Insurance technology companies can be innovative, efficient, agile. They can delight their customers with modern user-experiences, impress them with low costs from reduced overhead and surprise them with swift service. But there is one area where they face an uphill battle to take market share from large, established insurance institutions. Trust. Why would a customer risk choosing an insurtech company with a young record in the industry over a traditional player with a long-held reputation for being well-capitalized? When the hurricane hits, can the insurer be trusted to honor the payout? See also: The Insurer of the Future – Part 9   The answer for insurtechs is not to focus on battling the behemoths to create equally huge capital backup. Insurtechs have to win the battle for hearts and minds. Insurance is about customers achieving peace of mind. But the industry is plagued by major misalignments of interest. Customers may well understand that the major players have enough money to pay their claims but they don’t necessarily believe they will pay out. There is a trust deficit. Large companies with capital have high costs and, unfortunately, making payouts can directly impact their profits. Regulators aim to protect customers and ensure fair payments. But, in the end, the cost of the additional compliance bureaucracy is passed on to a distrustful end-customer anyway. Insurtechs need to rely on their competitive advantage -- technology. That technology, and specifically blockchain, can be deployed to ensure customers receive their payouts automatically. As a customer, you can have no better peace of mind than knowing you will receive payment immediately with no questions asked. Insurtechs can provide “parametric” insurance policies where events trigger automatic payments, eliminating the burden of customers’ claims processes. Parametric policies can work, for example, for flight-delay insurance. If a customer buys a policy against a late arrival of an hour or more and a plane is indeed officially logged as behind the clock, then payment is made automatically. Blockchain technology has the power to create an unalterable database that can be trusted immediately by the insurer and customer alike, meaning the transaction is transparent and automatic. In this way, blockchain enables provable fairness to allay consumers fears over the industry’s misalignment of incentives. The same parametric insurance mechanism can be used for weather. A six-week drought can prompt payout to farmers who fear their crops will shrivel. The farmers do not have to prove their loss. The data executes the policy automatically. See also: 10 Trends at Heart of Insurtech Revolution It is possible to imagine a world of insurance with vastly reduced overhead - a world where payments are automatic and there is no need for cumbersome claims processes. This clearly means insurance policies can be cheaper - and cheaper policies opens the possibility of more granular policies targeted at the real lives of customers. This is another way the insurtechs can win the trust of customers - by being perceived as helping solve their actual, specific problems. A sports club can organize a tournament and insure its players against injury. That kind of specific policy is currently likely to be seen as low value for the big insurance companies. But with their lower costs, insurtech companies can use blockchain to design a bespoke policy that serves customers and creates profits.The insurtechs can use their cost efficiencies to provide bespoke policies that create an intimacy with a customer and that, in turn, builds trust.

Cyber-attacks see no signs of abating. In fact, deadly threats such as ransomware and malware have now become mainstream. Enterprises have no option but to expect cyber-attacks as a fact of life. They need to make their systems immune from such attacks. The State of Cyber Attacks Cyber-attacks increase in magnitude and scale with every passing day. A case in point is the WannaCry ransomware, which wreaked havoc in more than 200,000 systems across 150 countries in the world, during May 2017. This attack, the largest ransomware delivery campaign to date, held up everything from surgical operations to public information display systems, and from government initiatives to corporate work. And WannaCry is just one example. More than 4,000 ransomware attacks have taken place since the start of 2016. Ransomware damages will touch $5 billion by the end of 2017, a 15X increase from the damage levels just two years ago! Data-encrypting ransomware such as WannaCry is socially engineered malware. The hackers trick unsuspecting victims in many ways to install Trojan horse programs. They may:

• Compromise an otherwise trusted site on a temporary basis, to offer a malicious download link.
• Arrive as a rogue friend or application install request through mainstream social media.
• The innovation of their attacks is matched only by the ingenuity in the ways they breach the network.

Close on the heels of socially engineered malware are password phishing attacks. A good proportion of the unsolicited emails try to pry out login credentials from gullible account holders. Despite the best anti-spam software, good phishing replicas of legitimate emails slip in. All it takes is a single careless employee for the hackers to breach the corporate network. Countermeasures Cybersecurity has been fighting a losing battle against cyber attackers for many years now. Traditional security approaches, such as firewalls and antivirus suites, are now inadequate to protect against the entire gamut of attacks. Many enterprises realize this fact and now invest heavily in security. Gartner estimates information security spending to exceed $86.4 billion in 2017. However, many enterprises go after the latest tools and technologies, while neglecting the basics. See also: Quest for Reliable Cyber Security   Time-tested basic security hygiene is the basics of any countermeasure against cyber threats. Some of the basics include:

• Installing advanced anti-malware suits
• Regular patching and updating key software
• Regular data backups
• Controlled access to resources within the network
• An Enterprise-wide whitelist of authorized apps and software.
• Strong two two-factor authentication (2FA), with smartcards, biometrics, or OTP through SMS.

Another key component of basic security hygiene is training users on safe browsing. The ideal end-user education is ongoing. It covers the latest threats, and make employees aware of what to do in the face of various eventualities. However, all these basics serve only as a foundation on which to construct sound security architecture for the enterprise. These basics alone are no longer effective in keeping cyber criminals at bay. Patch Management: Vital for online security Socially-engineered malware such as WannaCry spread across the organizational network without user interaction. The malware exploits latent vulnerabilities in the operating system of application software. Browser add-on programs such as Adobe Reader are especially rife with vulnerabilities, and hackers exploit it at will. In WannaCry’s case, the malware exploited “EternalBlue,” a known Microsoft Windows vulnerability. Software vendors and cyber criminals are locked in a never-ending battle. Cyber criminals are always looking to unearth some vulnerability. The “good guys” try to beat cyber criminals to the game, to identify vulnerabilities before cyber criminals discover it first. Either way, the software developer releases a patch as soon as the vulnerability becomes known. But, it is rare to find any enterprise with perfectly patched software. Enterprises do not install the patch updates even when one becomes available, owing to many reasons, such as: Operational constraints and exigencies Concerns about whether a newly patched version would contain some other bugs, rendering the system unstable. Continuous Monitoring: Around the clock website check-ins Today’s cyber criminals are sophisticated, and the attacks they launch are unpredictable. Enterprises would do well to ensure continuous monitoring of the network environment. They would also do well to manage the implemented security controls on a proactive basis. An effective network monitoring system offers end-to-end visibility of the network traffic. It:

• Understands legitimate traffic patterns in the network, and issues prompt alerts when discovering unexpected traffic flows.
• Triggers automated responses, such as shutting down the network, or blocking the user, on detecting anomalies.
• Integrates threat intelligence capabilities, aggregating threat information from multiple sources.

