Tag Archives: deloitte

Era of Insurance Innovation Is Upon Us

It’s a remarkable time in the insurance industry. Looking around at other major industries — retail, banking, manufacturing — it’s easy to see the changes that disruptors and technology have brought about. Yet in many ways it hasn’t hit home for insurance carriers. The same established players dominate at the top, and thousands of smaller firms maintain loyal clients throughout the insurance ecosystem.

“Get ready for change,” is a message that has been ringing out in the insurance market for a decade but finally seems to be getting through. Everyone from global consultancies to insurance leaders is predicting that, in the next five years, major insurance companies could fall, existing ways of doing business will become obsolete and disruptors big and small — from insurtech startups to Silicon Valley giants — will punish those clinging to the status quo.

Here’s an illustrative example from PwC of how demand is outpacing market offerings: Among millennial small business owners, 75% would prefer purchasing commercial insurance online, yet only about 1% of policies are sold without any intermediaries. Other market segments are further ahead: 30% of personal auto policies are sold without intermediaries, for example.

See also: Are You Tapping Your Innovation Energy?  

It’s clear where carriers and the third-party administrators (TPAs) that serve them need to be moving. Now it’s just a question of how they get there, and specifically how to keep their legacy systems while operating with the efficiency and agility needed in today’s market. One way to do this is collaboration, by viewing tech-savvy innovators as potential partners in the race to gear up for the digital age.

This is true across the value chain, from sales to risk management to claims intake and distribution. Carriers and TPAs are searching for solutions. And there are clear signs that the do-it-yourself mentality is giving way to a culture of collaboration. Capgemini found in 2017 that 53% of insurance executives around the world prefer partnering with insurtech firms to leverage digital technologies, as opposed to 36% who favor in-house development.

These partners can increase agility and configurability everywhere from front-end services like applications and renewals to back-end services like claims processing. And because the technology has already been developed — and often has the support of a team of digital natives — set-up time is quick and requires minimal changes to the carrier’s infrastructure.

Projected spending on artificial intelligence solutions among insurance companies illustrates the broad application of new technology. Deloitte predicts that insurers will increase their spending on AI by 48% in the next five years, boosting automation in everything from claims processing to fraud investigation, program advising and threat prevention.

A new report by NetClaim spotlights what this shift means for claims intake and dissemination. At the moment, most insurers and TPAs continue to handle these functions in-house, but that looks likely to change soon. About a quarter of carriers and TPAs already outsource their intake and dissemination needs to vendors, and about a quarter said they are looking to shift from in-house to outsourcing.

One of the drivers of this change is cost: Vendors have the expertise and economies of scale to do the job cheaper than it could be done in-house. But the days are gone when call centers could bring in business simply by being the cheapest option.

See also: Innovation — or Just Innovative Thinking?  

According to the NetClaim survey, almost as many carriers believe innovation is being driven by need for better quality control and fraud detection (64% of respondents) as efficiency and reduced prices (68%). Also, carriers and TPAs agreed on the need for innovation in the claims intake and distribution process. About 80% of carriers and 94% of TPAs saw a need for innovation in these functions. What carriers and TPAs need most are partners that can keep their organizations moving and adapting as quickly as the rapidly changing market evolves. Nimble vendors specializing in intake and built for change offer one way that organizations can add deeper innovation and better solutions than keeping those functions in-house.

Insurtech Ecosystem: Who Will Eat Whom?

At InsureTech Connect, there were a lot of innovative approaches and capabilities on display. But the term “bubble” could be heard on many attendees’ lips, especially those who’d watched the event double in size each year.

In related news, Deloitte put out a report showing that although the flood of insurtech funding continues, funding for new companies is way down. What’s happening? Well, at the end of the day, “insurtech” means selling insurance to someone or selling something to an insurance company. Both of these things are really, really hard and take a really, really long time, no matter how cool your tech is.

Over the past three years, there’s been a lot of news about big funding rounds, but not a lot of news about big exits. Most of the exits we have seen are driven by an incumbent insurer deciding that an acquisition is the best way to incorporate some new capability into its own offerings, or add a cool founder group to their team.

