internet of things

Auto Added by WPeMatico

bitcoin exchange hack, cyber risk insurance, cyber risks, InsurTech, internet of things, IOT

Is InsurTech missing a $2 trillion opportunity?

Here’s an interesting contradiction- the insurance industry is heavily focusing on innovation, but letting others take the lead in cyber issues.  And those ‘others’ are not always the good guys.

TLDR   This column typically focuses on insurance innovation/InsurTech, and all the whiz-bang artificial intelligence, algorithms, pain points, data analysis, blockchain, and innovation integration points that accompany that pursuit.  Of course those of you who have read much of what this author has written over the past year realize that there is a clear contention carried forth, that insurance and InsurTech is comprised of many parts, all of which comprise the Insurance Elephant- serving the insurance customer.

What does that have to do with the point of the opening paragraph?  A thought that while the industry chases disruption of legacy/incumbent methods there are many who are truly disrupting business (including insurance businesses) through cyber gambits, and that the risk posed by cyber disruptors makes the potential outcome of ‘traditional’ InsurTech efforts (can innovation be traditional?) tiny in comparison.  $2 trillion is the estimated 2019 global cost of cybercrime per Juniper Research (see bullet point 7 of 14 Most Alarming Cyber Security Statistics in 2019.)   Let’s see, global insurance business is just over $5 trillion, so $2 trillion in a relatively new risk is- a lot!  That amount makes the valuation of all the InsurTech unicorns seem like a relatively small school of InsurTech seahorses in a vast cyber ocean.

What brings the focus to cyber cover and cyber crime is a recent occurrence of cyber crime suffered by an upstate NY manufacturer.  A good company, 50+ hard working employees, steady business growth, well run and until a few weeks ago, not concerned with cybercrime.  Then came the digital wolf at the door- a ransomware gambit that adversely encrypted the firm’s entire set of digital books and operations, making the firm virtually blind, deaf, and dumb.  The management of the company was simply unaware of what the next steps should be, who to contact, how to act, and unknowing of the immediate or long-term effects the attack would pose to the firm.  And no real insurance coverage in place for the event or ensuing damage- typical CGL coverage hardly touches on the risk other than to mostly exclude the effects from coverage.  First party property coverage doesn’t apply unless there is some ensuing physical damage caused by loss of computer operating capability.

Huh, I thought.  How is this not an insurance and InsurTech opportunity that is front burner stuff?  There are tens of millions of SMEs (small or medium enterprises) in North America alone, millions in Europe, more millions spread across the globe.  Talk about pain points!  But then, relative to many other business concerns few talk about it.

The cyber cover issue can be seen from multiple perspectives, but I considered three points:

  • Sales/agency knowledge
  • Customer awareness/preparation
  • Protection and response

 

Sales/agency knowledge

My colleague and all around great agent, Michael Porpora, was one of the cyber insurance gang with whom I discussed the sales end of cyber risk (thanks also to Brett Fulmer, Ben Guttman, and Joe Hollier).  Michael summarized the SME cyber insurance market in this fashion:

  • There is limited technical acuity (read as cyber product knowledge) within agencies that serve SMEs
  • The risk is poorly understood
  • The language of the risk is not understandable by customers or agents
  • The product is as well known as something at the bottom of the vast depths of the ocean.

 

Well that’s comforting for a $2 trillion problem.

As we continued the discussion it was clear that typical policies afford little or no cyber cover, and the number of options for specialty coverage are not great.  However, the opportunities for agents to educate their clients are many.  As Michael said, “I use cyber insurance as a wedge,” or an entrée into a client’s office.  Right now it’s an each time, every time offering for his clients.  Seems an easy offering to businesspersons if the product knowledge is there- so why isn’t it?  Seemingly an easy product to underwrite as the coverage limits are currently finite, so why isn’t the cover more commonly discussed?  Is the risk the virtual asbestos of our era?

I considered that there may be an underground problem that simply hasn’t hit the mainstream press, i.e., there are many cyber occurrences that are resolved through payment of ransom, or are simply an added expense to the firms that experience the events.  No one wants the public to know of an attack because there may be cascading liability concerns.  Of course not acknowledging the problem doesn’t make it disappear.  In the instance of the NY manufacturing firm, the approach was to address the issue in house, with the in-house IT staff wrestling the demon.  Until the attack went from inconvenient to disastrous, and the perpetrators went from hackers to extortionists.  It was coincidence alone that caused the firm to realize their CPA firm had resources to help the company deal with the layers of issues.  Have they contacted the FBI?  Not yet.  Wonder how many ‘not yet’s exist such as the authorities remain unaware of the specific extent of the attacks.  These instances are not all ‘Wannacrys’ so cyber issues remain akin to a thousand virtual paper cuts.