Large enterprises could consider setting up an in-house security operations center, with robust incident response capabilities. Smaller firms could consider enlisting the services of a managed security services provider, to monitor their network and respond to incidents in real-time. Either way, proactive network monitoring is essential to keep the network safe. See also: Paradigm Shift on Cyber Security   Security Assessment: Third party independent security reviews Network security does not work in isolation. An effective security set-up offers tight integration, without leaving any loose ends. Enterprises would do well to conduct a thorough security audit to ensure such a state. A sound and comprehensive review compare the existing state of cybersecurity with best practices, in terms of:

• The integration of basic and advanced controls to the security architecture
• Integration of the existing security environment architecture with the business and IT vision
• How the security framework leverages latest technologies, such as Machine learning, behavior analysis, and threat modeling, to detect and mitigate identified threats
• The scalability of the security architecture to defend against future threats
• The preparedness of the architecture to deliver Intelligent and flexible responses

The state of cybersecurity is fluid. Enterprises need to adopt an adaptive and evolving approach the security. They need to re-evaluate security processes, practices, policies, platforms, and tools, on a regular basis. With cybercrime damage estimated to touch $6 trillion annually by 2021, the stakes have never been higher.

A great concern today is the impact of damages associated with wrongful conviction claims. Last month, two local entities in Illinois were sued by a wrongfully convicted young woman. After spending nearly 10 years in prison, then being released due to an advancement in science/knowledge of shaken baby syndrome, Jennifer Del Prete could be one of the most sympathetic claimants imaginable. She could potentially collect $20 million. In this case, two local villages have exposure, both belonging to a single “cooperative purchasing program.” It is estimated that one inmate per week is released due to new evidence related to scientific advancements, and the legal recovery averages $10 million per inmate. DNA evidence and renewed scrutiny of court cases by legal think tanks is driving the push toward reconsideration of these cases. In the Del Prete case, new medical evidence was overwhelming, and a Northwestern University investigative journalism center found exculpatory evidence suppressed by the prosecution. See also: How Underwriting Is Being Transformed   This is more food for thought regarding underwriting, overall exposure to wrongful conviction, available limits (per member and reinsurance pool aggregate) and the potential impact on current immunity or tort caps. The trend toward justice for wrongful convictions will continue to gain strength as science and technology advance. These advancements will be embraced by justice advocates like the Medill Justice Project at Northwestern University.

As the sale of cyber policies grows and other types of policies are extended to include cyber coverage, the industry is taking on a massive amount of new risk. Although it is true that auto, workers compensation, environmental policies and so many others were all new offerings at one time, there are some things about cyber that make it more unusual, more uncertain and more potentially dangerous for the insurance industry than new offerings of the past. Simultaneity It is entirely possible for hackers to plan and launch simultaneous attacks on a large number of targets. Those targets may be corporations, infrastructure such as power plants, government bodies, hospitals, or any other type of entity. If a successful, very harmful simultaneous attack, whether ransomware, malware, or any other type of IT weaponry, was to be made on a sizeable number of entities, the losses occurring at one point in time could create serious liquidity pressures and even jeopardize solvency for an insurer. See also: Urgent Need on ‘Silent’ Cyber Risks   Individual insurers are modeling their aggregate exposures, but are they doing it comprehensively enough? Analysis must take into account not only the limits and reinsurance on their cyber policies (including such add-ons as contingent business interruption or other enhancements) but also what level of coverage is afforded in existing casualty and property policies as well as any other policies that may be triggered (such as D&O, E&O, reputation, etc.). In addition, correlated risks that have nothing to do with claims liabilities per se should also be considered. For example, what will they do if their contracted vendor networks, which are supposed to help insureds after a breach, are not resourced sufficiently to handle simultaneous attacks. Ubiquity Given the global nature of the internet, attacks may be not only simultaneous but ubiquitous. The entities affected may be all over the world. An insurer that relies on geographic diversity to protect its capital can lose the benefit of diversification when it comes to cyber. A global event or series of events could have significant capital implications for insurers that have considered their cyber portfolio in part rather than in whole. Unpredictability There is scant history upon which to base underwriting and pricing decisions when it comes to cyber. The earliest policies were geared toward system failures, not cyber attacks. More recent policies were focused on data breaches and stolen data and the actual cover involved handling some of the expertise needs and certain expenses post breach. Now, cyber policies are dealing with ransomware attacks and cover business interruption and other loss. This is heady stuff when there are no historical patterns to use in predicting frequency and severity as there is with property or workers compensation. Ransomware attacks continue to escalate at a rapid pace. Who knows how much faster or greater this trend line will grow. Some cyber attacks have been targeted while others are random. In either case, they test the ability of insurers to make predictions. This, in turn, makes it difficult for actuaries to price the product appropriately. How much business should an insurer write of a particular kind until it can be sure the business is priced correctly for the exposure? A random attack might seem to better fit the principle of insuring against fortuitous events, however, it does mean that an insurer that relies on customer segment diversity to protect its capital can lose the benefit of such diversification. This is similar to the situation mentioned above in connection with geography. A targeted attack will likely strike an entity (or entities) with the most money, records or other treasure worth capturing or destroying. Hence, the losses generated will be greater. Initial attacks were focused mostly on retailers with hospitality and with banking and healthcare following. The great fear is that power and infrastructure will be next. The impact from attacks on power and infrastructure could be catastrophic in the extreme. The flexibility to strike randomly or with fixed intent leaves underwriters in a quandary about which classes of business are riskier than others. How, then, can they manage their customer mix as do with other lines of business? See also: What if You Had a Cyber Risk Score?   Sponsorship Hackers can work alone or in groups. They can also be actors for foreign governments. When Marissa Mayer spoke about the Yahoo attack, she commented on the unevenness between a company’s attempts at IT security versus an attack potentially perpetrated by a nation state. This phenomenon is something insurers must consider when parsing the words in their contracts. To what extent should there be exclusions, as there are in terrorism policies or other policies that exclude acts of war? To what extent is a future federal backstop needed? Conclusion This is not to say that cyber insurance should not be offered. Society has a protection need, and insurers have been answering that need since the first handshake at Lloyds. In addition, this line of business has been streaming new revenues into an industry that, in recent years, has had excess capacity. Rather, it is to say that insurers must put robust and innovative solutions in place to manage aggregation risk.