Now it seems that most insurtech investors are using their capital to try to ensure their puppies stay healthy long enough to get taken home by a wide-eyed insurer or tech vendor.

See also: How to Partner With Insurtechs  

During the first fintech boom in the ‘90s, there was a lot of talk about nimble little mammals eating the dinosaurs who refuse to evolve. It was true that the dinosaurs needed to evolve. But they mostly did it by eating the mammals.

For insurers, the insurtech bubble is a great thing. Venture capitalists are funding the R&D that insurers have refused to fund themselves. There’s a lot of great learning to be had for free, and insurers should pay close attention. When the bubble pops, there will be a handful of new participants in the insurance ecosystem, and a whole bunch of nutritious mammal carcasses lying around.

Where Are Driverless Cars Taking Industry?

While more than half of individuals surveyed by Pew Research express worry over the trend toward autonomous vehicles, and only 11% are very enthusiastic about a future of self-driving cars, lack of positive consumer sentiment hasn’t stopped several industries from steering into the auto pilot lane. The general sentiment of proponents, such as Tesla and Volvo, is that consumers will flock toward driverless transportation once they understand the associated safety and time-saving benefits.

Because of the self-driving trend, KPMG currently predicts that the auto insurance market will shrink 60% by the year 2050 and an additional 10% over the following decade. What this means for P&C insurers is change in the years ahead. A decline in individual drivers would directly correlate to a reduction in demand for the industry’s largest segment of coverage.

How insurers survive will depend on several factors, including steps they take now to meet consumer expectations and needs.

The Rise of Autonomous Vehicles

Google’s Lexus RX450h SUV, as well as 34 other prototype vehicles, had driven more than 2.3 million autonomous miles as of November 2016, the last time the company published its once monthly report on the activity of its driverless car program. Based on this success and others from companies such as Tesla, public transportation now seems poised to jump into the autonomous lane.

Waymo — the Google self-driving car project — recently announced a partnership with Valley Metro to help residents in Phoenix, AZ, connect more efficiently to existing light rail, trains and buses by providing driverless rides to stations. This follows closely on the heels of another Waymo pilot program that put self-driving trucks on Atlanta area streets to transport goods to Google’s data centers.

In the world of personal driving, Tesla’s Auto Pilot system was one of the first to take over navigational functions, though it still required drivers to have a hand on the wheel. In 2017, Cadillac released the first truly hands-free automobile with its Super Cruise-enabled CT6, allowing drivers to drive without touching the wheel for as long as they traveled in their selected lane.

Cadillac’s level two system of semiautonomous driving is expected to be quickly upstaged by Audi’s A8. Equipped with Traffic Jam Pilot, the system allows drivers to take hands off the vehicle and eyes off the road as long as the car is on a limited-access divided highway with a vehicle directly in front of it. While in Traffic Jam mode, drivers will be free to engage with the vehicle’s entertainment system, view text messages or even look at a passenger in the seat next to them, as long as they remain in the driver’s seat with body facing forward.

While the Cadillacs were originally set to roll off the assembly line and onto dealer lots as early as spring of 2018, lack of consumer training as well as federal regulations have encouraged the auto manufacturer to delay release in the U.S.

Meanwhile, Volvo has met with similar constraints as it navigates toward releasing fully autonomous vehicles to 100 people by 2021. The manufacturer is now taking a more measured approach, one that includes training for drivers starting with level-two semi-autonomous assistance systems before eventually scaling up to fully autonomous vehicles.

“On the journey, some of the questions that we thought were really difficult to answer have been answered much faster than we expected. And in some areas, we are finding that there were more issues to dig into and solve than we expected,” said Marcus Rothoff, Volvo’s autonomous driving program director, in a statement to Automotive News Europe.

Despite the roadblocks, auto makers’ enthusiasm for the fully autonomous movement hasn’t waned. Tesla’s Elon Musk touts safer, more secure roadways when cars are in control, a vision that is being embraced by others in high positions, such as Elaine Chao, U.S. Secretary of Transportation.