 

Customer awareness and response

What can companies do to identify exposures?  Few SMEs can afford large IT staff, and the attack environment is continuously changing.  Is there an InsurTech ‘wing’ that is focusing on the unique challenges of a business that is comprised of information/data and money?  Not so much, but there are information security specialists whose primary business is to anticipate and identify cyber problems, to the point where they conduct ‘ethical hacking’ of client firms to detect digital weakness.

John Strand of Black Hills Information Security (BHIS) was kind enough to spend some time with me explaining how many Fortune 500 firms engage companies like BHIS to conduct (among other services) penetration tests in order to confirm the relative security of an organization’s tech superstructure.  He mentioned that many cyber policies require ‘pen’ tests as part of the underwriting and renewal process, not unlike a building needing a risk assessment before cover can be bound.  But even with a good cyber policy in place, ongoing diligence is needed because risks are changing and financial exposures are increasing.  John mentioned this reality- most insureds that suffer an attack have more challenges at the initial stage- because there is a need for immediate resources and assistance that an indemnity only policy may not afford.  Consider companies operating in GDPR environments- sure the fines can be extensive, but the need for immediate action requires resources.  There are some parametric programs available that have as triggers identified GDPR violations, and as such a need for immediate operational changes to prevent ongoing problems.  Other concerns John mentioned- not many carriers have specialized cyber claims departments, or tech programs that are commonly used or are becoming ubiquitous, e.g., payment programs, HIPPA, PCI, ISO, etc., that may be exposed to attack but not considered by users that way (their use is becoming a focus of required pen testing.)  An optimistic note- the ethical hacking community is mutually cooperative because at this time there is plenty of business for all.  John compared the business with the child’s game ‘Hungry Hungry Hippo- plenty of marbles on the playing surface, one simply reaches out and grabs.

 

Protection and response

Sales and customer knowledge concerns and needing technical expertise to identify issues up front.  Is there a reasonable blending of the two?  Seems there is, if the discussion I had with Andrea Holmes of Boxx Insurance is an indicator.

While not in a lot of jurisdictions- yet- Boxx Insurance is introducing a hybrid cyber product, one that not only provides cyber cover through brokers, but also educates customers, focuses on preparation for cyber issues, and provides monitoring service for clients.  The four ‘legs’ of the firm’s approach could easily be an industry mantra- Predict, Prevent, Respond, Recover.  The service is focused on SMEs, and the full suite of membership services places the participating firms somewhat on par with the bad guys who work at cyber 24/7, even affording cover for ‘rogue’ employees’ actions, or infections that may have been in place prior to signing on with Boxx.  One might even consider services such as that provided by Boxx as being the virtual model of insurance IoT- the service potentially senses issues prior to damage occurring and advises the client to take action.  Kind of like the water heater sensor that shuts off the main valve when a failure is imminent.  How about that IoT, Matteo Carbone ?  Customers in Ontario, Canada are enjoying the service, and it’s soon to be available in Chile and Singapore (and perhaps Quebec).  The firm has some solid leadership (thanks for the intro, Hilario Intriago ), solid tech, government certifications, and proprietary processes, but it seems the approach is solid enough to encourage other InsurTech entrants.

Cyber risk cover- it has uses for every level of customer, because the effects never stay within the bounds of the customer that has the direct exposure.  It is a risk that is a virtual Insurance Elephant, many unique parts but in the end it’s the whole beast.  A $2 trillion beast that should be attracting a variety of entrepreneurs in any place on the globe.  I wonder what a $ trillion valuation company is referred as?  Unicorn’s unicorn?

 

Image source

Patrick Kelahan is a CX, engineering & insurance professional, working with Insurers, Attorneys & Owners. He also serves the insurance and Fintech world as the ‘Insurance Elephant’.

I have no positions or commercial relationships with the companies or people mentioned. I am not receiving compensation for this post.

Subscribe by email to join the other Fintech leaders who read our research daily to stay ahead of the curve. Check out our advisory services (how we pay for this free original research).

customer centricity, digital insurance, innovation, insurance, InsurTech, internet of things, IOT, lemonade insurance, NPS

Insurers love NPS- can the IoT help show why it remains an important measure?

 

 

TLDR  What to do, what to do, in the InsurTech, innovation insurance world?  Insurance remains a ‘sold, not bought’, product.  Virtual service is not only becoming a demand of customers, but carriers are embracing the concept based on expectations of efficiency and economy.  Will there be a disconnect between service efforts and how customers perceive it?  As customers change their habits, can insurance change theirs?  What is the common thread?

