In the words of famous mathematician and physicist Sir William Thompson, “when you can measure what you are speaking about, and express it in numbers, you know something about it; but when you cannot measure it, when you cannot express it in numbers, your knowledge is of a meager and unsatisfactory kind.” This simple statement captures the difference between data-driven underwriting and risk-informed pricing vs. the current state of the cyber insurance market and the struggles in measuring and quantifying cyber risk. Steven Schwartz explores.
Unfortunately, the insurance industry does not yet have a good grasp of the costs of a catastrophic event and therefore lacks the ability to distinguish consequences that are insurable from those that are not. Insurers are starting to generate better loss figures around cyber attacks on specific industries, but cannot yet effectively quantify the cascading effects on other sectors.
The cyber security situation facing the insurance industry is more complex than for most other sectors. In addition to protecting their own transactional and customer data, insurers are expected to increasingly offer policies that protect the digital assets of customers. In both cases, harnessing the power of advanced technologies is critical.
Effective insurance can serve as both a measure to distribute, and a method to communicate risk, but in order to fulfill these roles successfully, policy pricing and cover choices must be risk-based and founded on accurate information. Accurate information where new processes and technologies introduced by automation, IoT, big data and Artificial Intelligence will serve as the foundation to yield significant value in transforming cyber insurance to keep up with new and complex risk profiles.
In a world operating with an endlessly growing number of interconnected devices and data, there is no company or product that doesn’t have cyber risk attached to it. These ecosystem-driven businesses depend on interconnectedness and those connections increase companies’ exposure to risk. The interconnectedness of all industries creates multi-dimensional risk without geographical limits, whereby a single event can generate a widespread impact on thousands of businesses at once. In exploring how technology can help enhance the industry’s maturity and capabilities for underwriting and managing cyber risk, it’s critical that we first drive awareness of the role of insurance in achieving cyber resilience. Securing information has become less about having firewalls and policies and more about complex interactions among people, machines and processes.
We all have insurance to protect against when we have a bad day. If all else fails, insurance is there (hopefully) to help us recover and get back to 100% operations as quickly as possible. The insurance industry works on the basis that bad things happen to a few people at a time; when bad stuff happens to many people at once, it struggles. The industry either goes bust or gets out of the market. Then, the government must step in as we saw in 2008.
For the insurance industry, cyber is one of the most important, pressing issues of our time. The growth potential is clear, as demand for cyber coverage as well as risk mitigation services continues to rise, however, growth is challenged by a lack of historical underwriting and loss experience data, the deteriorating value and usefulness of historical data among complex risk dynamics and the growing accumulation of cyber risk. Yet, each of these challenges present market opportunities for insurers to create a competitive advantage by leveraging new technologies and solutions that systematically identify, quantify, model, manage and control cyber risk and insurance capital.
Perhaps the biggest challenge facing insurance markets is accurate and rapid cyber risk quantification, which necessitates better data on cyber threats, vulnerabilities, attacks, and controls in order to advance insurance underwriting, risk control, and policies. In order to accurately underwrite a given risk, we should consider leveraging automation and machine learning on massive intelligence and threat data feeds to continuously analyze the global threat landscape. As we identify and learn from attack patterns correlated against a specific organizational profile (i.e. industry, geography, size, etc..), we can carve out the relevant threat landscape for that particular business and generate a variety of loss scenarios with predictive analytic capabilities. Then, we can start to identify the relevant attackers leveraging different attack methods to achieve their different objectives to create a risk-informed environment that allows us to continuously monitor a given client’s risk and advise both the client and underwriter when we detect any anomalies. With this data, as insurers, we can make our relevant insured’s aware and take steps to prepare and reduce the cost in incident response and management. This one example show’s how we could enhance the ability to predict issues before they happen and trigger proactive remediation for both the insured and insurance stakeholders. This is the essence of what AI aims to achieve; unlocking the value in data to create insights and ultimately knowledge.
Armed with accurate, quantified and dynamic risk data, insurers will remain relevant for their clients with the ability to continuously adapt their offerings amidst perpetually changing risks and regulatory environments. After all, the more we engage customers, the more we create opportunities to capture more data and create new service-based business models that collectively reduce customer churn. This virtuous cycle enabled by technology and customer engagement will enable the industry to support projected capacity demands with participation from reinsurers and the capital markets.
Through digital technologies, insurance companies and brokers can create new, direct touchpoints with customers. The leaders have begun leveraging enhanced insights into customer problems and goals to deliver tailored solutions and products and as the world continues to shift past the post-digital era, the insurance industry has recognized the need to shift from a purely transactional payer towards that of a strategic partner. They are moving beyond personalized products to individualized experiences, creating a one-to-one relationship with each customer where technology plays the starring role. The key future opportunity for insurers? To play an expanded part in customers’ lives as a value-added service partner.
By 2020 we will live in a world with 50 billion connected products - this is the reality of the world we are inheriting. Its enormity is surpassed only by its complexity. As we seek to better understand and manage cyber risk, we’re going to fast forward toward predictability and optimization. As machines become more intelligent, they start to recognize patterns until they start to actually give you advice and input. Next, they start to predict what the outcomes could be, output. I/O. And that, well, leads to real Artificial Intelligence...