Personal lines insurers are investigating emerging technologies and developing strategies and plans related to individual new technologies. Technology is advancing so rapidly that it is even difficult to define what should be considered an emerging technology. For the past several years, SMA has been tracking 13 technologies that many consider to be emerging. These include technologies such as autonomous vehicles, AI, wearables and the Internet of Things. In our recent research, five of these technologies have emerged as “power players” for personal lines insurers, based on the level of insurer activity and the potential for transformation. The specific plans by insurers for these and other technologies are detailed in the SMA report, Emerging Tech in Personal Lines: Broad Implications, Significant Activity. See also: 2018’s Top Projects in Personal Lines   Some big themes for emerging tech in personal lines stand out:

• Artificial Intelligence dominates. AI is often a misunderstood and misused term. However, when specific technologies that are part of the AI family are evaluated, much activity is underway – by insurers, insurtech startups and mature tech vendors. Chatbots, robotic process automation (RPA), machine learning, natural language processing (NLP) and others are the subjects of many strategies, pilots and implementations.
• The Autonomous Vehicle frenzy is cooling.There is still an acute awareness of the potential of autonomous vehicles to dramatically alter the private passenger auto insurance market. But there is also the realization that, despite the hype, the transition is likely to be a long one, and the big implications for insurers are probably 10 or more years out.
• The IoT is going mainstream. Discussions continue about the transformational potential of the IoT for all lines of business. But rather than just talking about the possibilities, there is now a great deal of partnering, piloting and live implementation underway. We are still in the early stages of incorporating the IoT into strategies and insurance products and services, but their use is becoming more widespread every day.
• UI Options are dramatically expanding. The many new ways to interact with prospects, policyholders, agents, claimants and others should now be considered in omni-channel plans. Messaging platforms, voice, chatbots and more are becoming preferred ways to communicate for certain customer segments.

See also: Insurtech and Personal Lines   Certainly, other trends and much emerging tech activity are happening outside these main themes. Wearables, new payment technologies, drones, blockchain and other technologies are being incorporated into strategies, pilots and investment plans. The next few years promise to be quite exciting as advancing technologies spark more innovation in the industry.

While the largest number of data breaches occur at healthcare providers’ sites, such as hospitals and physician offices, healthcare plans account for the greatest number of health plan member records stolen over the past seven years, according to a study published in JAMA. This is attributable to extremely large breaches of electronic systems. While these centralized databases offer a wealth of health records that can be used to improve healthcare, it’s important to balance the risks of being hacked against the benefits. These breaches represent one area where health plan organizations must focus their attention to overcome an increasingly complex regulatory and risk management environment. A fully equipped health information management platform has become a vital requirement for health plan organizations seeking to improve care, member outcomes and ROI. Balancing Risks of Data-Sharing While better policies and procedures and the use of encryption have helped reduce easily preventable breaches, more must be done to protect member privacy and mitigate associated costs. Health data breaches cost the U.S. healthcare industry an estimated $6.2 billion, and 70% of businesses that have experienced ransomware attacks in their workplace have paid to have stolen data returned. Attackers have learned how to monetize healthcare data, with the number of attack points continuing to rise with the use of mobile medical- and health-related apps and with electronic health records (EHR) become increasingly embedded in clinical settings. Given all this, health plans should seek a technology-enabled platform that optimizes operational viability, helps to improve member outcomes at reduced costs and ensures data security and privacy. The first step is to look for a vendor that has earned Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) certification. See also: VPNs: How to Prevent a Data Breach   Understanding HITRUST Benefits As healthcare data shifts from local infrastructure to the cloud, the ability to control and secure data weakens, creating substantial challenges for health plans and hospitals that need to assess third-party vendors and ensure that data complies with HIPAA and other regulations. HITRUST sprang from the belief that information security should be the core of the broad adoption of health information systems and exchanges. HITRUST CSF certification can be used by all organizations to guide them in selecting and implementing the appropriate controls to protect the systems that create, access, store or exchange personal health and financial information. Certification gives organizations detail and clarity related to information security controls tailored to the healthcare industry. Certification also carries two key advantages: First, it’s designed to examine regulations. During the certification process, an independent assessor uses the HITRUST framework and then submits work papers to HITRUST for scoring and quality assurance. This ensures providers a level of consistency from one assessment to another. Second, HITRUST performs a gap analysis, which providers can request to help them further assess a vendor’s security posture, which saves substantial resources. HITRUST CSF certification also includes these benefits:

1. Cross references the requirements from legislative, regulatory, HIPAA, NIST, ISO, state laws and others for one comprehensive framework
2. Provides a framework that prepares organizations for new regulations and security risks once introduced
3. Ensures compliance and security protection to clients
4. Assures payers working with vendors that the platform is compliant, private and secure and meets the necessary requirements of HITRUST CSF certification
5. Means a third-party assessed the platform and attests to its compliance with globally recognized standards, regulations and business requirements, ensuring data security, privacy and compliance

