Introducing The Underwriter's Edge

Every morning, thousands of cyber underwriters open their inboxes to find another firehose of information. New CVEs. Regulatory updates. Threat actor reports. Vendor security notices. Industry loss data. It never stops.

But here’s the problem: information is not insight.

Most of us are drowning in data while starving for clarity. We need someone to cut through the noise, connect the dots, and tell us what actually matters for the risks we’re pricing today and the portfolios we’re building for tomorrow.

That’s why I’m starting The Underwriter’s Edge.

From Risk Engineering to Underwriting

I’ve spent over a decade in cyber risk — from PwC to AXA to Zurich. I’ve reviewed hundreds of risk assessments, analyzed countless security postures, and watched the market evolve from a niche product to a core line of business.

Now I’m transitioning into a senior cyber underwriting role at Sompo. And the gaps I’ve observed from both sides — risk engineering and underwriting — are impossible to ignore.

We have more data than ever, but less time to make sense of it. We have sophisticated models, but they’re only as good as the assumptions fed into them. We have brilliant underwriters, but they’re spending too much time on routine analysis and not enough on complex judgment calls.

This newsletter is my attempt to help bridge those gaps.

What You’ll Get Every Week

The Underwriter’s Edge is a weekly intelligence brief designed for professionals who need to stay current without getting overwhelmed.

Each edition will cover:

• Threat Intelligence — Active attack campaigns, emerging threat actors, and what they mean for portfolio exposure
• Regulatory Developments — NIS2, DORA, EU AI Act, and how new rules change the risk landscape
• Claims Trends — Real patterns from the market, not just headline cases
• AI & Automation — Tools and techniques that can augment underwriting judgment (without replacing it)
• Practical Frameworks — Mental models and assessment approaches you can apply immediately

I’ll also share perspectives from my dual vantage point: building AI automation tools while working inside the underwriting function. That intersection — where traditional risk expertise meets emerging technology — is where I think some of the most interesting opportunities (and risks) live right now.

Who This Is For

This newsletter is written for:

• Cyber underwriters who want sharper situational awareness without drowning in open-source intelligence feeds
• Risk engineers supporting underwriting teams who need to translate technical findings into business impact
• Brokers advising clients on cyber coverage who want to speak the language of risk more fluently
• CISOs and risk managers at insureds who want to understand how underwriters think about emerging threats

If you’re looking for hot stock tips, product pitches, or generic cybersecurity news, this isn’t for you. If you want disciplined analysis of what actually moves the needle in cyber risk transfer, read on.

What’s Coming Next

I’ve already queued up the first seven topics based on conversations with underwriters, brokers, and risk engineers over the past few months. These are the questions that keep coming up:

1. AI in Cyber Underwriting: Attacker, Defender, and Underwriter Perspectives — How generative AI is reshaping the threat landscape and what that means for risk assessment
2. Supply Chain Exposure: Why One Vendor Can Blow Up Your Entire Book — The concentration risks hiding in plain sight and how to surface them
3. Do Brokers Need to Understand Cyber Accumulation? Yes — Here Is Why — Making the case for accumulation literacy beyond the underwriting floor
4. Deepfake-Enabled BEC: The Claim Trend Underwriters Cannot Ignore — Social engineering is evolving fast. Here’s what to watch for.
5. NIS2 for Brokers: What Your Clients Must Do and What Happens If They Don’t — Practical guidance for the regulatory wave hitting European insureds
6. AI Agents for Cyber Reconnaissance: What Underwriters Need to Price — Offensive AI capabilities are advancing. How should risk assessment adapt?
7. EU AI Act and Cyber Insurance: What Underwriters and Brokers Must Know Now — The intersection of AI regulation and coverage considerations

Beyond the Newsletter

This is part of a larger project. I’m building Resiliently as a resource hub for cyber risk professionals — tools, templates, and interactive assessments that can support your day-to-day work.

The newsletter will always be free. The tools are designed to make your job easier, not to sell you something you don’t need.

If you want to subscribe, just scroll down and drop your email. You’ll get the first edition as soon as it publishes.

And if you have topics you want covered, questions about the market, or perspectives from your corner of the industry, reply to any newsletter edition. I read every response.

Let’s get to work.

— Michael

The Underwriter’s Edge publishes weekly. No spam. No fluff. Just signal.