All posts by James Lynch

A smart fish tank leaves a casino’s data exposed to hackers

The cyber savvy have heard of phishing – sending thousands of malware-laden emails hoping for one unsuspecting click – but the Internet of Things introduced a new kind of fishing. It involved actual fish.

An internet-connected fish tank in a North American casino was used as an initial entry point into the casino’s network. This is one of nine examples of unusual attack vectors listed in a recent report from the security firm Darktrace. This report contains nine real-world examples where sophisticated methods, advanced technologies, or unusual strategies were employed.

The report warns that “…we are seeing new areas of vulnerability arise as modern companies embrace the ‘Internet of Things’. The proliferation of new connected objects multiplies the inroads to critical networks and data, yet organizations often have remarkably poor visibility of these hidden outposts of their networks. ”

In addition to the threat posed by “things”, the increasing digitization of everyday work processes means that legitimate network users can (accidentally) expose data and systems to significant vulnerabilities.

Another growing security concern is that the automation of malware production means that attackers can spread malicious software at lightning speed, outpacing the efforts of human security teams to identify and block new variants of threats.


Sean Kevelighan, the I.I.I.’s chief executive officer told a U.S. Senate Subcommittee in Washington, D.C., today that U.S. auto, home and business insurers pay an estimated $30 billion annually —nearly 10 percent of their total claim payouts—in fraudulent auto, home, and business insurance claims. To combat fraud insurers are increasingly turning to vendors who offer technological innovations stemming from big data and artificial intelligence. These vendors are allowing insurers to assess prospective customers, verify claims and identify suspicious activity in ways that were not previously possible.

In a report released last month, the Boston-based Aite (pronounced EYE-TAY) Group outlined the fact that insurers are recognizing their fraud-fighting efforts must adapt to this new era, and found reason for optimism. The Aite Group reports insurers are retaining state-of-the-art vendors, like data aggregators, producers, and receivers and then analyzing this data through the use of artificial intelligence and predictive analytics. The result? Insurance companies are equipping themselves with the high-tech tools they need to assess a prospective customer, verify a claim, and identify suspicious activity.

Click here for the full testimony.

“London Calling…”

I.I.I.’s James Ballot, Senior Director of Marketing and Content Strategy, contributes these highlights from the IIS Global Forum 2017.

Established millennia ago and since visited continually by perils ranging from fire, flood, pestilence, civil unrest and wave upon wave of attacking foreign enemies, it’s no great stretch to call London the de-facto global headquarters of resilience. So it’s fitting that London should host this year’s International Insurance Society’s (IIS) Global Insurance Forum (GIF), given that the event’s focus was set squarely on Global Resilience and the Role of Insurance.

At the Forum more than 500 delegates and other attendees gathered to set a truly global agenda for how insurance and other parties–NGOs, policymakers, businesses, educational institutions, the media, among others—will respond to challenges ranging from political instability to cyberthreats to the need to create the right talent infrastructure to master the technological changes presently shaping our industry to innovating ways to address threats posed by intensifying natural catastrophe cycles.

Among the highlights:

  • A video address from HRH The Prince of Wales to open the Day 3 Insurance Development Forum (IDF) in which he outlines four key areas where insurance can assume leadership in fostering resilience.
  • Wide-ranging discussions of the “insurance gap” and how narrowing it is essential to building financial resilience against cyberattacks, as well as mitigating uninsured natural catastrophe losses among vulnerable populations in developing nations.
  • The Nature Conservancy, a top-line partner at this year’s GIF, introduced an innovative insurance product underwritten by Swiss Re that insures coral reefs and other natural coastal fortifications.
  • Insurtech and emerging innovations are changing the business—mostly by creating a climate in which, as one insurance fund capital manager asserted, insurance and tech startups can partner to help make “yesterday’s risks insurable today.”

A lot to cover in a single posting, to be sure. For a deeper dive into the goings-on at IIS Global Forum, Asia Insurance Review (AIR) offers gavel-to-gavel coverage of the event, as well as valuable insights from Forum participants.



Industry Groups Gather in Sacramento to Help Keep Teens Safe on the Road

Over 1,000 people die each year in crashes with teenage drivers during the ‘100 deadliest days’ of summer which span from Memorial day until students go back to school.

