Dynamic Insurance, Cyber Security, and the Internet of Things

The internet of things is advancing rapidly, and frankly so is insurance. We can assure you that the heated debates in congress and confusing jargon won’t be going away anytime soon. In fact, it will probably get a lot more complicated, but insurance companies have their analytics department to lean on in these times of chaos. The world around us is more connected now than ever before and this gives us more accurate data to look forward to. Let’s start with drones. The rising use of drones will present both opportunities and risks for many industries. We have seen this technology become a natural part of many markets. For example, filming a scene that requires aerial view becomes a lot less expensive with a drone, and inspecting the exterior of buildings becomes a lot less dangerous when the life of an employee is not at risk. According to the U.S. Bureau of Labor, 38.8% of total deaths in construction occur from falls in just one calendar year. Falls are the number one cause of death in the construction industry and the third largest cause of death across all industries (Drones Create Safety). A $1,000 piece of equipment becomes priceless when it can transfer the risk of a life. But who is responsible for the misuse of a drone, and is there liability coverage for your commercial drone? This article will address how innovative technologies can improve current industries or potentially disrupt them and what role insurance companies will play in the near future.

Do we really want more healthcare data?

Wellness technology is advancing rapidly with untapped data. Not long ago, insurance companies started compiling data on teenage drivers. Soon enough they found a strong correlation between a student’s grades, and their likelihood to get in an accident. Of course, grades do not depict how well you can drive, but a strong correlation can help save the insurer a lot of money. Soon came the “good student” discount. If you can provide proof that your teenage driver will get grades above the threshold that the carrier believes has a statistical impact on the amount of accidents the insured will experience, you can save some money. Because of the historical data, companies can now better underwrite their clients and the insured is awarded with a discount and another reason to nag their kids about grades. The good student discount isn’t the only way insurance companies use correlation data. They also use it to responsibly insure smokers. The insurer can better predict their client’s health issues based on employee lifestyles (Tech-Enabled). Insurance companies have been adapting to data since the inception of insurance. Even recent policy such as the Affordable Care Act, is still making major changes to the health insurance market.

Correlation is everywhere. The law of large numbers explains that the more information on the consumer side, the more accurate the underwriting becomes. Obviously, client wellness and the data behind it is very important to insurance companies. Fitbit started out in 2007 as a small group of people with an idea of a fashionable activity-tracking bracelet. Now, Fitbit is publicly traded on the New York Stock Exchange, selling over 22.3 million devices in the past year with reported revenue of $574 million (Fitbit Reports). Not only did Fitbit just go international with Vector Watch UK Limited, but they also acquired FitStar Labs, a private company that develops software applications for games, social networking platforms, and mobile devices. Fitbit has quickly gone from an interesting concept, to a full-blown technology powerhouse collecting very sensitive data.

With all the recent advances in wellness data and wearable technology, getting the data to companies that want it is probably just a few lawsuits and a small acquisition away. Who stores and can obtain this information is being questioned more every day. According to the HuffingtonPost, prosecutors obtained data from Chris Bucchere’s activity bracelet to prove that he was speeding before his accident. Bucchere was convicted with a felony for vehicular manslaughter (Weinstein, Mark). While many argue a breach of policy, others are taking advantage of the information while they can. For example, John Hancock Life Insurance Company is offering their clients a 15% discount if they permit their Apple Watch to monitor their activities (IoT Insurance). Data like this has the potential to disrupt consumer information in many industries, especially current healthcare data. It is important to keep in mind that access to personal data is a topic that is already highly controversial and debated in the litigation community. Innovations like smart watches and activity bracelets can increase the accuracy of current data and lower consumer cost, but these advances in wellness technology need to be monitored for their disruptive nature and potential for abuse.

My car can now drive itself, should I switch insurance providers?

