Care Bridge International CEO Deborah Watkins talks about how its technology helps claims departments to more quickly and accurately forecast the medical cost component of a claim

---

View more Videos Learn more about Innovator's Edge

Sidd Gavirneni, CEO and Co-Founder of Zeguro, describes the company's holistic easy-to-use cyber safety platform for small to mid-sized enterprises that do not really have cyber security folks or the expertise to protect their business.

---

View more Videos Learn more about Innovator's Edge

Jason Andrew, CEO and Co-Founder of Limelight Health, talks about the platform for the employee benefits industry, and how it innovates manual legacy processes to make a better experience for brokers, carriers and employers.

---

View more Videos Learn more about Innovator's Edge

Alex Frommeyer, Founder and CEO of Beam, software designed to deliver better a dental and ancillary benefits experience and solutions for small and medium-sized employers.

---

View more Videos Learn more about Innovator's Edge

Personal lines insurers are investigating emerging technologies and developing strategies and plans related to individual new technologies. Technology is advancing so rapidly that it is even difficult to define what should be considered an emerging technology. For the past several years, SMA has been tracking 13 technologies that many consider to be emerging. These include technologies such as autonomous vehicles, AI, wearables and the Internet of Things. In our recent research, five of these technologies have emerged as “power players” for personal lines insurers, based on the level of insurer activity and the potential for transformation. The specific plans by insurers for these and other technologies are detailed in the SMA report, Emerging Tech in Personal Lines: Broad Implications, Significant Activity. See also: 2018’s Top Projects in Personal Lines   Some big themes for emerging tech in personal lines stand out:

• Artificial Intelligence dominates. AI is often a misunderstood and misused term. However, when specific technologies that are part of the AI family are evaluated, much activity is underway – by insurers, insurtech startups and mature tech vendors. Chatbots, robotic process automation (RPA), machine learning, natural language processing (NLP) and others are the subjects of many strategies, pilots and implementations.
• The Autonomous Vehicle frenzy is cooling.There is still an acute awareness of the potential of autonomous vehicles to dramatically alter the private passenger auto insurance market. But there is also the realization that, despite the hype, the transition is likely to be a long one, and the big implications for insurers are probably 10 or more years out.
• The IoT is going mainstream. Discussions continue about the transformational potential of the IoT for all lines of business. But rather than just talking about the possibilities, there is now a great deal of partnering, piloting and live implementation underway. We are still in the early stages of incorporating the IoT into strategies and insurance products and services, but their use is becoming more widespread every day.
• UI Options are dramatically expanding. The many new ways to interact with prospects, policyholders, agents, claimants and others should now be considered in omni-channel plans. Messaging platforms, voice, chatbots and more are becoming preferred ways to communicate for certain customer segments.

See also: Insurtech and Personal Lines   Certainly, other trends and much emerging tech activity are happening outside these main themes. Wearables, new payment technologies, drones, blockchain and other technologies are being incorporated into strategies, pilots and investment plans. The next few years promise to be quite exciting as advancing technologies spark more innovation in the industry.

While the largest number of data breaches occur at healthcare providers’ sites, such as hospitals and physician offices, healthcare plans account for the greatest number of health plan member records stolen over the past seven years, according to a study published in JAMA. This is attributable to extremely large breaches of electronic systems. While these centralized databases offer a wealth of health records that can be used to improve healthcare, it’s important to balance the risks of being hacked against the benefits. These breaches represent one area where health plan organizations must focus their attention to overcome an increasingly complex regulatory and risk management environment. A fully equipped health information management platform has become a vital requirement for health plan organizations seeking to improve care, member outcomes and ROI. Balancing Risks of Data-Sharing While better policies and procedures and the use of encryption have helped reduce easily preventable breaches, more must be done to protect member privacy and mitigate associated costs. Health data breaches cost the U.S. healthcare industry an estimated $6.2 billion, and 70% of businesses that have experienced ransomware attacks in their workplace have paid to have stolen data returned. Attackers have learned how to monetize healthcare data, with the number of attack points continuing to rise with the use of mobile medical- and health-related apps and with electronic health records (EHR) become increasingly embedded in clinical settings. Given all this, health plans should seek a technology-enabled platform that optimizes operational viability, helps to improve member outcomes at reduced costs and ensures data security and privacy. The first step is to look for a vendor that has earned Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) certification. See also: VPNs: How to Prevent a Data Breach   Understanding HITRUST Benefits As healthcare data shifts from local infrastructure to the cloud, the ability to control and secure data weakens, creating substantial challenges for health plans and hospitals that need to assess third-party vendors and ensure that data complies with HIPAA and other regulations. HITRUST sprang from the belief that information security should be the core of the broad adoption of health information systems and exchanges. HITRUST CSF certification can be used by all organizations to guide them in selecting and implementing the appropriate controls to protect the systems that create, access, store or exchange personal health and financial information. Certification gives organizations detail and clarity related to information security controls tailored to the healthcare industry. Certification also carries two key advantages: First, it’s designed to examine regulations. During the certification process, an independent assessor uses the HITRUST framework and then submits work papers to HITRUST for scoring and quality assurance. This ensures providers a level of consistency from one assessment to another. Second, HITRUST performs a gap analysis, which providers can request to help them further assess a vendor’s security posture, which saves substantial resources. HITRUST CSF certification also includes these benefits:

1. Cross references the requirements from legislative, regulatory, HIPAA, NIST, ISO, state laws and others for one comprehensive framework
2. Provides a framework that prepares organizations for new regulations and security risks once introduced
3. Ensures compliance and security protection to clients
4. Assures payers working with vendors that the platform is compliant, private and secure and meets the necessary requirements of HITRUST CSF certification
5. Means a third-party assessed the platform and attests to its compliance with globally recognized standards, regulations and business requirements, ensuring data security, privacy and compliance

Full-spectrum, end-to-end Platform Health plans should look for an integrated risk-adjustment optimization and quality improvement platform that has HITRUST CSF certification as validation of a commitment to improving the health of healthcare and providing innovative solutions for health plans across the country. They should offer a platform that provides health plans and provider groups with a comprehensive risk adjustment solution that plays an integral role in helping health plans and risk-bearing entities improve measured quality. HITRUST CSF provides a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management. Leveraging nationally and internationally accepted standards including ISO, NIST, PCI, HIPAA and COBIT to ensure a comprehensive set of baseline security controls, HITRUST CFS normalizes these security requirements and provides clarity and consistency, reducing the burden of compliance. HITRUST CSF, the most widely adopted security framework in the U.S. healthcare industry, continues to improve and update its framework ensuring that organizations are prepared when new regulations and security risks are introduced. See also: Unclaimed Funds Can Lead to Data Breaches   Furthermore, the certified solution should combine risk adjustment and quality improvement services and provide real-time visibility and reporting for risk adjustment analytics, medical record retrieval, HEDIS abstraction, risk adjustment coding, claims and data validation, prospective health assessments, clinical abstraction, member engagement/outreach and provider education. It should also be designed to integrate risk adjustment and quality services to deliver fully transparent insights. Success in value-based approaches pivots around delivering on total member health, cost and quality rather than relying on the traditional model of maximizing relative value units, revenue and downstream referrals. The right full-spectrum, end-to-end approach to care empowers health plans and providers to identify gaps in care and manage plan members more productively. Consequently, plan members reap the greatest benefit by being guided toward more preventive care and self-management early in the care process and their information and privacy remain protected.

