The modern insurance industry isn’t just about processing damage claims—it’s about helping clients avoid them altogether. The Internet of Things (IoT) is reshaping the way insurance companies operate, with huge possibilities for the future, arming insurers with a smarter set of tools to better serve their customers.

In this article, I’ll diving into a few cutting-edge examples of IoT in action within an insurance organization and where I see the industry going.

Usage-based and parametric insurance

Usage-based insurance is already benefiting from the IoT by helping insurtechs offer more accurate and individualized policies based on customers' behavior and use of the insured object. In the motor industry, Discovery Insure’s innovative Vitality Drive sensor is an example of such use-based insurance. With an integrated, low-power, non-intrusive wireless device attached to the windscreen, connected to a mobile phone app and able to transmit core driving metrics, Vitality Drive tracks driving behavior and allows Discovery Insure to offer incentives and rewards for better driving.

Unsurprisingly, the system has detected a strong correlation between better driving habits and fewer accidents and less severe insurance claims. By encouraging better driving by aligning insurance premiums with the lower probability of accident claims, this type of use-based insurance helps both insurer and customer and improves road safety in general.

Parametric insurance is described by the Center for Insurance Policy and Research as “a type of insurance contract that insures a policyholder against the occurrence of a specific event by paying a set amount based on the magnitude of the event, as opposed to the magnitude of losses in a traditional indemnity policy.” In other words, a parametric insurance policy insures against an event, rather than against loss or damage of assets. This helps to bypass – or at least greatly simplify – the process of calculating potential losses and making policy adjustments after a claim; meaning that parametric insurance claims are processed and compensated much faster than indemnity claims.

The advent and growth of parametric insurance has close links to the IoT, with more sophisticated devices and better connectivity allowing providers to both calculate and compensate more effectively. This is especially true in the case of natural disasters, which have long been notoriously tricky for insurers.

Wakam (former La Parisienne Assurances), another insurtech, makes full use of the IoT to improve customization and automation. Both tailoring parametric policies to their customers’ needs and automating the claims process benefit from the capabilities of these smart devices. Wakam has gone further and has introduced a private blockchain platform to process and manage parametric claims. The combination of IoT and blockchain technology allows parametric policies to be generated and managed intelligently, based on global, connected event data, rather than isolated public or private events.

See also: Despite COVID, Tech Investment Continues

Avoid damage claims with IoT

Today’s insurance industry isn’t just about processing damage claims. It’s about helping clients avoid them altogether. Insurers can use the power of data to create a more secure, connected world. The next generation of IoT-based smart security solutions overcomes the shortfalls of earlier technology to provide connectivity at a cost-efficient price.

The potential of modern IoT is almost limitless: protect homes and businesses with security alarms that aren’t susceptible to jamming; recover stolen vehicles with powerful, reliable tracking systems; and react quickly to emergencies in the home or business with connected smoke detectors and real-time water leak detection. The overlap with insurance is obvious – IoT data provides a smarter set of tools for the modern insurance landscape.

Discovery Insure, for example, uses IoT to tackle a major problem in South Africa, where 48,306 vehicles were stolen in 2019. Only one in five stolen vehicles were recovered. The process was usually slow enough that thieves had time to dismantle stolen cars or ship them to the other side of the world. Even if the car was found, insurers might refuse to compensate the victim if there was no physical evidence of a break-in. But IoT sensors allow cars to be found even when they are hidden in enclosed or underground locations.

The future of IoT in insurance

From 2019 to 2024, the IoT insurance market is expected to grow 60%. The number of use cases for IoT devices within insurance will grow along with it, with more electronic devices entering the consumer and business marketplaces year on year. Traditional insurers are looking to the future and working on digitizing their offerings to move forward faster and with greater agility. According to the Global Insurtech Market report published in 2020, the pandemic has accelerated the digital transformation of industry, a driving force in the commercial introduction of IoT. Thanks to this IoT, insurance companies are being given more opportunities to revolutionize and grow than ever – but taking advantage of them will require forward thinking and adaptability.

The global life insurance and retirement industry is facing an inflection point due to the convergence of challenging economic, technological, competitive and societal headwinds. Product-driven business models of the past will not be sustainable because insurers cannot adapt quickly enough to changing customer needs. This problem is on top of mature markets, strict regulatory requirements, low interest rates and tight margins. The COVID-19 pandemic has made it even more urgent for life insurers to redefine their role, take bold measures and address these changes.

The good news is that many global insurance leaders are already making large investments in digitization, innovation and cultural change. Going digital has been a top priority, as it helps reduce cost and enhances customer experiences, leading to the increasing adoption of predictive analytics, artificial intelligence (AI) and automation in various business functions in the industry. According to McKinsey estimates, the potential total value of AI and analytics across the insurance vertical is approximately $1.1 trillion.

Soon, AI will be deeply embedded into the insurance value chain, providing unmatched power to insurers: automating manual processes in underwriting, eliminating errors and inefficiencies in claims processing and enabling predictive insights to deliver superior outcomes. Below are the top challenges that AI and machine learning (ML) will help solve in the insurance industry. 

