Category Archives: Technology

“Deepfakes”: a looming nightmare for insurers?

Picture a world where sophisticated machine-learning algorithms generate hyper-realistic video footage of you doing things you’ve never done and saying things you’ve never said.

If that sounds like a nightmare, I’ve got bad news for you. That world is increasingly our world. Those videos, called “deepfakes,” are already being created, often for unsavory purposes.

(You can watch a deepfake video of former president Obama giving a fake speech here.)

Anyone can download the software needed for DIY deepfake videos. And even though deepfake technology hasn’t yet been perfected, it’s getting better every day.

This has obvious implications for national security. Indeed, congressmen have already expressed concerns about the use of deepfakes as weapons of international intrigue.

What about insurance – could deepfakes be the next frontier of risk? It’s not hard to imagine some scenarios:

  • Cyber: A deepfaked audio recording of a CFO directs a company’s billing department to route thousands of dollars to a fake bank account.
  • Directors and officers: A deepfake video is created of a large corporation’s CEO reporting (fabricated) negative financial results, leading to a significant drop in the company’s stock.
  • Employment-practices liability: An employee is “deepfaked” to portray him making disparaging remarks about coworkers and engaging in harassment.
  • General liability: Someone creates a deepfake video of a person slipping in a grocery store and “injuring” herself, leading to allegations of negligence.

I’m sure you could think of a hundred more like these. How will we adapt to a world where video and audio can’t be trusted to tell the truth? What if deepfakes become too sophisticated to detect – how will this impact insurance claims and fraud prevention?

If the worst comes to pass, deepfakes could soon become an insurance nightmare.

But hopefully, the best case scenario happens instead: detection technology keeps up with deepfake advancements – and keeps everyone honest.

Highlights from the 2018 Society of Insurance Research Annual Conference

I recently spent two days (10/22-10/23) at the Society of Insurance Research (SIR) Annual Conference in New Orleans where a line-up of insurance executives and intelligence analysts talked about ways the insurance industry can leverage research, analytics, competitive intelligence and analysis techniques to get past the hype and develop effective strategies to move forward.

Here are just a few of the many interesting insights gathered at the extraordinarily intensive conference.

Digital Transformation

Implementing digital transformation will require an integrated approach across departments as well as a companywide culture shift. It will not work if executives are on-board but middle managers are not, said Robert Mozeika, Munich Re’s innovation executive.

Competitive intelligence

Competitive intelligence is not just about understanding what your competition is doing, but having a deep understanding ever changing market conditions, said Dr. Ben Gilad of the Academy of Competitive Intelligence. He suggested companies test strategic moves through role playing, with participants taking the parts of high-impact players.

Gilad had some advice for us information professionals as well – unless you can turn your insightful intelligence-gathering reports into action, they are useless. That’s why we need to become the trusted “sense maker” to our company’s top decision makers.

Innovation by insurance companies – customer experience

This year, SIR conducted a consumer survey on innovation by insurance companies. It found that auto and homeowners insurers were considered “pretty innovative” by 40 percent of respondents when compared with banks which were considered “pretty innovative” by 46 percent. This is a “pretty interesting” finding! When was the last time you heard about a new and exciting bank product?

Interestingly, there was a whopping 365 percent increase in the percentage of people reporting an increase in communication from P/C insurers regarding simplicity and ease of use of their products. It looks like people don’t equate improvements in ease of use and simplicity with innovation.

When asked which three things insurance customers would change through new technology or innovation, the top three were: privacy, ease and personalization in that order.

Artificial Intelligence (AI)

Reliance on AI is expected to increase in the next 20 years. How will AI change the world of insurance? According to Peter Grimm, CEO of Cipher Systems, it will involve:

  • The explosion of data from connected devices leading to new product categories, more personalized pricing and increasingly real-time service delivery.
  • Increased prevalence of physical robots (drones, self-driving cars, autonomous farming equipment) will lead to shifting risk pools, changing customer expectations and new products and channels.
  • Standardized data frameworks and formats will lead to highly connected data ecosystems between multiple private and public entities across many industries.
  • Advances in cognitive technologies (machines that mimic human learning) will enable products that re-evaluate risk in real time based on consumer behavior.

