Cyber Risk and Insurance Continue to Grow

Cyber risk and insurance continue to gain momentum. More companies realize they need it. And insurers are expanding coverage – and enjoying profitability. That said, cyber insurance continues to be an especially risky insurance line.

This is part of what I discuss in my recently published article, “Expansive Variance.” Published in Actuarial Review, I titled the article very deliberately. The variance of risk expands in new ways every time I investigate cyber risk and insurance.

And frankly, the more I learn about cyber risk, the more concerned I become.

Cyber risk and insurance is expanding.

Cyber risk and insurance are expanding.

My article digs into the reasons behind the growing risk and new tools for actuaries and underwriters. Two particular trends stick out. First, Internet of Things technologies continue to introduce vulnerability to cyber attacks and personal privacy. Perhaps the best example of hacking through via app is last year’s Facebook data breach

Meanwhile, the bad guys, who have the creativity to walk the gauntlet of cyber protections, are quite innovative. Last year’s Equifax breach, the largest in United States history, is a case in point. Despite tight cybersecurity, the breach pulled the personal data of more than 145 million Americans in a seven-week period. Another attack, less widely known to consumers, turned off factories and interfered with commerce all over the world.

The bad actors are also discovering ways to deploy artificial intelligence to mask coding to reach directly into personal computers. And for the less innovative, the old-fashioned and tried-and-true attack methods, such as email phishing, remain effective. Many companies still need to get religion on cybersecurity. Hackers are sometimes getting away with their dirty deeds because companies do not keep up with security patches.

These breaches serve as warnings of what could come. Everyone who knows about cyber risk and insurance fear “big one” — that cataclysmic breach that could put the world on its knees. Insurers are also very concerned about it, spreading risk across individual industries to reduce exposure.

Cyber Risk and Insurance

 The article also describes the unique challenges insurers are facing beyond cyber risk itself. Currently, cyber insurance is generally profitable. The market is so competitive that it is sometimes underpriced. Executives of non-cyber insurance lines are also concerned that their coverages are picking up cyber loss.

Insurers have very different philosophies on covering cyber risk. For Warren Buffett, chairman of Berkshire Hathaway, Inc., cyber risk and insurance just too risky. He believes that each year carries a 2% chance of a super catastrophe costing $400 billion or more in insured losses. Not surprisingly, his insurance group is mostly staying away from covering cyber risk.

But there’s plenty of insurers – about 170 depending on classification – which are happy to offer cyber insurance. AIG and Chubb are two examples. Insurers also have more insurance scores for cyber risk than ever before. Depending on the product, such cyber scores can evaluate risk potential by company and can watch how the risk changes.

Privacy Regulations and Laws

Consumers have little remedy when personal data breaches occur. Cyber insurance covers cybersecurity protections for a limited amount of time, say two years or so. However, there is nothing that can be done to get the information back. The bad guys have it forever. Thankfully, cyber insurance for individuals is just starting to become available.  

Last week I attended a seminar on protecting personal privacy sponsored by the Atlantic magazine and Salesforce

Speakers discussed a social contract, which presumes entities collecting our data will protect it. However, this social contract has little law to support it. One privacy attorney says that the Facebook breach, while unethical, is not illegal. 

_______________

The bad guys,
who have the creativity to walk
the gauntlet of cyber protections,
are quite innovative.

______________

Americans assume the government is making sure our data is respected and kept private. But in truth, our public policymakers are behind the curve. As someone at the seminar joked, “Europeans regulate what Americans innovate.” Legislative remedies are being considered by Congress. During the seminar, Senator Mark Warner (D-VA) mentioned a recent hearing where the nation’s largest search engine’s representatives were notably absent. The company, however, is showing up to help China with their internet although its employees are protesting and some have quit. This is the country that is following every move of their citizens to determine their “trustfulness” and is also blamed for particular cyber breaches.

My article describes new regulations from the European Union that affect American companies. California also passed an aggressive law to protect consumers. It goes into effect January 1, 2020. Not surprisingly, technology companies are fighting the restrictions the new law will impose. After all, they need personal data to sell ads. The European and California laws have potential ramifications for cyber insurers, but those details are yet to come.