Blockchain, a distributed ledger technology that offers a secure, incorruptible record of transactions on a decentralized network, is showing extraordinary promise as a means to boost transactional transparency and operational efficiencies across the life insurance and annuities space. The technology has the potential to help insurers lower costs, explore new markets and, more importantly, provide an engaging and integrated service to the end customer. But the insurance industry will realize the biggest benefits only if all industry organizations work together for the greater good. Currently, there are three large groups in the insurance space working together with peers to look at the blockchain technology to determine how carriers can use blockchain to benefit the industry as a whole. First, P&C carriers and institutes are helping lead the charge. These groups have been working on industry-wide use cases for the P&C industry for nearly two years. Second, B3i, which was initially set up by reinsurance firms primarily based out of Europe, is now expanding globally. And finally, led by LIMRA, life and annuities insurers are coming together as an industry to explore ways to leverage blockchain. LIMRA’s recently established Blockchain Advisory Council is working as one entity to develop collaborative industry solutions. See also: How Will Blockchain Disrupt Insurance?   While carriers can leverage blockchain and other technologies like digital; big data and analytics for growth; improved customer experience; and competitive differentiation, the power and promise of blockchain can only be realized if carriers collaborate and work together as a group — and keep the end customer in mind. This collaborative model will benefit all insurers and ensure that every firm in the blockchain network gets the same information at the same time. In one use case example, carriers can use blockchain to access the data typically available from the Death Master File to provide prompt services to the policyholder as soon as they receive updated information on a death. Having timely updates on a death will enable the carrier to provide the best service at the most critical phase of a policy holder’s or beneficiary’s lifecycle. Every organization can then rely on an information flow that’s consistent throughout the industry, and carriers can then differentiate and develop a competitive edge based on how they handle the information and respond to death claims. However, the collaboration ensures that every organization gets the information at the same time so that they can appropriately meet their customers’ needs. With smart contracts, contract settlements between a carrier and a reinsurer could be made easier and faster than ever before, because all data will be available in the blockchain as a smart contract. Another use case could be agent/agency fraud identification and sharing. See also: Blockchain: What’s the Real Story?   Blockchain may be an enabling technology for several different improvements within the life and annuity industry. For instance, in the near future (we hope), the industry will have the ability to automate the underwriting of more complex life policies and better serve life insurance customers because electronic medical records will be available through the blockchain. The time from application to complex policy issuance will be minimal, delivering a “no touch” experience for the customers. Blockchain technology is here and is already being implemented collaboratively in the P&C sector. The life and annuities industry is looking to leverage the experience from the other insurance sectors and the financial services sector to jumpstart our own journey. These are just a few use cases, but there are many other possibilities, which expand as we look to a more integrated but decentralized blockchain world.

I hadn’t worried much about U.S. health insurance in years, eight to be exact. I was interested, but not worried, because while I was living abroad I didn’t need it. Furthermore, I had a health insurance plan that covered me wherever I lived in the world. When I returned to the U.S. this past July, I was faced with buying an individual health insurance plan, which was something I’d never done (all my previous work experience in the U.S. gave me insurance as part of a group plan). In August, I bought a policy with a carrier and used an agent. As this is Open Enrollment season and I just purchased my first policy in the post-ACA world, I thought it would be a apt to talk a bit about the U.S. healthcare system and how I think insurtech can help. I will focus on three areas. First is my experience with Open Enrollment this year (to, I hope, help some who are going through the same experience right now!). Second is areas that need to be considered when looking at U.S. health insurance. Third is a summary and ideas for insurtech startups. Healthcare, especially U.S. healthcare, is very, very complex.  Hence, I will only dive into a few areas, and as usual, my recommendations at the end will be fundamental and principle-based. While there are a lot of politics surrounding U.S. healthcare, I will endeavor to not touch on the political aspects (though through the reading you should understand my opinions on the current state of affairs). Open Enrollment – How Open Is It?   As of the writing of this article, I am in the final steps of selecting my plan for 2018.  If you are currently going through the Open Enrollment process yourself, I have included some links at the end of the article that are some great guides on the overall process (including one from Oscar for "solopreneurs"). What follows, is my experience of preparing for Open Enrollment. A few weeks ago, I received this in the mail: And about a day later, an email from my agent that said this: Well, neither one of these were very encouraging. I started with the Covered CA website and PolicyGenius to do my search to see what carriers/plans were available. As I went through both sites, I realized that I was going through a modified needs analysis (these questions were a combination of what I went through on both sites):

1. How much am I willing to spend a month?
2. How much of a deductible am I willing to have? (These two questions were followed by a lot of math playing between the variables of 1 and 2 on different scenarios.)
3. Do I want to be able to book my own specialist, or do I care if I have a referral. Plus, do I want to have the ability to go out of network or not? (HMO or PPO?)
4. Do I have any doctors whom I need to keep in my network? By the same token, which hospitals/doctors do I want in my network?