1. Underwriting and Pricing — While pricing personal auto policies is mostly automated today, the underwriting process is still manual for commercial property. For commercial property insurance, the underwriter needs a lot of information, such as occupancy, data on adjacent buildings, loss estimates and typical hazards. Some of the data may be available online but may be outdated and might require onsite verification. This is why human judgment is critical. A PwC report on top insurance issues noted that carriers are devoting considerable attention to helping underwriters use models and AI-driven tools to supplement their knowledge. Underwriters are becoming increasingly comfortable marrying what they’ve learned from personal experience with insight from models to make the most informed decisions possible. Soon, underwriting will be fully automated, supported by machine learning models that ingest vast amounts of data through an ecosystem of vendors. 

2. Claims Processing — In the future, machine learning algorithms will manage claims routing, increasing efficiency and accuracy dramatically. According to a McKinsey report, claims for personal lines and small-business insurance will be fully automated, enabling carriers to achieve straight-through-processing rates of more than 90% and dramatically reducing processing times from days to hours or minutes. Unlike with the traditional practice, involving manual methods of first notice of loss, the burden will no longer be on the customer to inform the insurance carrier about an event. The process will now be automated, relying on  IoT sensors and real-time monitoring to prevent incidents from happening and sending notifications for critical events requiring immediate attention. An app on a smartphone will handle all interactions, with the capability to trigger claims automatically upon loss. Other technologies will support claims processing, such as natural language processing, deep learning and text analytics. 

See also: Wake-Up Call on Ransomware

3. Fraud Detection — Insurance fraud can cost companies millions to billions of dollars, as there are thousands of claims filed every day. Assigning insurance agents to investigate each case will be time-consuming and expensive. Using AI, insurers can evaluate millions of documents and data points in record time. They can cross-reference several databases and incorporate multiple external data sources, which would be impossible without automation. Anomaly detection models can identify deviations and flag cases for review. Leveraging learnings from previous fraud cases and using real-time data, AI and ML models can identify threat signals before they might become a more substantial problem. 

4. Other Use Cases — A common use case is using predictive analytics for estimating policy cancellations. Customer churn is one of the most problematic aspects of customer management for insurance companies. When high-value customers churn, insurance companies often replace existing businesses with new, more costly customers that lower profitability. Creating AI and ML models that can accurately forecast churn behavior can boost profitability and revenues. 

As insurance carriers get better at leveraging data and implementing predictive analytics, the focus will shift from product-led to customer-centric models. The insurance industry’s adoption and investment in digital capabilities to unify data, advanced analytics and people will ultimately make the industry more agile, efficient and transparent. The winners that go above and beyond will start to offer personalized products based on individual customers’ unique needs and enhanced customer experience.

Most public entities and many private companies have switched to a procurement model for all contracts and purchasing. This model means a centralized department is responsible for all these decisions, ranging from office furniture and supplies to purchasing insurance and risk management services. Risk managers and service providers are often challenged to demonstrate the value of such services beyond simply price, and pricing alone is not the best comparative measure of such services.

The latest Out Front Ideas with Kimberly and Mark webinar brought together two risk management and procurement teams to discuss how they work together to achieve the overall goals of their entities and how vendors seeking contracts can best differentiate themselves from their competition. Our guests were:

• Amber Feldman – purchasing agent and contracts administrator, state of Colorado
• Chelsea Gilbertson – contracts and procurement director, state of Colorado
• Rick Graham – chief risk officer, Southeastern Pennsylvania Transportation Authority
• Julie Mileham – director, State Office of Risk Management, state of Colorado
• Cristal Swift – risk management administrator, Southeastern Pennsylvania Transportation Authority

Framing the Issues

Public entities are often scrutinized over vendor choices because of procurement guidelines they need to adhere to and federal and state oversight. If government partners believe funds are being used inappropriately, consequences can result in reduced funding. Additional funding sources, like pass-throughs and grants, can be added to one project, making adherence to statutory requirements even more complicated, with multiple sources to track. These inherent challenges are precisely why the vendor selection process is extensive and thorough. 

Transparency throughout the process is also vital to maintaining public trust, especially when taxpayer dollars are involved. When the solicitation process begins, the process must remain competitive and fair, as to even the playing field for all vendors, including those currently contracted with the entity. 

Evaluating Third-Party Vendors

From the beginning, program needs should be extremely comprehensible to vendors, making the language in the request for proposal (RFP) critical. Transparent language also clarifies what is being asked of vendors and will ultimately help develop the final contract. RFPs should also include all mandatory minimum requirements and the scope of work, so expectations are unambiguous. Including the evaluation criteria and the entire selection process in the RFPs will further clarify the entity’s needs and allow vendors to know what they’re getting into. Additionally, consider a debriefing process after contracts are awarded so that vendors are aware of what they can improve on the next time, regardless of whether they were chosen or not. 

See also: State of Mental Health in the Workplace

Risk Management Purchasing

When seeking risk contracts, procurement teams should consult with their risk managers to appropriately develop the RFP. This allows risk managers to manage vendor risks and identify what can be transferred appropriately between parties within a project. Risk managers should also independently evaluate all bids, which is critical to identifying exposures and understanding coverage. One project may require pollution liability coverage while others may not, so it’s essential not to use a one-size-fits-all approach. With projects differing in size and scope, using scalable solutions can help ease the process.