Note: My last article about cyber insurance discusses particular challenges for actuaries. To see more of my cyber articles, just enter “cyber” in the search bar below.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 




Insurtech Revolution Will Transform the Business of Insurance

The Insurtech Revolution is here.

The Insurtech revolution is here.

The Insurtech revolution is here.

My most recent Actuarial Review article, “The Insurtech Revolution,” cuts through the buzz and highlights areas where insurtech is likely to transform the insurance industry.

Insurtech is like any quickly emerging development. There is a lot of activity, confusion and a dash of hype.

That’s why my first question to most sources was this: “What is the difference between technological innovation and insurtech?” They agreed it was a good question. The evolving broad definition of insurtech risks becoming too general to be useful. The article includes an important sidebar that further defines the term. I hope will encourage more informed insurtech conversations.

This is certain: insurtech is not a Reese’s Peanut Butter Cup. Insurtech does not merely stuff new technology into insurance. Rather, insurtech is a cottage industry coming into its own. At its best, insurtech challenges insurers to re-think what insurance could look like and how it should be delivered and serviced in a digital economy.

My concern is that the most cautious insurance professionals among us will be too quick to write off insurtech as a fad. Or even worse, they will choose denial or ignore it to their peril. Insurance professionals must pay attention to insurtech because it will affect their jobs.

Make no mistake: insurtech will be transformative. It is not just about technology, but new concepts that make sense in a digital world. For example, the insurtech approach means out with reactionary customer service and in with initiative-driven customer experience. (To learn the difference, click here.)

___________
“…insurtech is not a Reese’s Peanut Butter Cup
…(it) does not merely stuff new technology into insurance.”
___________

Meanwhile, its emphasis on artificial intelligence and other smart technologies will change and eliminate jobs. Insurtech companies offering insurance can, for example, prefill personal information through an Application Programming Interface (API), simplifying the application process practically down to a few digital taps.

By programming a rules engine, artificial intelligence is already performing critical functions, such as statistical calculations and ensuring accurate and meaningful customer information.

Insurtech Revolution: Annmarie’s Take

After watching technology change the insurance industry for 30 years, here are some personal observations about The Insurtech Revolution:

1) Insurtech companies risk operating under false assumptions. A technological improvement in one industry is not necessarily easily translatable to the insurance domain. The transactions, responsibilities and public accountability differ from banking, as an example.

2) Insurtech companies are in love with their beloved technology, but insurers love real results. Understand the real problems the insurance industry is facing. Offer solutions using insurance industry lingo. Save that technological deep dive for those who want to go there.

3) Insurance companies are not threatened by insurtech competitors, also known as “disruptors,” which have garnered an overabundance of media attention. Peel back the artificial intelligence, APIs and novel approaches to coverage – and you have the excitement and struggles of a new insurance company. In three years or less, Flo, the gecko and/or other insurers will be using the insurtech bells and whistles that make sense. And they will be doing it better. By that time, we’ll also know if the “disruptors” are profitable.

The Insurtech Revolution is here. Please check out my article and offer comments below.

 

 

 

 

 

 

 




Claim Prevention Tips Can Upgrade Customer Experience and Mitigate Losses

Claim prevention tips can improve customer experience and prevent losses.

Claim prevention tips can improve customer experience and prevent losses.

Claim prevention tips give personal lines insurers ample opportunities to upgrade customer experience and mitigate losses. Catastrophic (CAT) events such as hurricanes Harvey and Irma are reminders of why providing critical information to policyholders will quickly become a best practice.

As I explain in my blog for SPLICE Software, directly delivering useful safety and loss prevention information to customers via their communication channel of choice — such as text messages — allow insurers to tangibly demonstrate their commitment to policyholder protection.

Further, arming customers with critical information allows them to take positive steps to decrease the frequency and severity of claims. These tips can also build customer loyalty and provide a new way to reinforce marketing strategy.

My blog explains other reasons why insurers should use claim prevention tips. Happy reading!