“Automated or self-driving vehicles are about to change the way we travel and connect with one another,” Chao said to participants of the Detroit Auto Show in January 2018. “This technology has tremendous potential to enhance safety.”

See also: The Evolution in Self-Driving Vehicles  

We’ve already seen what sensors can do to promote safer driving. In a recent study conducted by the International Institute for Highway Safety, rear parking sensors bundled with automatic braking systems and rearview cameras were responsible for a 75% reduction in backing up crashes.

According to Tesla’s website, all of its Model S and Model X cars are equipped with 12 ultrasonic sensors capable of detecting both hard and soft objects, as well as with cameras and radar that send feedback to the car.

Caution, Autonomous Adoption Ahead

The road to fully autonomous vehicles is expected to be taken in a series of increasing steps. We have largely entered the first phase, where drivers are still in charge, aided by various safety systems that intervene in the case of driver error.

As we move closer to full autonomy, drivers will assume less control of the vehicle and begin acting as a failsafe for errant systems or by taking over under conditions where the system is not designed to navigate. We currently see this level of autonomous driving with Audi Traffic Jam Pilot, where drivers are prompted to take control if the vehicle departs from the pre-established roadway parameters.

In the final phase of autonomous driving, the driver is removed from controlling the vehicle and is absolved of roadway responsibility, putting all trust and control in the vehicle. KPMG predicts wide-scale adoption of this level of autonomous driving to begin taking place in 2025, as drivers realize the time-saving and safety benefits of self-driving vehicles. During this time frame, all new vehicles will be fully self-driving, and older cars will be retrofitted to conform to a road system of autonomous vehicles.

Past the advent of the autonomous trend in 2025, self-driving cars will become the norm, with information flowing between vehicles and across a network of related infrastructure sensors. KPMG expects full adoption of the autonomous trend by the year 2035, five years earlier than it first reported in 2015.

Despite straightforward predictions like these, it’s likely that drivers will adopt self-driving cars at varying rates, with some geographies moving faster toward driverless roadways than others. There will be points in the future where a major metropolis may have moved fully to a self-driving norm, mandating that drivers either purchase and use fully autonomous vehicles or adopt autonomous public transportation, while outlying areas will still be in a phase where traditional vehicles dominate or are in the process of being retrofitted.

“The point at which we see autonomy appear will not be the point at which there is a massive societal impact on people,” said Elon Musk, Tesla CEO, at the World Government Summit in Dubai in 2017. “Because it will take a lot of time to make enough autonomous vehicles to disrupt, so that disruption will take place over about 20 years.”

Will Self-Driving Cars Force a Decline in Traditional Auto Coverage?

At present, data from the National Highway Traffic Safety Administration indicates that 94% of automobile accidents are the result of human error. Taking humans largely out of the equation makes many autonomous vehicle proponents predict safer roadways in our future, but it also raises an interesting question. Who is at fault when a vehicle driving in autonomous mode is involved in a crash?

Many experts agree that accident liability will be taken away from the driver and put into the hands of the automobile manufacturers. In fact, precedents are already being set. In 2015, Volvo announced plans to accept fault when one of its autonomous cars is involved in an accident.

“It is really not that strange,” Anders Karrberg, vice president of government affairs at Volvo, told a House subcommittee recently. “Carmakers should take liability for any system in the car. So we have declared that if there is a malfunction to the [autonomous driving] system when operating autonomously, we would take the product liability.”

In the future, as automobile manufacturers take on liability for vehicle accidents, consumers may see a chance to save on their auto premiums by only carrying state-mandated minimums. Some states may even be inclined to repeal laws requiring drivers to carry traditional liability coverage on self-driving vehicles or substantially alter the coverage an individual must secure.

Despite the forward thinking of manufacturers such as Volvo, for the present, accident liability for autonomous cars is still a gray area. Following the death of a pedestrian hit by an Uber vehicle operating in self-driving mode in Arizona, questions were raised over liability.