Regardless of the answers to 1, 2,  and 4, number 3 was the key: Do I want an HMO or PPO? Because I wanted a PPO, I had a whopping TWO carriers available to me. See also: High-Performance Healthcare Solutions   In addition to this, I think it’s worth it to mention that (I think) the US is the only developed country in the world that has a 2 month period of time in which one can purchase a health Insurance plan. So much for ‘Open’ Enrollment… As I was going through this process, I realized some of the biggest challenges with this whole thing Some of the points that I mention below may seem like old news to many that have been dealing with US health Insurance since ACA came into effect.  Though, since this is my first time going through it, that is the case. Hence, I will share what I think is wrong with US health Insurance and subsequently, how Insurtech may be able to help.   As mentioned earlier, this is not meant to be a political stance and I will focus on the fundamentals of Insurance as I go through this. These are the a few key things wrong with the the current US health Insurance:

1. It’s mandatory (if you’re not covered by a group plan)
2. If one buys an individual plan – they may not choose the specific coverage that’s right for them (other than premium and deductible)
3. There is no underwriting for it (it’s all guaranteed issuance)

While these things aren’t likely to change, it’s important to understand why these three pillars are here, because there are some guiding principles here which are meant to help individuals; namely 1) making it more affordable and 2) making it more accessible. There still may be some opportunities to shape US health Insurance within the current confines of the regulation, which will have to be adhered to as long as the current regulation is in form. Aside from cost and access, what else needs to be looked at? Some of the key areas to look at when it comes to health care are:

1. Participants/Users – how to interact with them?
2. Provider coverage – which doctors/hospitals will be ‘in network’/accessible to participants?
3. Claims process – how can this be made easier?
4. Treatment and monitoring – in addition to 2&3, how will ongoing monitoring be done?

This relates back to the triangle I had a few weeks ago and how all 3 parties needs need to be looked at when looking at the overall Insurance value chain (regardless of line of business): Before I go into the summary, a quick note on Oscar. I took a serious look at Oscar a consideration for my health Insurance. Not only did I read through their policy and network coverages (as they were cheaper than every other network out there), but I did all the research on Oscar that I would do for any other start-up I would consider working with for my work outside of Daily Fintech. I started with the Coverager Companies tab (especially the News tab, where I like to see to see their past reporting of the company which usually outlines the good, bad and ugly of the company itself).  I also read the Oscar Health Strategy teardown from CB Insights.  I read consumer reviews and even asked my doctors and their receptionists about dealing with Oscar.  I did not do this much research for any other company I was considering (even though there were only 2 PPO providers from my initial search, I still took a quick look at all 6 providers in California…). Ultimately, I think they are really on to something and I salute them for going after such a big and complex area (both in terms of product line and geographic area of that line!).  I would encourage everyone to read the teardown above to see what some of their strategies are.  Tackling US health Insurance is no easy feat, and they did take a long term view as described below: While I do like them and some of the things they are doing, the reviews are not up to scratch yet.  My guess is that the long term view somewhat backfired on them, as customer expectation for a product that is so highly despised by many would have to have a real good experience very early on. I have had real good experience with my current carrier and they are the most well known/biggest in my state.  As such, I’ll likely need to stick with them.  Health Insurance is too important to try something new on in my opinion. I do think Oscar is very well positioned for the future, and they have outlined their strategy clearly above.  Building of an Insurance company takes time.  Health is a whole other animal.  Health in the US…well, that’s just going right for the gullet.  But, if done right, it can be a big prize (not only monetarily, but also for the sanity and health of US citizens!).  I’ll definitely be keeping en encouraging watchful eye on them. Summary: It’s Complicated… As I was preparing for this article, I read a few posts on Daily Fintech last year from Amy Radin, which I encourage you to read in conjunction with this post.  I have included them at the end for easy reference. In her first post, she mentions four lenses to look at when it comes to US health Insurance: ‘the health of the American people, marketplace trends, the role of regulation, and the players’. In her second post, she mentions that ‘Incumbent health insurers are pursuing legacy tactics to compete in the ACA world: M&A…; increasing premiums …; and reevaluating participation in the public exchanges… As well as ‘the root of user pain points can influence how plans are selected and health care is consumed’: # 1 People don’t see value because they don’t understand what they are buying. # 2 People are being held accountable for health decisions that they are not equipped to handle. # 3 People don’t always make rational decisions. Fast forwarding 15 months since her last posts, other than some slight changes announced earlier this year and the recent subsidy cuts, not much has changed in terms of health of Americans, incumbent tactics and pain points for users. See also: Healthcare: Need for Transparency   Currently, CVS and Aetna are working on a merger.  It is rumored that Amazon is trying to expand into pharmaceutical sales as well (not to mention it’s other Insurance aspirations).  It’s also no secret that Apple has been preparing itself for a run at health care too.  Are all of these in the name of helping out the customer or just trying to get a slice of a pie that is so huge that everyone in the tech industry can taste it? Recommendations for Insurtechs Given that current regulation is both stringent and has an unknown future, it can be challenging for Insurtech start-ups to know where to start.  However, here are a few areas where I think can help the US health Insurance value chain, irrespective of regulation:

• Education – I know this seems like something basic, but shopping for health Insurance was a nightmare.  Policy Genius was good, but it didn’t have it all.  Also, since health Insurance is so complex, there needs to be something that makes it really easy for people to understand.  Aside from how the subsidies work, which can be a challenge in it of itself, the specific clauses, terms and coverages for health Insurance is really complex and the majority of the population would likely not understand it.
• Blockchain – With such a wide variety of illnesses, coverages and benefits, blockchain make a ton of sense for health care.
• P2P – I wrote a couple weeks ago that I didn’t think P2P could be useful for health Insurance.  As I wrote this article, I do see some benefits, especially with a model like Inspeer, may be able to help.
• Ecosystems – I’ve been reading more about ecosystems lately as it relates to Insurance/Insurtech, specifically with some of the things being some in China. When it comes to health, look at Ping An and Good Doctor (see below for infographic too). Talk about user experience.  The value proposition (image) below says it all..the more this can be integrated for the user, the better.  Though it doesn’t come without it’s challenges:
  1. Wearables – how much will people trust Insurance companies with all of their ongoing health information?  This is a big debate when it comes to information asymmetry.  Those that are healthy and live healthy lifestyles will be happy to, and others, may not be.
  2. Integration with hospitals/doctors – This will enhance the customer experience greatly, both for ongoing monitoring of the health from their doctors as well as with the claims process.  I recently had a few check ups at various doctors, having to fill out loads of paperwork that asked the same questions, bringing my images with me wherever I went, and having to re-explain my history over and again was a bit cumbersome.  It would be nice if the paperwork process was easier, if all doctors in my network had all the information on me (not just the ones in the same hospital) and the claim processed could be seamless after treatment received.  Integrating all of this is not easy when the infrastructure is not there and legacy systems exist for all parties.

I know the motto of many entrepreneurs/founders out there revolves around solving challenging problems, so, despite my feelings at the moment about US health Insurance, I am confident about the future of it!! This article was originally published on Daily Fintech.

The Indian general insurance sector is growing at a healthy 17% a year. Motor insurance is the biggest chunk, accounting for 49% of the gross direct premiums earned (FY16), at $6.5 billion. The Motor Vehicles Act, from 1988, mandates that every vehicle should be compulsorily insured for third-party risks. With the expected growth in automobile sales (6% CAGR in the past 5 years), motor insurance sales are also expected to grow. These numbers are set to rise owing to the changing consumer profile, as well. The legal mandate demanding the purchase of a third-party liability insurance policy compelled Indians to opt for motor insurance. It was a box that was needed to be ticked off, nothing more. However, the mandate did acquaint people with the philosophy of motor insurance. They started looking at the financial benefits associated with the policy, and the insurers capitalized on this window. Innovative offers and alluring discounts encouraged vehicle owners to look at motor insurance in a holistic manner. Recent developments opened the gates wide, by allowing 49% foreign direct investment (FDI). The investment increased capital inflow, leveled the playing field and fostered better market penetration. Insurers now concentrate on offering innovative products, providing better administrative services and ensuring hassle-free claims. Numbers Game The Indian general insurance market grew from $2.6 billion to $13.4 billion in a span of 14 years, from 2002 to 2016, according to several reports by IBEF, and is poised to keep expanding. See also: Motor Insurance: Get Back to Value!   Warming Up to Digital Platforms Traditional as well as up-and-coming insurance providers warmed up to going digital and created websites. Their offline activities also continued, but their online activities were future-oriented. Even though the insurers did not go all out with their digital activities, they certainly created an online presence, as it gave the following advantages to insurers as well as the insured:

• Cost Factor

Operational costs reduced with the digital move. Customers benefitted from it in the form of pocket-friendly policies. Standardization helped insurers to service the customers efficiently and effectively.

• Ditching the Agent

As motor insurance could be purchased online with a few clicks, the role of the traditional agent was curtailed. Simple forms demanded to-the-point information, and prospective customers filled the forms themselves, thus reducing the chances of wrong information and mitigating fraudulent activities. The service seeker and service provider spoke with each other directly, without any middleman.

• Convenience

India was getting used to purchasing things online. From buying vegetables to searching for prospective life partners, people found a convenient alternate in the form of websites and apps. People researched about the features, fortified their motor insurance policy with add-ons and purchased or renewed their policies online, at their convenience. Features like cashless garage services made it easy for the insured to get a vehicle repaired conveniently.

• Smooth After-Sales Service

New touchpoints enabled customers to address their grievances through social media. Insurers also considered it as a priority and started engaging with customers through platforms like Facebook and Twitter. Claim-related queries were addressed through social media platforms; everyone could see if a query was pending or was resolved. Riding the Technology Wave Over the years, technology has played a crucial role in making the Indian motor insurance sector efficient. Insurers offered several add-ons to the comprehensive motor insurance policy along with the basic third-party liability policy. Strong comprehensive policies came into the picture, and the insurer as well as the insured benefitted. There was a reduction in administrative costs without compromising the cost-efficiency. It became easier for the insurer to ask for necessary details and for the insured to provide them with Know Your Customer (KYC) norms. Customer acquisition as well as customer servicing costs went down, and the insurance sector’s reach widened. The insurers were able to offer policies online, and customers could make an informed decision by researching and getting in touch with the 24/7-available customer service executive. Web aggregators made it easier for customers to compare policies online and then go for their preferred option. Mobile apps emerged and allowed the customer to contact the company instantaneously, and vice versa. Technological advancements made the industry transparent and accessible, and, soon, they will make insurance desirable. Road Ahead for Indian Motor Insurance It is high time that motor insurance premiums are not solely based on the vehicle’s model and its basic locking system. Data will make it possible to determine premiums based on the driver’s age, gender, driving record, location and several such factors. Technology will provide data related to average car speed and the manner of driving. All this will determine the premium, almost in a customized manner. See also: The Sharing Economy and Auto Insurance   Product, service, distribution, underwriting, costing, strategic partnerships and other aspects of the business will be determined keeping technology and data at the core; that is what we believe in at Acko. These new approaches will be used to engage with the customers, reduce risk and achieve cost efficiency. India is welcoming a Digital Life, and motor insurance providers are leveraging technology to cater to the requirements of the digital-first generation.

Hackers, malware, viruses, ransomware and phishing emails are becoming a normal part of increased connectivity, and their impact on everyday life is growing. The result is a profound increase in the demand for cyberinsurance. The downside? Cyberinsurance is hard to price as risk potential is not well understood, and losses can enter into the millions of dollars. Moreover, businesses with cyberinsurance may be lulled into complacency by their coverage. They shouldn’t be. Just reimbursing the costs of damage after a cyberattack isn’t smart business—smart businesses seek to prevent the cyberattack from occurring.

