Entries tagged with “Tech”.
Did you find what you wanted?
Thursday, January 22, 2015
Posted by Claire under Risk Management, Technology
Measures and methods widely used in the financial services industry to value and quantify risk could be used by organizations to better quantify cyber risks, according to a new framework and report unveiled at the World Economic Forum annual meeting.
The framework, called “cyber value-at-risk” requires companies to understand key cyber risks and the dependencies between them. It will also help them establish how much of their value they could protect if they were victims of a data breach and for how long they can ensure their cyber protection.
The purpose of the cyber value-at-risk approach is to help organizations make better decisions about investments in cyber security, develop comprehensive risk management strategies and help stimulate the development of global risk transfer markets.
Among the key questions addressed by the cyber value-at-risk model concept are: how vulnerable are organizations to cyberthreats? how valuable are the key assets at stake? and, who might be targeting them?
The proposed framework is part of a new report, Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, that was created in collaboration with Deloitte and the input of 50 leading organizations around the world.
As the report states:
The financial services industry has used sophisticated quantitative modeling for the past three decades and has a great deal of experience in achieving accurate and reliable risk quantification estimates. To quantify cyber resilience, stakeholders should learn from and adopt such approaches in order to increase awareness and reliability of cyber threat measurements.”
One potential option, it suggests, is to link corporate enterprise risk management models to perspectives and methods for valuing and quantifying “probability of loss” common to capital adequacy assessment exercises in the financial services industry, such as Solvency II, Basel III, albeit customized to recognize cyber resilience as a distinct phenomenon.
The report points out that the goal is not to provide a single model for quantifying risk. Indeed for cyber resilience assurance to be effective, it says participants need to make a concerted effort to develop and validate a shared, standardized cyber threat quantification framework that incorporates diverse but overlapping approaches to modeling cyber risk:
A shared approach to modeling would increase confidence regarding organizational decisions to invest (for risk reduction), distribute, offload and/or retain cyber threat risks. Implicit is the notion that standardizing and quantifying such measures is a prerequisite for the desirable development and smooth operation of cyber risk transfer markets. Such developments require ERM frameworks to merge with insurance and financial valuation perspectives on cyber resilience metrics.”
Monday, January 12, 2015
Posted by Claire under Auto Insurance, Auto Trends, Technology
We’re reading that self-driving cars are no longer a thing of the future, but it’s in the subhead of this Time article: how long will it be before your car no longer needs you? where the heart of the story lies.
Jason H. Harper writes of how he earned one of the first new driverless motor licenses – technically known as an “autonomous vehicle testing” permit – from the California DMV.
He then describes his chauffeured ride by a prototype Audi from Silicon Valley to Las Vegas for last week’s Consumer Electronics Show:
The car uses an array of sensors, radars and a front-facing camera to negotiate traffic. At this point, the system works only on the freeway and cannot handle construction zones or areas with poor lane markings. When the car reaches a construction zone or the end of a highway, a voice orders you to take the wheel back.”
Before taking the 550-mile road trip, Harper had to get special instruction on how not to drive, per California regulations:
The training included basics like turning the system on and off and learning the circumstances in which it could be used. The rest was about handling emergencies, such as making lane changes to avoid crashing.”
Harper says the training was far more difficult and involved than a regular driving test. However, average buyers will not need such training.
Because rollout of this technology is gradual. Audi’s program for example would allow the car to self-drive in stop-and-go highway traffic, but when traffic clears the driver takes the wheel again.
It’s at the very end of the article that a voice from academia reminds us that this approach may be no bad thing as both technology and driver acceptance need time to mature.
Dr. Jeffrey Miller, an associate professor at the University of Southern California, tells Time that in his opinion licenses and drivers will never be obsolete because “the driver will always have to take over in case of a failure.”
It’s an interesting point. From the insurance perspective, too, while self-driving cars are definitely on the way, the implications for insurers are evolving. In its issue update Self-Driving Cars and Insurance, the I.I.I. notes:
Except that the number of crashes will be greatly reduced, the insurance aspects of this gradual transformation are at present unclear. However, as crash avoidance technology gradually becomes standard equipment, insurers will be able to better determine the extent to which these various components reduce the frequency and cost of accidents.”
They will also be able to determine whether the accidents that do occur lead to a higher percentage of product liability claims, as claimants blame the manufacturer or suppliers for what went wrong rather than their own behavior.”
More on auto insurance here.
Monday, November 17, 2014
Posted by Claire under Legal Environment, Technology
If you know someone who leads an active lifestyle, you may already know what a Fitbit is. For everyone else, a Fitbit is a wearable device that tracks steps, calories, distance and even sleep.
Now it appears data from wearable devices may be admissible in court.
