The best of R&I and around the web, handpicked by our editors.
White papers, service directory and conferences for the R&I community.
Web replica of the print magazine.
Artificial intelligence brings many benefits to the insurance industry — but we wouldn’t be risk management professionals if we didn’t consider the possible downsides, too.
The risks AI creates have to be managed and mitigated as our industry explores the benefits of innovative technology.
Tresa Stephens, head of cyber, tech & media – North America at Allianz Global Corporate & Specialty, presented her thoughts on the subject during her RIMS Innovation Hub session, titled “Artificial Intelligence: Implications for Cyber and Technology Errors and Omissions Insurance.”
Her session focused on the benefits of AI, like increasing efficiency and overall economic output of the business, while also recognizing the significant exposure and risk it presents to both businesses and consumers.
Tresa Stephens, head of cyber, tech & media – North America, Allianz Global Corporate & Specialty
Stephens commented on the emergence of AI, saying, “It’s ushering in a whole new industrial revolution and it’s changing the way we live our lives. But as with any other emerging technology, there are risks we need to be cognizant of.”
An interesting focus area, the intersection of cyber and technology risks with technology errors and omissions coverage, brings new issues to the table.
One issue Stephens highlighted is changing consumer perception of AI and the kinds of risks it creates. The average layperson is exposed to AI through Hollywood fantasies of the Terminator and Minority Report-type. These tropes are designed to frighten people with extreme ideas of how technology can take over the world.
But the truth is much more mundane — we’re not at Hollywood-levels quite yet. AI is limited by human programming and the use cases we can dream of now.
But consumer perception remains critical for adoption, so the question becomes how do we change customers’ ideas of AI and how the technology can help businesses and our industry grow and evolve?
Stephens focused her comments on how AI and people can work together.
It’s not about AI replacing humans; rather, the technology works in tandem with people to complement the work employees perform.
Stephens said AI is just like any other type of technology you’ve ever used, whether at work or at home. It should be considered a tool, and people should expect it will have some limitations just like any other tool or resource.
“I think of AI as like a great team member — everyone on the team is good at different things,” she said. “AI is good at supporting us for what we can’t do as well or as quickly.”
When you consider AI through this lens of working in concert with your human employees, you can see how the technology could become a necessary resource.
Some AI limitations were discussed during the session.
Stephens pointed out common issues including bias that has been unknowingly built into AI. Another issue is that AI is still highly unregulated.
There are issues with evolving consumer privacy rights, as well.
And finally, AI could potentially change the landscape of liability. As vehicles become more autonomousvehicles become more autonomous and as technology evolves, insurance needs to change to meet the new risk.
There are no fully self-driving vehicles available to consumers in the U.S. today, but there is technology to allow vehicles to take over at parts during the drive. As innovations advance and regulation matches pace, insurers will need to underwrite these new types of products.
New questions arise, such as does auto insurance shift to product liability coverage and how do we manage the overlap of technology and the product itself?
Stephens also spoke about the future of AI and what’s next with AI applications and the implications to underwriting.
She noted coverages tend to blend when it comes to autonomous vehicles, even though insurance, in general, is often very siloed.
For example, we may see product liability coverage expand to include BI coverage to meet the new needs of autonomous vehicle owners.
When considering how to manage the exposure from AI, Stephens recommended a human-centered approach.
Consider how the algorithms are affecting people. Be careful with how you review your data sets related to your use case. And test your results and audit them, both before and after you have gone live.
Stephens cautioned, “Where AI is making recommendations, be very clear about your accepted error ratio.”
With 30 thought leadership sessions over the three-day event, RIMS’ Innovation Hub was an exciting and thought-provoking room on the exhibition floor for conference-goers looking for inspiration. Twenty-minute presentations about compelling topics, like this one, were slotted back-to-back throughout the conference. Attendees could enter and exit as they pleased, helping create an informal discussion space for ideas to flourish.
Like many other speakers, Stephens was surrounded by attendees with questions and thoughts to continue the conversation following her talk. &
The latest court filings and cases that will have an impact on the risk management and insurance industry.
After a livestock farm employee is gored by a bull during the job, he received coverage for all related medications. But when the payments stop, the worker files a negligence claim against the insurer.