 

 




New Developments in Cyber Insurance Address Growing Needs

There are many new developments in cyber insurance.

There are many new developments in cyber insurance.

Before the WannaCry worm began disrupting institutions all over the world last week, cyber insurers have been preparing for the rise in ransomware. This is among new developments in cyber insurance.

Insurers are also focusing on other cyber challenges, such as increasing risk from the connectivity of the Internet of things. As I point out in my recently published Actuarial Review article, Cyber Quandary, actuaries developing solutions to support the growing appetite for cyber insurance.

The article focuses on the latest developments in cyber threats and insurance, including emerging risks, market changes and innovative actuarial solutions. While emerging actuarial developments continue to progress, however, underwriting judgment still rules the day.

This is not surprising. Cyber insurance modeling is still very much in its infancy. It took more than a decade for personal auto underwriters, who tend to rely on experience and judgment, to adopt results from modern analytics.

After covering new developments in cyber insurance for the past three years, I marveled at how much cyber risk and insurance have changed. Consider the following:

  • Americans, once alarmed by headline-making data breaches from department store credit cards, have accepted the likelihood of being breached thanks to hacks to health care insurers, internet sites and the federal government. Perhaps we feel helpless that we can’t do much about it.
  • Ransomware is growing more popular. As we are seeing with the WannaCry worm, bad actors find it profitable to hold information hostage – and they prefer payment a la Bitcoin.
  • The Internet of Things, which increases cyber vulnerability, was not yet part of the household lexicon three years ago. While offering convenience, every connectivity point can be a weak link hackers can exploit. Consumers and businesses must take potential vulnerabilities from the Internet of Things more seriously.
  • Cyber insurance, which centers on addressing costs from data breaches, includes new coverages, including manufacturing disruption due to greater connectivity.
  • Two-and-a-half years ago, cyber insurance began growing in popularity. However, predicting losses was difficult due to the lack of historical data. Even as historical data becomes available, it has limited application due to the changing nature of risks. Actuaries are finding new methods and using non-traditional data to enhance predictability.

Meanwhile, there are other areas that deserve attention. These include:

  • Lack of policy standardization. This makes it difficult for businesses to know exactly what coverage they need and what they are getting for their premium dollar.
  • Cyber hygiene and risk management neglect. There are still too many companies — and people — who underestimate how basic security measures, such as updating software, can make a difference.
  • Personal lines insurers are slow to offer consumer cyber coverage. I’ve been clamoring for this since my first cyber insurance article. Carriers can enhance their value propositions by offering consumers this vital coverage. There’s always subrogation!
  • Preventing a cyber 9-11 and dealing with it if it comes, remains a great concern. Whether cyber terrorists compromise the Internet or utilities or God knows what else, all of us should prepare.

While there are many new developments in cyber insurance, I expect more to come. In the future, there will be more cyber insurance products that address specific industry concerns, additional options for small businesses and greater dependence on analytics for pricing and market segmentation.

To read my other cyber insurance articles, please click here.

 

 

 

 

 

 




Driverless Cars: Beyond the Hype

Driverless cars promise get people around more safely. However, the basis for that assumption is often backed up by old statistics that were not considering the safety of autonomous vehicles.

In fact, not long after I submitted my Actuarial Review article about driverless cars, “60 Minutes” presented a segment, “Hands off the Wheel” on the same subject.AR_Nov-Dec_2015 Cover

Since I had intensely researched the topic, I could not wait to hear what the reporter would tell the general public. Instead of investigative journalism, the segment gave the driverless car industry a boost with little mention of the many unresolved issues and potential unintended consequences.

At its beginning, the reporter said “almost all” car accidents are caused by driver error, noting the safety potential of driverless cars. The truth is, nobody really knows how safe driverless cars will be.

The often-quoted statistic by driverless car advocates is that 93 percent of car accidents are caused by human error. The logic is that by reducing the opportunities for driver mistakes, automated vehicles will be safer.

The statistic and its assumptions, which were also presented as testimony before the U.S. Congress, are very important because they guide the assumptions and expectations of driverless cars. Google also boasts that all of the accidents involving its cars were due to human error.