Forbes.com reports that a law firm in Calgary is working on the first known personal injury case that will use activity data from a Fitbit to help show the effects of an accident on their client.
According to the report, the young woman in question, who used to be a personal trainer, was injured in an accident four years ago. While Fitbits weren’t on the market back then, her lawyers believe they can use data from her Fitbit to show that her activity level has significantly decreased and is now below where it should be for someone of her age and profession.
The article suggests that “cases like this could open the door to wearable device data being used not just in personal injury claims, but in prosecutions.”
The young woman’s lawyer is also quoted saying that such data could be useful to insurers assessing questionable claims and that just as courts requisitioned Facebook for information several years ago a court order could compel disclosure of that data.
Sounds like another case where digital information has an unintended use in the courtroom.
Friday, November 7, 2014
Posted by Claire under Aviation, Emerging Risks, Technology
Despite regulatory challenges, privacy concerns and a lack of capabilities that could stall their widespread use, drones could have a significant impact on the property/casualty industry.
A recent report from IT firm Cognizant suggests that commercial and personal lines insurers that cover property risks are likely to be early adopters of drone technology. Hat tip to Claims Journal which reports on this story here.
For example, a property adjuster or risk engineer could use a drone to capture details of a location or building, and obtain useful insights during claims processing or risk assessments, Cognizant says.
Drones could also be deployed to enable faster and more effective resolution of claims during catastrophes.
Crop insurance is another area where drones could be used – not only to determine the actual cultivatable land, but also during the claims process to understand the extent of loss and the actual yield, reducing the potential for fraudulent claims.
The findings come amid recent reports that several home and auto insurers are considering the use of UAVs.
The Association for Unmanned Vehicle Systems International predicts that within 10 years (2015 to 2025) drones will create approximately 100,000 new jobs and around $82 billion in economic activity, the report notes.
Cognizant believes now is the time for insurers to consider the opportunity that drone technology presents, especially in the areas of claims adjudication, risk engineering and catastrophe claims management:
With drones poised for commercial use, insurers could use them specifically to help reduce operational costs and gather better-quality information. This could help improve the productivity, efficiency and effectiveness of field staff (e.g. claims adjusters and risk engineers), and improve the customer experience by resolving claims faster, especially during catastrophic events.”
Cognizant goes on to note that drone enhancements such as artificial intelligence, augmented reality and integrating audio, text and video already exist in some shape or form. Insurance carriers should expect to see the adoption of drones increase significantly as these features are integrated into standard drones, and as regulations for commercial use of drones are defined.
As insurance carriers build business and technology use cases and the necessary architecture and services, they must consider not only how and where drone technology fits into their digital roadmap but also how the operating model can be enhanced to deliver optimal benefits for the business and its customers.”
Friday, October 10, 2014
Posted by Claire under Aviation, Emerging Risks, Technology
Unmanned aerial vehicles (UAV), otherwise known as drones, appear to be moving closer to commercial application, and property/casualty insurers are getting involved.
On the one hand, insurers are looking at ways to use this emerging technology to improve the services they provide to personal policyholders, at the same time they are assessing the potential risks of commercial drone use for the businesses they insure.
The Chicago Tribune this week reported that several home and auto insurers are considering the use of UAVs, and at least one has sought permission from the Federal Aviation Administration (FAA) to research the use of drones in processing disaster claims.
According to Sam Friedman, research team leader at Deloitte, drone aircraft could be the next mobile tech tool in claims management.
In a post on PC360.com, Friedman says that sending a drone into a disaster area would enable insurers to deliver more timely settlements to policyholders and spare adjusters from being exposed to the hazards of inspecting catastrophe claims in disaster areas.
Commercial insurers also have a huge stake in the drone business. In a recent post on WillisWire, Steve Doyle of Willis Aerospace, says businesses need to consider UAV risk issues such as liability and privacy:
Risk managers for organizations that could potentially gain considerable competitive advantage from eyes in the sky should consider the risk issues now so they are ready to advise their organizations as UAV options broaden.”
Insurance is not the only industry eyeing commercial applications. Agriculture, real estate, oil and gas, electric utilities, freight delivery, motion pictures, to name a few are seen as major potential markets for UAVs.
A recent report by IGI Consulting predicts that U.S. sales of UAVs could triple to $15 billion in 2020 from $5 billion in 2013.
However, the broader commercial use of drones in the U.S. will depend on federal regulators developing appropriate rules. In September the Federal Aviation Administration (FAA) gave the go-ahead for six TV and movie production companies to use drones for filming.
In his WillisWire post, Doyle notes that regulation is a key element to the successful widespread development of the drone industry in the U.S. given the complexities of the liability environment, the crowded skies over metropolitan areas, and the variety of UAVs and their uses.