I.I.I.’s California representative Janet Ruiz reports in her blog on a media event that took place on July 20th where speakers from concerned groups including AAA, CDI, CHP, PCI and I.I.I. gave parents advice on how to keep teens safe on the road.

What’s in your house?

If your home is ever burglarized, or burns down, the best way to demonstrate what needs to be replaced is with a home inventory – a record of your valuables, when you purchased them, and what they cost. Your insurer needs this information to properly adjust your claim.

This blogger’s home inventory is in a fireproof lock box. Here, for example, is a picture of the home computers:

Bad blogger!
Find the Zip drive

How old is this photo? That hole in the front of the desktop is for a 3.5-inch floppy disk, a feature now most frequently seen on display at the Smithsonian.

Clearly, the Lynch home inventory needed an update.

Fortunately, we have kids.

Our kids (13 and 9) are at the every-media-object-is-a-toy stage, so Dad has given them a new mission: Photograph everything valuable in the home. And since blogging pays less than, say, running Goldman Sachs, there’s not much to photograph. Then we’ll put it all on the laptop’s hard drive. (The kids are better at downloading and uploading than the old man.)

But that laptop can be stolen. It can be destroyed in a fire. So how do we preserve our home inventory?

Thankfully, as we now say in the I-phone age, “There’s an app for that.”

Or several: The New York Times last week rounded up home inventory apps, including one for $25 that lets you scan in the bar code of items like CDs, books and DVDs – speeding the process considerably.

I.I.I. provides a free online home inventory service. (App is coming soon, I gather.) Basically you sign on, upload pictures of your stuff and fill out the details. A I.I.I. video describing the service is here. And, to get you on your way, here is a good list of what sorts of items end up in most inventories.

Pay-as-you-drive keeps rolling along

The pay-as-you-drive movement in auto insurance got two big boosts in March, one in the United States and one in Europe.

Pay-as-you-drive insurance bases rates on individual’s driving habits. Drivers are monitored by on-board computers that monitor how much and how safely they drive. A cautious occasional driver would pay less. The monitoring devices are the latest in telematics, the technology of computers on the go communicating with central devices. (GPS devices are the most common example.)

In the United States, Progressive Insurance has decided to put its advertising muscle behind its Snapshot product. Your car, if it was built after 1996, contains a computer that monitors driving. The Snapshot device plugs into that computer and sends information to Progressive. If a customer’s driving habits are better than average, he or she gets a discount.

After 30 days, a customer could log on to see what discount was earned and how to do better. The service is available in 32 states.

In December, State Farm and the Automobile Club of Southern California launched a program. A report in Streetsblog San Francisco indicated State Farm’s program used the OnStar system to capture odometer readings.

In the UK, meanwhile, soaring auto insurance rates have customers casting about for discounts, piquing interest in pay-as-you-drive. Young men pay more than  £3,000   ($4,830) a year for coverage. Women will see rates rise over the next year as gender-based rating is phased out, thanks to a recent European court decision.

The Daily Mail reports that Co-operative Insurance launched a pay-as-you-drive service for young drivers, with AA Insurance expected to follow suit this year. The article focuses on an 18-year-old man using a firm called Insurethebox to cut his rate to  £3,100 ($4,991) from  £5,500 (  $8,855) a year.

His 10-year-old Ford Fiesta has a satellite tracker that monitors his car’s speed, its acceleration, the G-forces from applying brakes, cornering and the time of day the car is driven. He receives a driver rating between one and five and can monitor the results online.

His policy covers him for 6,000 miles a year. If he drives more than that, he can buy more miles – similar to the way you can re-load a prepaid cell phone – or he can earn them by driving safely.

Pay-as-you-drive proponents emphasize two other benefits. The rapid feedback gives an incentive to drive safely. That’s good risk management. And the incentive to drive less means some people will forgo trips to save cash – the Brookings Institution estimated savings up to 8 percent in California. That reduces energy consumption and unclogs the roads a bit.

Hurricane insurance in one chart

Hurricane season doesn’t start for another couple of months, but recently, I.I.I. requested a chart showing the sum of all catastrophe losses since 1980, broken down by state. Insurance Services Office obliged with data from its Property Claims Services Unit. The results may surprise you:

iso cat loss chart_2 3 26

In all, insurers have paid out nearly $380 billion in catastrophe losses (adjusted for inflation to present day dollars). Three states – Florida, Texas and Louisiana – make up more than a third of that number – driven largely by hurricanes.