Full-spectrum, end-to-end Platform Health plans should look for an integrated risk-adjustment optimization and quality improvement platform that has HITRUST CSF certification as validation of a commitment to improving the health of healthcare and providing innovative solutions for health plans across the country. They should offer a platform that provides health plans and provider groups with a comprehensive risk adjustment solution that plays an integral role in helping health plans and risk-bearing entities improve measured quality. HITRUST CSF provides a certifiable framework that provides organizations with a comprehensive, flexible and efficient approach to regulatory compliance and risk management. Leveraging nationally and internationally accepted standards including ISO, NIST, PCI, HIPAA and COBIT to ensure a comprehensive set of baseline security controls, HITRUST CFS normalizes these security requirements and provides clarity and consistency, reducing the burden of compliance. HITRUST CSF, the most widely adopted security framework in the U.S. healthcare industry, continues to improve and update its framework ensuring that organizations are prepared when new regulations and security risks are introduced. See also: Unclaimed Funds Can Lead to Data Breaches   Furthermore, the certified solution should combine risk adjustment and quality improvement services and provide real-time visibility and reporting for risk adjustment analytics, medical record retrieval, HEDIS abstraction, risk adjustment coding, claims and data validation, prospective health assessments, clinical abstraction, member engagement/outreach and provider education. It should also be designed to integrate risk adjustment and quality services to deliver fully transparent insights. Success in value-based approaches pivots around delivering on total member health, cost and quality rather than relying on the traditional model of maximizing relative value units, revenue and downstream referrals. The right full-spectrum, end-to-end approach to care empowers health plans and providers to identify gaps in care and manage plan members more productively. Consequently, plan members reap the greatest benefit by being guided toward more preventive care and self-management early in the care process and their information and privacy remain protected.

Today’s mobile, social world has created an explosion of data that is presenting great opportunities for all industries, especially insurance. Consider that by 2020 new information produced per second for every human being will reach 1.7 megabytes. And the volume of big data will increase from 4.4 zettabytes to roughly 44 zettabytes, or 44 trillion gigabytes. With large data resources, carriers and their customers are collaborating more efficiently, resulting in better, faster, and more valuable interactions that in the end are intended to deliver a better consumer experience. They’re also entering a time where they can be more accurate and precise. For example, the data available today enables theoretical “pools of 1” versus the typical insurance pools that have led to risk sharing across large groups of people. In addition, the vast majority of data is unstructured—or social media postings, online and offline shopping activity, emails, reports, and interviews. This isn’t the data we’re used to and the implications of this potential has both pros and cons for insurance. Pros and Cons Without a doubt, big data’s influence is present throughout the insurance value chain - more specifically, during product development, pricing, marketing, sales, customer service, claims and management activities. Data is also being used to streamline the application and claims process. Applying machine learning algorithms to outcomes is helping claims processing. There’s also been a noted reduction in fraud through better identification techniques. See also: Cognitive Computing: Taming Big Data   On the flip side, complexity and volume of data may present hurdles for less data-centric and smaller insurers. There are challenges in terms of technology and data science resource constraints, as well as increased consumer privacy concerns. Further, we see some companies unable to leverage data because their culture doesn’t support innovation. Some carriers, such as Progressive, don’t have that problem. Another example is Nationwide, where the company’s chief data officer, Jim Tyo, has a stated goal “to not be an insurance company but to be a data company that sells insurance.” Unfortunately, we bump up against folks at other companies who are on the opposite end of the “strong data culture” spectrum. Relevance While most insurance carriers have an overabundance of data about their prospects and customers, the challenge is making that data accessible, actionable and relevant in real time. The undeniable goal is to ensure the data adds value to the business to acquire, retain and grow the customer base. It’s essential to gain access to the right data at the right time and turn one-time buyers into lifelong customers. Big data is making it easier to target markets with more precision and assist with personalized marketing (see a recent McKinsey article on this topic)—both of which improve the customer experience. With so much data available, ensuring relevance and quality is a key difference between those successfully using big data and those who are struggling to understand it. New technologies are enabling insurance marketers like never before to sort quickly through multiple potential data sources to identify those relevant to them. And it’s not just new data sources that offer opportunity. Our customers are also pushing the envelope by finding new use cases from existing data sources. Those who embrace this level of innovation are growing profits and gaining market share. Lifetime Value After 20-plus years of online media evolution, insurance marketers have started to see that an individual digital event—where the consumer is researching or raising his or her hand for an insurance product on a given brand’s site or a third-party comparison site—is one moment in time in the consumer’s journey. It’s one of several critical moments where carriers are aligning their engagement efforts. And these moments are fueling the big data available to insurance marketers, which is evidenced by the nearly 1.5 million unique online insurance events my organization sees every day. The customer’s engagement involves research ahead of the quote request and more research after, ultimately leading to the conversion event. All of the breadcrumbs along the journey tend to be inaccessible to marketers or the media partners that are creating this behavioral data. Brands and partners are both challenged to connect these intent signals, but they are incredibly important. Technology to connect these events in the consumer’s journey is essential. See also: 3-Step Approach to Big Data Analytics   Done right, and in partnership with the digital ecosystem, these tools can identify individual consumer behavior and link multiple activities regardless of device type. That data can be converted into insights that can then be leveraged in real time to retain current customers, grow relationships with existing customers and establish new relationships. The majority of the top insurance companies in the U.S. are connecting the dots and using sophisticated technology and data to gain real-time intelligence into the origin, history and intent of prospects and customers. Such solutions enable carriers and agents to follow consumers on their buying journeys until the end when they purchase a policy, helping insurers observe and access behavioral data they can use to analyze the intent of the consumer at any given moment. When marketers gain the ability to identify and take action on data, they can be more efficient and simultaneously enhance the consumer experience and increase customer lifetime value.