Vermont’s captive industry saw almost 50 new formations this year amidst an ongoing pandemic and increased cyber security risk.
M&A deals are occurring on faster timelines just as buyer and lender awareness of pollution exposures are increasing.
The cyber insurance landscape is changing every day as more technology is introduced and information is stored by digital means. Innovation and growth abound.
But just as quickly as cyber-enabled technology and devices hit the market, so too do malicious actors — hackers who are more than happy to encrypt a file, hold data for ransom or demand bitcoin payment over threats of extortion. Businesses big and small have to be on the lookout for solutions to protect against unwanted cyber threats.
“Every company has privacy and cyber exposures,” said Jason Glasgow, Senior Vice President, and U.S. Cyber Lead at Allied World. “It comes down to how much exposure they have and how they choose to protect their assets.”
The cyber market itself is hardening, and protecting against growing threats has become an imperative but sometimes difficult task. Cyber events are costing insurers and insureds big — the average cost of a data breach in 2021 reached $4.24 million per incident, the highest in 17 years, according to IBM and the Ponemon Institute. And the market is reacting, pulling back on capacity and meticulously reviewing whether an insured is even a good risk to take on.
Luckily, there are ways for businesses and their risk managers to show they are a favorable risk to insure.
Here’s a look at the state of the cyber market today and how risk professionals can partner with their carrier to get adequate coverage for cyber risk.
Jason Glasgow, Senior Vice President, and U.S. Cyber Lead at Allied World
When looking at cyber as an exposure, it’s important to understand how the marketplace got to where it is today. Cyber, compared to other lines like property or workers’ compensation, could be called a “newer” insurance. But it’s been around long enough — more than 20 years now — that there’s a good amount of history to look at and learn from.
“What we really think of as cyber insurance started around the year 2000 as privacy liability,” explained Glasgow. At the time, carriers saw data breaches as the primary exposure for a cyber policy. Such incidents would involve hackers infiltrating a system, gaining access to personal information and monetizing that information on the dark web.
But, as we all know, the simplicity of a data breach grew complex as the world turned more and more toward digital capabilities.
“It started to change in 2018 or so,” Glasgow said. “Threat actors started devising different ways to monetize their activities. They realized that having personal information, credit card numbers, healthcare information wasn’t enough.” Malware became more sophisticated. Companies were dealing almost exclusively online. Hackers realized they could ask for much larger sums, upwards of $2 million to $10 million, and businesses would pay.
“Carriers started having much more severe losses on their cyber portfolios than they had before, but coverage remained mostly the same,” Glasgow said.
“2020 was a perfect storm,” said Brook Dutcher, Vice President, FrameWRX Lead and Cyber Strategic Initiatives. “In addition to the pandemic, the rise in large systemic cyber attacks and work from home vulnerabilities, we saw a marked increase in double extortion, which is the criminal practice of exfiltrating confidential proprietary information to use as leverage coupled with the encryption of victim’s systems.
“All those components, combined with ransomware, exponentially magnified the impact of the malicious activity and criminal activity associated with cyber breaches,” he said.
“These expanded circumstances and increase in market sustained ransomware losses – both in frequency and severity – drove the market to react with tighter controls, lowered capacity and higher rates.”
Brook Dutcher, Vice President, FrameWRX Lead and Cyber Strategic Initiatives at Allied World
Today, the insurance industry is doubling down on its response.
“We’re in a transitional market. Threats are shifting from that traditional data breach and privacy liability coverage to that of a first-party exposure around ransomware expenses, ransom payments and business interruption,” Glasgow explained.
This shift to first-party exposure directly links to insurance companies paying more severe losses at a much faster pace, which is why carriers are adjusting their approach.
Premiums have increased to compensate for significant losses. Self-insured retentions are also on the rise. Underwriters are asking detailed questions of their potential insureds, vetting them to make sure they are a favorable risk to take on.
“We are seeing a maturing within the market space as a result of large systemic events — the rise of ransomware, the cost of ransomware and the short period of time required to come up with the ransom payments,” Dutcher said.
“We now have a marketplace that’s positioned very differently compared to three years ago. It’s looking at cybersecurity in a very serious, new light.”