Chatbots and roboadvisors are already making roadways into the insurance industry and according to a survey by AXA; 34 percent of millennials want to interact with their insurer online only which shows that the market is prime for robo-advisor interaction.

Reading List

Here are a couple of books recommended by speakers that I can’t wait to dive into.

Geeta Wilson, vice president, consumer experience at Humana, recommends Competing Against Luck: The Story of Innovation and Customer Choice by Clayton M. Christensen. The author, a Harvard Business School professor who coined the term “disruptive innovation”, introduces the concept of “jobs to be done” theory in this book.

According to the theory, instead of asking customers what they want, companies would do better to get a deep understanding of what their customers do at the point when they require their product. Then the company needs to invent ways to help them do it easier, better and faster. Companies need to become obsessed with solving their customers’ problems or as Geeta put it, they need to “fall in love with the problem.”

Another book I look forward to reading is Professor Al Naqui’s The Beaver Bot of Yellowstone: Pure-Play Leadership for the Artificial Intelligence Revolution.  This book, targeted towards business leaders, promises to be an accessible guide through the mysterious and complicated cognitive transformation that firms are in for if they want to stay alive in the dawning age of AI.

 

Small businesses need cyber insurance – just like everyone else.

Used to be, hackers would spend most of their time hitting big companies with deep pockets and troves of customer data.  

But the times have changed. Launching a hack is as cheap and as easy as never before. Because of this, lots of hackers are playing small-ball by going after small businesses.  

Their calculations make sense. A ransomware payout might only be a few hundred dollars, but if hackers can hit hundreds of businesses simultaneously, their ill-gotten loot adds up pretty quickly.  

Small businesses know they’re at risk. According to a recent Insurance Information Institute (I.I.I.) and J.D. Power 2018 Small Business Cyber Insurance and Security Spotlight Survey, 70 percent of surveyed businesses said that the risk of being victimized by a cyberattack is growing at an alarming rate.  

But only a minority have cyber insurance. Only 31 percent said they have cyber insurance – and 70 percent said they don’t have plans to purchase a policy. (Commercial cyber insurance varies across policies but will usually cover expenses incurred from a data breach, like lost revenue, legal costs, and crisis-management.) 

Meanwhile, we found that 10 percent of respondents said they have experienced at least one cyber incident in the prior year. To give you some perspective, that’s about the same rate as drivers get into auto accidents.  

Imagine getting into an accident and not having auto insurance. It’s an expensive proposition. The same goes for cyberattacks – we found that the average small business cyber losses for the past year were $188,400. That’s a lot of money for a small company to absorb.   

As hackers continue to get nimbler, the need for small businesses to have cyber insurance will grow. It’s incumbent on insurers to educate their business clients about the value of cyber coverage.  

And the value is there to see: 97 percent of our survey respondents who had cyber insurance and were hacked said that their coverage was good enough to make them whole again.  

Survey: People are aware of cyberrisks, but many aren’t doing anything about them

even your coffee maker can get hacked these days.

A lawyer once warned me during a seminar that I should never, ever send an email – ever. “Get on a phone instead,” he counseled. (I assume he hadn’t watched The Wire.) 

Impossible to follow as his advice was, it stuck with me because he was right, in a way. If there’s anything we should’ve learned after all the data breaches these past few years, it’s that nothing about our online lives is safe from prying eyes. Not Social Security numbersNot medical records. And definitely not our social media activity 

People know the risks. The good news is that many American consumers are aware that their connected lives are incredibly vulnerable. According to a recent Insurance Information Institute and J.D. Power 2018 Consumer Cyber Insurance and Security Spotlight SurveySM, almost seven out of 10 connected technology owners (69 percent) are not comfortable sharing personal information on social media such as Facebook and Instagram. 

But behavior is slow to change. The bad news is that only about a third changed the way they used social media or connected technology after learning about recent data abuses and breaches. 

And it’s even more alarming that fully 85 percent of surveyed connected technology owners either don’t have cyberrisk insurance or don’t know if they do.  