Usage-based pricing is a fascinating topic for insurers. A technology that allows persistent monitoring of risk exposure during the coverage period could potentially enable insurers to price each risk at the best rate. The potential, however, is not the reality. In 2017, 14 million policies sent telematics data to insurers around the world, of which 4.4 million were in the U.S market, based on an estimate by the IoT Insurance Observatory, an insurance think tank that has aggregated almost 50 insurers, reinsurers and tech players between North America and Europe. (In the U.S., there were a further 3.6 million policies that are still active and commonly defined as telematics but that in the past had a dongle only and didn’t send any data to insurers last year.) However, less than 9% of the global insurance telematics policies were characterized by usage-based pricing, which is a mechanism that charges the policyholders for the current period of coverage based on how they behave (mileage or driving behavior) during this period. Instead, the vast majority of the telematics policies bought by customers around the world today have a defined up-front price for the current policy term. Moreover, the telematics data registered during the policy period does not affect this price in any way, and is used only for proposing a renewal price at the end of the policy. So, these policies are not usage-based because at the beginning of each policy term the customers are sure about the amount they are going to pay for the policy, regardless of their behavior during the months of coverage. These existing implementations of telematics-based pricing are somewhat validated from consumer perceptions toward insurance. In a survey of 1,046 U.S. consumers, the Casualty Actuarial Society Insurance On-Demand Working Party has addressed and demystified some of the behavioral economics assumptions on the insurance products. The research showed that only 32% of consumers reviewed their personal lines (auto and home) coverage more than once per year. Furthermore, 89% of consumers said they would rather pay a single, stable price per year compared with paying per usage without a certainty of total price. Usage-based auto insurance, across the entire on-demand category studied by the working group, is attractive to people penalized by traditional insurance products, that is, consumers with low usage who would otherwise have to pay for more coverage than they need. Potential and Success Stories The usage-based approach persistently monitors the policyholders and charges (potentially) each customer a rate commensurate with actual exposure, minimizing the premium leakage in each coverage period. The resulting minimized earning volatility from usage-based pricing allows insurers to increase the leverage and through this to improve investment return and the return on equity of the company. This approach also allows for increased retention of good risks, at any pricing level, which are penalized by competitors with less accurate pricing mechanisms. The quality of the portfolio is improved (with more profitable customers) at each renewal. The resulting lower volatility from usage-based pricing and better quality of the portfolio over time would also enable insurers to negotiate lower reinsurance costs. But while usage-based insurance could theoretically be a profitable option for insurers, the problem seems to be the lack of customer demand for an insurance product where there isn’t a defined up-front price for all the entire coverage period.. See also: Rethinking the Case for UBI in Auto Newcomers to the insurance market are bringing a different perspective to the problem, recognizing that small clusters of drivers who have been heavily penalized by the current insurance rates—such as extremely low-mileage drivers, or extremely safe drivers without a credit score—could be enough to start a niche business. There are a few success stories of insurtech startups, such as Insure The Box and Metromile, which have been able to build portfolios around 100,000 policies and relevant company evaluations within six to seven years. Driving Scores at the Underwriting Stage One way to combat the lack of market fit that has affected the usage-based adoption could be to use a driving score at the underwriting stage. This way, insurers will make an up-front quotation by using—together with traditional data—the driving data. The value created through this approach is clear and similar to experiences the sector has had integrating new risk factors (e.g. credit scoring) in pre-existing risk models. This telematics-enhanced risk model enables more accurate pricing. This, in turn, allows insurers to generate favorable selection by attracting the best risks for each pricing level (leaving the worst to the competitors). Through the creation of smaller and more homogeneous clusters of clients, this approach even reduces premium leakage, reducing the volatility. And, if the driving score is used at each renewal, there is a chance of improving portfolio quality over time (at any pricing level), with insurers using driving scores for underwriting, benefiting from retention of the most profitable customers--those who are penalized by competitors with less accurate pricing mechanisms. The ROI of this approach is extremely positive, but the current scenario for obtaining the customer driving score seems very different from the scenario we have known for the credit score. The credit score (or the granular data necessary to calculate it) is available on the entire customer base and certified by reliable third parties, so each insurer can gather this data any time a customer requests a quotation via an agent, a broker, a call center or even online. Moreover, anyone who doesn’t have a credit score is considered a nonstandard risk. So, the concretization of the driving score dream requires the availability and reliability of third-party data for the insurers and, most importantly, the creation of frictionless purchasing processes for the clients. Data exchanges, which bring OEM data to insurers, have been present in the U.S. customer market for a few years, but because there are many points of friction throughout OEM funnels, they still represent only 2% of the U.S. telematics insurance portfolio. This customer fatigue is due to the need to opt in to request a quotation. Eligibility for the opt-in comes in a moment when he is not shopping around for insurance coverage (a few months after the purchase of the new car). The quotations, which are done with anonymized data, are only indicative, so the customer needs to add data later to receive the real proposal. Try Before You Buy A different way to concretize the wish to access a driving score any time an insurance price quotation is calculated is by using a try-before-you-buy app. Given the current level of smartphone penetration, such an app likely provides an easier way to address a large part of the market than with the data exchanges and may also reduce customer frictions. As insurtech carrier Root is currently doing, an insurer can ask a prospect to download an app on his smartphone, calculate the driving score through collected data and, after a while, calculate the quotation incorporating the customer’s driving score. Using this approach, this less-than-two-year-old auto carrier startup wrote 1.5 times more premium than the more-talked-about carrier Lemonade. (Both are insurtech carriers, although Lemonade is writing renters insurance, and Root is writing auto). Root even entered in the insurtech unicorn club in August, thanks to a $100 million round of funding raising the valuation to $1 billion. Tailored renewal price As mentioned, 90% of the current global telematics policies only use the driving data for tailoring the renewal price to the customers after having monitored them for a few months (rollover approach) or for the entire coverage period (leave-in approach). Are insurers achieving any economic value through this pricing approach? They can increase the retention of the most profitable risks at each pricing level by providing a discount at renewal. However, this additional discount reduces the profitability of these policyholders. So the chance to create some value through this “discounted retention” is linked to the presence of a high-level churn rate. If surcharges to the worst risks at each pricing level are added, insurers will have the opportunity at renewal to partially reduce the premium leakage they have identified on these risks, or push some of them toward competitors. The accompanying chart (right side) summarizes these pricing thoughts: The expected ROI of the “discount at renewal” is definitely lower than the driving score scenario—it structurally misses the ability to have a positive up-front selection by attracting the better risks at each pricing level—but it is positive if surcharges are added. The IoT Insurance Observatory has found that a large portion of the policies using driving data for tailoring renewal prices have not resulted in any bad driver penalties. So, are these telematics portfolios destroying value instead of creating it? The reality is that there is value created on these portfolios, but the value is not tied to pricing. And some of the pricing approaches are even reducing that value. First, there are many examples of the risk self-selection impact of all the telematics-based products around the world. Even if two customers seem to be equal based on their characteristics, the one who accepts the telematics product has a lower probability of generating a loss. The stronger the monitoring message on the product storytelling, the higher the self-selection effect. The most statistically robust study is on the Italian auto insurance market, where this risk self-selection effect has accounted for 20% of the claim frequency. In this market, telematics products currently represent more than one-fifth of the personal lines auto insurance business, and the storytelling of the product is hugely focused on monitoring and customer support at the moment of a crash. Other than risk self-selection, three other telematics-based use cases have been exploited by insurers. Some international insurers have reinvented their claims processes through telematics data: Their new paradigm is fact-based, digital and real-time. Insurers such as UnipolSai have introduced tools for their claim handlers that allow a quicker and more precise crash responsibility identification and have been providing precious insights to support the activity of all the actors involved in the claim supply chain (both loss adjusters and doctors). See also: Is Usage-Based Insurance a Bubble?   A second well-demonstrated telematics use case is the change of driver behavior. VitalityDrive introduced by the South African insurance company Discovery Insure is the first insurance telematics product entirely focused on promoting safer behavior. All the product features—from gas cash-back (up to 50% of fuel spending per month) to active rewards through the app (including coffee, smoothies and car wash vouchers)—are contributing to the risk reduction of the book of business and to increased retention of the best risks. Both the Italian and South African experiences have even been characterized by the insurers’ ability of enhancing the insurance value proposition by adding telematics-based services bundled to the auto insurance coverage. The fees paid by customers for these services almost offset all the costs of the telematics services on the insurers’ income statements Based on the experience of the IoT Insurance Observatory, global insurance telematics best practices have generated more value through these four use cases than through pricing as of today. So, the sum of the self-selection effect, the claim cost reduction and the economic impact of changes of behavior allows an insurer to provide an important up-front discount at the same level for all the new telematics-based policyholders. This relevant level of up-front discount -- 20% or more -- has been able to drive the adoption (overcoming any eventual customer privacy skepticism) because it fits with the customer desire to save money, contrasting the low adoption rates generated for more than a decade in the U.S. where up-front discount offers are typically only 5%. The discount should be maintained, on average, at the same level at the renewal stage. Moreover, an additional economic value can be generated—at each pricing level—by providing additional discounts to the best policyholders and reducing the discount to the worst ones. This is what the international best practices are doing today.

