Category Archives: Technology

Growing P/C Innovation Amid InsurTech, Trump Disruption

The pace of innovation in the U.S. property/casualty industry will accelerate in 2017, as technology advances and the growth of InsurTech raise customer expectations for greater innovation and new business models, according to a new report by Ernst & Young.

In its 2017 U.S. Property/Casualty Insurance Outlook, EY says the industry is at an inflection point, as continued economic headwinds provide little support for insurers plagued by shrinking investment incomes, escalating claims costs and rising regulations.

A new Trump administration raises the prospect of further economic and regulatory change and with the P/C industry in flux, this is a good time for CEOs to think through their future business strategies, EY suggests.

As insurers look to adapt to disruptive market shifts, EY expects companies will do more to develop a culture of innovation in 2017:

“The Internet of Things, telematics, artificial intelligence, driverless cars and blockchain have the potential to transform industry fundamentals and even redefine the nature of risk. In the future, competing for market share will be increasingly dependent on technology, data and analytics.”

With more than 1,000 InsurTech startups in operation, the pace of P/C innovation will speed up next year.

For example, in 2017 InsurTech startup Trov plans to roll out on-demand insurance that will enable customers to use their smart phones to turn coverage for personal belongings on and off. Trov is an example of how product innovation directed towards millennials could disrupt the P/C insurance model, EY says.

“Incumbents will be watching this space closely, creating venture funding groups that are actively monitoring and investing in InsurTech initiatives.”

Insurers will take digital transformation to the next level in 2017, expanding their use of robotics and advanced analytics across most aspects of their business, from claims handling and underwriting to customer relationship management (CRM) systems and risk management, according to EY’s outlook.

See our earlier blog post for latest data on the InsurTech sector.

Read about the top InsurTech deals of the year as reported by Insurance Networking News here.

Prepared for #CyberMonday and #GivingTuesday?

With Cyber Monday and Giving Tuesday rounding out the Thanksgiving holiday digital spending and giving are expected to reach record levels, which means businesses and individuals need to be prepared for cyber threats.

In 2015, Cyber Monday was the largest e-commerce sales day ever with online orders totaling $3.07 billion and experts expect this year’s total will be higher still, according to a post on the The U.S. Chamber of Commerce’s Above the Fold blog.

It cautions businesses to be vigilant, especially when it comes to payment card protection, and offers the following tips:

—Change your passwords and make them strong: just as you would lock the doors before leaving, lock this door too. Make sure employees know this too.

—Install software updates known as patches that your payment service provider sends you for your payment systems: install updates, just as you would on your phone, so your payment system is protected.

—Keep business information private: keep passwords, user IDs, or other details for payment systems private. Confirm an unexpected call or email separately with the supposed caller or sender before proceeding.

Even digital philanthropy can bring out cybercriminals. According to the Identity Theft Resource Center (ITRC), in recent years there has been substantial growth in web-based giving or mobile donations.

In fact one of the first global-scale events that brought attention to mobile donations was the 2010 hurricane that struck Haiti. The Red Cross received millions of dollars in donations from cellphone users who simply texted the word “HAITI” to a five-digit number.

While it feels good to give, the ITRC says it’s important to remember to do your homework and check out a charity before clicking on a link or responding to potentially fraudulent email requests claiming to be a part of Giving Tuesday.

One cause you might consider supporting is The Insurance Industry Charitable Foundation’s Early Learning Initiative (ELI) which provides an opportunity for every young child – regardless of means – to learn to read and write.

Join your insurance industry colleagues in the worldwide #GivingTuesday movement by contributing $5 for ELI here.

Check out the Insurance Information Institute’s facts and statistics on corporate social responsibility here. The I.I.I. white paper Cyberrisk: Threat and Opportunity has the latest information on the current exposure and how insurers are responding.

InsurTech: Outlook Positive

Investors are expected to become more confident in the FinTech sector, including InsurTech startups, as fallout from the Brexit vote in the United Kingdom and uncertainties associated with the U.S. Presidential election stabilize.

A quarterly report from KPMG and CB Insights says that while many investors in Europe and North America took a break from deploying capital in the third quarter of 2016, fintech investment is expected to regain momentum in the fourth quarter of the year and into 2017.

In the third quarter of 2016, venture capital-backed fintech companies raised $2.4 billion across 178 deals, accounting for 83 percent of the $2.9 billion in overall global fintech funding.

Both the number of deals and value of investments were lower than in the second quarter of the year, and when compared to the third quarter of 2015.

Still, the outlook is positive, with InsurTech and other sectors flagged for growth, the report said.

“Over the next few quarters, artificial intelligence is expected to gain more investor attention in addition to RegTech, InsurTech and data and analytics.

At the same time, fintech areas that have emerged over the past year (particularly blockchain) may receive more scrutiny as investors assess when and if investments will deliver returns.”