How an insurance carrier performs is typically known only when an adverse situation occurs, i.e., a claim, and service is triggered for the customer, a customer who doesn’t really know what to expect during a claim experience.  So of course the industry knows this and has devised many ways of gauging service performance: from internal surveys, JD Power ratings (Customer Service Index), and most recently, by asking claim customers how they would rate the service they received in terms of one question,

How likely is it that you would recommend this company to a friend or colleague?”  

 The answers to that clever question are the basis of the calculations for a ‘Net Promoter Score’ (NPS), a service (loyalty) measure devised by Fred Reichheld and other clever minds at Bain and Co.  How does this tie in with InsurTech principles?  Seemingly through another three-letter acronym, IoT (Internet of Things).

 

What are you talking about, you say- NPS is a survey administered measure made available to but a fraction of insurance customers, is but one question, and disregards the experience of the majority of the customers.  IoT speaks to connected devices, ostensibly meant (to many in the insurance world) to detect adverse conditions, track adverse conditions, determine behaviors that might predict adverse circumstances, and by extension reduce carriers’ exposure to claims. One measures experience, and one works to predict experience.

Well, I’m here to say that the two concepts couldn’t be more intertwined, and as innovation within the insurance industry becomes more practical, and as IoT becomes more ubiquitous, the interplay of NPS and IoT will become clearer.

At its root NPS was developed as a means to measure what the folks at Bain found as the key driver of business growth and success- customer loyalty.  Loyalty has been a proven factor in business growth and businesses who foster customer loyalty not only retain those customers’ business, but those same customers are motivated to bring other business along.  Enhancing customer loyalty, adding value to the customers’ lives, and refuting the contention that “loyalty is dead” (see Mr. Reichheld discussing that here ) is the foundation of NPS.  And everyone touts their NPS results, don’t they?

So along comes IoT principles as part of the InsurTech wave, and its primary advocate in the InsurTech world, Matteo Carbone. (In an odd coincidence as with Mr. Reichheld, Mr. Carbone is also a Bain alumnus.)  Mr. Carbone has espoused the concept that “all insurers will be InsurTech”, but in addition to that his IoT Observatory has become a central authority regarding insurance effects of connected devices in autos, houses, and to some extent, wearables.  And a main principle he covers within his recent article, “Smart Home Insurance Strategy 101”, is loyalty :

This way of enhancing proximity and interaction frequency with policyholders (connected devices and value addition) – while creating new customer experience and expanding relationships – is one of the reasons for adopting IoT in home insurance. These interactions with customers are one proven way to earn higher loyalty and allow the differentiation from competitors.”

There’s that word- loyalty.  In an insurance world where virtual service is becoming the holy grail for carriers, how will loyalty remain a factor that can be influenced by carrier service?  Even the InsurTech poster child, Lemonade, has to have concerns that as long as NPS remains an important measure of customer service (Clearsurance may have ideas about that), interactions with insureds must remain focused on maintaining or building loyalty.  Can a bot do that?

IoT programs have that opportunity to integrate technology, virtual service, and value addition that can build customer loyalty, for example, value-added services as noted by Mr. Carbone.  “But the real opportunity is to solve customer problems by delivering enlarged value propositions for their homes. (Some) services enabled by home IoT are:

  • Safety/Security: remote monitoring and emergency services to provide peace-of-mind to the homeowner;
  • Efficiency: tracking and optimization tools to contain the expenditures (energy and water) at home;
  • Property services: concierge with a platform of certified service providers (such as plumbers, metal workers, carpenters, construction workers or electricians) for home administration;

Seems any or all of those points would serve to build customer loyalty in the absence of direct service from claim staff.  And what of agents?  Insurance sales and servicing of policies remain a predominantly agency-driven proposition in the US and Europe- agents/brokers are beginning to recognize the need for provision of more to customers than just quotes.  In markets where ecosystems and smart device access are the primary entry for customers to insurance, loyalty may be even more fragile as ecosystem change is simply an app away.  In all matters the focus must remain on enriching customers’ lives, on #innovatingfromthecustomerbackwards.

NPS and IoT- the concepts can’t make insurance a more ‘bought, not sold’ proposition, but effectively focusing on IoT in an increasingly virtual insurance world can help maintain or build loyalty, and as the architects of NPS found, that is the foundation of an effective growth strategy.  The two principles have previously marked different paths but are now on intersecting courses.

 

image source

Patrick Kelahan is a CX, engineering & insurance professional, working with Insurers, Attorneys & Owners. He also serves the insurance and Fintech world as the ‘Insurance Elephant’.

I have no positions or commercial relationships with the companies or people mentioned. I am not receiving compensation for this post.

Subscribe by email to join the 25,000 other Fintech leaders who read our research daily to stay ahead of the curve. Check out our advisory services (how we pay for this free original research).