Communicating early and often with the procurement team will also ensure that they consult with their risk management team for all future projects. Inviting all parties to a roundtable discussion can assist in keeping the lines of communication open and concrete relationships while verbalizing any concerns. Timeliness is critical in contract decisions to properly coordinate with vendors and keep the project goals on track. Remember that, throughout the vendor selection process, it is crucial to choose what’s best for the entity and not just easiest for the transition.

Advancing Your Purchasing Processes

Many entities expect vendors to be intuitive about their needs, but expectations should be made clear to make program goals a reality. And while there are a multitude of ways to make the procurement and purchasing process less painful, our guests offered a few critical elements to pay attention to. 

Start the RFP Process Early. The earlier this process begins, the better. Applications should be submitted early, and the underwriting data should be flawless. Take the time to understand the process and ask concise questions when writing a submission. Establishing the program needs early will help vendors better understand the scope of work and requirements. 

Look Beyond Cost. Often the price is viewed as the most crucial factor when choosing a vendor, when the actual value can be found elsewhere. This methodology can also prevent growth within a program. Consider the other values that a vendor may bring to elevating a program, looking at cost last. Additionally, examine preemptive challenges, like if a vendor comes back with several changes to a contract, this could be an early indicator of how they’ll work within the project.

Avoid Silos. Collaboration and communication in the planning stages can be crucial to your program goals, and bringing in additional departments to review RFPs can bring a fresh perspective to your evaluation process. Considering department input, like budgeting and accounting, can clarify implications around the solicitation process. Also, speaking with risk managers early can help identify associated risks that can be communicated to vendors.

Know Your Risks. Risk implications are involved with everything regardless of if it’s directly related to risk management. Discuss your concerns regarding coverage with brokers and ensure that complex issues are addressed. Use them to review coverage language and ensure that coverage in contracts and bids is appropriate for the risks your organization is willing to accept. If you’re unsure of risks, ask yourself what taxpayers should really be liable for. 

See also: Why Open Insurance Is the Future

To listen to the archive of our complete Perils of Purchasing for Public & Private Entities webinar, please visit https://www.outfrontideas.com/. Follow @outfrontideas on Twitter and Out Front Ideas with Kimberly and Mark on LinkedIn for more information about upcoming events and webinars.

As the world starts to emerge from the pandemic, ITL Editor-in-Chief Paul Carroll sat down to discuss the new normal for workers' comp with two of ITL's most widely read contributors: Mark Walls, VP of communications and strategic analysis at Safety National, and Kimberly George, global head of innovation and product development at Sedgwick. Together, Kimberly and Mark co-host the "Out Front Ideas" educational series.

This webinar will discuss:

• How legal interpretations related to coverage for COVID cases may expand the scope of workers' comp, making carriers responsible for other infectious diseases, PTSD and more.


• How telemedicine took on a much broader role during the pandemic, and why its use will continue to grow.


• How carriers, accustomed to conducting rigorous analysis of massive amounts of historical data, are adapting to a world where so many issues don't have a history, because almost everything is new.

---

Speakers:

Together, they co-host Out Front Ideas with Kimberly and Mark

Every real estate closing is a beginning, an exchange of deeds and a chance to do good works — if real estate agents and insurers come together. If both groups unite on behalf of homeowners, offering life insurance with mortgage protection to homeowners, the result is a boon for all homeowners. 

The proof is not only on paper, in the papers that insurers issue, but in the peace of mind that homeowners enjoy: knowing that loss of property will not follow loss of life, that devastation among the living will not follow burial of the dead, that foreclosure will not follow a tragedy without closure. 

We can eliminate the fear of foreclosure by deputizing real estate agents, making them advocates of life insurance or insurance agents outright. Either way, everyone wins. Real estate agents earn additional income, insurers underwrite additional policies and homeowners receive additional protection. No one wins, however, when no one communicates. 

Failure to communicate is the cause of our problem. 

We have it in our power to fix this problem: to correct it by working with real estate agents. But before we can get real estate agents to talk to homeowners, we must set our own house in order. 

We must recognize that practice is a prerequisite to preaching, just as attentiveness — people’s willingness to listen to a speaker — is a perquisite of having a calling, of answering the call to spread the word. We must do as we say, and have something to say, replacing silence with words of soundness; converting a stutter of hesitancy into a score of certainty; turning applause into action. We must give real estate agents reason to believe.

Belief does not require faith, not when evidence will suffice. 

That insurers have a wealth of evidence, that the evidence is translatable, that insurers have a duty to translate the evidence into that which is intelligible to real estate agents and homeowners, that insurers know how to translate the evidence is reason to believe in what the evidence proves.

See also: Life Insurance With Mortgage Protection

The proof is in the value real estate agents can provide, in addition to the credibility they possess and the clients they advise. The proof is in the freedom — the freedoms — real estate agents and insurers can deliver. The proof is in freedom from fear of foreclosure. The proof is in freedom from want, allowing families to have the financial strength to live. The proof is in the freedom to recover, giving homeowners the added value of time. 

Time to grieve permits time to rest; time to heal contains time to learn; time to think begets time to do.

Preaching the value of time is a virtue. 

Adopting this value guarantees continuity; applying this guarantee secures the value of a family’s greatest asset; providing this security is a great and invaluable act of goodness.

Real estate agents and insurers share these values.