Back in 2001, famed technologist and futurist Ray Kurzweil boldly proclaimed that the human rate of progress was doubling. He added that, by the time the 21st century ends, the progress would feel like 20,000 years’ worth of transition instead of 100. At the time, Kurzweil's statement sounded a bit dubious. But with how rapidly technology has transformed over the last two decades, it now seems that the world's ability to change quickly was drastically underestimated. We live in an age defined by acceleration, and this incredible pace of change has exceeded many industries’ capacity to handle it. Changes that once took an entire generation for people to adapt to now takes 10 years. The possibilities of this rapidly changing landscape are endless, and so is the risk that comes with it. The Far Reaches of Risk It should come as no surprise that risk evolves alongside technology transformation. Advancement is a double-edged sword. It can simultaneously create a greater level of safety for the status quo and change the very nature of risk, forcing insurers to build new coverage solutions to address previously unforeseen concerns. For instance, autonomous vehicles might be safer drivers than humans, but they’re also vulnerable to cyberattacks and malware. In many cases, driverless cars are blurring the lines of established risk categories. For proof, just take a look at the sharing economy. It's less than a decade old, yet it’s raised major questions in terms of how coverage works. Are Uber or Lyft vehicles classified as work or personal? And does the coverage shift throughout the day as drivers turn their ride-sharing service on and off? Insurance companies have to find answers for these types of problems on a daily basis. See also: How to Adapt to the Growing ‘Risk Shift’   It’s an understandably complex and intimidating concept for many insurance leaders. However, while progress may be rapid, it’s not entirely unpredictable. The future can be bright for those who remain engaged with the changing landscape of risk. Here's what those leaders can expect: 1. Humans will gain a deeper understanding of risk. While technology’s race toward the future provides ample opportunity for confusion, it also provides the tools to parse that confusion and come to a better understanding of risk. Telematics, machine learning, data analytics and more all give insurers much greater insight into how risk touches every aspect of life. Commercial auto insurers are testing the waters of telematics to explore how they can be applied to evaluate individual driving behaviors. Companies can examine individual driving habits to see how those routines inform the kinds of services and discounts they can offer customers. Instances like these are only going to become more common. This type of granular data sharing will have a direct impact on how coverage is constructed and provided in the future. 2. The way humans and technology relate to risk will change. As automation continues to be integrated into daily life, coverage will have to properly account for and balance the effect computers and humans each have on rates. Amazon has more than 100,000 automated and robotic systems integrated into its operations working with human employees to maintain efficiency. The online retailer has almost certainly had to consider how to provide coverage for its employees while they work in tandem with heavy machinery, something companies in similar situations will also have to consider. Regulation for this is still being crafted. Insurers will need to make sure they continue to stay up-to-date on how and when machines can take over from humans and how that will affect risk. 3. Customer service will look a little different. Thanks to the Internet of Things, insurers will be able to learn about incidents in real time and process claims before a policyholder even gets involved. These instantaneous notifications are clearly useful for insurance companies, but, used correctly, they can also be a major selling point for consumers. Machine learning could have a similar impact on customer service. It can be used to pinpoint a highly customized plan for every individual without the customer having to do most of the groundwork. See also: Insurers Grappling With New Risks   This age of acceleration is intimidating, and it certainly shows no signs of slowing down. Leadership, however, should look at all this innovation as an opportunity, not a threat. Insurers can leverage tech to improve the customer experience from quote to claim, and, as technology advances, so will the tools that help insurers understand risk. There’s no denying that infrastructure, demographics and risk are all changing at breakneck speed. To keep up, insurers must not just follow change — they need to grab it by its horns and embrace the new before it becomes old hat.