Today’s mobile, social world has created an explosion of data that is presenting great opportunities for all industries, especially insurance. Consider that by 2020 new information produced per second for every human being will reach 1.7 megabytes. And the volume of big data will increase from 4.4 zettabytes to roughly 44 zettabytes, or 44 trillion gigabytes. With large data resources, carriers and their customers are collaborating more efficiently, resulting in better, faster, and more valuable interactions that in the end are intended to deliver a better consumer experience. They’re also entering a time where they can be more accurate and precise. For example, the data available today enables theoretical “pools of 1” versus the typical insurance pools that have led to risk sharing across large groups of people. In addition, the vast majority of data is unstructured—or social media postings, online and offline shopping activity, emails, reports, and interviews. This isn’t the data we’re used to and the implications of this potential has both pros and cons for insurance. Pros and Cons Without a doubt, big data’s influence is present throughout the insurance value chain - more specifically, during product development, pricing, marketing, sales, customer service, claims and management activities. Data is also being used to streamline the application and claims process. Applying machine learning algorithms to outcomes is helping claims processing. There’s also been a noted reduction in fraud through better identification techniques. See also: Cognitive Computing: Taming Big Data   On the flip side, complexity and volume of data may present hurdles for less data-centric and smaller insurers. There are challenges in terms of technology and data science resource constraints, as well as increased consumer privacy concerns. Further, we see some companies unable to leverage data because their culture doesn’t support innovation. Some carriers, such as Progressive, don’t have that problem. Another example is Nationwide, where the company’s chief data officer, Jim Tyo, has a stated goal “to not be an insurance company but to be a data company that sells insurance.” Unfortunately, we bump up against folks at other companies who are on the opposite end of the “strong data culture” spectrum. Relevance While most insurance carriers have an overabundance of data about their prospects and customers, the challenge is making that data accessible, actionable and relevant in real time. The undeniable goal is to ensure the data adds value to the business to acquire, retain and grow the customer base. It’s essential to gain access to the right data at the right time and turn one-time buyers into lifelong customers. Big data is making it easier to target markets with more precision and assist with personalized marketing (see a recent McKinsey article on this topic)—both of which improve the customer experience. With so much data available, ensuring relevance and quality is a key difference between those successfully using big data and those who are struggling to understand it. New technologies are enabling insurance marketers like never before to sort quickly through multiple potential data sources to identify those relevant to them. And it’s not just new data sources that offer opportunity. Our customers are also pushing the envelope by finding new use cases from existing data sources. Those who embrace this level of innovation are growing profits and gaining market share. Lifetime Value After 20-plus years of online media evolution, insurance marketers have started to see that an individual digital event—where the consumer is researching or raising his or her hand for an insurance product on a given brand’s site or a third-party comparison site—is one moment in time in the consumer’s journey. It’s one of several critical moments where carriers are aligning their engagement efforts. And these moments are fueling the big data available to insurance marketers, which is evidenced by the nearly 1.5 million unique online insurance events my organization sees every day. The customer’s engagement involves research ahead of the quote request and more research after, ultimately leading to the conversion event. All of the breadcrumbs along the journey tend to be inaccessible to marketers or the media partners that are creating this behavioral data. Brands and partners are both challenged to connect these intent signals, but they are incredibly important. Technology to connect these events in the consumer’s journey is essential. See also: 3-Step Approach to Big Data Analytics   Done right, and in partnership with the digital ecosystem, these tools can identify individual consumer behavior and link multiple activities regardless of device type. That data can be converted into insights that can then be leveraged in real time to retain current customers, grow relationships with existing customers and establish new relationships. The majority of the top insurance companies in the U.S. are connecting the dots and using sophisticated technology and data to gain real-time intelligence into the origin, history and intent of prospects and customers. Such solutions enable carriers and agents to follow consumers on their buying journeys until the end when they purchase a policy, helping insurers observe and access behavioral data they can use to analyze the intent of the consumer at any given moment. When marketers gain the ability to identify and take action on data, they can be more efficient and simultaneously enhance the consumer experience and increase customer lifetime value.