But when the rubber hits the road, it’s the insurance industry’s opinion that counts. Its actuaries not only have the most experience looking at the factors that lead to accidents, but the industry will be responsible for covering them.

My article, Destination Driverless: Will Vehicles – Not Drivers – Become the Center of Risk?, sets the record straight about the all-important 93 percent statistic thanks to actuarial analysis provided by the Casualty Actuarial Society’s Automated Vehicles Task Force.

The task force concluded that automated technology could only address 78, not 93 percent of accidents if it cannot overcome factors such as weather, vehicle errors and inoperable traffic control devices. Using the 93 percent statistic, the task force also asserts, is problematic for other reasons.

Stemming from a National Highway Transportation Safety Administration (NHTSA) study, the statistic had nothing to do with driverless cars. And, due to its age, the study could not anticipate the latest safety improvements to conventional vehicles.

So what do actuaries need to have a better idea of the potential costs of insuring driverless cars? Access to proprietary data that developers and manufacturers naturally are not quick to share.

My article also details other factors that should be considered – especially when human drivers must take the wheel of automatic vehicles. It also covers the challenges that developers must overcome to make them viable in the real world.

What does this mean to the average consumer? Excitement about driverless cars abounds, but nobody sees a significant population of driverless cars for another 20 years.

In the meantime, we can expect driverless cars to gradually join the traffic jam. That transition, in and of itself, could also lead to unintended consequences.




Data Breach Vulnerability Not Just Due to Technology

About 21.5 Americans’ social security numbers and other sensitive personal information were compromised due to the hack of the U.S. Office of Personnel Management, according to an article posted today on cnn.com.

It seems data breaches have become so common that those unaffected are undocumented workers or Amish.

How did personally identifiable information become so vulnerable? The answer isn’t limited to the technology.

Social Security Administration (public domain) via Wikimedia Commons

Social Security Administration (public domain) via Wikimedia Commons

Our vulnerability is actually the result of a combination of historical, social and economic factors. To improve protection of personal information, it is important to consider how we got here.

A Little History

Before social security numbers were assigned to Americans, identity was simply a person’s name. After spending decades on genealogical research, I can attest to the fact that before the 1900 census, the government asked very little personal information about Americans.

When President Franklin Delano Roosevelt began the Social Security program as a response to the Great Depression, social security numbers were only to be used for the program. Old social security cards indicate that the numbers are “not for identification.” Just check out the Social Security card of Lee Harvey Oswald, who purportedly assassinated President John Fitzgerald Kennedy.

Over time, corporations got away with using social security numbers as identification for multiple purposes. It’s been necessary for obtaining credit or health insurance purposes since at least the mid 1980s. When I started college in 1986, my identity number was my social security number.

I suspect that cell phone numbers will also become a necessary form of identification that will evolve into being used on a “mandatory” basis just like social security cards.

A Generational Divide

Socially, the culture of the United States has changed from one of valuing personal privacy to one of perpetual sharing. “It ain’t none of your business,” was a very common retort when I was growing up.

____________
The vulnerability of Americans’ personal information 
is not just due to technology
getting ahead of us, 
but also to changing values of privacy.
___________

Millennials and younger are less likely to believe privacy is a big deal. This group most fully embraces social media and “sharing” – including Too Much Information (TMI) sharing that was once considered socially impolite. The ramifications of Facebook’s privacy policy might also surprise them. And honestly, I don’t think the younger generations care even though nobody really knows who is “listening.” 

For Americans to begin caring about personal privacy again, enough might have to suffer the consequences of losing (or even sharing) private information. For example, if you knew anyone who suffered through the Great Depression, you might have observed how that generation saved everything “just in case.” Because of the great suffering, Roosevelt got the support necessary to start social security.

But for now, Americans seem more engrossed in Caitlyn Jenner and gender identity issues rather than the ultimate identity issue: someone stealing yours and using it for criminal activity, extortion or even terrorism.

Some of this theft comes from information Americans willingly share on the Internet. Other important data, including financial and medical information, is being breached from the government and corporations. Combine that public information once stored on paper files and the opportunities for harm are endless.