Homeowners deserve the protection these values afford, which is the protection they welcome; which is the protection they shall receive.

When the pandemic struck early last year, insurers had a wake-up call when it came to digital transformation. A report by Accenture revealed that the lack of digital, agile systems was evident in the industry’s response to COVID-19 when “insurers struggled to pivot to remote work and to continue meeting demands for sales and service.” However, things have changed for the better. A 2020 PwC report shows that core technology transformation (51%) and cloud technology (28%) are key priorities for insurers.

At the same time as these digital changes are happening, the industry is seeing more regulations pop up. Depending on their specialty, insurers already had to adhere to healthcare, financial and consumer privacy regulations. More recently, Maine and North Dakota adopted the National Association of Insurance Commissioners (NAIC) data security model law, which seeks to establish data security standards for regulators and insurers to mitigate the potential damage of a data breach. They join at least seven other states that have already adopted similar laws.

With the shift toward cloud infrastructure and applications well underway, minimizing risk and protecting data integrity and privacy become all the more important. Those in the insurance field need to balance new digital transformation efforts with increasing compliance requirements. Data ownership can help with both – here’s how.

Keep Compliance Top of Mind

When important data starts to move from legacy systems into mission-critical cloud or SaaS (software as a service) apps, like Salesforce, it can complicate regulatory compliance. While many insurers may believe they own the data within these apps, they don’t have the control over it that ownership would typically convey. And yet, they can still be held liable should something happen to a client’s data within the SaaS app.

Additionally, because insurers may also need to access SaaS data for analytic purposes, they’re likely to download, make their own copies and store it in their own folders and systems, creating data sprawl. Not only does this increase potential access points and vulnerabilities within an organization, but it can also cause other problems for insurers. From inaccuracies caused by data being changed in one version of copied data and not others, to the more straightforward issue of not knowing everywhere data is stored – and who is accessing it – data sprawl can be dangerous, especially where regulations are concerned.

See also: The Rules of Digital Transformation

To better ensure compliance and avoid these pitfalls, insurers should back up and own their data. Where data is stored is critical to how accessible, secure and auditable it is – which is why organizations should store data in the cloud infrastructure they’re already using, such as AWS or Azure, instead of keeping it in SaaS vendors’ — or backup vendors’ — environment.

Storing historical data in this fashion can help insurance companies in several ways. First, it decreases the surface area of exposure. The more copies of data floating around an organization — whether the insurer’s or the backup vendor’s — the more potential touchpoints, meaning there’s greater opportunity for unauthorized access, and it becomes harder to trace any changes. These issues can put an organization at risk for breaches, intentional and inadvertent data corruption and penalties when auditors come knocking. However, when data is in your organization’s own cloud data lake and can be streamed into business intelligence or analytics tools from a single source of truth, it reduces the number of copies needed, helping to ensure data integrity and maintain compliance.

Likewise, storing data in an insurer’s own cloud means the organization can set controls over who touches it and where it goes in the organization. This makes it easier to maintain a digital chain of custody – and trace when, where and who made changes. Many new regulations require audit trails that capture this information, something that gets increasingly difficult when data is stored and retained over time in third-party applications.

Data ownership as a key to growth

Data ownership not only helps insurers decrease risk and liability, it can also propel organizational growth.

Many insurers have already been tapping into historical data for predictive analytics, when it comes to policy writing, for example. By incorporating this new pool of SaaS backup data – which captures every change made – those models can become more accurate. Insurers get access to even more information that can lead to better insights and be used to improve everything from underwriting, pricing and risk assessment to recommendations about insurance plans and strategic marketing decisions – all of which affect an insurer’s bottom line.

As insurers begin to cross the digital divide, they need to be aware of compliance necessities that accompany digital change. With a sound data strategy, insurers can reap the benefits of creating a digitally driven enterprise while adhering to regulations and setting themselves up for continued success.

Identity management has been an obstacle for commercial insurance companies for a very long time. Many thought that problems would dissipate or at least become easier to correct by moving to digital systems, but, in reality, identity management has only grown more complex. It is obvious that we need a better way.

Now, there is fresh hope that identity management will become much easier to wrangle. Artificial intelligence (AI) is progressing rapidly, to the point where it could become a tremendous tool in identifying and cleaning up inaccurate data as well as linking the right providers to the correct claims.

Let's take a step back and examine the key issues in identity management today to understand how AI could be used to shore up existing gaps and move the industry forward.

The Data Problem

First of all, by identity management, as it is applied to insurance, I am referring to a special case of entity resolution, i.e., the process of linking references to providers in claims, bills and other data to a single flesh-and-blood provider — the so called “single belly button.” This is facilitated by maintaining a dataset of the actual providers working all over the country, with their names, addresses, specialties and networks — essentially all the data associated with them for billing purposes. These “golden sets” also are available for attorneys in the claims space, functioning nearly the same way. Still, for the sake of clarity, I'll focus on medical providers in this article. These lists are available through a handful of third-party vendors (and certainly some organizations have developed their own), and they must be constantly updated as the ground truth evolves.

See also: Intersection of AI and Cyber Insurance

The Missing Link

Currently, numerous different golden sets have varying degrees of accuracy and cleanliness. While this is certainly problematic, the real challenge in identity management is the linkage process itself. This is because much of the provider references in the claims, bills and other data can be considered stale or dirty.