Bryant Walker Smith, a law professor at the University of South Carolina with expertise in self-driving cars, indicated that most states require drivers to exercise care to avoid pedestrians on roadways, laying liability at the feet of the driver. But in the case of a car operating in self-driving mode, determining liability could hinge on whether there was a design defect in the autonomous system. In this case, both the auto and self-driving system manufacturers and even the software developers could be on the hook for damages, particularly in the event a lawsuit is filed.

Finding Opportunity in the Self-Driving Trend

Accenture, in conjunction with Stevens Institute of Technology, predicts that 23 million self-driving vehicles will be coursing across U.S. highways by 2035.

As a result, insurers could realize an $81 billion opportunity as autonomous vehicles open new areas of coverage in hardware and software liability, cybersecurity and public infrastructure insurance by 2025, the same year that KPMG predicts the autonomous trend will begin to rapidly accelerate. Simultaneously, Accenture predicts that personal auto premiums, which will begin falling in 2024, will hit a steeper decline before leveling out around 2050 at an all-time low.

Most of the personal premium decline is due to an assumption that the majority of self-driving cars will not be owned by individuals, but by original equipment manufacturers, OTT players and other service providers such as ride-sharing companies. It may seem like a logical conclusion if America’s love affair with the automobile wasn’t so well-defined.

Following falling gas prices in 2016, Americans logged a record-breaking 3.22 trillion miles behind the wheel. Even millennials, the age group once assumed to have given up on driving, are showing increased interest in piloting their own vehicles as the economy improves. According to the National Household Travel Survey conducted by the Federal Highway Administration, millennials increased their average number of miles driven 20% from 2009 to 2017.

Despite falling new car sales, the University of Michigan Transportation Research Institute shows that car ownership is actually on the rise. Eighteen percent of Americans purchase a new car every two to three years, while the majority (39%) make a new car bargain every four to six years.

Americans have many reasons for loving their vehicles. Forty percent say it’s because they enjoy driving and being in their cars, according to a survey conducted by Cars.com.

ReportLinker reveals that 83% of people drive daily and that half are passionate about the behind-the-wheel experience of taking on the open road. Another survey conducted by Gold Eagle determined that people even have dream cars, vehicles that they feel convey a sporty, luxurious or efficient image.

Ownership of autonomous vehicles would bring at least some liability back to the owner-occupant. For instance, owing to security concerns, all sensing and decision-making hardware related to the Audi Traffic Jam Pilot system is held onboard. With no over-air connections, software updates must be made manually through a dealer.

In situations like these, what happens if an autonomous vehicle crash is tied to the driver’s failure to ensure that software was promptly updated? Auto maintenance will also take on a new level of importance as sensitive self-driving systems will need to be maintained and adjusted to ensure proper performance. If an accident occurs due to improper vehicle maintenance, once again, the owner could be held liable.

As the U.S. moves toward autonomous car adoption, one thing becomes clear. Insurers will need to expand their product lines to include both commercial and personal lines of coverage if they are going to take part in the multibillion-dollar opportunity.

Preparing for the Autonomous Future of Insurance

Because the autonomous trend will be adopted at an uneven pace depending upon geography, socioeconomic conditions and even age groups, Deloitte predicts that the insurers that will thrive through the autonomous disruption are those with a “flexible business model and diverse product mix.”

To meet consumer expectations and maintain a critical focus on customer acquisition and retention, insurers will need a multitude of products designed to protect drivers across the autonomous adoption cycle, as well as new products designed to cover the shift of liability from driver to vehicle. Even traditional auto policies designed to protect car owners from liability will need to be redefined to cover autonomous parameters.

Currently, only 25% of companies have a business model that is easily adaptable to rapid change, such as the autonomous trend. In insurance, this lack of readiness is all the more crucial, considering the digital transformation already underway across the industry.

According to PwC, 85% of insurance CEOs are concerned about the speed of technological change. Worries over how to handle legacy systems in the face of digital adoption, as well as the need to accelerate automation and prepare for the next wave of transitions, such as autonomous vehicles, are behind these concerns.