Education and insurance are important. Just like in real life (wear a helmet, everybody!), leading a safe online life starts with education about the risks involved. That education includes learning how insurance can help. Insurers are in a unique position to spearhead these education efforts – people will often turn to their insurance company after they’ve suffered losses from a data breach.  

But consumers first need to learn about the cyber insurance options out there that can help immensely after a hack. For that to happen, insurers need to demonstrate to consumers the relatively inexpensive and valuable coverage that is available to protect them.  

The alternative is for all of us to go back to sending letters by snail mail – or, if a certain lawyer is to be believed, never writing anything down at all.  

People Get Hacked. Insurance Can Help.

get protected.

It’s October – and that means it’s National Cybersecurity Awareness Month.

The National Cyber Security Alliance has dedicated the first week to making homes safe from hacking. And for good reason. Families are increasingly living connected lives: on social media, in video games, and through “smart” home technology like connected thermostats or burglar alarms.

So-called “smart tech” (otherwise known as the Internet of Things) is only getting more popular: three out of five Americans have connected technology in their homes, according to a recent Insurance Information Institute and J.D. Power 2018 Consumer Cyber Insurance and Security Spotlight SurveySM.

Smart tech is convenient and efficient. Why not buy a thermostat that can automatically adjust the temperature to save you money?

Your smart tech can be hacked. But convenience can be costly. Hackers are getting more sophisticated. Your smart security system might discourage burglars – but not hackers. Hackers can use your smart thermostat to attack major websites, which is what happened in several major hacks.

Nearly a third of the smart tech owners surveyed said they have been identity theft victims.

People aren’t covered for cyberrisk. More than four out of five American consumers who own connected devices either lack insurance to protect them from cyberthreats or do not know if they are covered – and over 75 percent said they don’t plan to pay more for cyberrisks coverages.

That’s not great. Cyberrisk coverages are usually fairly inexpensive, sometimes as low as $30 per year. For that low price consumers can often get help for a range of cyber threats, including identity theft, cyberbullying, and ransomware (depending on the individual policy).

Education about cyberrisks is crucial. It’s a simple problem: People often don’t have cyberrisks coverage because they don’t know much about cyberrisks. Which also explains why many cyber-attacks are essentially “user error” – for example, a hacker sends a disguised email and a user clicks on a link, downloading malicious code onto their computer. Or someone buys a smart tech device and doesn’t change the factory password.

Getting educated about the risks of hacking is the first step to protecting your data. The next step is to use security tools. One such tool is insurance.

Insurance helps. Insurers need to make that clear. Whether as an add-on coverage to a homeowners policy or as a stand-alone policy, cyberrisks insurance can help protect you if you’re hacked. But the I.I.I/J.D. Power survey found that many people don’t know about this kind of insurance.

Insurers need to help educate their customers about the cyberrisks they face. Then they can help their customers understand why insurance can be a low-cost tool to protect their identities and assets.

The dangers of smart city hacking

 

The adoption of smart city technology is altering the way municipalities manage critical services and infrastructure. Worldwide spending on technologies that enable smart cities is projected to reach $80 billion in 2018 and will grow to $135 billion by 2021.

There are as many as hundreds of thousands of connected systems embedded throughout a city’s critical infrastructure, which are used for things like traffic monitoring and emergency alerts. Researchers from IBM and Threatcare evaluated three smart city sensor hubs and uncovered vulnerabilities, including bugs that would allow hackers to access the systems.

The type of damage exploiting smart city technologies could cause includes: Causing disaster detection and alarm systems to report incorrect data; manipulation of law enforcement response (for example manipulating traffic control infrastructure to create gridlock and delay law enforcement teams from accessing the real scene of a crime); and the manipulation of farm sensors to cause irreversible crop damage.

Will the Facebook/Cambridge Analytica Scandal Prompt Computer Science to Enter Its Own Age of Enlightenment?