(RegTech refers to technologies that reduce the cost of regulatory compliance and improve risk outcomes for financial institutions.)

InsurTech VC-backed global investment activity totaled $204 million across 22 deals in the third quarter of 2016, KPMG and CB Insights noted.

The U.S. led the way with 10 InsurTech deals and $104.7 million in investment activity, followed by Germany with 4 deals and $47.2 million in investment.

The top InsurTech deals in the third quarter were pay-per-mile auto insurer Metromile ($50 million in funding), cybersecurity analytics services provider Cyence ($40 million in funding) and insurance brokerage app FinanceFox ($28 million in funding).

Year-to-date some $10.3 billion has been deployed globally across 612 fintech deals through the first three quarters of 2016, according to the report.

Read about the top InsurTech deals of the year as reported by  here.

More stories on InsurTech over at the I.I.I. Insuring California blog here.

Cybersecurity and the Presidential Election

Insurance leaders say the upcoming U.S. presidential election could impact a range of issues, including healthcare and international trade.

Cybersecurity is another insurance-related issue that next week’s election is likely to impact. Forrester even predicts that the new U.S. president will face a major cybercrisis within 100 days.

A new Insurance Information Institute (I.I.I.) white paper notes that governments are facing an unprecedented level of cyber attacks and threats with the potential to undermine national security and critical infrastructure.

The I.I.I. paper, Cyberrisk: Threat and Opportunity, also highlights rising concerns over how hacked information may be used to influence a political outcome:

“Hacks of both Democratic National Committee and Republican National Committee emails during an election year have raised concerns that groups are attempting to influence the outcome of the 2016 U.S. presidential campaign.”

Just last Friday U.S. government officials accused Russia of trying to interfere in the 2016 elections, including by hacking the DNC computers and other U.S. political organizations.

And on Tuesday Microsoft said the Russian hackers believed responsible for hacking the DNC computers had exploited previously undisclosed flaws in its Windows operation system and Adobe’s Flash software.

The Wall Street Journal reports that apparent Russian attempts to disrupt the U.S. election highlight more mundane risks as well as a new weapon in information wars: the disclosure of hacked information to influence policy or public perception.

Meanwhile, cybersecurity experts have warned that the election systems in the U.S. are vulnerable at the local, state and manufacturer level.

The mounting concerns have prompted the Department of Homeland Security (DHS) to consider whether the U.S. voting systems should be classified as critical infrastructure.

Currently, there are 16 critical infrastructure sectors, such as the U.S. power grid and water supply, whose systems and networks are considered so vital to the U.S. that their incapacitation or destruction would have a debilitating effect on national security and public health or safety.

In fiscal year 2015, there were around 295 attacks on critical infrastructure control systems in the U.S., a 20 percent increase on the previous year, according to DHS figures cited in the I.I.I. paper.

What IoT Cyber Attacks Mean for Insurers

The massive global distributed denial of service attack (DDoS) against internet infrastructure provider Dyn DNS Co. that left over 1,000 major brand name sites including Twitter, Netflix, PayPal and Spotify, inaccessible Friday has implications for insurers too.

While the nature and source of the attack is under investigation, it appears to have been (in the words of Dyn chief strategy officer Kyle York) “a sophisticated, highly distributed attack involving tens of millions of Internet Protocol addresses.”

As Bryan Krebs’ KrebsOnSecurity blog first reported, the attack was launched with the help of hacked Internet of Things (IoT) connected devices such as CCTV video cameras and digital video recorders (DVRs) that were infected with software (in this case the Mirai botnet) that then flooded Dyn servers with junk traffic.

The World Economic Forum (WEF) recently warned that failing to understand and address risks related to technology, primarily the systemic cascading effects of cyber risks or the breakdown of critical information infrastructure could have far-reaching consequences for national economics, economic sectors, and global enterprises.

As the IoT leads to more connections between people and machines, cyber dependency will increase, raising the odds of a cyberattack with potential cascading effects across the cyber ecosystem, the WEF noted.

While IoT connected devices have the potential to transform how businesses and individuals—and their insurers—conduct, manage and monitor their operations, workplaces and their homes, clearly there are embedded risks that insurers need to consider.

Over at Celent’s insurance blog, Donald Light, director of Celent’s North America property/casualty practice, says the Dyn DDoS attack has a number of potentially serious implications for insurers.

Light writes:

“An insurer with a Connected Home or Connected Business IoT initiative that provides discounts for web-connected security systems, moisture detectors, smart locks, etc. may be subsidizing the purchase of devices which could be enlisted in a botnet attack on a variety of targets. This could expose both the policyholders and the insurer providing the discount to a variety of potential losses.”

If the same type of safety and security devices are disabled by malware, homeowners and property insurers may have increased and unanticipated losses, Light suggests.

