Cyberattacks from other countries are now seen as a major threat to the U.S. by 72 percent of Americans, according to a national survey from the Pew Research Center.
This view has changed little in recent years, apparently. But what has changed is public opinions about other global threats.
Take climate change—now viewed as a major threat by 58 percent of Americans, up 7 points since January, and the highest share since 2009.
The survey was conducted October 25-30 among 1,504 adults.
Risk management services are an important way cyber insurance adds value for small businesses, according to a new I.I.I. paper.
In Protecting Against #Cyberfail: Small Business and Cyber Insurance, I.I.I. co-authors James Lynch and Claire Wilkinson say:
“The provision of these types of services is considered a growth area in the cyber market for SMBs, where price may be a barrier to insurance coverage in the first place. For larger companies, cyber-related risk management services may be offered at a discount or for free.
“For SMBs in particular, offering a risk management or training solution where they can learn more and keep themselves up-to-date on current threats is perhaps most valuable.”
Also heard at the Advisen Cyber Risk Insights Conference in NYC last week: part of the value proposition for SMBs is that cyber policies offer solutions, not just coverage.
Andy Lea, vice president underwriting for E&O, Cyber and Media, CNA, told the conference: “The value proposition is more prominent with SME and middle market companies that just don’t have resources available in-house to manage risks. This is an opportunity for brokers and carriers to add value.”
In the third week of National Cyber Security Awareness Month, Insurtech Insights newsletter by CB Insights gives a timely update on the cyber insurance market, and where startups are playing in this growing industry.
It notes the “tremendous opportunity” to sell cyber insurance to small businesses.
A recent Better Business Bureau study estimates that 15 percent of small businesses have cyber insurance. BBB Accredited Businesses are almost three times as likely to include cybersecurity insurance.
Fortunately, about nine out of 10 businesses reported to the BBB they have some cybersecurity measures in place, with the most common ones: antivirus; firewall; and employee education:
$125 million. That’s the first estimate of the insurance industry loss due to the Equifax cyber breach published by Property Claim Services (PCS).
Per Artemis blog:
“PCS’ initial estimate of the insurance market impact due to the Equifax hack attack is $125 million, however the firm said that the economic impact to the credit giant is expected to be much larger.
“PCS noted that there are outstanding coverage issues which could reduce the likelihood of the Equifax cyber insurance loss reaching the $125 million estimate, so it could be revised down it would appear.”
Equifax’s specific cyber insurance policy could provide as much as $150 million of coverage, according to Artemis.
Launched in early September, the PCS Global Cyber service provides industry loss estimates for cyber risk loss events of at least $20 million worldwide. The Equifax hack was its first designated event and PCS has since designated its second global cyber loss event, the impact of the Petya/non-Petya malware attack on pharmaceutical giant Merck & Co in June.
Whether you’re an InsurTech startup with new ideas or an incumbent concerned about protecting your book of business, the greatest risk you can take may be to resist collaboration, according to a post on Willis Towers Watson Wire.
In Threat vs Opportunity? InsurTech is largely a matter of perspective, Andrew Newman, president and global head of casualty at Willis Re, says while it’s understandable that many insurers have perceived InsurTech as a threat to the value chain, the biggest threat lies not in technology itself, but in competitors of any description leveraging these innovations to gain advantage by reducing risk and lowering costs.
“The plain fact is that the vast majority of InsurTech companies aren’t interested in going to war with incumbents. Their focus is on creating value within the insurance value chain – not collapsing it. So if incumbents embrace ‘disruption’, rather than concentrating on defending themselves by keeping these opportunities at arm’s length, then they will find that the available technology is largely complementary to most of the current processes in the industry.”
Download the presentation Insurance: Leading Through Disruption by Insurance Information Institute president and CEO Sean Kevelighan to find out more about how the industry is poised to lead through disruption.
The cyber savvy have heard of phishing – sending thousands of malware-laden emails hoping for one unsuspecting click – but the Internet of Things introduced a new kind of fishing. It involved actual fish.
An internet-connected fish tank in a North American casino was used as an initial entry point into the casino’s network. This is one of nine examples of unusual attack vectors listed in a recent report from the security firm Darktrace. This report contains nine real-world examples where sophisticated methods, advanced technologies, or unusual strategies were employed.
The report warns that “…we are seeing new areas of vulnerability arise as modern companies embrace the ‘Internet of Things’. The proliferation of new connected objects multiplies the inroads to critical networks and data, yet organizations often have remarkably poor visibility of these hidden outposts of their networks. ”
In addition to the threat posed by “things”, the increasing digitization of everyday work processes means that legitimate network users can (accidentally) expose data and systems to significant vulnerabilities.