As insurers look toward the complicated future of insuring a society of self-driving automobiles, we believe that focusing on four main areas will prepare them to respond to the autonomous trend with greater speed and agility.

Make better use of data

Consumers are looking for insurers to partner on risk mitigation. To meet these expectations, insurers will need to start making better use of data stores, as well as third-party sources, to help customers identify and reduce threats to life and property. Sixty-four percent want their insurer to provide real-time notifications about roadway safety, while, on the home front, 68% would like to receive mobile alerts on the potential of fire, smoke or carbon dioxide hazards.

“Technology is changing the insurer’s role to one of a partner who can address the customer’s real goals – well beyond traditional insurance,” said Cindy De Armond, managing director, Accenture P&C core platforms lead for North America, in a blog.

Armond believes that as insurers focus more on the customer’s prevention and recovery needs, they can become the everyday insurer, integrated into the lives of their customers rather than acting only as a crisis partner. This type of relationship makes insurer-insured relationships more certain and extends longevity.

For insurers and their insureds, the future is likely to be more about predicting and mitigating risk than about handling claims, so improving data capture and analytics capabilities is essential to agile operations that can easily adapt to new trends.

See also: Autonomous Vehicles: ‘The Trolley Problem’  

Focus on digital

Consumers want to engage with their insurer in the moment. Whether that means shopping online for coverage while watching a child’s soccer game or making a phone call to ask questions about a policy, they expect to be able to engage on their time and through their channel of choice. Insurers that develop fluid omni-channel engagement now are future-proofing their operations, preparing to survive the evolution to self-driving, when the reams of data gathered from autonomous vehicles can be used to enable on-demand auto coverage.

Vehicle occupants will one day purchase coverage on the fly, depending on the roadway conditions they encounter and whether they are traveling in autonomous mode. Forrester analyst Ellen Carney sees a fluid orchestration of data and digital technologies combining to deliver this type of experience, putting much of the power in the hands of the customer.

“On your way home, you’re going to get a quote for auto insurance,” she says. “And because your driving data could basically now be portable, you could do a reverse auction and say, ‘Okay, insurance companies, how much do you want to bid for my drive home?’”

To facilitate the speed and immediacy required for these transactions, insurers will need to digitally quote, bind and issue coverage.

Seek automation

In the U.K., accident liability clearly shifts from the driver to the vehicle for level four and five autonomous automobiles. As driverless vehicles become the norm, the U.S. is likely to adopt similar legislation, requiring a fundamental shift in how risk is assessed and insurance policies are underwritten. Instead of assessing a policy on the driver’s claims history and age, insurers will need to rate risk by variables related to the software that runs the vehicle and how likely owners are to maintain autonomous cars and sensitive self-driving systems.

The more complicated underwriting becomes, the more important automation in underwriting will be. Consumers who can get into a car that drives itself will have little patience for insurers that require extensive manual work to assess their risk and return bound policy documents. Even businesses will come to expect a much faster turnaround on policies related to self-driving vehicles despite the complexity of the various coverages that will be required. In addition, on-demand coverage will require automated underwriting to respond to customer requests.

According to Lexis Nexis, only 20% of commercial carriers have automated the quoting process, and less than half are investing in underwriting automation.

Invest in platform ecosystems

McKinsey defines a platform business model as one that allows multiple participants to “connect, interact and create and exchange value,” while an ecosystem is a set of connected services that fulfill multiple needs of the user in “one integrated experience.” By definition, an insurance platform ecosystem in the age of autonomous vehicles would be a place where consumers and businesses could research and purchase the coverage they need while also picking up related ancillary services, such as apps or entertainment to make the autonomous ride more enjoyable.

Consumers are in search of ecosystem values today. According to Bain’s customer behavior and loyalty study, consumers are willing to pay higher premiums to insurers that offer ancillary services, such as home security monitoring or an automotive services app, and they are even willing to switch insurers to get time-saving benefits like these.