There are myriad reasons for stale and dirty data. Doctors change their name through marriage or for other reasons; they move to other cities; they might add a specialty or change focus, Joe Smith might become Josephine Smith. All of these things and more make the process of linking these references to the correct provider very difficult. In many cases, today’s systems lack the ability to link references in claims to golden sets; instead, linking falls to claims representatives. One of the biggest identity management tasks remaining today is the ability to uniquely and accurately link a claim to the right provider with the correct billing information.

Many companies try to build their own link, but it has not been smooth sailing. Developing such functionality is an expensive, time-consuming, complex endeavor. Without clean, accurate, linked datasets, claims can go wildly off track. But there is hope.

AI Will Fill the Gap

AI has shown its effectiveness in improving claims operations processes, pulling out key insights to resolve claims quickly without attorney involvement. Now AI could be applied to solve the linkage problem as well.

AI systems that aggregate data from actual anonymized claims, bills and other data throughout the industry could be used to read massive volumes of data, recognize pattern and find the links between specific providers and claims. Systems could be trained to identify and update records, managing identities persistently and in real time.

Imagine just for a moment that you had a very high threshold of confidence in identifying the correct provider for a claim and that the provider automatically would be issued a unique ID (in the U.S., that of course is the National Provider Identifier, or NPI) that stays with him or her throughout the life of the claim so that every time a change is made — a note filed, a bill paid — the correct provider at the correct location automatically comes up. No detective work, no guesswork.

This is now possible from a technological standpoint, as we have seen in creating CLARA's solution. I can attest that it requires a significant investment of time, effort and intellectual property to build in-house. Given the rate of AI advancement, market adoption and pressing industry need, there is no doubt that it won't be long before nearly all identity management systems are powered by AI and machine learning technologies.

See also: Insurance Outlook for 2021

As I hope I have shown, the data available to the industry today is nowhere near sufficient. The bar for identity management — and therefore the level of investment, skill and innovation applied to this problem — will continue to increase. Those organizations that prepare to embrace new applications of AI for identity management will be the ones that thrive and modernize claims, driving down costs and increasing efficiency. The companies that resist this transformation will get left behind as they struggle to sift through their dirty, messy data.

As first published in Digital Insurance.

As the CEO of an identity security company, I share a perspective with many cyber insurers: Cybercrime is frequent and widespread and can happen to anyone. With cyber risk increasing with every data breach, phishing scam and identity threat, it’s time that digital health is taken as seriously as physical health. 

So, what does it mean to stay digitally healthy today? The world is just too complicated for a silver bullet strategy. Digital health is a set of offensive and defensive actions that, layered together, form a new picture of safety. 

Cyber insurance is a critical piece of the puzzle, and one we think is becoming increasingly important for both small businesses and individuals – often underserved markets. Complacency is no longer an option.

A Complex New Landscape 

In just a few short years, we went from using our smartphones to primarily stay caught up on email and social media to now managing almost every aspect of our increasingly digital personal and professional lives on our phones. As the technology landscape has evolved, so too has the threat landscape. At the same time, individuals and small business’ ability to manage all the risk hasn’t kept up.

A global pandemic has driven digital transactions even higher, and more organizations than ever are storing personal information and using technology providers to help manage and deliver the digital services people need and expect. Most people nowadays have no idea which, and how many, technology providers have their personal information. Even consumers with excellent digital literacy and hygiene simply don’t know what they don’t know when it comes to how their sensitive personal information is being exposed and potentially misused.

Cyber threats can come from anywhere and are fueled by forces that are difficult to control. Cyber attacks and the resulting data breaches happen with alarming regularity, but remaining vigilant and knowing what to do is an extremely difficult task when there are no universal best practices around data breach notifications.

Most people do not realize how vulnerable they are, and, despite the evidence to the contrary, think a cyber attack won’t happen to them. In today’s complex and rapidly evolving landscape, more insurers will need to act as educators and ensure that the cyber policies they are selling reflect the myriad of modern risks. In the interest of both the client and the insurer, cyber insurance should be combined with other solutions for a comprehensive approach.

See also: Does Cyber Insurance Add to Ransomware?

Personal and Organizational Security Risks Are Linked

The online risk that each person carries follows them through life. It doesn’t just threaten their personal financial accounts – which is bad enough – but the businesses and organizations they work for, too. More sophisticated cyber attacks now target individuals with convincing email and phishing scams that are used to gain access to enterprise systems, or to trick them into becoming unwilling accomplices in fraud. Cyber risks flow in all directions: from organization to individuals, who introduce it back into stakeholder organizations.

So even when a small business has robust cybersecurity defenses in place, each individual introduces their own set of vulnerabilities to the organization. And, for the complicated reasons mentioned above, these risks go largely unaddressed. 

It’s time to understand and accept that the problem of online security has grown too complex for most to manage alone. Individual security and organizational security are inextricably linked, so it’s in everyone’s interest to combat the modern challenges with robust protections.