Another growing security concern is that the automation of malware production means that attackers can spread malicious software at lightning speed, outpacing the efforts of human security teams to identify and block new variants of threats.
Sean Kevelighan, the I.I.I.’s chief executive officer told a U.S. Senate Subcommittee in Washington, D.C., today that U.S. auto, home and business insurers pay an estimated $30 billion annually —nearly 10 percent of their total claim payouts—in fraudulent auto, home, and business insurance claims. To combat fraud insurers are increasingly turning to vendors who offer technological innovations stemming from big data and artificial intelligence. These vendors are allowing insurers to assess prospective customers, verify claims and identify suspicious activity in ways that were not previously possible.
In a report released last month, the Boston-based Aite (pronounced EYE-TAY) Group outlined the fact that insurers are recognizing their fraud-fighting efforts must adapt to this new era, and found reason for optimism. The Aite Group reports insurers are retaining state-of-the-art vendors, like data aggregators, producers, and receivers and then analyzing this data through the use of artificial intelligence and predictive analytics. The result? Insurance companies are equipping themselves with the high-tech tools they need to assess a prospective customer, verify a claim, and identify suspicious activity.
Click here for the full testimony.
You’ve heard about self-driving cars, but what about autonomous ships?
Fortune Tech reports that the world’s first autonomous cargo ship, to be christened the Yara Birkeland is expected to start sailing in 2018, initially delivering fertilizer along a 37-mile route in southern Norway.
“The ship, according to the Wall Street Journal, will cost $25 million, about three times as much as a conventional ship of similar size, but will save up to 90% in annual operating costs by eliminating both fuel and crew.”
Analysis by Allianz Global Corporate & Specialty (AGCS) shows that human error accounts for approximately 75 percent of the value of almost 15,000 marine liability insurance claims studied over five years, equivalent to over $1.6 billion.
From the AGCS Safety & Shipping Review 2017:
“Autonomous vessels could improve maritime safety and revolutionize movement of cargo on a scale not seen since containerization.”
Check out Insurance Information Institute facts & statistics on marine accidents.
Another global ransomware attack, dubbed Petya, has disrupted operations at major firms across Europe and the United States.
More than 100 companies and organizations across various industries were affected, including shipping and transport firm AP Moller-Maersk, advertising firm WPP, law firm DLA Piper, Russian steel and oil firms Evraz and Rosneft, French construction materials company Saint-Gobain, food company Mondelez, drug giant Merck & Co, and Pennsylvania healthcare systems provider Heritage Valley Health System.
Today’s Insurance Information Institute Daily, via The Wall Street Journal, reports that the attack has exposed previously unknown weaknesses in computer systems widely used in the West.
The U.S. cyber insurance market grew by 35 percent from 2015 to 2016, based on recent reports.
From A.M. Best: U.S. property/casualty insurers wrote $1.35 billion in direct written premium for cyber insurance in 2016.
Overall, cyber insurance for the majority of companies was profitable and the direct loss ratio decreased by 4.5 percentage points to 46.9 percent in 2016, from 51.4 percent in 2015.
Ransomware attacks are part of the reason for the decline in the loss ratio, A.M. Best explains:
“The decline in direct loss ratio for 2016 is partially attributed to the majority of reported cyber-attacks being related to ransomware heists. In almost all ransomware cases, the losses were well below the deductible and a simple backup recovery resolved and remedied any negative long-term effect of the attacks.”
Read our earlier post on insurance for ransomware attacks.
Insurance Information Institute (I.I.I.) chief actuary James Lynch and I.I.I. research associate Brent Carris share insight on the Tesla Autopilot accident report:
The National Transportation Safety Board (NTSB) released 500 pages of documents on last year’s fatal Tesla Autopilot accident in Florida. Per the initial press release the report contains only factual information on the investigation including highway design, vehicle performance, human performance, and motor carrier factors.
In an email newsletter he writes, autonomous vehicle expert Alain Kornhauser (Princeton University) raised some questions and concerns regarding the report. Those include:
- Since lateral control (swerving) couldn’t have avoided this crash (the truck is almost 70 ft long (6 lanes wide) stretching broadside across the highway) , it doesn’t matter if Josh Brown ever had his hands on the steering wheel. That’s totally irrelevant.
- Why didn’t autobrake kick in when the tractor part of the tractor-trailer passed in front of the Tesla?
- How fast was the truck going when it cut off the Tesla? I couldn’t find the answer in 500 pages.
The full 500 page report is also available to view at NTSB: Docket Management System.