Enterprises do this at great expense, with costly, complex tools and teams beyond the reach of small and medium-sized enterprises (SME). SMEs need automated cybersecurity for cost-effective, full protection. That’s because cyberninsurance is insufficient to protect a business: It isn’t a substitute for good business practices that work in concert with cybersecurity. In short, cyber insurance and cybersecurity must complement each other to provide what businesses really want: peace of mind at predictable costs.

Cyber Safety Is as Essential as Fire Safety

Think of it like this: You wouldn’t protect a business from a fire simply by buying a fire insurance policy. Best practice fire safety includes smoke alarms, fire extinguishers, fire-retardant building materials, a designated gathering spot and regular fire drills. On the other side of the coin, governments have adopted fire safety building codes, and insurers don’t sell fire insurance without verifying fire safety compliance: Fire extinguishers, smoke detectors and sprinklers must be installed and properly maintained.

See also: Cybersecurity Holes in Connected Cars  

Similar businesses practices are necessary for cyber protection. But the technology has not caught up with business needs. Many cyber insurance policies are written without accurately measuring the risks that make a business vulnerable to a cyber attack. A one-time snapshot of the number and type of data records, or even a more full-fledged review of internal and external systems, is inadequate to assess risk. Technology evolves too quickly for these snapshots or scores to be valid over time. The moment a system needs upgrading, data may be at risk. The moment a new virus begins to spread, businesses are vulnerable. As long as a patch is not applied, systems and data are exposed. These big changes to risk affect the underwriting assumptions. It’s a shifting landscape, one that requires that businesses remain constantly vigilant. Automated cybersecurity technology is more effective than people at monitoring and addressing threats. In short, cyber insurance without automated cybersecurity is like fire insurance without smoke detectors.

Cyber Risk Models Need Much More Data

Automated cybersecurity platforms that detect and protect against cyber attacks are also useful to measure risk over time. Telematics let auto insurers such as Progressive and Metromile more accurately measure risk—and price accordingly. We need new “cyber-telematics” that allow underwriters to more accurately measure cyber risk. They provide risk insights about the insured, enabling the development of rich aggregate risk models. Cyber-telematics also helps underwriters develop risk models from the measurements correlated with cyber risk—and see the red herrings that aren’t. Cyber-telematics answers industry concerns noted in a March 2017 Property Casualty 360 article that “the insurance industry faces a rampant reporting bias that is hard to translate into policies.”

Without a thorough understanding of the profound risk being underwritten, losses are unpredictable—and potentially catastrophic. Insurers have long understood the impact of underestimating exposure aggregation with respect to natural disasters and other correlated losses like terrorism or asbestos claims. Of these, Towers Watson wrote, “The difference is that the terrorist attack is a single event and not a decades-long process, and the losses will be recognized and paid much more quickly.” The same, or worse, should be expected of large-scale single cyber events.

Technology is essential to collecting the data for, then understanding, mitigating and accurately modeling cyber risk.

Large enterprises have massive budgets, and most create a custom cybersecurity system using expensive experts and tools from multiple vendors. This has made it much harder to penetrate their defenses. As a result, hackers have moved down the food chain, making small and medium-sized businesses especially vulnerable. These businesses face the potential of a business-ending event in the face of a cyber attack.

Automation is the right answer when people and systems aren’t available or affordable. SMEs need automated cybersecurity to reduce risk and reduce cost. Current solutions are simply too expensive in terms of staffing and too complex in terms of tool integration. With automated cybersecurity, SMEs receive the benefit of robust machine learning coupled with economies of scale that take advantage of the cost efficiencies introduced by automation. For insurers, automation enables data gathering that informs robust risk management models, providing key insights to identify and mitigate loss potential.

See also: How to Eliminate Cybersecurity Clutter  

According to Hiscox data, 60% of smaller companies in the U.S. reported one attack or more in the last 12 months—and 72% of larger companies. In the U.S., the average estimated cost of an organization’s largest cyber incident was $35,967 for 99 or fewer employees and $102,314 for 1,000 or more employees. However, a November 2017 Property Casualty 360 article reports that “in the aftermath of an incident, SMBs spent an average of $879,582 due to damage or theft of IT assets; additionally, disruption to normal operations cost an average of $955,429.” This wide variance in the reported cost of cyber incidents reflects uncertainty among insurers.

The Hiscox report further observes, “While big firms incur the highest costs in nominal terms, the financial impact of cyberattacks is disproportionately high for the very smallest companies.” Because these “smallest companies” can least afford effective cybersecurity, they need automated solutions. Let the machines do the work.

Peace of Mind

Cyberinsurance complemented by automated cybersecurity is key to modern business—neither is sufficient on its own. SMEs are better protected with the complement of these tools. A simple metaphor is the modern automobile. Today’s cars don’t simply provide airbags to react to accidents, they include technologies to avoid accidents: anti-lock braking systems (ABS), blind spot monitoring, lane departure warnings and more. Modern cybersecurity and cyber insurance are similar complements: Airbags cushion the blow, much as a rapid response can limit the losses from a cyberattack, and automated cybersecurity monitors networks and protects SMEs, much as accident prevention systems protect drivers.