Usage-based pricing is a fascinating topic for insurers. A technology that allows persistent monitoring of risk exposure during the coverage period could potentially enable insurers to price each risk at the best rate. The potential, however, is not the reality. In 2017, 14 million policies sent telematics data to insurers around the world, of which 4.4 million were in the U.S market, based on an estimate by the IoT Insurance Observatory, an insurance think tank that has aggregated almost 50 insurers, reinsurers and tech players between North America and Europe. (In the U.S., there were a further 3.6 million policies that are still active and commonly defined as telematics but that in the past had a dongle only and didn’t send any data to insurers last year.) However, less than 9% of the global insurance telematics policies were characterized by usage-based pricing, which is a mechanism that charges the policyholders for the current period of coverage based on how they behave (mileage or driving behavior) during this period. Instead, the vast majority of the telematics policies bought by customers around the world today have a defined up-front price for the current policy term. Moreover, the telematics data registered during the policy period does not affect this price in any way, and is used only for proposing a renewal price at the end of the policy. So, these policies are not usage-based because at the beginning of each policy term the customers are sure about the amount they are going to pay for the policy, regardless of their behavior during the months of coverage. These existing implementations of telematics-based pricing are somewhat validated from consumer perceptions toward insurance. In a survey of 1,046 U.S. consumers, the Casualty Actuarial Society Insurance On-Demand Working Party has addressed and demystified some of the behavioral economics assumptions on the insurance products. The research showed that only 32% of consumers reviewed their personal lines (auto and home) coverage more than once per year. Furthermore, 89% of consumers said they would rather pay a single, stable price per year compared with paying per usage without a certainty of total price. Usage-based auto insurance, across the entire on-demand category studied by the working group, is attractive to people penalized by traditional insurance products, that is, consumers with low usage who would otherwise have to pay for more coverage than they need. Potential and Success Stories The usage-based approach persistently monitors the policyholders and charges (potentially) each customer a rate commensurate with actual exposure, minimizing the premium leakage in each coverage period. The resulting minimized earning volatility from usage-based pricing allows insurers to increase the leverage and through this to improve investment return and the return on equity of the company. This approach also allows for increased retention of good risks, at any pricing level, which are penalized by competitors with less accurate pricing mechanisms. The quality of the portfolio is improved (with more profitable customers) at each renewal. The resulting lower volatility from usage-based pricing and better quality of the portfolio over time would also enable insurers to negotiate lower reinsurance costs. But while usage-based insurance could theoretically be a profitable option for insurers, the problem seems to be the lack of customer demand for an insurance product where there isn’t a defined up-front price for all the entire coverage period.. See also: Rethinking the Case for UBI in Auto Newcomers to the insurance market are bringing a different perspective to the problem, recognizing that small clusters of drivers who have been heavily penalized by the current insurance rates—such as extremely low-mileage drivers, or extremely safe drivers without a credit score—could be enough to start a niche business. There are a few success stories of insurtech startups, such as Insure The Box and Metromile, which have been able to build portfolios around 100,000 policies and relevant company evaluations within six to seven years. Driving Scores at the Underwriting Stage One way to combat the lack of market fit that has affected the usage-based adoption could be to use a driving score at the underwriting stage. This way, insurers will make an up-front quotation by using—together with traditional data—the driving data. The value created through this approach is clear and similar to experiences the sector has had integrating new risk factors (e.g. credit scoring) in pre-existing risk models. This telematics-enhanced risk model enables more accurate pricing. This, in turn, allows insurers to generate favorable selection by attracting the best risks for each pricing level (leaving the worst to the competitors). Through the creation of smaller and more homogeneous clusters of clients, this approach even reduces premium leakage, reducing the volatility. And, if the driving score is used at each renewal, there is a chance of improving portfolio quality over time (at any pricing level), with insurers using driving scores for underwriting, benefiting from retention of the most profitable customers--those who are penalized by competitors with less accurate pricing mechanisms. The ROI of this approach is extremely positive, but the current scenario for obtaining the customer driving score seems very different from the scenario we have known for the credit score. The credit score (or the granular data necessary to calculate it) is available on the entire customer base and certified by reliable third parties, so each insurer can gather this data any time a customer requests a quotation via an agent, a broker, a call center or even online. Moreover, anyone who doesn’t have a credit score is considered a nonstandard risk. So, the concretization of the driving score dream requires the availability and reliability of third-party data for the insurers and, most importantly, the creation of frictionless purchasing processes for the clients. Data exchanges, which bring OEM data to insurers, have been present in the U.S. customer market for a few years, but because there are many points of friction throughout OEM funnels, they still represent only 2% of the U.S. telematics insurance portfolio. This customer fatigue is due to the need to opt in to request a quotation. Eligibility for the opt-in comes in a moment when he is not shopping around for insurance coverage (a few months after the purchase of the new car). The quotations, which are done with anonymized data, are only indicative, so the customer needs to add data later to receive the real proposal. Try Before You Buy A different way to concretize the wish to access a driving score any time an insurance price quotation is calculated is by using a try-before-you-buy app. Given the current level of smartphone penetration, such an app likely provides an easier way to address a large part of the market than with the data exchanges and may also reduce customer frictions. As insurtech carrier Root is currently doing, an insurer can ask a prospect to download an app on his smartphone, calculate the driving score through collected data and, after a while, calculate the quotation incorporating the customer’s driving score. Using this approach, this less-than-two-year-old auto carrier startup wrote 1.5 times more premium than the more-talked-about carrier Lemonade. (Both are insurtech carriers, although Lemonade is writing renters insurance, and Root is writing auto). Root even entered in the insurtech unicorn club in August, thanks to a $100 million round of funding raising the valuation to $1 billion. Tailored renewal price As mentioned, 90% of the current global telematics policies only use the driving data for tailoring the renewal price to the customers after having monitored them for a few months (rollover approach) or for the entire coverage period (leave-in approach). Are insurers achieving any economic value through this pricing approach? They can increase the retention of the most profitable risks at each pricing level by providing a discount at renewal. However, this additional discount reduces the profitability of these policyholders. So the chance to create some value through this “discounted retention” is linked to the presence of a high-level churn rate. If surcharges to the worst risks at each pricing level are added, insurers will have the opportunity at renewal to partially reduce the premium leakage they have identified on these risks, or push some of them toward competitors. The accompanying chart (right side) summarizes these pricing thoughts: The expected ROI of the “discount at renewal” is definitely lower than the driving score scenario—it structurally misses the ability to have a positive up-front selection by attracting the better risks at each pricing level—but it is positive if surcharges are added. The IoT Insurance Observatory has found that a large portion of the policies using driving data for tailoring renewal prices have not resulted in any bad driver penalties. So, are these telematics portfolios destroying value instead of creating it? The reality is that there is value created on these portfolios, but the value is not tied to pricing. And some of the pricing approaches are even reducing that value. First, there are many examples of the risk self-selection impact of all the telematics-based products around the world. Even if two customers seem to be equal based on their characteristics, the one who accepts the telematics product has a lower probability of generating a loss. The stronger the monitoring message on the product storytelling, the higher the self-selection effect. The most statistically robust study is on the Italian auto insurance market, where this risk self-selection effect has accounted for 20% of the claim frequency. In this market, telematics products currently represent more than one-fifth of the personal lines auto insurance business, and the storytelling of the product is hugely focused on monitoring and customer support at the moment of a crash. Other than risk self-selection, three other telematics-based use cases have been exploited by insurers. Some international insurers have reinvented their claims processes through telematics data: Their new paradigm is fact-based, digital and real-time. Insurers such as UnipolSai have introduced tools for their claim handlers that allow a quicker and more precise crash responsibility identification and have been providing precious insights to support the activity of all the actors involved in the claim supply chain (both loss adjusters and doctors). See also: Is Usage-Based Insurance a Bubble?   A second well-demonstrated telematics use case is the change of driver behavior. VitalityDrive introduced by the South African insurance company Discovery Insure is the first insurance telematics product entirely focused on promoting safer behavior. All the product features—from gas cash-back (up to 50% of fuel spending per month) to active rewards through the app (including coffee, smoothies and car wash vouchers)—are contributing to the risk reduction of the book of business and to increased retention of the best risks. Both the Italian and South African experiences have even been characterized by the insurers’ ability of enhancing the insurance value proposition by adding telematics-based services bundled to the auto insurance coverage. The fees paid by customers for these services almost offset all the costs of the telematics services on the insurers’ income statements Based on the experience of the IoT Insurance Observatory, global insurance telematics best practices have generated more value through these four use cases than through pricing as of today. So, the sum of the self-selection effect, the claim cost reduction and the economic impact of changes of behavior allows an insurer to provide an important up-front discount at the same level for all the new telematics-based policyholders. This relevant level of up-front discount -- 20% or more -- has been able to drive the adoption (overcoming any eventual customer privacy skepticism) because it fits with the customer desire to save money, contrasting the low adoption rates generated for more than a decade in the U.S. where up-front discount offers are typically only 5%. The discount should be maintained, on average, at the same level at the renewal stage. Moreover, an additional economic value can be generated—at each pricing level—by providing additional discounts to the best policyholders and reducing the discount to the worst ones. This is what the international best practices are doing today.

