Tag Archives: IoE

Where Will Unicorn of Insurtech Appear?

We are seeing a flurry of advances in the insurtech space, be it product innovations, reimagined service experience or reduced premiums for customers. A question I often get asked is why personal lines in insurance is blazing ahead of commercial lines when it comes to innovation. The easy answer is to just follow the money, specifically the funding trail.

Venture capitalists whose metric for early-stage startups is growth have rushed to personal lines as it is easier to show the volumes. Personal lines insurtech startups have focused on the distribution side of the problem – lowering the premium to increase the volume of transactions. Their lever for this rapid growth is a slick UI and a digital broker; betting on increasing throughput, consequently the adoption. In the subsequent rounds of funding, when the motive of the investors shifts from growth to profit, insurtech companies will realize that distribution is only one part of the equation, and not the core of the problem.

Insurtech companies are amazing, and they all solve a part of the problem. However, to solve systemic problems, companies need to attack improvements in the loss ratio (i.e. the product problem, not the distribution problem). More than the profitability of the insurer, the ripple effect across the insurance industry and other adjacent industries is massive (for example, think of the impact on workplace safety as opposed to underwriting workers’ compensation). So, for systemic industrial change, I think the commercial industry is better-placed than personal, even though it will take longer.

What Does the Anatomy of a Commercial Insurtech Unicorn Look Like?

Like all quick analyses, I look at this in two dimensions:

  • The opportunity
  • The execution needed  to deliver on the opportunity

Both of these point to commercial as a better option.

Opportunity Driven by Sharing Economy

The sharing economy is drastically reducing asset ownership, with car ownership in urban areas the most-cited example. This is a loss for personal auto and a gain for commercial auto (the car is going to be a computer, and cyber risk from the manufacturer will likely become the highest coverage). This trend exists in other areas, including home ownership, renting of equipment, physical storage, cloud computing etc., but it is not talked about as much.

The second shift I see happening is a fundamental change in the product structure from static to dynamic. Across all lines, the change in what you need to know upfront and what you will know throughout the life of the policy will change. The usage-based policy (sort of pioneered in parts in personal auto) will start to become the norm in commercial, despite having only a minuscule footprint currently (remember, these are exponential changes, and the initial doublings are not noticeable – think of the 0.01 megapixel camera becoming a 0.02 megapixel camera).

See also: 3 C’s for Commercial Brokers in 2018  

Executed With IoE and Machine Learning

Let’s have a look at how you can execute on these trends:

First, the current 1.5 to two touch points a year with the carrier become 365 touch points at least. The key touches in this sense are not human touches but data-driven touches. Both the upfront and post-bind data, the certainty and access of data on commercial is better, with access to personal lines data prone to consent due to privacy reasons (at least until DNA sequencers take privacy out of the equation). Meanwhile, in commercial, even if you were to replicate the existing forms (which you should NOT!) you can probably find 50% to 60% of the data — general company, financials, locations and parts of workers’ compensation, commercial auto, general liability and the directors and officers — to be as little as their names and addresses.

However, under a usage-based policy, even knowing 100% of the upfront static data is not enough; it is the dynamic IoE (Internet of Everything) data that shifts the paradigm. These IoE solutions that I talk about have already reached a level of maturity in industries such as mining, manufacturing and construction. They have been deployed in cutting machines, heating/cooling equipment, cranes, thermal cameras, traditional cameras, forklifts, trains and guided vehicles for years. This has enabled a level of sophistication in IoE solutions, which has data from running mission-critical systems (PLCs, data loggers, historians, etc.)

But why would a manufacturer or a construction company give a carrier this data?

Come to think of it, the true financial incentives to increase safety and decrease risk have never existed before! This has to come in to create a win-win scenario between the insured, its employees and the carrier. Despite the commercial insurtech not taking as much premium upfront, it will get to unlock many other opportunities, simply due to the data and touch points it has.

As you may have realized by now, other than driving loss prevention, what a commercial insurtech really does is switch the insurance from someone/something like the insured (“broad risk pools”) to someone exactly you (i.e. “pool of one”). One can argue this can be achieved on the wellness side with device data, but the industrial automation data has been collected and proven across many industries for 20 years now. The wellness data is just starting.