We have already seen ISIS threaten individual military members and their families because Facebook can give a clue to their home and Google Maps will point the way there. Terrorists can certainly do the same to civilians as well.

As a Gen Exer, I was most influenced by the Baby Boomers. They were my younger professors who taught me women’s studies, gay politics and civil liberties. They all stressed that American freedom includes the universal right to privacy for all Americans.

Baby boomer President William Jefferson Clinton, along with Congress, thought protecting personally identifiable health information was a big deal. He was instrumental in passing through the Health Insurance Portability and Accountability Act (HIPAA). (Interestingly, workers’ compensation was excluded from the Act.)

For the majority of Americans, HIPAA is now just part of the pile of papers they need to sign at the doctor’s office. The law was enacted before the rise of Internet commerce and when Baby Boomers and older generations were the majority of the country. Complying with HIPAA only gets ting more difficult as paper medical records are being converted to electronic files.

Then Gen Exer President Barack Obama ushered in the Affordable Care Act, which throws medical privacy out the window. Now the federal government has access to your medical records because health insurers and medical providers are required to share them.

____________

For Americans to begin caring about personal privacy again,
enough might have to suffer the consequences
of losing (or even sharing) private information.
____________

Federal agencies are hardly safe custodians. Just ask the potential 9+ million past and present federal workers and our military whose data is now vulnerable to whoever hacked it.

Further, cyber incidents, including data breaches, are on the rise according to Verizon’s 2015 Data Breach Investigations Report.” Add to that 66 percent of accountable care organizations surveyed last year by the Ponemon Institute, who believe patient privacy risk has grown and do not have great faith in data security.

Conclusion

The vulnerability of Americans’ personal information is not only just due to technology getting ahead of us, but also to changing values of privacy. Looking back to history and considering past policy and social mores provides context for developing ways to promote privacy. I have a few ideas in mind and soon I will share them in a future blog.




Insurance Brokers Find Cyber Coverage Complex


Leader's Edge Cover May 2015While the cyber insurance market is booming, insurance brokers find cyber coverage complex. 

Customers want to either get a cyber policy for the first time or boost their coverage through higher limits and more endorsements.

Insurance companies are very eager to sell various forms of it.

But that does not mean buying and selling cyber coverage is easy. As I explain in my recent Leader’s Edge article, “Confusion Reigns,” cyber insurance is going through the growing pains of a burgeoning insurance line.

Since the policies offered by 45-plus insurers are not standardized, the market offers a myriad of potential endorsements that range from data breach coverage to reputation damage to cyber extortion. This makes cyber coverage complex.

_______________

…agents and brokers have to carefully comb through
each policy to ensure
the coverage matches the customer.
_______________

And while there is growing demand for higher limits of insurance protection, agents and brokers sometimes have to layer coverage for their customers while keeping a close eye on various exclusions.

Because brokers and agents find cyber coverage to be complex, it also means they have to carefully comb through each policy to ensure the coverage matches the customer. And while insurance buyers should always be well informed about the coverage they are buying, this is especially true for cyber coverage.

I hope you enjoy it! Also, if you want to read more, check out my Contingencies article, “Plugging the Data Breaches.”

Note: In July, I will be publishing a new article that looks closely at the actuarial challenges of cyber insurance. I’ll let you know when my article is published, as I always do. 🙂

 

Be the first to know!
Just click the “follow” button
on the bottom right hand side of this blog.




Cyber Coverage and the Actuarial Challenge

http://www.contingenciesonline.com/contingenciesonline/20150102#pg46

http://www.contingenciesonline.com/contingenciesonline/20150102#pg46

Major cyber attacks are almost becoming the flavor of the month. Sony, JP Morgan, the Home Depot, the U.S. Postal Service, the Target Corporation — the list goes on and on.

If there is anything more challenging than preventing cyber attacks, it is figuring out how to cover the growing risk.

As I cover in my recently released Contingencies article, “Plugging Data Security Breaches,” underwriting is especially difficult. Since the cyber insurance market is growing exponentially, carriers are eager to snap up market share. Meanwhile, their actuaries are concerned about carrying greater liability and pricing.