More important to insurers is the ability to partner with other carriers on coverage. Using a commission-based system, insurers offer policies from other carriers to consumers when they don’t have an appetite for the risk or don’t offer the coverage in house. This arrangement allows an insurer to maintain a customer relationship, while providing for their needs and price points.

See also: Autonomous Vehicles: Truly Imminent?  

As the autonomous trend reaches fruition, insurers will need to have access to a wide range of coverage types to meet consumer and business needs, and not all carriers will be able or want to create the new products.

Extreme Customer Focus Prepares for the Future

Insurers can prepare for autonomous vehicle adoption by establishing an extreme customer focus, dedicated to establishing enduring loyalty as insurance needs change. Loyal customers spend 67% more over three years than new ones. As the insurance marketplace opens up to the sale of ancillary services, gaining wallet share from loyal consumers will certainly help to boost revenues as demand for traditional products decline, but to stay competitive, insurers will need a broader mix of coverage types.

While current coverages have remained largely unchanged over the decades, the coming years will see an industry in flux as insurers phase out outmoded types of coverage while phasing in new products and services. In this environment, the platform ecosystems may be the most critical aspect of bridging the gaps.

Today, they allow insurers to fulfill the needs of price-sensitive consumers while also meeting the evolving needs of their customers. Tomorrow, platform ecosystems will provide the “flexible business model and diverse product mix” that Deloitte says will be critical to success for insurers in the autonomous age of driving.

How Sharing Economy Is Reshaping Insurance

The sharing economy is an economic system based on the use of technology to share assets or services between parties (individuals or organizations). Participants in the sharing economy use it because it can provide a more flexible and affordable option than some other economic systems. In this way, the sharing economy makes goods and services available to those who would not otherwise be able to access them. Much has been discussed about how the fast-growing web of consumer-to-consumer transactions that is the largest component of the sharing economy presents new opportunities for the insurance industry. The consensus view among insurers is that this potential market is large, growing quickly and under-developed yet tricky to insure with traditional products as it blurs the boundaries between personal and commercial lines. In April 2018, Lloyd’s published Sharing risks, sharing rewards: Who should bear the risk in the sharing economy? The report contained the following key findings:

  • Consumers in the sharing economy expect to be protected from the risks of transacting
  • Consumers and sharing platforms have opposing views on who bears responsibility for this protection
  • There is a significant untapped market of potential sharers who would be more willing to participate if protected by insurance

Maturer platforms in the sharing economy have established risk management programs and are working in partnership with the insurance industry to develop them further. For the many smaller platforms that make up the vast majority of platforms by number, risk management is at an earlier stage of development. The insurance industry has an important role to play in supporting platforms of all stages of maturity. This study aims to promote dialogue between platforms and insurers and, building on the previous report, has systematically analyzed the sharing economy to understand where insurance can support the growth of the sharing economy while also broadening the geographic scope of research.

This study, carried out by Lloyd’s, the world’s specialist insurance and reinsurance market, and Deloitte scanned the sharing economy for emerging insurance models, conducted a broad review of business and academic literature, surveyed 8,527 consumers across the U.S., China, Germany, France, the U.K. and the UAE, interviewed more than 20 subject matter experts, conducted a platform-only online questionnaire and held two workshops with representatives from sharing economy platforms, innovation experts and insurance practitioners.

See also: The Need for Agile, Collaborative Leaders  

The consumer survey data in this report is not an extension of Lloyd’s previous report as the sample, time period and questions were different.

The objective of this report is twofold:

  • To provide sharing economy platforms with an overview of key risks and the insurance solutions available to mitigate them.
  • To help the insurance market further understand how this sector of the economy needs new insurance products and where the most compelling opportunities for product development are located.