Back in 2001, famed technologist and futurist Ray Kurzweil boldly proclaimed that the human rate of progress was doubling. He added that, by the time the 21st century ends, the progress would feel like 20,000 years’ worth of transition instead of 100. At the time, Kurzweil's statement sounded a bit dubious. But with how rapidly technology has transformed over the last two decades, it now seems that the world's ability to change quickly was drastically underestimated. We live in an age defined by acceleration, and this incredible pace of change has exceeded many industries’ capacity to handle it. Changes that once took an entire generation for people to adapt to now takes 10 years. The possibilities of this rapidly changing landscape are endless, and so is the risk that comes with it. The Far Reaches of Risk It should come as no surprise that risk evolves alongside technology transformation. Advancement is a double-edged sword. It can simultaneously create a greater level of safety for the status quo and change the very nature of risk, forcing insurers to build new coverage solutions to address previously unforeseen concerns. For instance, autonomous vehicles might be safer drivers than humans, but they’re also vulnerable to cyberattacks and malware. In many cases, driverless cars are blurring the lines of established risk categories. For proof, just take a look at the sharing economy. It's less than a decade old, yet it’s raised major questions in terms of how coverage works. Are Uber or Lyft vehicles classified as work or personal? And does the coverage shift throughout the day as drivers turn their ride-sharing service on and off? Insurance companies have to find answers for these types of problems on a daily basis. See also: How to Adapt to the Growing ‘Risk Shift’   It’s an understandably complex and intimidating concept for many insurance leaders. However, while progress may be rapid, it’s not entirely unpredictable. The future can be bright for those who remain engaged with the changing landscape of risk. Here's what those leaders can expect: 1. Humans will gain a deeper understanding of risk. While technology’s race toward the future provides ample opportunity for confusion, it also provides the tools to parse that confusion and come to a better understanding of risk. Telematics, machine learning, data analytics and more all give insurers much greater insight into how risk touches every aspect of life. Commercial auto insurers are testing the waters of telematics to explore how they can be applied to evaluate individual driving behaviors. Companies can examine individual driving habits to see how those routines inform the kinds of services and discounts they can offer customers. Instances like these are only going to become more common. This type of granular data sharing will have a direct impact on how coverage is constructed and provided in the future. 2. The way humans and technology relate to risk will change. As automation continues to be integrated into daily life, coverage will have to properly account for and balance the effect computers and humans each have on rates. Amazon has more than 100,000 automated and robotic systems integrated into its operations working with human employees to maintain efficiency. The online retailer has almost certainly had to consider how to provide coverage for its employees while they work in tandem with heavy machinery, something companies in similar situations will also have to consider. Regulation for this is still being crafted. Insurers will need to make sure they continue to stay up-to-date on how and when machines can take over from humans and how that will affect risk. 3. Customer service will look a little different. Thanks to the Internet of Things, insurers will be able to learn about incidents in real time and process claims before a policyholder even gets involved. These instantaneous notifications are clearly useful for insurance companies, but, used correctly, they can also be a major selling point for consumers. Machine learning could have a similar impact on customer service. It can be used to pinpoint a highly customized plan for every individual without the customer having to do most of the groundwork. See also: Insurers Grappling With New Risks   This age of acceleration is intimidating, and it certainly shows no signs of slowing down. Leadership, however, should look at all this innovation as an opportunity, not a threat. Insurers can leverage tech to improve the customer experience from quote to claim, and, as technology advances, so will the tools that help insurers understand risk. There’s no denying that infrastructure, demographics and risk are all changing at breakneck speed. To keep up, insurers must not just follow change — they need to grab it by its horns and embrace the new before it becomes old hat.