Standalone cyber insurance can successfully address a subset of privacy and security costs related to personally identifiable information, personal health information, payment card industry losses and increasingly some business interruption. However, outside of four industries (retail, hospitality, healthcare and financial institutions) generally no single insurance policy adequately covers cyber perils that result in funds transfers/crypto losses, bodily injury or tangible property damage-type losses. Organizations of all sizes, geographies and industries increasing rely on data analytics and technology, such as cloud computing, Internet of Things and artificial intelligence. These advancements add new and unique cyber exposures. Modeling of worst-case cyber scenarios compared with a review of the scope and exclusions of the base forms of multiple lines of insurance reveals potential material gaps in cyber coverage. The number of cyber incidents with losses greater than $1 million (through early September 2018) Recognize Financial Statement Impact According to the Risk and Insurance Management Society, organizations’ total cost of risk declined for the fourth year in a row in 2017, but cyber costs moved in the opposite direction, rising 33%. Most boards of directors and management now include cyber perils and solutions in corporate governance discussions as they learn more regarding the potential financial statement impact of high-profile cyber incidents. Yet, organizations only insure a relatively small portion of their intangible assets compared with insurance coverage for legacy tangible assets. Prudent organizations will spend the appropriate amount of time and resources on the risk management areas that are likely to have the greatest return on investment. For example, a disproportionate amount of attention is focused on cryptocurrency exposures, which affects a relatively small proportion of the corporate insurance buying population and related monetary losses. These are generally excluded from standalone cyber insurance policies. See also: The New Cyber Insurance Paradigm   Almost every large organization and most middle-size organizations will have some reliance on distributed ledger technology within the next few years – either directly or via one of their third-party suppliers, distributors, vendors, partners or customers. It is important for organizations to educate and prepare themselves: 1. Understand the intended scope of standalone cyber and professional liability insurance policies Typical standalone cyber insurance policies specifically exclude funds transfers, crypto transfers and other cash and securities monetary losses. Crime policies are intended to address fund losses under specified circumstances. Similarly, payment diversion fraud coverage for “spoofing,” “phishing" and other social engineering incidents is generally excluded under cyber policies but possibly covered under crime policies. However, two federal appellate courts recently ruled that policyholders are entitled to crime insurance coverage for losses arising from social engineering schemes.

• July 2018: Facebook investors filed two different securities lawsuits: (1) the first based on the Cambridge Analytica user data incident; and (2) the second following Facebook’s lower-than-expected quarterly earnings release due to lower growth rate caused in part by allegedly unanticipated expenses and difficulties in complying with the European Union General Data Protection Regulation (“GDPR”).
• Aug. 8, 2018: Securities class action litigation against a publicly reporting media performance ratings company disclosed in its quarterly earnings release that GDPR-related changes affected the company’s growth rate, pressured the company’s partners and clients and disrupted the company’s advertising “ecosystem.”