Ford, Chevy, Volkswagen, Buick, and Honda are all reputable household names making major moves towards autonomous vehicles. Even Teslas are quickly becoming more affordable as recent innovations in self-driving technology are leading to rapid industry expansion. The Insurance Institute for highway Safety is anticipating about 3.5 million self-driving vehicles by 2025, and 4.5 million by 2030 (Self-Driving). Recent improvements such as the rear-view monitor, blind spot sensors, and self-parking technology are being integrated into the factory design of many popular cars. These improvements in design and safety have led to a lower fatality rate. “The likelihood of a driver dying in a crash of a late model vehicle fell by more than a third over three years, and nine car models had zero fatalities per million registered vehicles,” (Insurance Institute for highway Safety). There is no question that our ability to prevent crashes will greatly reduce the number of fatal accidents. What is unclear, however, is how liability laws might evolve to insure autonomous vehicle technology. Insurers will have to determine how to underwrite policies where accident medical bills are lower than ever, while replacing vehicle cost may be higher than usual. It may also become common to see a higher percentage of product liability claims as the insured blame the suppliers for mistakes made on the car’s behalf and fight for subrogation. Need for liability coverage will become more important. As suggested by the 2014 RAND study on autonomous vehicles, “…product liability might incorporate the concept of a cost-benefit analysis to mitigate the cost to manufacturers of claims.” This could relieve pressure on the healthcare and disability cost related to automobile claims.

As of right now, there are basically two types of liability systems. There is the no-fault concept in some states, while in others liability is based on the tort system. The arrival of self-driving cars will have an impact on policy, but for now there isn’t much of a direction. Will the systems align to be more uniform, or will the states pass on the torch to the federal government asking them to play a larger role? The more that car manufacturers are blamed, the more likely we are to see the federal government getting involved. RAND Corporation did a study of the benefits of self-driving vehicles in 2016 and concluded that personal liability will decrease while manufacturer liability is likely to increase (Self-Driving). Car manufacturers are starting to look more like computer manufacturers. Patrick Lin, a writer for Forbes, believes that with this shift in technology, “…hard ethical decisions in programming and new product liability cases will surely challenge law and disrupt the insurance industry…” (No Self-Driving).

Smart cars, what’s next smart homes?

Companies like Vivint and The SOHO Shop are bringing the future closer by integrating smart home technology. The SOHO Shop, founded in St. Charles Missouri, was created with the idea of a trusted and reliable home/commercial automation. Their products range from automated shades and central VAC, to industrial building automation, IT, security and video surveillance. These companies are bringing their software and skills to individual homes along with bigger living areas like retirement communities. Introducing products such as intelligent window and door monitors can make people living alone feel safer. They also offer products that can monitor oven temperatures, water use, bed, chair, and bathroom usage for those living by themselves that may need assisted care. This technology is helping keep patients with medical need comfortable and safe, but what does this mean for insuring the modern home?

The insurer, American Family, has a model home where they are testing out the automated features such as water and temperature sensors. These sensors prevent leaks and notify homeowners before a pipe burst or an appliance malfunctions causing damage. Data from these sensors may eventually be used to profile some customers as being more/less likely to let small disasters occur. American Family and USAA are both exploring this technology. State Farm and Liberty Mutual both offer discounts on your home policy if you decide to begin transforming your home into a smart home (Home Automation Giant). The federal government has already started designing a functional way to access utility data. The Green Button Initiative is a nonprofit project that allows businesses and homeowners to access their energy use data in an industry standardized format (The Green Button). This initiative was a response to a 2012 White House call-to-action to provide utility customers with easy and secure access to their information (Giving Consumers Access).

Senior Managing Director, at Accenture, Jogn Cusano claims that turning customers’ homes into data hotspots will increase the risk of data breaches. Cusano believes that underwriting will change to reflect the new risk of cyber-attacks (Why Insurance Companies). Only time will tell if insurers will save enough by preventing leaks to make up costs from ransomware.

We have drones and reinsurance, what can possibly go wrong?

Being ahead of the game means taking the proper precautions to keep changing technology from disrupting your business. While we now have the ability to lock office doors without relying on the janitor, and send flying robots to do our dangerous jobs, we are also becoming more vulnerable to cyber-attacks than ever before. According to The State of SMB Cybersecurity Report, “…a staggering 50 percent of small and midsized organizations reported suffering at least one cyberattack in the last 12 months…” (State of Cybersecurity). A cyber-attack on a large company can ruin their reputation, but a cyber-attack on a small business or a household can cause detrimental financial damage. The worst part is that many people don’t know what to do about it: “52% of organizations that suffered successful cyber-attacks in 2016 aren’t making any changes to their security in 2017” (Barkly Blog). Companies need to find innovative ways to address this. Limited access and cut ties are a great place to start. No one person in the company should have access to everything. There should also be fewer passwords and more identity verification requirements. If someone knows your email, what city you live in, and your birthday, it is not difficult to gain access to one of your online accounts (banking, social media, email, etc.…), which will only make it easier to gain access to the rest of your accounts.