The Insurance Information Institute white paper on cyber threats and opportunities is available here.

Cyber Claims Costly To Businesses Large and Small

Data breaches can be costly, no matter how large or small an organization may be.

That’s a key takeaway of the latest NetDiligence study on cyber claims costs that analyzed 176 data breach claims submitted by insurers.

While the average claim for a large organization—at $6 million—was 10 times the average claim for a small organization, some of the largest claims in this year’s study came from smaller organizations with revenues of $2 billion or less.

This year’s dataset included 21 claims in excess of $1 million (12 percent) of which 81 percent (17 out of 21) involved nano-, micro- and small-revenue organizations that were victims either of hackers or malware.

The largest legal costs (defense and settlements) in this year’s study were from two micro-organizations (revenues of $50 million to $300 million). One lost valuable trade secrets to a hacker, while the other exposed protected health information due to a lost laptop.

The combined legal costs for these two organizations ranged from $1.5 million to more than $4.5 million, NetDiligence said.

Interestingly, the average claim payout across the dataset was $495,000, while the median claim payout was $49,000

The highest average claim payout—$1.3 million—was in the financial services sector.

The majority of claims (87 percent) submitted for analysis in this year’s study came from smaller organizations with revenues of $2 billion or less.

NetDiligence said this is in line with previous findings that smaller organizations experience most of the incidents. This is likely due to the fact that there are simply more small organizations, than large ones.

Other contributing factors may be that smaller organizations are less aware of their exposure or they have fewer resources to provide appropriate data protection and/or security awareness training for employees, NetDiligence said.

A point that underscores the growing need for smaller companies to purchase cyber insurance.

While many leading cyber liability insurers are participating in the study, NetDiligence noted that there are many insurers that have not yet processed enough cyber claims to be able to participate.

“It is our sincerest hope that each year more and more insurers and brokers will participate in this study—that they share more claims and more information about each claim—until it truly represents the cyber liability insurance industry overall.”

Cybersecurity Among Biggest Presidential Challenges

Just days after the disclosure of a massive data breach at email provider Yahoo, believed to have been the work of a state-sponsored actor, it’s notable that cybersecurity made news during the first of three U.S. presidential debates last night.

As Democratic U.S. presidential nominee Hillary Clinton and Republican U.S. presidential nominee Donald Trump squared off, moderator Lester Holt, asked:

“Our institutions are under cyber attack, and our secrets are being stolen. So my question is, who’s behind it? And how do we fight it?”

In her response, Clinton described cybersecurity, cyber warfare as one of the biggest challenges facing the next president.

She said the U.S. faced two different kinds of adversaries: independent hacking groups that try to steal information so they can use it commercially to make money; and cyber attacks coming from states and organs of states.

Clinton noted:

“We need to make it very clear—whether it’s Russia, China, Iran or anybody else—the United States has much greater capacity. And we are not going to sit idly by and permit state actors to go after our information, our private sector information or our public sector information.”

Trump and Clinton then went back-and-forth on whether Russia was responsible for the hacking of Democratic National Committee emails earlier this year.

Setting that discussion aside, both nominees appeared to agree on the enormity of the cybersecurity challenge, as Trump said:

“We have to get very, very tough on cyber and cyber warfare. It is — it is a huge problem… The security aspect of cyber is very, very tough. And maybe it’s hardly doable.”

The just-disclosed 2014 Yahoo breach, in which 500 million accounts were compromised, highlights concerns around the number of state-sponsored cyber attacks, according to this article by the Wall Street Journal.

While organizations should consider the purchase of cyber insurance to manage the financial consequences of an attack, a 2015 Ponemon study found that a more popular approach to managing the risk of a nation state attack is a government-subsidized insurance policy (see below).

screen-shot-2016-09-26-at-10-46-23-pm

What do you think?

Some 17,475 IT and IT security practitioners located in all regions of the U.S. participated in the Ponemon survey.

The Insurance Information Institute’s latest white paper on cyber risk threats and challenges is available here.

Samsung Recall Underscores Emerging Tech Fire Risks

A formal recall by US safety regulators of the Samsung Galaxy Note 7 smartphone due to serious fire and burn hazards should put users on notice to power down and stop using their devices immediately and return them for a free replacement or refund.

Samsung has received 92 reports of batteries overheating in the United States, including 26 reports of burns and 55 reports of property damage, including fires in cars and a garage.

In its warning, the Consumer Product Safety Commission (CPSC) states:

“The lithium-ion battery in the Galaxy Note7 smartphones can overheat and catch fire, posing a serious burn hazard to consumers.”

The recall covers 1 million phones in the U.S., but some 2.5 million of the devices need to be recalled globally, Samsung said.

It follows a Federal Aviation Administration (FAA) brief last week urging passengers not to use Samsung Galaxy Note 7 devices on planes, nor to stow them in their checked luggage.