One thing’s for sure, when UAV use takes off in the U.S., insurers are ready to support this emerging technology both as risk takers and risk protectors.
Wednesday, September 17, 2014
Posted by Claire under Business Risk, Emerging Risks, Technology
The recent disclosure of a major data breach at retailer Home Depot has once again put the spotlight on the increasing vulnerability of businesses to cyber threats and the need for cyber insurance.
But companies are uncertain of how much insurance coverage to acquire and whether their current policies provide them with protection, according to a new report by Guy Carpenter.
It speculates that one of the roots of the uncertainty stems from the difficulty in quantifying potential losses because of the dearth of historical data for actuaries and underwriters to model cyber-related losses.
Furthermore, traditional general liability policies do not always cover cyber risk, Guy Carpenter says.
It notes that in the United States, ISO’s revisions to its general liability policy form consist primarily of a mandatory exclusion of coverage for personal and advertising injury claims arising from the access or disclosure of confidential information.
Though still in its infancy the cyber insurance market potential is vast, Guy Carpenter reports. It cites Marsh statistics estimating that the U.S. cyber insurance market was worth $1 billion in gross written premiums in 2013 and could reach as much as $2 billion this year.
The European market is currently a fraction of that, at approximately $150 million, but could reach as high as EUR900 million by 2018, according to some estimates.
Guy Carpenter also warns that cyber attacks are now top of mind for governments, utilities, individuals, medical and academic institutions and companies of all sizes, noting:
Because of increasing global interconnectedness and explosive use of mobile devices and social media, the risk of cyber attacks and data breaches have increased exponentially.”
Cyber attacks also present a set of aggregations/accumulations of risk that spread beyond the corporation to affiliates, counterparties and supply chains, it adds.
Check out the I.I.I. paper on this topic: Cyber Threats: The Growing Risk.
Wednesday, August 6, 2014
Posted by Claire under Business Risk, Specialty Coverage, Technology
Companies large and small appear to have been targeted in what is being described as the largest known data breach to date.
As first reported by The New York Times, a Russian crime ring amassed billions of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses.
The NYT said it had a security expert not affiliated with Hold Security analyze the database of stolen credentials and confirm its authenticity.
The records, discovered by security experts Hold Security, include confidential material gathered from 420,000 websites, ranging from household names to small Internet sites.
According to Hold Security’s own report, the hackers didn’t just target large companies. They targeted every site that their victims visited:
With hundreds of thousands of sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites.”
The NYT said so far the criminals have not sold many of the records online, but appear to be using it to send spam on social networks.
If ever there was a reason to research – and buy – cyber insurance, this would be it.
In its recently published paper Cyber Risks: The Growing Threat, the Insurance Information Institute (I.I.I.) notes that reliance on traditional insurance policies is not enough, as companies face growing liabilities in this fast-evolving area.
Following the Target data breach and other high profile breaches, the I.I.I. said the number of specialist cyber insurance policies is increasing, and that insurance has a key role to play as companies and individuals look to better manage and reduce their potential financial losses from cyber risks.
It cited data from broker Marsh showing a 21 percent increase in the number of clients purchasing cyber insurance from 2012 to 2013. That growth is accelerating in 2014.
Meanwhile, a new report from PwC US and the Investor Responsibility Research Center Institute (IRRCi) indicates that while companies must disclose significant cyber risks, those disclosures rarely provide differentiated or actionable information.
According to the report’s authors:
The consequences of poor security include lost revenue, compromised intellectual property, increases in costs, impact to customer retention, and can even contribute to C-level executives leaving companies.”
It suggests that investors focus on corporate preparedness for cyber attacks, and then engage with highly-likely targets to better understand corporate preparedness and to demand better and more actionable disclosures (though not at a level that would provide a cyber-attacker a roadmap to make those attacks).
Friday, July 18, 2014
Posted by Claire under Business Risk, Specialty Coverage, Technology
No industry sector is immune from cyber threats, and a round-up of recent headlines and reports underscores the increasing risk and cost businesses face.
Just this week, U.S. Treasury Secretary Jacob Lew urged financial institutions and firms to redouble their efforts against cyber threats and said information-sharing and collaboration among businesses and with government is key.
Speaking at a conference in New York, Secretary Lew noted that the consequences of cyber incidents are serious and our cyber defenses are not yet where they need to be:
Far too many hedge funds, asset managers, insurance providers, exchanges, financial market utilities, and banks should and could be doing more. In particular, it is imperative that firms collaborate with government agencies and with other firms. Disclosing security breaches is often perceived as something that could harm a firm’s reputation. This has made many businesses reluctant to reveal information about cyber incidents. But this reluctance has to be put aside.”
Secretary Lew noted that some banks are already spending as much as $250 million a year to strengthen their cyber security. (Note: this is a cost borne by businesses).
