Tag Archives: Prudential Regulation Authority

Urgent Need on ‘Silent’ Cyber Risks

This is an unprecedented time for insurers. As margins associated with conventional lines of coverage continue to tighten, pressure is increasing to offer new forms of coverage to respond to the emerging cyber threats facing insureds in today’s digital economy. At the same time, insurers are compelled to make certain that those risks are effectively excluded from coverage under many other “traditional” policy forms.

Unfortunately for underwriters of both traditional and newer policy forms, emerging cyber threats can be difficult, if not impossible, to predict and factor into underwriting and policy drafting processes. But as we’ve already seen in the context of cyber incidents, today’s unknown cyber threat can become tomorrow’s front-page news and unanticipated limits payout. And if that threat is spread across multiple insureds in an insurer’s coverage portfolio, the bottom-line effect of the aggregated losses could be devastating. Making matters worse — as recently recognized by the Bank of England’s Prudential Regulation Authority (PRA) — these “silent” cyber exposures can simultaneously affect multiple lines of coverage, (including casualty, marine, aviation and transport), affecting both direct and facultative coverages.

See also: A Revolution in Risk Management  

Imagine this scenario:

Company A manufactures components used in the Wi-Fi systems of commercial airliners. Mr. X, a disgruntled employee of Company A, purposely inserts a software coding vulnerability into the components, which were then sold to Company B, a leading manufacturer of commercial jetliners. Company B incorporates Company A’s components into its jetliners and then sells 30 of them to three major U.S. commercial airlines. Company A also sells the affected components to Company C, which manufactures and sells private charter jets. Company C sells 15 jets containing Company A’s vulnerable components to various private individuals and corporations.

Once the planes are in operation, Mr. X remotely exploits the vulnerability in the aircraft, causing three in-flight planes to go down in populated areas. Plane 1 crashes into a medical center in Small Town. Plane 2 destroys an electrical power station in Mega City, plunging half of the city into darkness. Plane 3, a private corporate jet, causes serious damage to a bridge that is heavily used by a commuter rail service in Sunny City, rendering it unusable and making it virtually impossible for thousands of commuters to get to work.

Widespread panic immediately ensues after the crashes. All U.S. air traffic is halted pending an investigation of the cause. There are numerous traffic accidents and looting incidents following the blackout in Mega City, and many organizations are forced to close indefinitely. Mr. X then contacts Company C and the three airlines that purchased the affected jetliners and demands $1 billion in exchange for revealing the vulnerability.

This obviously is an unlikely scenario, but as technology continues to be used in novel ways, it is important to recognize what will be possible. This scenario was created to highlight a complex casualty catastrophe initiated from a technological weakness in an increasingly connected world. While crashing planes are terrifying, the bigger takeaway is that this was not a possible scenario prior to recent technological developments. It isn’t difficult to see how the multiple insurance coverages triggered from the above scenario could result in insured losses well in excess of $20 billion. Individual company losses could be disastrous, given the previously uncorrelated nature of individual lines of businesses that would be affected. While technology forges new connections among businesses and individuals, the connections have ushered in the new risk of technology initiated catastrophe scenarios, recently labeled as a “Cyber Andrew” scenario, in reference to Hurricane Andrew, which resulted in losses few insurers previously believed possible.

The continued expansion of loss causes, courtesy of new technology, will have implications for both legacy insurance and new cyber insurance contracts. This means that insurers must assimilate expanding possibilities into risk management processes including Probable Maximum Loss (“PML”), risk aggregations and risk appetites. At the core of the silent cyber hurdle is: Do current risk management systems capture all possible risks today, and will they capture what can happen tomorrow, before a “Cyber Andrew” hits?

See also: Can Risk Management Even Be Effective?  

This challenge, if the PRA is to be believed, is currently not being met. As the conversations continue to escalate to the C-suite, risk managers need access to a team with specialized skill sets to better understand and calculate the impact of new technology into their enterprise risk management plans. At the same time, this added focus on technology will continue to expand reporting requirements. Providing detailed yet clear reporting to the board that highlights the full impact of current technologies on the comprehensive insurance portfolio will be a minimum standard.

As technology continues to advance, insurers’ risk management tools and resources must evolve. Each organization will face its own distinct hurdles based on individual characteristics of its insurance portfolio, and its solution should be just as individualized. There will not be one magic bullet that ends cyber risk. The keys to meeting this challenge will be understanding new and emerging risks and assembling a team of professionals with the prerequisite skills to address the issues.

Telematics: No Longer Just For Cars

The use of telematics in car insurance isn’t new. For the past few years, more and more drivers have been signing up to have little black boxes installed in their cars that monitor their driving behavior, as insurance companies offer incentives such as lower premiums and discounted rates for safe drivers.