As the Wall Street Journal reported, identifying a specific brand or model as a potential hazard is a highly unusual move for the FAA, though agency officials previously issued warnings about the overall dangers of checking any kind of cellphones, other battery-powers electronic devices or spare batteries in the holds of planes.

Following the FAA announcement, Samsung accelerated its massive recall.

The cost of the recall to Samsung have been estimated at about $1 billion, but the costs in terms of the hit to market value, tarnished brand and reputation, and lost revenues, as well as opportunity cost could be much higher, as Forbes reports. (Note: Apple’s new iPhone 7 goes on sale today)

From the insurance perspective, the story does underscore broader concerns over increased fire risks from lithium-ion batteries.

As this National Fire Protection Association blog post explains:

“Rechargeable lithium batteries overheat more than any other type of batteries and tend to have manufacturing defects. They are also very poorly regulated. The low weight batteries house substantial energy and fit into smaller devices, but have been causing fire safety issues in smart phones, tablets, hover boards and other emerging tech devices that are popular with the buying public.”

The homeowners line of business saw the majority of fire losses in 2014, according to Insurance Information Institute facts and statistics on fire losses here.

The risks of lithium batteries are also on the radar of commercial insurers. FM Global has partnered with fire protection groups to research the fire hazards of lithium-ion batteries in warehouse storage and cargo containers, for example.

 

 

Faster Decisions, Fewer Challenges Among Cyber Buyers

Good news for cyber insurers. A majority of companies continue to have network security and data privacy insurance, and are making their purchase decisions faster and experiencing fewer purchasing challenges than in 2015.

The findings come in the newly-released 2016 Network Security and Data Privacy Study by Wells Fargo Insurance.

While in 2015 the study showed that 22 percent of companies buying insurance took more than 12 months to make the purchase decision, in 2016 just 8 percent of companies are currently taking that long, while 59 percent are taking six months or less.

Cost of coverage and finding a policy that meets a company’s needs remain the top two insurance purchasing challenges of 2016. However, the study found that 19 percent of companies did not experience any purchasing challenges, a significant improvement over 2015 when only 6 percent did not experience challenges.

The easier purchasing process may be related to less internal resistance, Wells Fargo said. Likewise, in 2016, fewer companies (24 percent) believed the risk was not big enough to warrant the purchase of network security and data privacy insurance.

screen-shot-2016-09-08-at-10-03-24-am

Of the companies in the study that had purchased insurance, one-fifth reported filing a network security and data privacy insurance claim in the last 12 months, and most were satisfied with their coverage.

Another key takeaway for cyber insurers? Protecting the business against financial loss was the primary reason for purchasing coverage (81 percent) in 2016, as in 2015. However, protecting the company’s reputation is an increasing concern, with 70 percent citing it in 2016, compared to just 58 percent in 2015.

Purchasing insurance is an important step, but it should be used in tandem with developing and testing a comprehensive incident response plan and performing a thorough cyber risk assessment, Wells Fargo noted.

The second annual study analyzed trends of network security and data privacy issues among 100 decision makers at companies with $100 million or more in annual revenue.

Check out Insurance Information Institute’s (I.I.I.’s) latest white paper on cyber risk threats and challenges here.

Disaster Preparedness? There’s an App for That

Research tells us that 40 percent of Americans use their smartphone to look up government services or information, so if you’re charging your mobile devices in preparation for Tropical Storm Hermine you might want to download the Federal Emergency Management Agency’s (FEMA) updated disaster app.

The free FEMA app now lets you receive weather alerts from the National Weather Service, so you can get alerts on severe weather happening anywhere in the country even if your phone is not located in the area. This makes it easy to track severe weather—such as a hurricane—that may be threatening you, your family and friends.

Other features of the FEMA app that will help you weather the storm include a customizable checklist of emergency supplies, maps of open shelters and disaster recovery centers, and tips on how to survive natural and man-made disasters.

Important features of the app for after the storm, include a disaster reporter where you can upload and share photos of damage and recovery efforts to help first responders, as well as easy access to apply for federal disaster assistance.

Craig Fugate, FEMA administrator:

“Emergency responders and disaster survivors are increasingly turning to mobile devices to prepare for, respond to and recover from disasters. This new feature empowers individuals to assist and support family and friends before, during, and after a severe weather event.”

The FEMA app is available for free in the Apple store for Apple devices and Google Play for Android devices.

Here at the Insurance Information Institute (I.I.I.) we also recommend you download our award-winning Know Your Plan app which helps you, your family and even your pets prepare to safely get out of harm’s way ahead of the storm.

In addition, the I.I.I. Know Your Stuff home inventory app allows you to keep an up-to-date record of your belongings so you’re fully covered in the event of an emergency.

Both I.I.I. apps are available for iPhone or Android.