Meanwhile, a new report from the New York attorney general’s office revealed that the number of reported data security breaches in the state more than tripled between 2006 and 2013, with some 22.8 million personal records of New Yorkers exposed in nearly 5,000 data breaches.
The cost to the public and private sectors in New York? In 2013 alone, upward of $1.37 billion, according to the report’s findings.
The Insurance Information Institute’s (I.I.I.) newly updated report Cyber Risks: The Growing Threat (of which I am a co-author) sheds light on the specialist cyber insurance policies developed by insurers to help businesses and individuals protect themselves from the cyber threat.
Market intelligence suggests that the types of specialized cyber coverage being offered by insurers are expanding rapidly in response to this fast-growing market need.
I.I.I. facts and stats on identity theft and cyber security are available here.
Monday, May 5, 2014
Posted by Claire under Business Risk, Technology
U.S. businesses are losing more financially from cybercrime, compared to their global peers, but are generally less aware of the cost, according to PWCâ€™s 2014 Global Economic Crime Survey.
As cybercrime continues to increase in volume, frequency and sophistication, PWCâ€™s findings suggest that U.S. organizations are more at risk of suffering financial losses in excess of $1 million due to cybercrime.
According to the study, some 7 percent of U.S. companies lost $1 million or more, compared to just 3 percent of global organizations.
In addition, 19 percent of U.S. organizations lost $50,000 to $1 million, compared to 8 percent of global respondents.
PWC doesnâ€™t elaborate on the reasons for this discrepancy, but other studies have noted that the types and frequencies of attacks vary from country to country.
U.S. companies are also more likely to experience the most expensive types of cyber attacks, such as malicious insiders, malicious code, and web-based incidents, the research suggests.
Despite having more to lose, some 42 percent of U.S. companies were unaware of cybercrimeâ€™s cost to their organizations, compared to 33 percent of global respondents, according to PWC.
Yet, overall U.S. companies appear to have a greater understanding of the risk of cybercrime than their global peers.
PWC notes that U.S. organizationsâ€™ perception of the risks of cybercrime exceeded the global average by 23 percent.
Also, 71 percent of U.S. respondents indicated their perception of the risks of cybercrime increased over the past 24 months, rising 10 percent since 2011.
Hat tip to CNBC.com which reports on this story here.
Some 5,128 executives from 99 countries responded to the survey, of which 50 percent were senior executives of their respective companies. Some 35 percent represented listed companies and 54 percent represented organizations with more than 1,000 employees.
Thursday, February 20, 2014
Posted by Claire under Business Risk, Specialty Coverage, Technology
Two months after Target announced a massive data breach in which hackers stole 40 million debit and credit card accounts from stores nationwide and the rising costs related to the incident are becoming clear.
Costs associated with the Target data breach have reached more than $200 million for financial institutions, according to data collected by the Consumer Bankers Association (CBA) and the Credit Union National Association (CUNA).
Breaking out the numbers, CBA estimates the cost of card replacements for its members have reached $172 million, up from an initial finding of $153 million. CUNA has said the cost to credit unions has increased to $30.6 million, up from an original estimate of $25 million.
So far, cards replaced by CBA members and credit unions account for more than half (54.5 percent) of all affected cards.
In a press release, CBA notes that the combined $200 million cost does not factor in costs to financial institutions other than credit unions or CBA members, nor does it take into account any fraudulent activity which may have occurred or may occur in the future:
Fraudulent activity would push the cost of the Target data breach to the industry much higher, as consumers would not be held liable.â€
A post over at the Wall Street Journal Corporate Intelligence blog points out that cyber attacks like these continue to be a drain on the wider economy.
It cites a study backed by computer security firm McAfee that last year estimated the total cost of cybercrime and cyber espionage to the United States at up to $100 billion each year.
Meanwhile, legal experts caution that companies need to take stock in the wake of the Target breach and make sure they have adequate insurance in place.
A post by Emily R. Caron in Media, Privacy and Beyond published by law firm Lathrop & Gage notes that fortunately Target appears to have a lot of insurance in place.
It cites reports suggesting that between cyber coverage and directors and officers (D&O) coverage, Target has $165 million in total limits, after self-insuring the first $10 million. (Hat tip to @LexBlogNetwork for highlighting this article)
However, The New York Times recently reported that total damages to banks and retailers could exceed $18 billion according to estimates by Javelin Strategy & Research.
In addition the NYT noted that nearly 70 lawsuits have already been filed against Target, many of them seeking class-action status.
As Caron notesÂ in her article at Media, Privacy & Beyond, there is a big gap between $165 million and $18 billion.
Check out I.I.I. facts + statistics on ID theft and cyber security.