Disintermediation – Stating The Obvious

So far, we have got to the shape of this active, personal commercial insurtech unicorn. However, it would be remiss of me to not briefly talk about its distribution structure.

A traditional carrier spends around 30%-plus of direct written premium (DWP) between expenses and commissions to “touch” an insured 1.5 to two times a year. Now, if you want to be able to continuously “touch” an insured, both the acquisition, retention and renewal structure has to be re-imagined bottom up for it to scale. One thing is for sure that in a world of IoE and machines, “human” intervention is minimal; people simply will not be able to handle the volumes and variety of data. So, there is no chance a commercial insurtech unicorn will be intermediated.

None of this is just gleeful optimism; I will admit to there being regulatory hurdles. Despite having regulatory “sandboxes” setup, it is a massive step up for traditional regulators who are grounded in easy-to-regulate forms and structured data to switch to on-the-fly decisions, price adjustments made by machine learning algorithms and data flowing from the IoE devices. I see the legal and regulatory skills needed to maneuver the commercial insurtech company to being a unicorn to be as big, if not bigger, than the technology and algorithmic skills. This cannot be underestimated. My hope here is that ultimately any regulatory body remembers who they are regulating for: the insured.

See also: New Era of Commercial Insurance  

To Sum It Up

You can see an outline of what a potential commercial insurtech unicorn would look like. Instead of being reactive, impersonal and intermediated, the successful company will likely target loss ratio improvement with active, personal service, powered by a large network of data partners, commercial IoE partners and machine learning partners. To operate at a global scale, this unicorn will have to have low cost per digital touch, and hence it will likely be disintermediated.

There is already a large (and growing) opportunity for an insurtech to target major commercial segments in commercial packages, commercial auto and workers’ compensation. The solution options are massive, but the problem space is even bigger. As a word of caution, it isn’t just about technology here; the ability to carefully guide the company through the many regulatory hurdles is also essential.

I look forward to seeing the first commercial insurtech unicorn. I wonder who it will be?

Where to Start on Cyber Security?

Because of the recent and hugely public spate of cyber “events,” the world of cyber security and subsequently cyber insurance is firmly in overdrive. According to the UK Department for Innovation & Skills, 81% of large businesses and 60% of small businesses suffered a cyber-security breach in the last year, and the average cost of breaches to business has nearly doubled since 2013.

We have all seen the headlines, from Sony last year to British Airways earlier this month to the French TV Channel TV5Monde. The severity and importance of each of these has material impacts on not only their ability to do business but also their brand and reputation as a customer, employee and partner.

Sony was clearly hugely public, by far one of the biggest and most public I have seen hit the news for a long time. It was all over most news channels, causing outcry from customers and employees, some of whom threatened to sue their employer or former employer for failing to protect their data. Sony, of course, has had many attacks, including one taking down its PlayStation online platform for days on end. As for BA, the first I heard of this was an email saying, “Someone has accessed your account.” Please come change your password! This is the brand that I trust with my personal details, my location and much more.

Finally, TV5Monde seems to be particularly worrying to me. In a scene that reminded me of the wonderfully played Elliot Carver from 007’s “Tomorrow Never Dies,” the media giant was quite simply disabled, their TV taken off air, their public online presence taken over and more. An attack of this scale and power to me simply highlights what Hollywood has been portraying for years (remember “Die Hard,” where the bad guys take over the airport by hot wiring a few cables nearby?). Interestingly, subsequent reports again point to human error here – for instance, a TV interview showed passwords stuck to Post-It notes.

If we are under any doubt by the frequency, scale and impact of attacks, I found a great website (www.informationisbeautiful.net) recently that visualizes some of the data breaches by year, industry and size, reason and more; see here for the full interactive chart.


Cyber threats have been defined by many; however, as with many other critical business issues, lots of other things are being added to the overall “cyber” definition. The recent report from the UK Government on UK cyber security: the role of insurance talks through both the threat and, importantly, the opportunity for insurers.