In summary, this research found:

  • Sharing is widespread: Approximately 500 million people across the U.S., China, Germany, France, the U.K. and the UAE have shared assets/possessions or services in the past three years to earn a profit; more than 680 million in these markets consumed them in the same period.
  • Currently, a number of platforms have mechanisms to protect users, ranging from transaction-embedded insurance to guarantee schemes. For users, the protection afforded by a platform is a key consideration in addition to the earning potential on offer.
  • Our market scanning indicates that an increasing number of sharing economy platforms provide insurance to their users that is automatically embedded within each transaction, with 57% of adults who have sold services or lent products in the sharing economy in the past three years being insured by transaction-embedded or personally owned cover.
  • Of those selling services and sharing assets, 37% of home sharers took out or upgraded a buildings or contents policy prior to sharing, and 49% of ride sharers took out a new motor policy or upgraded an existing one. Among delivery drivers, the figure is 37%, and 20% of freelancers took out or upgraded liability insurance before providing their services.
  • In addition, our analysis of the consumer survey identified pockets of high demand for insurance among four specific consumer segments. These groups represent product development opportunities for insurers, brokers and other service providers.
  • This study has identified numerous emerging models of sharing economy insurance; some combine elements of well-established commercial and retail covers in a static policy, and others provide more dynamic cover that fluctuates more in line with underlying risks.
  • Partnerships with sharing economy platforms form a key distribution channel. In addition to offering an opportunity to reduce customer friction in the insurance purchase process by embedding it within transactions, distribution via platforms offers greater potential for customer access, risk selection and pricing power than distribution via the open market.
  • Insurtechs are at the forefront of innovating sharing economy products and services and to date have focused on customer-facing links in the value chain.

You can find the full report here.

This article was written by Nigel Walsh and Peter Evans.

Now Is the Time for Cyber to Take Off

Uncertainty about several key variables appears to be causing U.S. businesses and insurance companies to move cautiously into the much-heralded, though still nascent, market for cyber liability policies.

Insurers continue to be reluctant to make policies more broadly available. The big excuse: Industry officials contend there is a relative lack of historical data around cyber incidents, and they bemoan the constantly evolving nature of cyber threats.

This assessment comes in a report from the Deloitte Center for Financial Services titled: Demystifying Cyber Insurance Coverage: Clearing Obstacles in a Problematic but Promising Growth Market

“Insurers don’t have sufficient data to write coverage extensively with confidence,” says Sam Friedman, insurance research leader at Deloitte.

But the train is about to leave the station, and some of the stalwarts who shaped the insurance business into the ultra conservative (read: resistant to change) sector it has become could very well be left standing at the station.

Consider that regulations imposing tighter data handling and privacy protection requirements are coming in waves. Just peek at the New York Department of Financial Services’ newly minted cybersecurity requirements or Europe’s recently revamped General Data Protection Regulation.

With cyber threats on a steadily intensifying curve, other jurisdictions are sure to jump on the regulation bandwagon, which means the impetus to make cyber liability coverage a standard part of everyday business operations will only increase.

Meanwhile, cybersecurity entrepreneurs, backed by savvy venture capitalists, are moving aggressively to eliminate the weak excuse that there isn’t enough data available to triangulate complex cyber risks. In fact, the opposite is true.

Modern-day security systems, such as anti-virus suites, firewalls, intrusion detection systems, malware sandboxes and SIEMS, generate mountains of data about the security health of business networks. And the threat intelligence systems designed to translate this data into useful operational intelligence is getting more sophisticated all the time.

See also: Why Buy Cyber and Privacy Liability. . .  

And while large enterprises tend to have the latest and greatest of everything, in house, even small and medium-size businesses can access cutting-edge security systems through managed security services providers.

Meanwhile, big investments bets are being made in a race to be the first ones to figure out how to direct threat intelligence technologies to the task of deriving the cyber risk actuarial tables that will permit underwriters and insurers to sleep well at night. One cybersecurity vendor to watch in this arena is Tel Aviv, Israel-based InnoSec.

“Cyber insurance policies are being given out using primitive means, and there’s no differentiation between policies,” observes InnoSec CEO Ariel Evans. “It’s completely noncompetitive and solely aimed right now at the Fortune 2000. Once regulation catches up with this, cyber insurance is going to be required. This is around the corner.”