On May 17th 2017, the House of Representatives passed the Modernizing Government Technology Act (115th Congress). This legislation will allow the federal government to improve and replace existing information technology systems to strengthen cyber security. Not only does this affect individuals but it is also a national problem. A study performed by the Ponemon Institute in June of 2016 shows that the average cost per stolen record is $158 (2016 Cost of Data). Multiple government agencies have been breached, releasing vital information about government employees and programs. In a recent preventative measure, the Department of Homeland Security decided to increase its Federal Cybersecurity programs by expanding EINSTEIN and Continuous Diagnostics and Mitigation programs. In Missouri, these laws are interpreted to require that any company notify every individual that is affected by a cyber breach and must offer one year of credit monitoring for the individuals.

What is your company doing? In today’s world, multi-factor authentication is a must. It simply adds another layer of security by texting a code to your mobile device after you sign in with a password. Many companies have created software like the Google Authenticator app that gives you a randomly generated code. This generated code regenerates every ten seconds, adding another level of security. Every company should also have a policy in place to deal with cyber-attacks when they occur, along with a way for employees to report any problems anonymously. According to a study done by Pricewaterhouse Coopers, “the most widely used advanced-authentication technologies are hardware and software tokens, followed by biometrics such as fingerprint and iris scanners” (Global State of). Smartphone tokens are becoming more popular due to security compromises of business phones and work tablets. If a password-less authentication is the route you wish to go, your organization may want to rethink your approach to identity management. Most important is an intuitive process for the end user. PwC recommends the IAM, Identity and Access Management, a web service by Amazon Web Services that helps you securely control access to AWS resources for your users. You use IAM to control who can use your AWS resources (authentication) and what resources they can use and in what ways (authorization). Although products like Google Cloud IAM and AWS IAM are not a replacement to Active Directory or OpenLDAP, they are becoming a necessary add-on.

Cyber Insurance is a special product that addresses the emerging coverage gaps in traditional insurance policies that result from our increased use of technology and reliance on the risk that comes with storing sensitive data. Cyber perils range from network outage, data theft, and even cyber extortion demands. Although you may not think it is necessary yet, a paper released from the R Street Technology Policy Fellow Anne Hobson, argues that it’s in the governments best interest to hold vendors and contractors that do business with the federal government, financially responsible for any cybersecurity issues on their part that costs U.S. taxpayers (Aligning Cybersecurity Incentives).

Old industries tend to lag in financial technology. “67% of risk professionals are not aware of their organization having processes and procedures in place to trigger a risk assessment of a modern technology before it is actually used. And more than half of the correspondents said their company had not undertaken risk assessments around disruptive technologies (technology innovation).

Blockchain technology is almost here.

On July 24th of 2017, innovative leaders from across the states got together at Washington University in St. Louis to talk tech. The topic was trade and everyone was talking about how blockchain technology can revolutionize supply trade management. Brigid McDermott from IBM was on stage explaining how inefficient and unprotected most supply chains are. She explained how every company, every port, and every person along a supply chain has a unique way of recording and securing a transaction which leaves too much room for corruption. “Less than 0.5% of all data is ever analyzed and over $130 billion is spent on bid data and business analytics globally.” Supply chains being inefficient and expensive, seemed to be the theme. “Blockchain creates the trust necessary to address the end-to-end process,” she exclaimed. Being able to sort through a common ledger would save supply chains millions. Next in line was Soumak Chatterjee from Deloitte, who explained that a blockchain based system not only beats any other centralized ledger with its ability to authorize, and audit transactions, but excels in many fundamental security aspects. Next up was Kate Lybarger from Monsanto. Then was Farron Blanc from RGA to talk on blockchain in the Insurance world. But it wasn’t until Nick Williamson from Qad.re brought out a demo of his software that could be used as a decentralized ledger for shipping warehouses. He showed the audience how this blockchain based software could read, compile, and organize data from thousands of shipping containers with extreme accuracy. The goal is to stop fraud, counterfeit prescriptions to be exact, and Nick is going to do it with the support of smart contracts on the blockchain.