The World Economic Forum in its 10th Annual Global Risks Report has cyber risks up with water crisis and natural catastrophe and ahead of WMD, infectious disease and fiscal crisis (in terms of likelihood of occurrence). Given what we have all experienced in the last recession, I don’t think we could have a stronger wake up call.

data 2
– Top Global Risks According to the World Economic Forum

For now, and certainly as I write today, there is a small correlation between cyber-attacks and loss of human life. However, as we become ever more connected with IoT (Internet of Things) or IoE (Internet of Everything), future devices will all be connected. In the latest report, the government said that 14 billion objects are already connected to the Internet, 40 million of them in the UK. By 2020, it could be as many as 100 billion worldwide.

The upside of being able to monitor your heart pacemaker or your insulin levels from an app are already upon us; “wearables” is the buzzword for 2015. When these devices move from monitoring to controlling, the threat just increases. A cyber-attack at a local level, shutting down a hospital, airport, city traffic system, taking over a driverless car or airplane – it’s far too easy to paint a picture here.

What’s the role of the insurer in all of this?

The insurance provider has a huge role in this, not only to pick up the pieces when an event occurs, but also across the entire lifecycle. At the outset, we have an opportunity to better educate the market on cyber risks in general, in creating insurance capacity for the event and ultimately better prepare ourselves for the continuing advancement and frequency of attacks.

This goes far beyond the cyber essentials to better prepare small and medium-sized businesses (SMEs) and large enterprises alike. This is not collecting a badge; this is time to get ready for a battle. Not just a battle against cyber threats, but a battle for your reputation and brand. A brand that says to your employees, customers and partners, you can trust me with your information – I have a plan in place that’s tried and tested! The government scheme has covered the bare minimum essentials, which is like passing your driving theory test. We need expert drivers here to navigate roads no one has previously seen.

The UK, and London market specifically, is already well-placed given its deep experience in insuring against specialty risks, but capacity in the market will continue to increase as the threats and frequency of events increases, giving rise to new, more tailored products and opportunities for the entire market. How long will it be before we all have our own personal cyber Insurance policy?

Move to prevention rather than cure

We need to better help organizations truly understand the cost of putting this right after the event. As an example, some estimate that the cost of the Target breach in the U.S. has cost them north of $100 million to correct. In the early earnings call post the event, Target executives said, “The breach resulted in $17 million of net expenses in the fourth quarter…, with $61 million of total expenses partially offset by the recognition of a $44 million insurance receivable.”

Hindsight is wonderful, but perhaps a fraction of this upfront would have saved this money and, importantly, provided time to focus on the business strategy, not remedial work.

Reputation, Reputation, Reputation

It’s already been widely discussed, but insuring an organization’s reputation is challenging for a number of reasons. Of course, almost anything can be insured, but defining what the impact is and then working out what you need to be covered for will no doubt bring additional challenge for something that most would describe as intangible. The Insurance Times has a good piece here on this.

More importantly, what’s the short-, medium- or long-term impact and value on the reputational damage? Take your favorite or most-used retailer, give it all your personal financial data and shopping habits. It then suffers a breach – how likely are you to use or recommend the retailer again? Maybe you would forgive it for one breach; what if it happened again? It’s too easy to move. I read that in the UK you are more “likely to suffer a theft from your bank than a physical burglary” these days.

Does this affect your future choice? How long does it take you to re-establish trust with your customers, employees and partners?

Typically, reputation risk is around 5% to 20% of cyber cost. However, in reality, it’s the gift that can keep on giving, that no one really wants.

What if you are an online-only business? What if you were the ones who disrupted your market through technology and now that has been taken away from you. You don’t have the luxury of physical outlets as a backup or alternative part of your business plan. Dealing with other breaches such as shoplifting has been an occurrence since retail began, but these were isolated to the individual locations.

SMEs, especially, are not as well-equipped. On one hand, digital makes access open to anyone to create a new business, but on the other hand we must now factor in the cost of doing business online, of which cyber is a now business-critical.

What do you think?

Are we prepared and doing enough across the sector?
Is this at the forefront of your business continuity strategy?
Have you a plan in place to protect your employees, customers and partners?
Do you have adequate cover that is well-enough defined?
Are you investing ahead of the curve to prevent it?