When it comes to pricing, like any emerging type of insurance, lack of historical data is a big actuarial challenge. Without historical data, actuaries cannot drive using the rear view mirror. Unfortunately, at some point, it seems there will be enough cyber breaches to address that challenge.

At the same time, actuaries will need to use future-forward data and assumptions to prepare for the unimaginable. As I cover in an Actuarial Review article, these challenges are similar for actuaries dealing with terrorism coverage. Because cyber risks and attacks are becoming more serious and hard to anticipate, I predict that the federal government will eventually offer a backstop for cyber insurance just like for terrorism coverage. Technological innovations, as outlined in a previous Contingencies article, will help actuaries rise to these challenges.

_______________
Without historical data, actuaries cannot drive using the rear view mirror.
_______________

The good news is that insurers are getting smarter on how they offer cyber coverage and pricing. To even procure cyber coverage, customers must demonstrate meaningful and defined risk management strategies. I predict that insurers will require even more risk management as best practices continue to emerge.

Cyber Terrorism Threat Continues to Emerge

As for predicting the unimaginable, cyber attacks are also rising to the level of acts of terrorism. A year ago when the Target breach was making headlines, companies were concerned about facing the liabilities for cyber attacks that usually went after the personal and financial information of their companies and customers.

The recent cyber attack on Sony however, is a different animal when hackers threaten violence at movie theaters that show a particular film. This is especially true if the CIA is right and the attack came from the North Korean government. Even if the current theory, that former Sony employees were behind the attack, is correct, this new way of threatening businesses and individuals is likely to be another factor actuaries will need to consider when pricing coverage.


The truth is, nobody knows what is next. While my new article also talks about a Cybergeddon that could cripple the U.S. economy or even worldwide, there is also grave concern that attackers will destroy utility computer systems, which has repercussions too terrible to imagine.


If the past is the best predictor of the future, I have full faith that actuaries will work through their challenges. After all, they are not just number crunchers, but creative thinkers who can use technology to its best advantage.




Brokers Need to Take Advantage of Data for Future Success

Digital UTo attract and retain customers, insurance brokers need to take advantage of data already buried in their electronic and paper files.

My Leader’s Edge article, In the Zone: Keep Your Head in the Game Retaining Clients By Using the Competitive Data Hurtling Right at You, explains why 20th century business practices and assumptions no longer work in a world of Internet purchasing and big data.

Business insurance buyers are already shopping around online for coverage that once depended solely on business relationships. Insurance companies are already using their data to target and sell products to specific customer profiles.

And since insurers also add to their data with outside data to develop models, brokers must follow suit to retain clients and expand on the insurance coverage they are already selling.

I hope you enjoy the article explaining why brokers need to take advantage of data. Feel free to comment below as you wish.

P.S. If you want to learn more about data and analytics, you can see past blogs on the topic under the predictive modeling tag. 




Thank You Tech Cast Global!!!

TechCast Global, which contributed significantly to my Contingencies article about disruptive technology and its effect on actuaries, the Screen Shot 2014-07-13 at 4.16.52 PM copyinsurance industry and the rest of us, posted my blog and article about in the news section of their website.

This is not the first time TechCast has been a good source for my forward-thinking work. Another article I wrote, Fully Exposed, for Leader’s Edge magazine, covers the future of health care and the financial, ethical and insurance implications.

For the unfamiliar, TechCast produces reports on the future of everything from agriculture to economic development around the world. The organization predicts events by a degree of possibility. The website is www.techcastglobal.com.

Meanwhile, my article continues to receive retweets from folks around the world. The article was challenging to research and write, so I am pleased by the response.

More of my articles will be published soon. The topics are: cyber coverage, terrorism reinsurance and how insurance agents can harness new technology to inspire retention. Whether for publications or websites, my goal is to produce quality content for clients who share my philosophy of publishing factual and helpful information to attract and retain readership.

Be the first to know! 
Just click the follow button at the bottom right corner of this blog!