The question on every risk professional’s mind should be how to make their business as cyber ready as possible. Underwriters are on the lookout for insureds that are proactive in their cyber approach.
“The underwriting community is asking detailed questions about whether or not specific protocols or practices are in place to prevent attacks,” Dutcher explained. “These detailed questions focus on security posture, security hygiene, endpoint detection, whether there’s active NextGen firewall technology in place, as well as a variety of other factors that are contemplated during the underwriting process.”
Compliance with regulations and the law is another area where underwriters are reviewing insureds’ practices, especially for businesses operating with a complex supply chain spanning multiple countries and jurisdictions.
“Recognizing compliance down through the supply chain is becoming more and more important,” said Dutcher.
Dutcher said these safeguards are necessities to make a risk more palatable for carriers in the marketplace.
“We want to make sure businesses are proactive beyond the most basic levels of compliance within their respective industry sectors. We want to make sure that there’s multifactor authentication. We want to make sure that there is encryption on devices. We want to make sure that there’s access privileges and escalation privileges,” he said.
The good news: Compliance and safeguards can be implemented with the help of the entire cyber team, including guidance from carriers.
“Carriers are encouraging insureds to participate in proactive services, to mitigate risk, not only for the benefit of carrier, but for the benefit of the insured,” said Glasgow.
For example, Allied World //FrameWRXSM, a proactive risk management platform, was designed to provide insureds with cyber best practices and risk reduction tools, which in turn should help them become (and remain) favorable risks.
“Cyber can become more and more difficult to manage because the higher the amount of assets, the more levels of compliance required,” Dutcher said. “Through our FrameWRX offering, we provide phishing exercises, tabletop exercises, security hygiene exercises – all at no additional cost – so that we’re able to identify client vulnerabilities and help fix them.”
Carriers are offering similar services because finding the right tools and resources helps clients better prepare for cyber threats. Allied World doesn’t shy away from innovations, either.
“We most recently partnered with CyRisk, a vulnerability management platform, which provides real-time threat assessments, real-time vulnerability assessment, asset discovery, vendor assessment / management, access to market and threat intelligence,” Dutcher said.
“Our company believes that the best way to protect against cyber threats is to be proactive on our end,” added Glasgow. “We’ve implemented a white glove concierge approach where we invite the insured to participate in the FrameWRX platform. We’re then in a position to have an introductory call with the risk management personnel to discuss their protocols, practices and identify areas where our FrameWRX services can assist in shoring up their systems.”
The team also works with the insured to ensure they are proactive against cyber issues. Allied World gives the insured as much direct control as possible to allow them the chance to monitor their own risks with the aid of the cyber team just one call away.
“With that control, the insured can generate the types of reports that they want to see with the frequency they want, and distribute that throughout their supply chain, as they deem necessary,” said Glasgow. “This holistic, proactive partnership approach affords both the carrier and the client the confidence to know that every effort is being made to keep threat actors at bay. It’s a great example of the proactive value of insurance as a way to help reduce or mitigate loss.”
To learn more about Allied World, visit: https://alliedworldinsurance.com/products/framewrx/.
Coverage will be underwritten by an insurance subsidiary of Allied World Assurance Company Holdings, Ltd, a Fairfax company (“Allied World”). Such subsidiaries currently carry an A.M. Best rating of “A” (Excellent), a Moody’s rating of “A2” (Good) and a Standard & Poor’s rating of “A-” (Strong), as applicable. Coverage is offered only through licensed agents and brokers. Actual coverage may vary and is subject to policy language as issued. Coverage may not be available in all jurisdictions. © 2022 Allied World Assurance Company Holdings, Ltd. All rights reserved.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Allied World. The editorial staff of Risk & Insurance had no role in its preparation.
Berkshire Hathaway Specialty Insurance stepped up to help insure pop-up COVID clinics, playing a small but critical role in battling the pandemic.
With increasing numbers of older Americans joining the workforce to fill a void left by the pandemic, employers must be able to offer a high-quality and affordable health care service program to their employees.
The onset of the COVID-19 pandemic forced claims professionals to adapt quickly and proactively. It also gave professionals the opportunity to visualize a new type of work environment.
A report from Risk Placement Services looked at the cyber insurance market, causes for the coverage uptick and coverage procurement for 2021.