In the past month, Promoting Good Cyber Hygiene Act of 2017, a piece of cybersecurity legislation, was introduced into congress. This legislation would mandate the National Institute of Standards and Technology (NIST), the Federal Trade Commissions (FTC), and the Department of Homeland Security (DHS) to outline the steps necessary to establish baseline practices for good cyber security. A couple year back the National Cybersecurity Protection Act of 2014 became law to direct the goals of the DHS and stakeholders. This law pushed the private sector to provide incident response and cybersecurity information with public entities to enhance overall security. Reluctance from companies to share their security analysis lead to the Promoting Good Cyber Act. This highlights, regardless of location or industry, nine critical updates:

Critical Updates:

  • Old or unpatched networks
  • Quarterly cyber security training
  • Multifactor authentication
  • Regular backups
  • Extra security with older systems
  • Cloud or blockchain migrations
  • Detection and prevention system analysis
  • Manage service providers
  • Cyber insurance

These updates are mandatory with expanding connectivity. People often overestimate how much popular companies really know. For example, Wired released a video of two hackers remotely disabling a Jeep and killing the engine while it was on the highway. Not many understand that the computers in our cars are connected to the internet. Even recently Toyota has turned to MIT’s blockchain experts to explore possible systems for safer autonomous vehicles (Toyota Tech).

Advances in technology are great for our society in many ways. We can expect to see fewer accidents, greater connectivity, and more wireless freedom. We have already seen great reduction in fatal accidents including falls and car crashes. While the Internet of things is expanding our abilities, it also carries a wake of disrupting characteristics and unpredictable events. Last year the Department of Homeland Security met to discuss interest in forming a cybersecurity data repository to better understand and visualize emerging cyber incidents. (National Protection) A secure repository would help collect and aggregate cyber incident information, acting as a reliable source for the cyber risk community. Disruptive technologies have a big influence on the way industries form and collapse and properly analyzing the data is important, but lagging regulation often prevents swift movements in the right direction. Although cyber risk is still a foreign territory for many, it is important to stay progressive through these changing times. Creating a more robust and efficient cyber insurance market has the potential to strengthen current industries by greatly reduce the number of cyber-attacks and steering clear of the many societal threats our nation has already faced.

About the Author

Brandon Bradshaw: Analytics Intern attending Missouri State University pursuing a Computer Information Systems degree. Plans to continue his education in the Management and Information technology Department Cybersecurity Graduate Program.