Cyber insurers can help stem the tide of cybercrime – and protect their own interests in the process – by helping more organizations play a role keeping individuals protected. This involves looking at all audiences that could be affected by a cyber attack on the organization, from prospects to customers to employees and vendor partners. If insurers help educate organizational customers on the complex and related cyber risks, they can move the needle of protection forward meaningfully with appropriate cyber coverages

The question of total digital health is constantly evolving, and the solutions must be as dynamic as the problem. Cyber insurance has an important part to play in helping people manage – and master – the risks introduced daily by the technology that plays a starring role in life today.

Finally, a bit of good news on ransomware: Federal investigators said Monday that they had recovered millions of dollars of the ransom that Colonial Pipeline paid to Russian hackers following their recent attack, which disrupted gasoline supplies up and down the East Coast.

The news may discourage ransomware hackers by showing them that they aren't as invincible as they think -- while they operate from countries that aren't likely to cooperate with international enforcement and take payment in cryptocurrency, U.S. investigators tracked the Colonial Pipeline ransom to a digital wallet and recovered much of it. The news also underscores FBI Director Christopher Wray's statement last week that ransomware attacks should be seen as terrorist activity that warrants a heavy response from law enforcement, suggesting that potential corporate targets and their insurers may receive much-needed help.

To understand where ransomware attacks and cyber insurance go from here, I sat down recently with Brian Brown, principal and consulting actuary at Milliman, and Paul Miskovich, consultant who has been working with Milliman on cyber issues. As you'll see, they offered a modicum of optimism but raised some tricky issues that both insurers and corporate clients will face -- and laid out some cyber threats that lie ahead even if ransomware starts to come under control.

Here is the conversation:

ITL:

When we started planning this conversation, there had just been a high-profile ransomware attack, the one that shut down Colonial Pipeline and greatly restricted the availability of gasoline on the East Coast for days. We’ve since had an attack on JBS, which is the world’s largest meat seller and which provides a quarter of the beef and a fifth of the pork consumed in the U.S. Now that awareness is finally rising for this long-festering problem, what happens next?

Paul Miskovich:

For companies and clients, the attacks will drive investment in cyber resiliency.

The guidance from U.S. regulators and law enforcement, which has been very consistent, is that paying ransoms encourages bad actors to accelerate crimes involving ransomware. The Office of Foreign Assets Control and the Financial Crimes Enforcement Network released advisories in October that warned of sanctions for victims who make ransomware payments. So, you're in a Catch-22 if you’re attacked. If you choose to pay, you may have to pay penalties. If you choose not to pay, you could suffer reputational harm and other financial losses from being shut down. So, the only correct thing to do is to invest more in cyber resiliency.

ITL:

My thesis has been that the insurance companies should play a major advisory role because they are experts or at least more expert than the individual clients, based on all the cases they are seeing. Is that a reasonable thought?

Paul Miskovich:

It is, but there are issues.

Insurance companies are also affected by the OFAC advisory, and they have issues in making payments. They will need to start investing in technology partners to be able to make ransomware payments, which typically are done in cryptocurrencies. Insurers will also have to work more closely with law enforcement, to avoid sanctions and penalties. With respect to clients, insurers are going to have to work much more closely on prevention and resiliency.

And then you end up with other issues. Hackers will use AI and algorithms that accelerate the pace of the attack and could release confidential information, meaning that victims need to pay the ransom fast. So, insurance companies are going to have to figure out assessment and payment methodologies that work a lot faster than they work now.

ITL:

Can intelligence and law-enforcement agencies like the FBI do more to spot attacks potentially coming from overseas and maybe even shut them down?

Paul Miskovich:

Agencies are going to have to increase their scale, because they don't have the necessary resources to address the growing cyber threat. There’s a whole criminal network behind ransomware that’s exchanging money in the form of cryptocurrencies, so law enforcement has to get to a level of sophistication that it can use blockchain and other technologies to track the flow and disrupt the perpetrators.

ITL:

What are all these threats doing to insurers and to rates?

Brian Brown:

From 2015 to 2020, premium growth for cyber insurance has been in excess of 25% a year, and the current cyber premium is about $2.3 billion a year. It’s possible that's understated, because carriers may not be reporting all of the cyber premium. Also, this is just premium written by U.S. domestic companies.

We started to see a big tick up in claims in 2019. The 2019-2020 claim activity has been more than double 2017.

Loss ratios were pretty favorable for stand-alone cyber policies from 2015 to 2018, below or close to 50%. But in 2020 the loss ratio was 73%. That's assuming that the carriers are perfectly reserving the exposure. We've looked at some other data for policies just written in 2020, and the indicated loss ratios, early on, may be much higher than 73%.

A lot of big companies have pretty tight security plans; the medium-sized companies not as much. So, there may be much heavier rate activity for the medium-sized companies. But the fundamental issue is, which insurers can determine new more robust variables that predict the likelihood of a cyber loss.

And, if you're insuring somebody, you want to provide risk management services to reduce their probability of a cyber event, whether that's providing courses to employees or software to IT departments to measure cyber resilience. You also really need a qualified staff to handle claims.

The predictions are that premiums will continue to grow well in excess of 25% annually for years to come. So, I think we're on the cutting edge of a great opportunity for a lot of insurance companies, if they're able to do it right.

ITL:

Do you want to speculate a bit on what the next threat will be, beyond ransomware?

