Underwriting in 2025 has become increasingly complex as risks no longer appear in isolation. Nowhere is this more evident than in the technology and communications sector, where digital vulnerabilities, operational stresses and exposure to large-scale external disruptions overlap in ways that make traditional underwriting models less reliable. Recent natural disasters and systemic disruptions have shown how quickly digital infrastructures can be affected by events that fall outside their immediate control, from Hurricane Beryl knocking out fibre networks across the Caribbean to the 2024 CrowdStrike incident that caused thousands of global outages across airlines, hospitals, telecoms and financial institutions.
To explore some of the indicators that may support underwriting decisions in this sector, we used TDH’s M3 framework and our Digital Business Analyst.
M3 is a research-led ESG scoring methodology that combines the key elements from leading global standards that evaluates companies capabilities based on what they publicly disclose.
By running company disclosures against this structured metric set, M3 delivers a consistent view of ESG maturity and resilience across sectors and both public and private companies.
In this analysis, we focused specifically on cybersecurity and climate resilience. Cybersecurity matters because telecoms and digital service providers are now prime targets for increasingly sophisticated attacks, and weak disclosure on controls or past incidents leaves insurers with limited insight into actual exposure. Climate resilience has become equally important, as extreme weather, heat stress and energy disruptions threaten data centres, network stability and service continuity. Both areas are difficult to assess without structured disclosure, which is why insurers require clearer and more consistent metrics before underwriting technology and communications firms.
Cybersecurity metrics, which include data-protection policies, certifications and training, show significant variation across revenue bands. Data Security scores rise from an average of 37.2 among companies with revenues of £5–£20 million to 43.1 in firms within the £50–£100 million range, but overall transparency remains limited. While higher-revenue firms tend to perform better, many still lack key safeguards such as documented data-protection policies, ISO 27001 certification or evidence of employee cybersecurity training making company specific analysis key to accurate risk pricing. For insurers, access to detailed cyber disclosures can enable bespoke customer pricing and reduce silent accumulation risks across insured portfolios.
Average Data Security Scores by Revenue (The Disruption House, 2025)
What stands out most in our climate-resilience analysis is not just the variation across metrics, but how consistent low disclosures are across the Technology and Communications sector, particularly among lower-revenue firms. Companies in the £5–£20 million revenue range show very limited reporting across all climate-relevant areas: emissions disclosure averages only 26.2, energy-management metrics fall to 7.8, and environmental frameworks barely register at 1.7. Even as revenue increases, these indicators remain modest; the largest companies with £50-100m revenue reach only 23.1 on energy management and 15.9 on environmental frameworks.
Climate Resilience Scores by Revenue (The Disruption House, 2025)
For insurers, this creates a significant visibility gap. Smaller tech and comms firms often operate essential digital infrastructure such as regional data centres, fibre networks and managed service hubs, yet provide almost no structured information on how they manage climate-related operational risks. Low disclosure makes it difficult to assess whether a firm can withstand heatwaves, cooling failures, power interruptions or flood-related outages. In an environment where even short-lived downtime can trigger cascading business-interruption losses, this lack of climate-resilience insight forces underwriters to assume higher exposure.
How TDH Can Help Insurers Close This Visibility Gap
TDH’s disclosure analytics are designed to illuminate exactly the blind spots that challenge insurers in each of the 11 SASB sectors. By analysing more than 100 ESG, operational and resilience indicators, TDH creates a consistent view of companies’ governance and operational preparedness across a wide range of private and mid-market firms. For cybersecurity, TDH identifies the presence of data-protection policies, certifications such as ISO 27001 and evidence of employee cybersecurity training, allowing insurers to differentiate mature controls from high-risk gaps. For climate and operational resilience, TDH benchmarks disclosures on emissions, energy management, environmental frameworks and adaptation measures, helping insurers assess whether companies have the structures needed to withstand potential shocks.
Because TDH scores firms against sector and revenue peers, insurers gain a comparable understanding of risk quality, not just a narrative or a set of assumptions. This enables more accurate pricing, clearer referral flags, better portfolio steering and more targeted risk-engineering engagement.
M3 also serves as the beginning of a clear pathway leading to better SME engagement, performance improvement and validated data. Our pathway provides a full 360-degree view of a company’s resilience by combining what firms publicly disclose with what they actually do, offering insurers both an external signal and an internal assessment of risk maturity.
Conclusion
Underwriting in 2026 is becoming more complex as insurers face increasing pressure to understand which types of disclosures matter for assessing risk quality. This shift requires moving beyond high-level sustainability narratives and towards consistent, decision-ready indicators that provide real visibility into a company’s resilience.
Our analytics highlight this need in the technology and communications sector. With uneven transparency on cybersecurity maturity and climate resilience, insurers must navigate underwriting decisions with limited insight into the controls and structures that underpin operational continuity. Clearer, more comparable disclosure helps reduce this uncertainty, allowing insurers to price more accurately and support a more resilient digital infrastructure ecosystem.