By James Ballot, Senior Advisor, Strategic Messaging, Insurance Information Institute

 

Many of us are still trying to make sense of how our data were affected by a massive data-scraping operation by the research firm of Cambridge Analytica that allegedly misused personal information of 50 million Facebook users. One expert with  a “big picture” view of this scandal is  Yonatan Zunger, a former engineer/privacy expert at Google, who sees the Facebook/Cambridge Analytica affair as further evidence that computer science needs to have its “A-Bomb” moment.

What Zunger means by this is that the fields comprising computer science have to “come to terms with the responsibility that comes with building things which so profoundly affect people’s lives.” And, relatedly, when (or if) there is an “enlightenment” movement, will it empower programmers, data engineers, and others in the field to fight the “weaponization of their work,” or will hackers and other cybercrooks simply redouble efforts and build better mice to defeat better mousetraps?

At the heart of this moment of reckoning are topics of keen interest to insurers. Concerns about  big data analytics in insurance are being raised on several fronts. The Geneva Association recently published a report highlighting the concerns regarding privacy, discrimination and competition that big data analytics present to the insurance industry. And this recent article by R.J. Lehmann warns that “The more complex predictive modeling grows and the more attenuated from the sorts of relatively straightforward risk factors that both consumers and regulators can easily understand, the greater the odds of a backlash.”

 

Digital transformation in insurance: lessons learned in 2017 and forecast for 2018

Digital transformation refers to the integration of technology into all areas of a business resulting in profound changes in how the business operates and interacts with customers.

A recent McKinsey and Company blog post points out that successful companies do not just focus on a digital strategy but instead devise a strategy for the digital age —  “a complex, many-tiered undertaking that is made more challenging by continuously shortened development cycles.”

The post explores a few of the digital transformation lessons insurance companies learned in 2017 and questions CEOs should be asking in 2018.

Lessons learned in 2017 include:

  • Focusing on the big picture
  • Understanding value drivers
  • Prioritizing technological literacy

Key questions for 2018 are:

  • How should we approach investing in digital?
  • What is our ecosystem strategy?
  • Are we seeing enough value from data and analytics?
  • Is IT effectively partnering with the business?

 

 

Will cyber insurance cover the Meltdown and Specter bugs?

Last week news broke of two security flaws in computer processors that affect virtually all computers, smartphones and smart devices such as televisions and refrigerators.

The first flaw, nicknamed “Meltdown,” applies specifically to Intel chips. The second flaw called “Spectre,” is more difficult for an attacker to exploit but has no available patches yet and lets attackers access the memory of devices running Intel, AMD, and ARM chips.

This article from Woodruff Sawyer & Co., an insurance and risk management company, considers the cyber insurance underwriting implications of these flaws. The article states that once a bug becomes known and a patch or solution is available, the burden shifts to the device owner to download the patch and update their device. Cyber underwriters will want to know if business owners have patched all vulnerable devices, and how long it took to do that after the patches became available.

Another area of underwriting focus will be device obsolescence. Intel has stated that the patches released to address the vulnerability will focus on devices introduced in the last five years. Since manufacturers are not motivated to keep updating old equipment, and it may be difficult for companies to ensure that their entire network is free of the vulnerability if they don’t migrate to newer machines.

The article concludes that companies that are proactive in dealing with the chip vulnerabilities will improve their cyber security – and their ability to secure good cyber insurance.

Cyber Monday online safety tips

Identity theft is the biggest threat consumers face when shopping online, according to security expert Dr. Yair Levy. Before venturing online for Cyber Monday deals, here are some tips from Dr. Levy which appeared in a recent Sun Sentinel article:

  • Use a dedicated credit card for online purchases and a separate card for to pay bills, buy gas, groceries, etc. If the card is compromised, it’s easy to cancel the account.
  • When making purchases, verify a secured connection by looking for a little padlock or by making sure the Web address starts with “https://” (the “s” stands for secured).
  • Don’t use free wi-fi on your mobile device.

Phishing scams are becoming more frequent and more sophisticated, so be wary of emails or texts claiming to be from your favorite retailer. The best defense is not to click on links in a message or give out any personal information. If the message is legitimate, you can always go directly to the retailer’s website.

For more on identity theft and cybercrime, visit our Facts & Stats page.