This spring, a nasty flood forecast

With spring here and the snow melting, flood season arrives.

The melt-off promises to be a nasty one.

“For the third consecutive year, the stage is set for potential widespread, record flooding in the North Central United States,” said Jack Hayes, director of the National Weather Service.

The North Central snow pack contains more water now than snow pack in the past 60 years. The Environment News Service surveys the gloom:

The highest spring flood risk areas include the Red River of the North, which forms the state line between eastern North Dakota and northwest Minnesota.

Risks are also high along the Milk River in eastern Montana and along the James and Big Sioux Rivers in South Dakota.

The weather service is also warning about flood risks along the Minnesota River and throughout the upper Mississippi River basin from Minneapolis, Minnesota southward to St. Louis, Missouri.

Floods will inundate portions of lower New York, eastern Pennsylvania and northern New Jersey, according to the weather service.

The story links to this National Weather Service site, which lets you see the status of 4,779 river gauges across the country. I took this screen grab of the 14 gauges where major flooding was occurring Wednesday morning:

Wednesday's flooding
Wednesday's flooding

The site lets you drill down, so I can tell you the flooding is near East Stump Lake, ND; the James and Big Sioux rivers in southeast SD; the Cottonwood River near New Ulm, MN; the Ohio River near Paducah, KY; and the Mississippi near Osceola, AR.

This I.I.I. video discusses the basics of flood insurance, including the most important fact: The standard homeowners policy does not cover flood.

Insurance agents sell flood coverage, but in almost every case the federal government bears the risk through the National Flood Insurance Program, usually referred to at the NFIP. Details here, including a cool interactive device that lets you estimate how expensive flood damage can be. A six-inch flood in a 2,000-square-foot home will set you back $39,150, with the cost of flooring the biggest chunk of that, at $15,870.

Also note that flood coverage doesn’t take effect until 30 days after you have gotten it. That’s to prevent people from binding coverage as they canoe out their front door – a guaranteed money-loser if you are the insurer.

And NFIP has enough to contend with. Losses from Katrina and the other 2004-2005 hurricanes left the program with $18 billion of debt. The debt contributed to Congress’ difficulty reauthorizing the program last year. It expired – temporarily – several times, disrupting home buying. (Banks like to see flood insurance before lending in low-lying areas.)

The program is authorized through September, certainly enough for spring flood season. Two weeks ago, Congress held hearings on a restructure to keep the program going another five years. “There’s no question the program is in dire need of reform,” Republican Rep. Judy Biggert told Reuters. The NFIP “continues to be financially unstable.” One of her key goals will be to “eliminate taxpayer risk” through pricing the risk closer to the actual exposure.

Covering the links broken in Japan’s supply chain

Estimates of the insured loss from the Japanese earthquake and tsunami continue to roll in. They range from $12 billion (Eqecat’s low estimate) to $60 billion (London insurance analyst Barrie Cornes). Mainichi (Japan) Daily News gives a roundup.

But one of the big unknowns for insurers is what the total loss will be from various types of business interruption coverage. As I.I.I. explains, “Business interruption insurance compensates you for lost income if your company has to vacate the premises due to disaster-related damage that is covered under your property insurance policy, such as a fire.”

That sounds simple, but it can be an enormous portion of claims after a disaster. Business interruption constituted about a third of all losses from the 9/11 terrorist attacks. Eqecat, a catastrophe modeling firm, estimated that business interruption losses would be about 20% of its Japan estimate, as the coverage is less common in Japan than in the United States.

Another type of coverage, contingent business interruption, presents a trickier wrinkle. Contingent business interruption reimburses lost profits and extra expenses when the premises of a customer or supplier suffers an interruption of business.

So a business with contingent business interruption coverage might have a claim if it depends on a Japanese supplier whose operation is shut down. And if the business has to turn to a new, more expensive supplier, the extra cost might be covered under extra expenses coverage.

A web page produced by the International Risk Management Institute (IRMI) explains details, such as:

  • Insureds can get protection against a set list of suppliers or purchase blanket coverage protecting any supplier’s shutdown.
  • The claim must be of a type that would be covered under the insured’s own policy.
  • Usually there is a time deductible (48 or 72 hours, for example). That period must expire before an insured can receive reimbursement.