Works Cited

Castro, Daniel, and Henry Sherwin. “Giving Consumers Access to Water Data Promotes Smarter Use.” Brink – The Edge of Risk. N.p., 24 Sept. 2015. Web. 17 July 2017.
Comstock, Jonah. “PwC: 1 in 5 Americans Owns a Wearable, 1 in 10 Wears Them Daily.” MobiHealthNews. PwC Study, Mobihealthnews Article, 21 Oct. 2014. Web. 26 July 2017.
Coopers, Pricewaterhouse. “Global State of Information Security Survey 2017.” Toward New Possibilities in Threat Management, 2017, pp. 8–10., www.pwc.com/gx/en/issues/cyber-security/information-security-survey/assets/gsiss-report-cybersecurity-privacy-possibilities.pdf.
“2016 Cost of Data Breach Study: Global Analysis.” 2016 Cost of Data Breach Study: Global Study. Ponemon Institute & IBM, 17 June 2016. Web. 21 July 2017.
CyberAvengers*, The. “Cyber Hygiene and Government–Industry Cooperation for Better Cybersecurity.” Brink – The Edge of Risk. N.p., 11 July 2017. Web. 17 July 2017.
Danzon, Patricia M., and Mark V. Pauly. “Insurance and New Technology: From Hospital to Drugstore.” Health Affairs Org. N.p., 2001. Web. 17 July 2017.
“FACT SHEET: Cybersecurity National Action Plan.” National Archives and Records Administration. National Archives and Records Administration, n.d. Web. 17 July 2017.
Famakinwa, Joyce. “Drones Create Safety Opportunities, Raise Privacy Concerns.” Businessinsurance.com. N.p., 31 May 2017. Web.
“Fitbit Reports $574M Q416 and $2.17B FY16 Revenue, Sells 6.5M Devices in Q416 and 22.3M Devices in FY16.” Fitbit, Inc. N.p., n.d. Web. 18 July 2017.
Gale, Melissa. “Technology Innovation Is Disrupting Risk Management.” Brink – The Edge of Risk. Brink The Edge of Risk, 26 June 2017. Web. 17 July 2017.
Gammons, Brianna. “6 Must-Know Cybersecurity Statistics for 2017 | Barkly Blog.” Barkly Endpoint Security Blog. N.p., n.d. Web. 17 July 2017.
Gautham. “It Is Time for the English Insurance Sector to Adopt Blockchain Tech?” SafeShare Insurance. N.p., 18 May 2016. Web. 17 July 2017.
Gertrude Chavez-Dreyfuss. “Toyota, Tech Firms Explore Blockchain for Driverless Cars.” Reuters, Thomson Reuters, 22 May 2017, www.reuters.com/article/toyota-selfdriving-blockchain-idUSL1N1IO178.
“The Green Button – the Standardized Way to Get Your Energy Usage Data.” The Green Button – the Standardized Way to Get Your Energy Usage Data. N.p., n.d. Web. 17 July 2017.
Higginbotham, Stacey. “Why Insurance Companies Want to Subsidize Your Smart Home.” MIT Technology Review. MIT Technology Review, 12 Oct. 2016. Web. 17 July 2017.
Hurd, Will. “H.R.2227 – 115th Congress (2017-2018): MGT Act.” Congress.gov. N.p., 18 May 2017. Web. 17 July 2017.
Institute, Ponemon. “Introduction.” 2016 State of Cyber Security in Small & Medium-Sized Businesses, doi:Sponsored by Keeper Security.
Laycox, Sandy. “Tech-enabled transparency is a major step in regaining control of healthcare costs.” Medical Exam pg 45, Leader’s Edge Magazine June 2017.
Lin, Patrick. “No, Self-Driving Cars Won’t Kill the Insurance Industry.” Forbes, Forbes Magazine, 25 Apr. 2016, www.forbes.com/sites/patricklin/2016/04/25/self-driving-cars-wont-kill-insurance-industry/#774d5c45746f.
Meola, Andrew. “IoT Insurance: Trends in Home, Life & Auto Insurance Industries.” Business Insider, Business Insider, 20 Dec. 2016, www.businessinsider.com/internet-of-things-insurance-home-life-auto-trends-2016-10.
Miller, Ron. “IBM Unveils Blockchain as a Service Based on Open Source Hyperledger Fabric technology.” TechCrunch. TechCrunch, 19 Mar. 2017. Web. 17 July 2017.
“Missouri Data Breach Laws: Notification Requirements.” TechInsurance. BIN Insurance Holdings, LLC, n.d. Web. 26 July 2017.
“National Protection and Programs Directorate; National Protection and Programs Directorate Seeks Comments on Cyber Incident Data Repository White Papers.” Federal Register. N.p., 28 Mar. 2016. Web. 17 July 2017.
Rader, Russ. “Death Rates Fall as Vehicles Improve.” IIHS, Status Report, Vol. 50, No. 1, 29 Jan. 2015, www.iihs.org/iihs/sr/statusreport/article/50/1/1.
Ralph, Oliver. “AIG Sets up Blockchain Policy for Standard Chartered.” Financial Times. N.p., 15 June 2017. Web. 17 July 2017.
Rorke, Catrina, et al. “Aligning Cybersecurity Incentives in an Interconnected World | R Street.” R Street Institute | R Street, R Street, 16 Feb. 2017, www.rstreet.org/policy-study/aligning-cybersecurity-incentives-in-an-interconnected-world/.
“Self-Driving Cars and Insurance.” Insurance Information Institute. N.p., July 2016. Web. 17 July 2017. http://www.iii.org/issue-update/self-driving-cars-and-insurance.
Shabat, Matthew. “National Protection and Programs Directorate; National Protection and Programs Directorate Seeks Comments on Cyber Incident Data Repository White Papers.” Federal Register, Department of Homeland Security, 28 Mar. 2016, www.federalregister.gov/documents/2016/03/28/2016-06856/national-protection-and-programs-directorate-national-protection-and-programs-directorate-seeks.
Vivint. “Home Automation Giant Vivint Partners with Liberty Mutual Insurance to Offer Its Customers Savings on Auto and Home Insurance.” PR Newswire: News Distribution, Targeting and Monitoring, PRNewswire, 3 Aug. 2017, www.prnewswire.com/news-releases/home-automation-giant-vivint-partners-with-liberty-mutual-insurance-to-offer-its-customers-savings-on-auto-and-home-insurance-234214571.html.
Weinstein, Mark. “What Your Fitbit Doesn’t Want You to Know.” The Huffington Post, TheHuffingtonPost.com, 21 Dec. 2015, www.huffingtonpost.com/mark-weinstein/what-your-fitbit-doesnt-w_b_8851664.html.


Linkedin Facebook Twitter Email
, , , , ,

No comments yet.

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.