Typical professional liability and cyber policies also specifically exclude shareholder derivative securities and similar fiduciary liability litigation. A well-crafted directors and officers insurance policy is recommended to provide certain defense and indemnity coverage for such claims. Absent extensive policy wording customization, the typical cyber insurance policy specifically excludes all bodily injuries and tangible property damage – both first-party tangible property damage (the insured’s own property) and third-party tangible property damage (property owned by someone other than the insured). 2. Silent and affirmative cyber coverage under other lines of insurance When cyber exposure losses first emerged, insurers had not priced cyber risks into their broadly worded legacy policies, such as property and general liability. However, absent specific cyber exclusions, such as the CL 380 Cyber Exclusion, it is possible that legacy property, general liability, environmental, product recall, marine and aviation could inadvertently cover unintended cyber perils, thus the so-called silent cyber insurance coverage. After making the first unintended cyber claims payment, some insurers, but not yet all, either exclude or sub-limit cyber risk from new standard policies and renewals. Granting affirmative full cyber limits coverage for an additional premium in such legacy policies is rare and slow to develop. Silent cyber coverage remains. In fact, according to multiple large insurance companies, the 2017 total amount of cyber-related business interruption claims payments were greater under property insurance policies than under standalone cyber policies. Furthermore, aggregated/correlated/systemic cyber exposures have the potential to cause damages that are multiples of any loss seen to date (i.e. 10,000 customers of a cloud provider or energy/power/utilities). Catastrophe modeling for aggregated/correlated/systemic cyber risk is in its infancy. Innovative approaches for assisting insurers concerned about aggregated, clash incidents – or two different policies covering the same cyber peril - and silent cyber exposures are starting to emerge. See also: Cyber: Black Hole or Huge Opportunity?   To achieve cyber resiliency, consider cyber as a peril rather than as a standalone insurance policy. Assess, test, improve, quantify, transfer and respond to the larger cyber risk management issues based on a cost-benefit analysis of resource allocation. Insurance is complementary to a robust cyber resiliency risk management approach. Each organization should identify and protect its critical intangible assets and balance sheet by aligning the cyber enterprise risk management strategy with corporate culture and risk tolerance. All descriptions, summaries or highlights of coverage are for general informational purposes only and do not amend, alter or modify the actual terms or conditions of any insurance policy. Coverage is governed only by the terms and conditions of the relevant policy. If you have any questions about your specific coverage or are interested in obtaining coverage, please contact your Aon broker. For general questions about cyber insurance, contact: Stephanie Snyder at stephanie.snyder@aon.com.

When technology is baked into a device, we rarely give it much thought. We buy a smartphone for its utility – not its operating system. Sometimes a new technology dramatically changes how everyone does things; the internet is a good example. Some plausibly great innovations, such as 3D television, just never gain traction. Which of these outcomes will blockchain have? Recently, blockchain has emerged as a technology that will potentially transform industries in a way similar to what the Internet did a couple of decades ago. Still a nascent technology, its many uses have not yet been discovered or explored. Most people know a little about blockchain:

• • It lets multiple parties agree on a common record of data and control who has access to it.
  • Its platform makes cryptocurrencies like bitcoin possible.
  • Movement of cryptocurrency verified by blockchain allows peer-to-peer cash transfers without involving banks.
  • Blockchain is a permanent, auditable record, so any tampering with it is obvious.

Some people think blockchain will transform security in financial services and fundamentally reshape how we deal with and trust complex transactions, though this could be a response to hype or a fear of missing out. Many other people ask why and how they should use blockchain. On the face of it, using a shared (or distributed) ledger to process multiple transactions doesn’t seem so revolutionary. Blockchain is essentially a recordkeeping system. Perhaps its association with cryptocurrency – such as bitcoin – lends it a darker, more enigmatic edge than the software traditionally used for processing multiple transactions. One way or another, insurers face pressure to update antique systems with new ones that can compete with the demands of a digital world, and that means incorporating blockchain technology. A distributed ledger of transactions A blockchain can be seen as an ever-growing list of data records, or blocks, that can be easily verified because each block is linked to the previous one, forming a chain. This chain of transactions is stored on a network of computers. For a record to be added to the chain, it typically needs to be validated by a majority of the computers in the network. Importantly, no single entity runs the network or stores the data. Blockchain technology may be used in any form of asset registry, inventory and exchange. This includes transactions of finance, money, physical property and intangible assets, including health information. Because blockchain networks consist of thousands of computers, they make any effort to add invalid records extremely difficult. Every transaction is secured using a random cryptographic hash, a digital fingerprint that prevents its being misused. Every participant has a complete history of the transactions, helping reduce the chance of transactions being corrupted. Simply put, a blockchain is a resilient, tamper-proof and decentralized store of transactions. Complex processing and automation with smart contracts Blockchain ecosystems enable a large number of organizations to join as peers to offer services, data or transactions that serve specific customers or complex transaction workflows transparently. These ecosystems can automatically process and settle transactions via smart contracts that encapsulate the logic for the terms and triggers that enable a transaction. Smart contracts are created on the blockchain and are immutably recorded on the network to execute transactions based on the software-encoded logic. Transparency through workflows recorded on the blockchain facilitate auditing. Peers and partners within a blockchain ecosystem independently control their business models and the economics without the need to use intermediaries. Self-executing smart contracts can be used to automate insurance policies, with the potential to reduce friction and fraud at claim stage. A policy could be coded to pay when the conditions are undeniably reached and decentralized data feeds verify that the event has certainly occurred. The blockchain offers enhanced transparency and measurable risk to this scenario. Parametric insurance, which operates through smart contracts with triggers that are based on measurable events, can facilitate immediate payments while decreasing the administrative efforts and time. Effectively, the decision to pay a claim is taken out of the insurer’s hands. Other possible models are completely technology-based without the need for an actual insurance company. The decentralized blockchain model lends itself well to crowd-sourced types of insurance where premiums and claims are managed with smart contracts. See also: Blockchain’s Future in Insurance   Blockchain-based insurance New insurers using blockchain are emerging and offering increased transparency and faster claims resolution. Here are some examples:

• • Peer-to-peer property and casualty insurer Lemonade uses an algorithm to pay claims when conditions in blockchain-based smart contracts are met.
  • Start-up Teambrella also leverages blockchain in a peer-to-peer concept that allows insured members to vote on claims and then settles amounts with bitcoin.
  • Dynamis provides unemployment insurance on a blockchain-based smart contract platform.
  • Travel delay insurer insurETH automatically pays claims when delays are detected and verified in a blockchain data ledger.
  • Etherisc is another new company building decentralized insurance applications on blockchain that can pay valid claims autonomously.

Traditional insurance companies, such as AXA and Generali, have also begun to invest in blockchain applications. Allianz has announced the successful pilot of a blockchain-based smart contract solution to simplify annual renewals, premium payments and claims submission and settlement. Blockchain has the potential to improve premium, claim and policy processing among multiple parties. For example, in the last year the consultancy EY and data security firm Guardtime announced a blockchain platform to transact marine insurance. This platform pulls together the numerous transactional actions required within a highly complex global trade made up of shipping companies, brokers, insurers and other suppliers. A consortium of insurers and reinsurers, the Blockchain Insurance Industry Initiative (B3i), has piloted distributed ledger technology to develop standards and procedures for risk transfer that are cross-market compatible. Whether or not the outcome is adopted industry-wide, it seems important for digital solutions to be created with this transparency and inclusiveness in mind. There is clear potential for blockchain in reinsurance where large amounts of data are moved between reinsurers, brokers and clients, requiring multiple data entry and individual reconciliation. Evaluating alternative ways of conducting business is one reason for the collaboration of Gen Re with iXledger, which can explore ideas while remaining independent. Handling of medical data and other private or sensitive information Individuals will generate increasing amounts of personal data, actively and passively, from using phones and Internet of Things (IoT) devices, and processing digital healthcare solutions. Increasingly, consumers will want control of this scattered mass of digital data and share it with whomever they choose in exchange for services. This move aligns perfectly with the concept of a “personal data economy.” Think of information as currency and think about using blockchain to secure private data and reveal it in a secure and trusted manner to selected parties, in exchange for something. Electronic health records are now common. Several countries use blockchain to secure patient data held digitally. This helps counter legitimate concerns about how sensitive personal data can be kept secure from theft or cyber-attack. Code representing each digital entry to the patient record is added to the blockchain, validated and time-stamped. A consortium of insurers in India is using blockchain to cut the costs of medical tests and evaluations, and to ensure the data collected is kept secure, along with other benefits including identification of potential claims fraud. Looking to leverage the data economy, companies may employ innovative insurance propositions to engage people. Because the propositions will rely on shared data, people may be put off, fearing a loss of control over their personal information. While this fear poses a huge challenge for an industry seeking to improve its reputation for trust, blockchain technology may help insurers to reassure customers the digital data they share with them is safe. Verification of documents Verification of the existence and purpose documents in banks and insurance companies relies on storage, retrieval and access to data. A blockchain simplifies this process with its open ledger, cryptographic hash keys and date-stamped transactions. Actual hard copies of documents are not stored; instead, the hash represents the exact content in a form of scrambled letters and numbers. A change in a document will be exposed because it will not match the encoded one. The effect is an immutability that proves the status of the data at an exact moment and beyond doubt. Blockchain technology is a “trustless” system because nobody has to trust anybody else for the system to function; the network of users acts together to vouch for the accuracy of the record. Examples of blockchain protecting patient records demonstrate its potential to implement other trusted and secure transactions with less bureaucracy. There are other opportunities for insurers to move to a digitized paradigm and catalyze efficiency gains; blockchain need not be reserved for cross-industry platforms, and it’s not only useful in multiparty markets with high transaction volumes and significant levels of reconciliation; smaller-scale solutions can bring benefits, too. Features that ensure privacy and data security Beyond driving efficiencies, blockchain employs agreed standards for data care, which reduce the vulnerability of data that arises with the mass of sensitive data that digital connectivity creates. Other features that enhance privacy and data security include the contract process: Transactions are not directly associated with the individual, and personal information is not stored in a centralized database vulnerable to cyber-attack. Insurance companies, as well as technology companies, are accountable to their users for the security of their devices, services and software, and hackers are less likely to target enterprises with strong security. Multiple participants and the removal of a central authority Transparency, audit-ability and speed are standard requirements for any organization to successfully compete and transact in an increasingly complex global economy. Data is a valuable catalyst to that process and is complemented by blockchain’s ability to organize, access and transact efficiently and compliantly. Trusted transactions require access to valuable data, and blockchain facilitates efficient access across multiple organizations. The economics for data usage will drive new business models fueled by micropayments, which will require efficiencies to scale. Business models based on data aggregation by third parties in centralized repositories with total control and limited transparency will be replaced by distributed blockchain-enabled data exchanges where data providers are peers within the ecosystem. Decentralized peer organizations can use the blockchain for permission access, and for facilitating payments, to ensure total control of their economic models, without having a centralized authority. Data access and transactions are controlled directly by each member of the ecosystem, with complete transparency and immediate compensation. Token economies Ecosystems supporting peer organizations that transact or share data will require an effective mechanism for micropayments. These business models require efficiency, with less overhead than traditional account payable and account receivable workflows. Event triggers, cryptlets that enable secure communication between blockchain, and external verification sources (oracles) will execute based on predetermined criteria, and token payments will be made simultaneously. Counterparty agreements may initially define the relationships between parties on the network, but payments are executed within the smart contract transactions. See also: How Insurance and Blockchain Fit   The elimination of a time delay in payments acts as a stimulant for economies; tokens earned can immediately be spent, increasing the speed at which organizations will earn and spend. Traditional delays and fees that occur throughout accounting workflows and through intermediary banks that process payments can be eliminated. Cross-border processing Currently, global payments involving foreign exchange introduce complexities in addition to time delays. Economic indicators and political events dramatically affect the exchange rates and profitability of transactions. Cross-border payments require access to the required currencies by intermediary banks, which can cause additional delays beyond the internal accounting workflows. With blockchain technology, using a token-enabled economic layer simplifies the payments to support micropayment efficiencies. Participants on the blockchain network will be able to efficiently use the preferred fiat currencies to acquire or sell tokens without using intermediaries, banks or currencies. Merging blockchain and data Today, there are more connected IoT devices than there are people on the planet, and the data generated is growing at an exponential rate. Various sources have predicted that the number of connected devices will grow to more than 70 billion by 2025; the numbers are almost irrelevant. IoT devices are used in homes, transportation, communities, urban planning, environment, consumer packaged goods, services and soon in human bodies. A number of insurance companies use these devices to assess driver habits and usage. Autonomous cars and changing ownership and usage models are creating a generation of insurance products that can be facilitated through IoT-collected data. Home devices can detect leaks, theft and fire damage – capabilities that reduce risk. Shipping companies use the IoT for fuel and cargo management, which offers operating efficiencies, transparency and loss prevention. Merging the mass of IoT data with the blockchain is not without challenges, but this combination can provide a completely new way of creating an insurance model that is far more efficient and faster, and where data flows directly from policyholders to the insurer. Summary Interest in the trinity of bitcoin, blockchain and distributed ledger technology has significant momentum. However, the technology is not magic or a panacea for every corporate woe. It has disadvantages and limitations, and there are situations where it would even be the wrong solution. There is enough about it, though, to merit continued closer investigation – the many emerging cases of its application bear testament to that – but in place of hype we still need answers.