By allowing insurers to track their driving behaviors – including average speed, braking force and distance driven – drivers are able to negotiate lower premiums and other benefits, which many view as a fairer and less discriminatory way of assessing risk.

From a commercial point of view, if we can promote and encourage safer driving on the road then the number of crashes will come down, and the cost to the insurance industry will reduce accordingly – and those savings will be passed on to the public.

Premiums for 17-year-olds with telematics boxes are half what they were four years ago overall, and statistics suggest accident rates within this age bracket are also coming down. Technology, and technology-enabled propositions, have really reduced claims costs, especially for young drivers.

“Black box insurance” has other benefits, too. Many insurers also offer free anti-theft tracking and roadside assistance through the device, and so far RSA has a 100% return rate on stolen vehicles that have a telematics device fitted.

Screen Shot 2016-05-11 at 1.21.34 PM

Enter the era of the smart home

With the benefits of telematics so clearly proven within the automotive industry, insurers are now turning their focus to the residential realm – in a bid to create “smart homes” that are intuitive and responsive to internal and external risks.

For many homeowners, the ability to control their climate, lighting and entertainment devices is one of the main attractions when it comes to home telematics, whereas insurers are drawn to the security benefits offered.

Luckily, telematics-based home insurance offers both parties the best of both worlds – convenience and risk mitigation, all in one handy tech-savvy package.

Smart home = smarter home insurance?

Just as black boxes in cars reward safe driving behaviors with lower premiums and discounts, smart home owners could reap the benefits of a connected abode. From discounts for locking the door and setting the alarm, to a fairer, up-to-date assessment based on moisture, flooding or carbon monoxide monitoring, home telematics can give consumers more control over their insurance rates and premiums, as well as a more in-depth understanding of their utilities usage, environmental risks and overall home security.

Screen Shot 2016-05-11 at 1.23.49 PM

In fact, smart home technology-based insurance has the potential to improve on existing discounts or lower premiums for features like security systems – simply by ensuring that these features are regularly used.

With people buying smart switches and systems, insurers are looking initially for propositions that help reduce the impact, even eliminate, some claims around water, theft and fire.

What’s next, connected pets?

It may seem like a sci-fi fantasy, but telematics for pets is set to be the next game-changer in the insurance industry, which is no surprise given that around 2.6 million people in the U.K. have pet insurance.

Pets are seen as part of the family, and owners spend a considerable amount on maintaining their furry best friends’ health, well-being and fitness. But how do we keep an extra close eye on our four-legged friends when we don’t speak their language?

Pet telematics: Going beyond the microchipping process

It’s not as disturbing or invasive as it sounds. All it takes for pets to join the telematics generation is a small GPS device – which is clipped to a collar or inserted under the dog’s skin to record its movements and activities throughout the day.

When paired with a smartphone app, this safe, easy technique allows owners and insurers to monitor pets’ body temperatures, hormones and heart rates, with some even going as far as tracking bowel movements – and this data is collated to form a comprehensive picture of a pet’s health and lifestyle.

Screen Shot 2016-05-11 at 1.26.00 PM

Pet insurance is really a well-being product – private medical insurance for cats and dogs, effectively. Pet obesity results in a lot of claims, so if pet telematics can encourage owners to have healthier, more active pets, he’s for it.

What’s in it for consumers? 

The use of telematics in everyday life and activities puts consumers in the driver’s seat when it comes to their insurance policies and premiums. By having access to detailed data on their driving, home security and pet care, ordinary consumers can become more aware of the risks around them, which could spur them to change or improve their behavior.

People want to be healthy and happy, and not have to deal with the aftermath of an insurance event. The common thread across telematics is that technology creates proposition that either prevent or minimize the impact of claim events.

What about privacy concerns?

While many customers may balk at the thought of having their lives monitored, a recent Deloitte survey has shown that more than half of respondents were willing to share private information for a premium discount. This shows that, although privacy concerns remain top of mind for most, a sizable incentive can override that resistance to transform consumers into adopters. See the Deloitte report here.

What’s in it for insurers?

Telematics enables insurers to create products and services that accurately reflect customers’ risk.

Perhaps that explains why telematics has become increasingly popular among consumers and insurers over the past few years. A study by ABI research estimates that global insurance telematics subscriptions could exceed 107 million in 2018, up from 5.5 million at the end of 2013. It also predicts that usage-based insurance will represent more than 100 million telematics policies and generate in excess of €50 billion in premiums globally by 2020.

Screen Shot 2016-05-11 at 1.27.32 PM

Telematics can move insurers from dealing with incidents, to stopping those incidents from being as bad as they could otherwise be. Using technology lets insurers move into that prevention mitigation space.

This article originally appeared on www.rsagroup.com/the-thread.