Paul Miskovich:

I see three. The first one, undeniably, is the exploitation of cloud computing vulnerabilities. Next are the cyber security breaches originating from vulnerabilities in ecosystems, where the victim is provided services, especially web applications, through a third-party offsite server. That area of exposure is going to continue to increase. The other one is that the sophistication of exploits is increasing with artificial intelligence and self-learning algorithms. Denial of service attacks are becoming especially dynamic. The algorithms are quicker and more effective. The algorithm chooses one or more methods of attack using behavioral analysis of the network to try to figure out how to get through the defenses.

ITL:

On the theory that we should fight the next war, not the last one (as generals famously are said to do), are there particular things you would recommend that anyone in this ecosystem -- the clients, the insurers, the regulators or the investigative agencies -- should do to prepare us better for those next threats?

Paul Miskovich:

I feel that Congress should establish federal minimum cyber security standards for private businesses. And law enforcement and regulators should put forth information campaigns educating the public. Together, they will set a common basis of knowledge and preparation and will drive investment in cyber resiliency, while improving private companies’ responsiveness to quickly evolving threats.

As for critical infrastructure -- energy, transportation and healthcare -- I think they require much, much deeper resiliency planning.

We don't really know what the next attack will be, but if we all have the same baseline through training and standards, and we’re all sharing information, then our responses can be more effective.

Brian Brown:

We’re seeing a hard market now, but if we were to get one or several large events, in the $100 million to $1 billion range, we'd see an extremely hard market, and quite possibly capacity issues. So, some are looking at alternative capital sources to provide cyber coverage. We’re also seeing some MGAs and insurtechs actually doing the underwriting, which is likely to be a growing trend.

Paul Miskovich:

Many of the later entrants in the cyber market think it's more efficient to use specifically targeted, talented teams coming out of MGAs.

Brian Brown:

There are some additional benefits from the MGA relationship, because, if you're not happy with the performance of the portfolio, it's easier to exit. So, it's a quicker ramp up and an easier exit.

ITL:

Thanks to you both. This has been a great discussion.

Cheers,

Paul

P.S. Here are the articles I'd like to highlight from the past week:

Behavioral Science and Life Insurance

Carriers must fully grasp human biases and behaviors and harness technologies to improve health.

Ready for the Fully Connected Future?

The key for insurers is to think beyond a single transaction and be “partnership-ready,” which also means becoming “ecosystem-ready.”

The Promise of Predictive Models

Big data and AI will uncover insights that allow smart carriers to acquire the most profitable clients and avoid the worst.

Key to Transformation for Auto Claims

AI is critical to processing and assessing all inputs and removing friction. Yet AI alone cannot deliver transformation.

Auto Insurers Prep for Summer Driving

By taking steps now to update, optimize and digitize processes, insurers will be prepared to help customers through this likely difficult time.

Different Flavors of Transformation

Transformation and improvement are not the same, and insurers should use different approaches to the two types of innovation.

Customer experience is quickly becoming the new battleground for insurance companies. The pandemic has changed the way customers interact with insurers; companies that don’t digitize their delivery, service, and communication channels will fall behind in this increasingly technology-centric world.

As this Deloitte article titled Future of Claims explains, customer retention and loyalty are at the heart of the insurance industry transformation - and both are largely driven by how the customer interacts with their insurers, specifically when it comes to the claims experience. Innovating the claims experience and using technology to implement a low-touch claims process will differentiate companies from their competition.

Though it is evident that customer engagement is a critical piece of the customer satisfaction puzzle, most companies still don’t have a concrete outreach plan in place. In fact, according to this article by EY, 44% of customers have had no interactions with their insurers during the prior 18 months. Additionally, the Elevating the insurance customer experience study by IBM reports that 60% of insurance executives agree their organization is lacking in CX strategy.

Today’s consumers are informed consumers - they carefully scrutinize all aspects of the service and compare CX not only against other insurers but against CX from other industries they interact with. And if this wasn’t enough pressure, there is an additional obstacle to creating a good customer experience in the insurance industry - interactions between insurers and customers are issue-driven. Customers only reach out to insurers when they face a problem and are already frustrated. That has a significant impact on how they rate the whole transaction. So it’s important for insurance providers to maintain a good relationship with customers throughout the whole journey, instead of only interacting with them when tensions are already running high.

Companies that regularly engage with their customers and deliver on great CX reap rewards in the form of increased net profit. According to a McKinsey study titled The growth engine: Superior customer experience in insurance, in the past five years, US auto insurance carriers that have provided customers with consistently best-in-class experiences have generated two to four times more growth in new business and about 30 percent higher profitability than firms with an inconsistent customer focus. The report suggests that this is partly because satisfied customers are 80 percent more likely to renew their policies than unsatisfied ones.

Fostering Connected Experiences

Insurtech was gaining momentum even before the pandemic accelerated digitization. According to Quarterly InsurTech Briefing, Willis Towers Watson, investments in insurtechs worldwide grew from $0.3 billion in 2003 to $5.8 billion in 2019. That means insurers are no longer only competing with other insurers - they are competing with insurtechs, fintechs, and other digital service providers. To stand out from the crowd, there’s a need for digital innovation and transformation of client experience.

