth plurality of programming instructions stored in the memory and operable on the processor, wherein the fourth plurality of programming instructions, when operating on the processor, cause the network-connected server to: create a contract block by compiling the request into a computational graph-based format; link the contract block to the requester; store the contract block into memory; retrieve a plurality of available underwriting agreements from memory; and create an offer list by performing computational graph operations on the contract block to determine at least a risk-transfer agreement based at least on calculated risk associated with the request, contextual consideration of an existing contract portfolio, and the plurality of available underwriting agreements; wherein the offer list is returned to the customer portal to be presented to the requester.

“2. The system of claim 1, wherein at least a term and a condition of an offer are added to the contract block after the requester agrees to the terms of an offer from the offer list.

“3. The system of claim 2, further comprising a claims processor comprising a fifth plurality of programming instructions stored in the memory and operable on the processor, wherein the fifth plurality of programming instructions, when operating on the processor, cause the network-connected server to: receive a claim request from an insured; retrieve a contract block linked to the insured; process the claims request to determine a payout amount based at least on a term and a condition stored in the graph-based dataset; and process the payout amount using a billing and payments manager.

“4. The system of claim 1, wherein at least a portion of the information contained in the contract block is risk characterization of the contract block, allowing external operations to be peril-agnostic and model-agnostic.

“5. A method for autonomous management of risk transfer, comprising the steps of: (a) providing a customer portal for clients to manage their insurance policies; (b) gathering a variety of data from about a plurality of potential risks related to use to computer and information technology; © analyzing the likelihood of business interruption or loss from a plurality of computer and information technology related risks, by utilizing machine learning to predict risk from both accidental events and deliberate malicious activity; (d) creating a contract block by compiling the request into a computational graph-based format, with an automated underwriting processor; (e) linking the contract block to the requester, with the automated underwriting processor; (f) storing the contract block into memory, with the automated underwriting processor; (g) retrieving a plurality of available underwriting agreements from memory, with the automated underwriting processor; (h) creating an offer list by performing computational graph operations on the contract block to determine at least a risk-transfer agreement based at least on calculated risk associated with the request, contextual consideration of an existing contract portfolio, and the plurality of available underwriting agreements, with the automated underwriting processor; and (i) presenting the offer list to the requester, through the customer portal.

“6. The method of claim 5, wherein at least a term and a condition of an offer are added to the contract block after the requester agrees to the terms of an offer from the offer list.

“7. The method of claim 6, further comprising the steps of: receiving a claim request from an insured; retrieving a contract block linked to the insured; processing the claims request to determine a payout amount based at least on a term and a condition stored in the graph-based dataset; and processing the payout amount using a billing and payments manager.

“8. The method of claim 5, wherein at least a portion of the information contained in the contract block is risk characterization of the contract block, allowing external operations to be peril-agnostic and model-agnostic.”

For more information, see this patent: Crabtree, Jason; Sellers, Andrew. Platform For Live Issuance And Management Of Cyber Insurance Policies. U.S. Patent Number 10,970,787, filed March 4, 2018, and published online on April 19, 2021. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=10,970,787.PN.&OS=PN/10,970,787RS=PN/10,970,787

(Our reports deliver fact-based news of research and discoveries from around the world.)