Standalone cyber insurance can successfully address a subset of privacy and security costs related to personally identifiable information, personal health information, payment card industry losses and increasingly some business interruption. However, outside of four industries (retail, hospitality, healthcare and financial institutions) generally no single insurance policy adequately covers cyber perils that result in funds transfers/crypto losses, bodily injury or tangible property damage-type losses. Organizations of all sizes, geographies and industries increasing rely on data analytics and technology, such as cloud computing, Internet of Things and artificial intelligence. These advancements add new and unique cyber exposures. Modeling of worst-case cyber scenarios compared with a review of the scope and exclusions of the base forms of multiple lines of insurance reveals potential material gaps in cyber coverage. The number of cyber incidents with losses greater than $1 million (through early September 2018) Recognize Financial Statement Impact According to the Risk and Insurance Management Society, organizations’ total cost of risk declined for the fourth year in a row in 2017, but cyber costs moved in the opposite direction, rising 33%. Most boards of directors and management now include cyber perils and solutions in corporate governance discussions as they learn more regarding the potential financial statement impact of high-profile cyber incidents. Yet, organizations only insure a relatively small portion of their intangible assets compared with insurance coverage for legacy tangible assets. Prudent organizations will spend the appropriate amount of time and resources on the risk management areas that are likely to have the greatest return on investment. For example, a disproportionate amount of attention is focused on cryptocurrency exposures, which affects a relatively small proportion of the corporate insurance buying population and related monetary losses. These are generally excluded from standalone cyber insurance policies. See also: The New Cyber Insurance Paradigm   Almost every large organization and most middle-size organizations will have some reliance on distributed ledger technology within the next few years – either directly or via one of their third-party suppliers, distributors, vendors, partners or customers. It is important for organizations to educate and prepare themselves: 1. Understand the intended scope of standalone cyber and professional liability insurance policies Typical standalone cyber insurance policies specifically exclude funds transfers, crypto transfers and other cash and securities monetary losses. Crime policies are intended to address fund losses under specified circumstances. Similarly, payment diversion fraud coverage for “spoofing,” “phishing" and other social engineering incidents is generally excluded under cyber policies but possibly covered under crime policies. However, two federal appellate courts recently ruled that policyholders are entitled to crime insurance coverage for losses arising from social engineering schemes.