Modern technology demands the next evolution of cyber insurance and cybersecurity measures, similar to the evolution of fire insurance and car safety technology. Effective, automated cybersecurity technologies, coupled with comprehensive cyber insurance, are needed for real peace of mind against cyber attacks.​

In our last post, Insurance Nexus Global Trend Map #2: Insurtech Perspectives, we looked at carrier sentiment toward disruption both globally and in a range of local markets (Europe, North America and Asia-Pacific). We found significant, though not overwhelming, impacts reported from new market entrants, while at the same time acknowledging that psychology may play a substantial role in carriers' self-assessments. In this context, it will be interesting to see what sorts of priorities insurers are setting – whether their money is where their mouth is, so to speak. As part of our extensive Trend Map survey, we drew up a short list of 15 priority areas and asked our carrier respondents to rank them from a money, time, staff and training perspective (results below, both globally and segmented on three key regions). You can find a breakdown of our 1,000-plus survey respondents, details of our methodology and bios of our contributors by downloading the full Trend Map here. We allocated ranking points separately for money, time, staff and training (15 points for first, 14 points for second… one point for last). We then combined our four measures into one composite priority score'(meaning a top score of 60, representing four top ranks, and a bottom score of four, representing four bottom ranks). See also: 2017 Priorities for Innovation, Automation   Digital innovation tops the list internationally as well as in North America, Asia-Pacific and Europe. This result (digital innovation as respondents’ key priority, with customer-centricity not far behind) complements what we saw in our earlier post on industry challenges, where technological advancement and changing customer expectations' were perceived as the key external challenges in the industry. Digital innovation and customer-centricity also represent much of the ground fought on by insurtech – and upon which incumbents must fight, too. Investment management is the lowest-ranked priority across the board, most likely a reflection of enduring low interest rates.

"The highest single priority for insurers – Digital Innovation – is a direct reflection that this is the widest capability gap between insurers’ expertise and what are now marketing 'table stakes'. Time is not on the side of those who fail to close this gap." –Stephen Applebaum, Managing Partner at Insurance Solutions Group

Looking at specific technologies attracting buzz, Analytics emerges as top-three priority across the board, while Internet of Things (IoT) struggles to break into the top ten. This is not to deny the importance of IoT for the industry over the years to come, but it does suggest that there are more immediate gains to be realised on the analytics side; ultimately, these two technology areas complement each other perfectly. We further explore Analytics (including Artificial Intelligence!) and IoT in our Key Themes section, which you can access straight away by downloading the full Trend Map here. While Blockchain did not feature in this year's shortlist of insurer priorities, we do still cover it among our Key Themes, in our sub-section on Fraud. To deepen our comparison of the different regions in the table above (North America, Asia-Pacific and Europe), we also created a ‘medals table’ drawing attention to the differing levels of emphasis placed on our 15 priorities from one region to the next. For instance, Asia-Pacific achieved the highest priority score (60) for Digital Innovation and has therefore been credited with the Digital Innovation Medal on the medals table below ...

1. Analytics, Customer Centricity and Digital Innovation achieve similar scores across all our regions; Customer Centricity trails marginally in North America.
2. Noteworthy is the perfect score of 60 attained for Digital Innovation in Asia-Pacific, which indicates that this was the number-one priority here in all four measures underlying the priority score (money, time, staffing and training).
3. Underwriting and Risk Management both score considerably higher in North America than they do elsewhere – as we saw in the first table, Underwriting is 3rd in the list of priorities in North America, despite not getting above 7th place in any other regions.
4. There is a step-up in focus on Claims in Europe and North America compared to Asia-Pacific.
5. With Distribution, we have the exact inverse scenario, with Asia-Pacific leading the pack, possibly a reflection of the emerging markets within it necessitating high-scale low-cost distribution, which traditional models cannot provide.
6. Fraud is also a marginally higher priority in Asia-Pacific.
7. Europe and Asia-Pacific lead North America with their focus on Internet of Things.
8. Cybersecurity and Mobile achieve similar (lowish) scores for all regions; Product Development is relatively high across the board.
9. Regulation is the biggest deal in Europe, where respondents quoted in particular Solvency II and the Insurance Distribution Directive (IDD) as being causes for concern.

"Even though different markets seem to focus on a variety of distinct priorities, it’s clear many insurers place the customer at the heart of their strategies, whether through analytics, digital processes, mobile-first platforms or enhanced distribution capabilities. In each situation, technology is at the core of such digital innovation. Culture and mind-set may be the two elements that slow success." – Sabine VanderLinden, Managing Director at Startupbootcamp

Find out more about how our key priority areas vary by geography in our Regional Profiles, by downloading the full Trend Map here. Additional Insurer Priorities Survey respondents had the opportunity to provide any additional priorities they felt we had missed. Stand-out entries included:

• Upgrading legacy systems
• Business transformation
• Robotics
• Marketing strategy
• Blockchain

See also: Why Insurers Need to Transform   Certainly the top three of these we could categorize as staples of any digital transformation initiative. In our next post, Insurance Nexus Global Trend Map #4: Services, Investments & Job Roles, we take our exploration of insurer priorities one step further. And if you'd like to skip further ahead, you can download the full Trend Map free of charge whenever you like... Download your complimentary copy of the full Trend Map here.

