Cybersecurity: an opportunity for Insurance 3.0 firms? - News Cardif Lab - Corporate
Skip to Content

Cybersecurity: an opportunity for Insurance 3.0 firms?

24 July 2019

 

The Internet of Things is giving insurers an opportunity to become the go-to partners when it comes to dealing with everyday risks. Paying out on insurance claims will become the exception rather than the rule. The new norm will be about providing prevention and protection solutions.

According to audit, tax and consulting firm PwC, close to seven connected objects per person will be in use worldwide in 2020. Market insights provider IoT Analytics estimates the number (NB: excluding smartphones, computers and tablets) at seven billion this year, ten billion by 2020 and twenty-two billion by 2025. In parallel with this surge in interconnectivity, a second trend is taking hold – cybercrime, which is now costing $600 billion per year worldwide (McAfee Labs), i.e. some 0.8% of global GDP.

 

Prevention is better than cureRanging from watches to tensiometers, pacemakers, scales, fridges, smoke detectors, locks, drones and cars, objects connected via the Internet which communicate with each other in real time in order to trigger action (Cigref’s definition), now promise to provide smarter, more personalised risk assessment. Here insurers see an opportunity to take a different approach to the way they assess, price, forecast and limit their policyholders’ risks. Meanwhile the insured have the prospect of obtaining tailor-made solutions on demand, at attractive rates.

Starting with the home, connected sensors enable smoke to be detected, and will ensure that an alarm goes off if a break-in occurs or a water-pipe bursts. US insurance company StateFarm offers its policyholders reductions on a range of Canary connected security equipment and residential security systems from US security services company ADT. Then when it comes to cars, the development of telematics solutions has enabled real-time assessment of driving behaviour so as to help avoid risks on the road. Thirdly, in the health field, hi-tech watches and other types of activity sensors now enable people to track their physical exertions, their heartbeat and the quality of their food intake. However, according to the latest report from audit specialists Deloitte, concern over the security and protection of personal data remains a considerable obstacle to the widespread adoption of these new insurance products, quite apart from any considerations of abuse and potential misuses of, for example, predictive health.

 

Cybersecurity as a business 

Meanwhile the trend towards connected objects is bringing with it an increase in the overall scope for and risk of cyber-attacks. Not only is this threat potentially very serious but such attacks often occur in total silence. Consequently, there is a market here in which insurers, as trusted third parties, should definitely be positioning themselves.

Deloitte experts calculate that, following the advent of self-driving cars within the next couple of years, the frequency of road accidents will plummet by around 80% by 2040, but what will happen if cyber-criminals manage to seize control of this type of vehicle? Although to date there have been no reports of cyber-piracy against autonomous vehicles, US researchers demonstrated in 2015 what might happen and a year later someone hacked into a Tesla. Meanwhile ‘white hat’ hackers have also shown the feasibility of remotely hacking a pacemaker.

Yoni Abittan, a strategic analyst at L’Atelier BNP Paribas who is an expert in applied research into cybersecurity, foresees that the insurer of tomorrow could well become a cyber tech company. He underlines Connected objects are not ‘secure by design’ , i.e. designed from the very outset with security as a major consideration. Going forward, insurers will no longer be able to simply provide insurance services; they’ll need to position themselves upstream of the value chain, co-designing solutions in conjunction with the makers of connected objects so as to develop the layers of security needed to ensure a secure IoT before these objects start being produced on a massive scale.”

US insurer Allstate has already grasped this new challenge, and has acquired a startup called InfoArmor that specialises in employee identity protection. The figures indicate just how much is at stake here. In 2017, 600 million out of a total of 2.7 billion data sets that were compromised were instances of identity theft (Gemalto, 2016), incurring costs estimated at $16 billion in the United States alone (Javelin Strategy & Research, 2017). Moreover, studies show that the more trust customers place in a given company’s data security, the more likely they are to share their personal data with that organisation.

Yoni Abittan reckons that “the challenge of ensuring connected object cybersecurity is first and foremost an Open Innovation challenge for insurers because this is not their core business. They’ll need to work with the various players in the IoT ecosystem –makers of connected objects, suppliers of cloud computing services, software publishers and suppliers of technical platforms, telecoms operators and so on.” Yoni Abittan feels that tomorrow’s insurers will also have a duty to raise awareness of the underlying cyber-risks, by using, for example, the nudge technique. He argues: “An insurer could send alerts via the IoT giving information about the incidence of cyberattacks and directing customers to a data safe where they could keep their data secure.” Yoni Abittan points out that “some banks, such as HSBC, have already trialled behavioural motivation in order to prevent customers from going into the red. Using this method, the UK Treasury department succeeded in recovering the equivalent of an additional €289 million for the fiscal year 2012-2013.”


Meanwhile regulation regarding IoT security – notwithstanding the recent advances made in California – is still in its infancy. We can only hope that progress will be made in this field in accordance with what is at stake, i.e. the lives of 7.5 billion people.

 

 

Social media, connected devices, online purchases, visits to websites, email address, we all leave our trace on the Internet. What is the best way to protect our digital identity ?

 

Powered by cardif lab’, in partnership with L'Atelier BNP Paribas.