This article first appeared at Let's Grow Leaders.

Since I reported last week that we were trying to arrange a debate between State Farm and Lemonade following the State Farm ad dismissing chatbots such as those used by Lemonade, I'm happy to say we've made some progress. We've penciled in a date around Dec. 6 or 7, when so many of us will be in New York City for the annual EY Insurance Executive Forum. Daniel Schreiber, the CEO of Lemonade, has accepted, while making clear that he's not interested in any sort of contentious debate or gotcha moment. He's hoping for a discussion that respectfully explores how today's technology does—and does not—enhance interactions with customers. We're still working with State Farm to see who, if anyone, the company will send to the conversation. In any case, we will take on the topic in a face-to-face conversation that will be webcast and available to all of you. In the meantime, I called my go-to person on chatbots, Donna Peeples, president and global head of insurance at Pypestream, which has staked out a leading position on the technology over the past few years. Her take:

"It’s not one or the other [bots or people]. It's everything. To say it's all going to be human interfaces isn't right. To say it'll all be automated isn't right, either. It's like saying one size fits all, when one size fits one.

"I mean, people are still using fax machines."

She says there's lots of low-hanging fruit that chatbots can grab, especially in customer service. First notice of loss is the biggest at the moment for Pypestream. The company also automates lots of updates on the status of claims, including letting customers know that their file isn't complete and that they need to take some sort of action. For some clients, Pypestream is automating 40,000 interactions per week, reducing costs while making customers' lives a bit simpler. 

To the State Farm ad's point about chatbots' inability to show compassion, she says: 

"Chatbots should never pretend to be human. That's a design error. Empathy, common sense, morality, imagination, creativity are all things that people will still have to do. Even the best automation isn’t ready for those things."

Sounds about right to me. But stay tuned.

Paul Carroll
Editor-in-Chief

Jay Weintraub, CEO and Co-Founder of InsureTech Connect, talks about the 2018 conference success, and how the event has grown since 2016 to become an insurance event, not just a tech conference.

---

View more Innovation Executive videos Learn more about Innovator's Edge