One of Bitcoin’s greatest successes has been to show how a network of individuals can exchange value without the need for a central authority. When you consider the implications of projecting the same underlying technology, blockchain, onto the complex web of underwriters, insurers, MGAs, affiliates and brokers that make up the insurance industry, you start to see how disruptive it might be. As anyone who works in insurance knows, the industry is still awash with old technology and administrative tasks that weigh heavily on operational costs and ultimately lead to higher prices for consumers. This is what occurs across established, profitable markets, while the uptake of insurance in potentially massive emerging markets remains stubbornly low. My own experience of the insurance industry tells me that blockchain could be truly transformational in reducing the costs associated with issuing policies and managing claims. However, to truly take advantage of this innovation, insurance companies need to stop standing around the sides, thinking about dipping their toes in the blockchain water. They need to jump in before they’re crowded out. The fundamentals of blockchain To really understand how blockchain might transform insurance, it’s worth briefly summarizing some of the key characteristics of the technology. Blockchain technology is more correctly referred to as distributed ledger technology and can include a number of blockchain protocols, with some of the best-known being Bitcoin, Ethereum and Ripple. At its heart, blockchain removes the need for a centralized authority that controls information and validates exchanges of value between different parties. In the decentralized model of the blockchain, the entire ledger of records and transactions is stored on each of the nodes in the network for every participant to see. See also: Blockchain: What’s the Real Story?   Crucially for the world of insurance, blockchain technology could allow any type of asset to be tracked and traded digitally, with information about the provenance, identification, credentials and rights all stored securely and transparently. Some well known examples of the blockchain being used to track assets in complex supply chains are logistics giant Maersk’s tracking of global shipping cargo and EverLedger’s tracking of diamonds. While these aren’t insurance products, these blockchain powered solutions will clearly have a significant effect on the industry. The claims opportunity When you consider the characteristics of the blockchain in the area of claims, the far reaching effect of this innovation start to become clear. An important element of blockchain technology that is worth mentioning here is smart contracts. These are lines of code that contain rules and regulations for actions that need to be taken in the event of certain things occurring, as well as the mechanism for executing these actions. In essence, they are digital contracts that are unambiguous in their design and don’t need any human administrator to action. Therefore, instead of waiting days or weeks to settle a claim, the introduction of smart contracts could mean that claims are settled instantaneously and without the need for transmitting paper documents. Our own work with a major global insurer showed what improvements can be made. The personal injury insurance app we collaborated on allowed someone to buy an insurance policy and have it issued on the blockchain. If the person was injured, they could go to a validated doctor, be treated and have the claim managed in real time, rather than sending photocopied documents and waiting 12 weeks for an answer. We’re seeing smart contracts pop up in other areas of insurance too, including the decentralized applications built by Etherisc. These smart contracts execute payouts when certain parameters are hit, such as when a flight is delayed. The idea of tracking systems and sensors brings us onto a parallel technology that is linked to blockchain disruption in insurance, the Internet of Things (IoT). IoT plus Blockchain will change insurance IoT will play an important role in the future of insurance because of the important role that ‘things’ play in insurance. When you think how many insurance products can be categorised under the headings of protection for ‘things’ and protection for ‘people’, the significance of IoT becomes clear. As more and more consumer products become connected products, the potential repercussions for insurance are huge and probably go some way towards explaining why Amazon is starting to push into the European insurance markets. Looking forward just a few years, a world where the vast majority of consumer devices are connected to the internet and capable of sending data to providers that offer a sufficiently tempting service is a recipe for disruption in the insurance market. However, as well as providing a sufficiently desirable service to convince users to hand over their data, providers will need to consider the implications of how this data is used to make better decisions. This is where blockchain becomes such a fundamental foundation technology. The blockchain protocol is already proving how, through a range of cryptocurrency and early smart contract applications, it is capable of handling the complex interplay of multiple data sources to automate decision making. If you compare this imagined future of real time data from a range of devices feeding into complex smart contracts that action instantaneous decisions based on this information and compare it to the slow, paper-based process of human interactions that exist in most insurance businesses now, the opportunity for disruption is brought into sharp relief. This is why it’s so important for insurance businesses to start experimenting with the blockchain as soon as possible, so they can see how it could impact their business. If they don’t, they risk extinction. If they do, they will quickly see operational efficiencies as well as long term opportunities to develop new innovative products. Blockchain-powered onboarding It is worth remembering that, in itself, the blockchain is not a particularly tempting consumer proposition. The lack of a shiney consumer blockchain brand is often one of the reasons sceptics point to in dismissing the suggestion that it will transform all industries. However, much like cloud computing before it, this foundation technology will open up huge cost efficiencies in existing business models as well as entirely new business models. It is the organisations that can understand and utilise it properly in order to overlay customer-centric services on top that will win. After all, consumers aren’t generally interested in the tech stack behind the product they buy. They are interested if that tech stacks makes a product cheaper or more personalised to their needs. Microinsurance that is highly personalised to the needs of individuals but still cheap to administer is entirely possible in a world of IoT devices and smart contracts. Personalisation within insurance is sometimes seen as a bad thing, with the secure, healthy or young getting the best deals and the vulnerable, unhealthy and old missing out. Certainly the question of societal good will not go away in insurance but blockchain provides a potential solution here too because of its transparent features. The shared ledger means that individuals can securely store their data on the blockchain and control who can access it and for what purpose. Our own experience in this area came in the related field of finance, with a Know Your Customer (KYC) process we developed for a consortium of major financial institutions including HSBC, MUFG and OCBC. See also: Blockchain: Basis for Tomorrow   The shared ledger application that was developed leveraged the Ethereum blockchain to help banks reduce the time and cost of onboarding customers, share customer data in a secure manner and facilitate ease of customer data management. Once onboarded, an individual’s customer profile was encrypted and stored on the blockchain. Then, because of the proprietary multi-party key encryption protocol that was used, the data could also be shared with other banks if the customer chose to do so. As a result, the solution not only eliminated the duplication of work that came from each bank having its own KYC process but also reduced the human error that was inherent in all these processes. Test your hypothesis now In my opinion, there’s little doubt that the blockchain will disrupt the insurance industry. The fact that data, contracts and ‘things’ (which will become ever more connected) play such an important part in insurance products means there’s almost no chance that it won’t. The reliance on legacy technology and administrative tasks completed by humans only increase this likelihood. With this in mind, my advice to businesses is to stop prevaricating when it comes to blockchain. The exact future of a blockchain powered insurance industry may not be crystal clear yet but the wide brushstrokes that define this future state are being made. Businesses that do not make their own mark soon could find themselves squeezed into a corner or excluded from the picture entirely. Insurance companies should be getting their hands dirty with blockchain as soon as possible. Test a hypothesis that connects your business objectives to the benefits of blockchain. In the first place, this doesn’t have to be (and probably shouldn’t be) a grand scheme based on an imagined future of personalised microinsurance built on smart contracts making automated decisions using multiple feeds from a series of connected devices. Think of a quick win related to a key business goal that blockchain could potentially solve and which could provide measurable benefits that your colleagues understand. I imagine smart contracts might be a good place to start. By testing and learning you’ll start to build a familiarity with the technology that will bring about a clearer understanding of how it might be used to solve more operational issues, create innovative new products and protect your business from industry disruption.