The coverage is designed to protect against a prolonged interruption of the supply chain. For example, last week the Wall Street Journal reported that ON Semiconductor, out of Phoenix, Ariz, is working with insurers regarding coverage under business interruption and “supply chain disruption.”

It’s quite difficult to know how much the contingent business interruption claims will total, since a contingent business interruption claim could be filed by a company anywhere in the world. For that reason, catastrophe modelers like Eqecat don’t include contingent business interruption claims in their estimates.

Some in the industry indicate that the losses won’t be a big part of the losses from the Japan disasters. One insurance coverage attorney told the Journal that a business that itself lacks earthquake insurance might not be able to claim on its contingent business interruption. Remember, a company can only claim for a loss that would have been covered had its own property sustained it. An expert with the brokerage Aon Benfield said the claims aren’t something that “moves the needle in the insurance industry.”

And the New York Times notes that Japan’s importance in some industries, like semiconductor manufacturing, has waned in recent years as countries like South Korea, Taiwan, and China have gained market share.

I.I.I. continues to update its web page covering the Japan disasters.

Millions saved in Japan by good engineering and government building codes

As the devastation in Japan achingly unfolds, it’s easy to learn about the thousands of deaths, the piles of debris, the washed-away homes and think, “Nothing could be worse.”

But that’s not the case.

Of course, the toll is both enormous and tragic. Thousands are dead. Economists estimate the economic losses between $50 billion and $150 billion. (Insurance losses will be less, since not everything that gets damaged is insured.)

It could have been so much worse. The building codes and warning programs in place saved thousands of people and billions of dollars.

Japan enjoys some of the world’s strongest building codes to minimize the earthquake threat and has continued to strengthen them after each event.   The New York Times examined the issue shortly after the earthquake:

In Japan, where earthquakes are far more common than they are in the United States, the building codes have long been much more stringent on specific matters like how much a building may sway during a quake.

After the Kobe earthquake in 1995, which killed about 6,000 people and injured 26,000, Japan also put enormous resources into new research on protecting structures, as well as retrofitting the country’s older and more vulnerable structures. Japan has spent billions of dollars developing the most advanced technology against earthquakes and tsunamis.

Japan has gone much further than the United States in outfitting new buildings with advanced devices called base isolation pads and energy dissipation units to dampen the ground’s shaking during an earthquake.

The isolation devices are essentially giant rubber-and-steel pads that are installed at the very bottom of the excavation for a building, which then simply sits on top of the pads. The dissipation units are built into a building’s structural skeleton. They are hydraulic cylinders that elongate and contract as the building sways, sapping the motion of energy.

The Times article, written last week, also emphasized tsunami protections like regular training drills and sea walls. The swamping of Sendai makes it unclear how well those worked, but in some cases, the tsunami moved so rapidly, people had little chance to escape.

In some towns, the first waves struck within a half-hour of the earthquake, as this Wikipedia entry documents. And one standard piece of advice – get above the wave – didn’t work in towns where the high point was a building that washed away.

But the building codes seem to have done their job in the face of the largest earthquake in Japan’s long history. Although the damage is extensive, it is a far cry from the destruction last year in Haiti, where poor construction increased the death toll. The country also fared better than China did after the Sichuan earthquake in 2008. There, building codes were strong, but enforcement was lax.

Even with the post-Kobe improvements, there will be a lot of lessons coming from this month’s earthquakes, including how to protect nuclear reactors from the twin threats of earthquake and tsunami.

In the United States, the insurance industry makes sure building codes are enforced through the Building Codes Effectiveness Grading System, a job performed by the Insurance Services Office. The system got its start after Hurricane Andrew in 1992, when it became clear that Miami’s vaunted hurricane codes were spottily enforced. Buildings in highly rated areas are eligible for insurance discounts.

Meanwhile, Reuters notes that in California, newer buildings can withstand mighty quakes, but if one happens, “the surviving buildings will tower over a carpet of rubble from older structures that have collapsed.” The issue, according to Reuters: California has been lax in retrofitting older buildings.

Retrofitting was also an issue in the recent New Zealand earthquake. Recall most of the startling images – the steeple toppled from Christchurch Cathedral, for example – were older buildings in need of retrofit. In 2004, New Zealand authorities required old buildings to have one-third of the resilience of newer ones, but gave the requirement 20 years to take effect, the Wall Street Journal reported early this month.

I.I.I. continues to update its web page covering the Japan quake.