The fact that 80% of customers are willing to use digital and remote channel options for different tasks and transactions shows that insurance leaders need to be equipped to evaluate and revamp their existing infrastructure. As an industry that’s traditionally been dependent on in-person interactions, it’s challenging to transition to an all-digital customer engagement process overnight. Hence, the ideal approach is to start by digitizing the most critical parts of the journey - namely claims and underwriting.

Increased technical fluency and technology-based delivery in the claims and underwriting processes are non-negotiable for the success of insurance companies. It’s no longer about starting and completing the transaction within the framework of any singular channel.  Customers demand easy access to solutions and services across multiple channels and expect a seamless transition from one platform to the other.

In fact, McKinsey’s study titled The Multi-access (r)evolution in Insurance Sales identifies multi-access customers as the fastest-growing insurance segment in recent years—in 2019, every second customer was multi-access. According to the same report, the share of purely offline customers is expected to decrease from six out of ten in 2012 to just over two out of ten in 2024.

Four Tenets of CX Transformation in Insurance

1.   Make it personalized, easy, and instant

The buzzwords for serving today’s customers are personalized, easy, and instant. These are the new CX standards customers measure insurers against. Let’s dive into them one by one:

Personalization is the key to delivering a stellar customer experience consistently. It implies that companies understand the needs of the customer and know how to address their concerns. One-to-one communication is the expectation of consumers across all industries, and the insurance sector is no exception. According to the Elevating the insurance customer experience study by IBM, 64% of consumers want their insurers to understand them well. The ability to tailor experiences and messaging gives providers a competitive advantage over their contemporaries. At Statflo, we help insurance companies build one-to-one relationships with their customers by integrating with their sales and marketing platforms to display customer data from any app or software. This provides customer-facing teams with a complete view of the customer’s history with the company and helps create hyper-localized campaigns to personalize customer outreach.

Ease of access is another deciding factor that plays an important role in shaping consumer opinion. As we talked about it before, when customers of insurance providers reach out to the company, they are usually frustrated. Asking them to jump through hoops in such a mindset will only create a negative impression. Making the claims filing process as low-touch and as straightforward as possible will make all the difference.

Make it instant is the last and perhaps the most crucial buzzword that affects customer experience in insurance. Its importance is highlighted by the Deloitte report titled 2021 Insurance Outlook that suggests that prospects are 20% more likely to purchase a life policy as the underwriting and application process gets closer to real-time. Any technology that can make communication instantaneous during the claims and underwriting processes is the best investment insurers can make right now.

Some of the areas that can be upgraded to make the process more real-time are using e-signatures and e-forms, leveraging instant communication channels like text message and WhatsApp, putting processes in place for digital document uploads, and making appointment scheduling accessible across all platforms. One of the features that Statflo’s one-to-one text messaging platform offers is Rich Content Experiences or Sendables. Sendables operate like a headless Content Management System and allow users to embed the best of the web in every conversation. Our clients can request payments, e-signatures, as well as send secure links, images, appointment reminders, and even start live review sessions without having to change a single tab.

2.   Keep it compliant

When it comes to highly regulated industries like insurance, compliance and data security are of paramount importance. When evaluating new technology or processes, insurers are hesitant to make the switch for the fear of violating regulations. 42% of respondents in the New Horizon Report maintain that complex regulatory requirements are the biggest barrier to digitization in their insurance companies. Statflo’s compliant business text messaging platform helps companies communicate with their clients without having to worry about adherence to legal statutes as we manage opt-outs and DNCs across all channels. Our intelligent filtering feature ensures brand compliance by blocking undesirable content from being sent or received by your frontline team. Additionally, Statflo is SOC 2 Type II compliant, which means we have established protocols and met standards around data security. 

3.   Choose no code/less code solutions

Little to no code development IT tools allow insurers to unload some of the data security and compliance tasks to third-party providers without worrying about privacy, and compliance regulations.

Jeff Wargin, chief product officer of P&C insurance platform Duck Creek noted in one of his articles, “Low-code configuration tools allow business stakeholders – not just IT professionals – to update and manage apps and software using an intuitive, user-friendly drag and drop functionality. With moderate or even elementary app and software experience, insurers will be able to quickly implement new and different user interface (UI) features that customers demand, in a fraction of the time usually required.”

Platforms like Statflo that leverage API integrations and SDKs help insurance companies embrace new technologies without going through the hassle of extensive reconfiguration or re-coding of existing tools and systems. 

4.   Use automation responsibly

Insurance companies need to identify areas that are sufficiently structured to be automated. Blindly integrating AI or machine learning in every part of the process without understanding how it will impact customer experience is going to create more problems than solve. If there’s no proper strategy in place, automation can lead to technical glitches and a lack of personalization. Setting up proper workflows, sequences, and triggers is essential for the success of any automated process.

The pandemic has accelerated the adoption of virtual channels for communication and transactions. Industries traditionally dependent upon in-person interactions have been forced to adapt according to the changing consumer expectations and upgrade their technology stack to drive great CX.

Statflo helps insurance companies and retail banks foster one-to-one relationships with their customers through personalized and proactive customer outreach. Businesses leverage our compliant text messaging platform to shorten their sales cycles, effectively cross-sell/up-sell customers, and engage their customer base. For more information on how we help insurance providers personalize their customer outreach, book a demo with us!

---

Want to learn more? Save your seat for our upcoming webinar:

Digital Transformation of Client Experience in Financial Services

---