InnoSec was busy developing systems to assess the compliance status and overall network health of companies involved in merger and acquisition deals. It now has shifted to seeking ways to apply those network assessment approaches to the emerging cyber insurance market.

At the moment, according to Deloitte’s report, that market is tepid, at best. While some have predicted U.S. cyber insurance sales will double and even triple over the next few years to reach $20 billion by 2025, cyber policies currently generate only between $1.5 billion and $3 billion in annual premiums.

Those with coverage in minority

As of last October, just 29% of U.S. business had purchased cyber insurance coverage despite the rising profile of cyber risk, according to the Deloitte report. Such policies typically cover first- and third-party claims related to damages caused by a breach of personally identifiable information or some derivative, says Adam Thomas, co-author of the Deloitte report and a principal at the firm. In some cases, such policies also might cover business disruption associated with a cyber incident.

The insurance industry contends it needs more businesses to buy higher-end, standalone cyber insurance policies, until enough claims data can be collected to build reliable models, much as was done with the development of auto, life and natural disaster policies.

But businesses, in turn, aren’t buying cyber policies in enough numbers because insurers are adding restrictions to coverage and putting fairly low limits on policies to keep exposure under control. “It is a vicious cycle,” Friedman says.

“Insurers recognize that there is a growth opportunity, and they don’t want to be left out of it,” he says. “On the other hand, they don’t want to take more risk than they can swallow.”

While the insurance industry gazes at its navel, industry analysts and cybersecurity experts say the big challenge—and opportunity—is for underwriters and insurers to figure how to offer all businesses, especially small- and medium-size companies, more granular kinds of cyber policies that actually account for risk and provide value to the paying customers.

“What they’re doing now is what I call the neighbor method,” InnoSec’s Evans says. “You’re a bank, so I’ll offer you a $100 million policy for $10 million. The next guy, he’s a bank, so I’m going to offer him a $100 million policy for $10 million. It has nothing to do with risk. The only place this is done is with cyber.”

Talk in same terms

This is due, in part, to a lack of standard terminology used to describe cyber insurance-related matters, says Chip Block, vice president of Evolver, a company that provides IT services to the federal government. The SANS Institute, a well-respected cybersecurity think tank and training center, last year put out a report that drills down on the terminology conundrum, including recommendations on how to resolve it, titled Bridging the Insurance/Infosec Gap.

And the policies themselves have been another factor. “If you compare car insurance from Allstate and Geico, a majority of the policies are relatively the same,” Block says. “We haven’t gotten to that point in cyber. If you go from one underwriter to another, there is no common understanding of the terminology.”

Understandably, this has made it hard for the buyer to compare policies or to determine the relative merits of one policy over the other. Block agrees that cyber policies today generally do not differentiate based on risk profile—so a company that practices good cyber hygiene is likely to see no difference in premiums as compared with one that doesn’t.

See also: How Data Breaches Affect More Than Cyberliability  

Industry must get moving

InnoSec’s Evans argues that even though cybersecurity is complex, the technology, as well as best practices policies and procedures, are readily available to solve the baseline challenges. What is lacking is initiative on the part of the insurance industry to bring these components to bear on the emerging market.

“This is absolutely possible to do,” she says. “We understand how to do it.”

Putting technological solutions aside, there is an even more obvious path to take, Friedman argues. Resolve the terminology confusion and there is little stopping underwriters and insurers from crafting and marketing cyber policies based on meeting certain levels of network security best practices standards, Friedman says.

“You look at an organization’s ability to be secure, their ability to detect intrusions, how quickly they can react and how much they can limit their damage,” he says. “In fact, insurers should go beyond just offering a risk-transfer mechanism and be more aggressive in helping customers assess risk and their ability to manage and prevent.”

Thomas pointed to how an insurance company writing a property policy for a commercial building might send an engineering team to inspect the building and make safety recommendations. The same approach needs to be taken for cyber insurance, he says.

“The goal is to make the insured a better risk for me,” he says.