• July 2018: Facebook investors filed two different securities lawsuits: (1) the first based on the Cambridge Analytica user data incident; and (2) the second following Facebook’s lower-than-expected quarterly earnings release due to lower growth rate caused in part by allegedly unanticipated expenses and difficulties in complying with the European Union General Data Protection Regulation (“GDPR”).
• Aug. 8, 2018: Securities class action litigation against a publicly reporting media performance ratings company disclosed in its quarterly earnings release that GDPR-related changes affected the company’s growth rate, pressured the company’s partners and clients and disrupted the company’s advertising “ecosystem.”

Typical professional liability and cyber policies also specifically exclude shareholder derivative securities and similar fiduciary liability litigation. A well-crafted directors and officers insurance policy is recommended to provide certain defense and indemnity coverage for such claims. Absent extensive policy wording customization, the typical cyber insurance policy specifically excludes all bodily injuries and tangible property damage – both first-party tangible property damage (the insured’s own property) and third-party tangible property damage (property owned by someone other than the insured). 2. Silent and affirmative cyber coverage under other lines of insurance When cyber exposure losses first emerged, insurers had not priced cyber risks into their broadly worded legacy policies, such as property and general liability. However, absent specific cyber exclusions, such as the CL 380 Cyber Exclusion, it is possible that legacy property, general liability, environmental, product recall, marine and aviation could inadvertently cover unintended cyber perils, thus the so-called silent cyber insurance coverage. After making the first unintended cyber claims payment, some insurers, but not yet all, either exclude or sub-limit cyber risk from new standard policies and renewals. Granting affirmative full cyber limits coverage for an additional premium in such legacy policies is rare and slow to develop. Silent cyber coverage remains. In fact, according to multiple large insurance companies, the 2017 total amount of cyber-related business interruption claims payments were greater under property insurance policies than under standalone cyber policies. Furthermore, aggregated/correlated/systemic cyber exposures have the potential to cause damages that are multiples of any loss seen to date (i.e. 10,000 customers of a cloud provider or energy/power/utilities). Catastrophe modeling for aggregated/correlated/systemic cyber risk is in its infancy. Innovative approaches for assisting insurers concerned about aggregated, clash incidents – or two different policies covering the same cyber peril - and silent cyber exposures are starting to emerge. See also: Cyber: Black Hole or Huge Opportunity?   To achieve cyber resiliency, consider cyber as a peril rather than as a standalone insurance policy. Assess, test, improve, quantify, transfer and respond to the larger cyber risk management issues based on a cost-benefit analysis of resource allocation. Insurance is complementary to a robust cyber resiliency risk management approach. Each organization should identify and protect its critical intangible assets and balance sheet by aligning the cyber enterprise risk management strategy with corporate culture and risk tolerance. All descriptions, summaries or highlights of coverage are for general informational purposes only and do not amend, alter or modify the actual terms or conditions of any insurance policy. Coverage is governed only by the terms and conditions of the relevant policy. If you have any questions about your specific coverage or are interested in obtaining coverage, please contact your Aon broker. For general questions about cyber insurance, contact: Stephanie Snyder at stephanie.snyder@aon.com.