‘Internet of Things’ a Frankenstein’s Monster for Insurers

From: Russell Group
Published: Wed Oct 21 2015

The ubiquity of wireless connections between objects appears to be a digital Utopia in the here-and-now. Thermostats that think, manipulate and manage a multiplicity of domestic devices, streaming real-time operational data to their makers.

‘Intelligent’, interlinked machines and heavy industrial tools that render work more efficient and ‘learn’ as they operate. Vehicles that automatically download the latest software iterations from their manufacturers to boost performance and pre-empt mechanical problems before they even occur – all the while registering precisely where they are.

Sounds wonderful, doesn’t it?

And yet, in this brave new world planes can now be hacked, as can oil tankers and offshore rigs. Financial institutions or entertainment companies can see their data compromised and shared beyond their customer base because every smart, connected device may be a point of network access, a target of hackers, or a launch pad for cyberattacks.

The paradox is that in such a world, our machines, our constructions and products are autonomous yet connected at the same time. It is a strange concept to grasp, yet grasp it we must if we wish to maximise the opportunity and minimise the inevitable risks.

U.K.-based data analytics firm Russell Group is primarily focused on this risk aspect and how it potentially impacts its underwriting clients - and their clients. As a business it has been at the forefront of a debate asking the question ‘How does the connected nature of risk today cut across traditional vertical industrial structures such as aerospace, shipping, offshore energy and, increasingly, financial services?’

Addressing this theme, the latest (October 2015) issue of the Harvard Business Review investigates the transformative nature of the Internet of Things and the connected products that have the power to change and/or disrupt the modern world.

According to the HBR ‘The risk posed by hackers penetrating aircraft, automobiles, medical equipment, generators, and other connected products could be far greater than the risks from a breach of a business e-mail server.’

So pervasive and transformative is the IoT that the HBR likens this to a second industrial revolution. As such, the authors believe that the evolution of products into intelligent, connected devices will completely reshape companies and competition.

Noting that smart, connected products can generate real-time readings that are unprecedented in their variety and volume, the HBR authors state that ‘Data now stands on par with people, technology, and capital as a core asset of the corporation and in many businesses is perhaps becoming the decisive asset.’

Crucially, the authors stress that as the ability to unlock the full value of data becomes a key source of competitive advantage, ‘the management, governance, analysis, and security of that data is developing into a major new business function."

In this new environment smart, connected products need to be significantly re-thought in terms of design as product development moves from mainly mechanical engineering to proper ‘interdisciplinary’ systems engineering, particularly as products mutate into complex systems containing software.

Mechanical engineering designers are becoming software engineers with certain manufacturers - GE, Airbus, and Danaher, for example, establishing bureaus in software-engineering centres such as Silicon Valley.

Recent cyber hacks that have inflicted significant operational and reputational damage on targets such as, well, Target and Sony are concentrating insurance minds on the security risks in this connected world.

All functions and, from an underwriting point of view potentially all specialty insurance classes, need to be re-assessed for vulnerabilities heralded by the Internet of Things.

Russell Group Managing Director Suki Basi states: ‘All companies large and small need to carefully asses their security and how it affects multiple functions with IT continuing to play a key role in implementing best practices for data and network security. That is all very well but it still does not address a key concern for (re)insurers, which is the supply chain risk and the wider aggregate exposure.

‘An organisation or individual can protect their own interests to a certain extent but their ability to conduct a security audit on all their suppliers and partners is a different matter entirely.’

As Russell Group noted recently, none of the major commercial risk model vendors has a model for inter-connected risks such as political, cyber or supply chain at present, which is surprising when you consider, for example, that monitoring the aggregation of cyber exposures represents probably the biggest challenge for the market today.

This is a theme that Russell Group has been exploring with increasing regularity in conversations with specialty (re)insurers in the last 18 months. Enterprise connected risk solutions can help address the absence of a workable standardised cyber risk model.

In a cyber environment in which PwC estimates that annual gross written premiums are set to increase from around $2.5 billion today to reach $7.5 billion by the end of the decade we are going to need a workable model soon.
According to a recent PwC thought leadership: ‘Many insurers face considerable cyber exposures within their technology, errors and omissions, general liability and other existing business lines. The immediate priority is to evaluate and manage these "buried" exposures.’

‘Buried’ exposures is a good way of putting it, but transparency of information is also an issue as is having access to real time data that gets insurers as close as possible to knowing their cyber exposures as they bind the policy.

As it becomes increasingly clear that the threat posed by cyberspace is as much an issue of governance and internal conduct risk controls as it is of technology, the shadow of the regulators, whether in the US, Europe or elsewhere looms larger.

Connected enterprises need to start viewing cybersecurity insurance as an inter-connected component of their wider risk management strategy, which means in the US understanding current SEC expectations for cyber-risk/incident disclosure or in Europe keeping abreast of the latest EU Directives.

PwC for its part states: ;While underwriters can estimate the likely cost of systems remediation with reasonable certainty, there simply isn’t enough historical data to gauge further losses resulting from brand impairment or compensation to customers, suppliers and other stakeholders.’

It says that as potential cyber losses enter the realm of natural catastrophes losses, with incidents becoming more frequent, concern about cyber risk concentrations and the capability of less experienced insurers to endure potentially a fast sequence of high-loss events increases.

The PwC advice is that: "Insurers and reinsurers need more rigorous and relevant risk evaluation built around more reliable data, more effective scenario analysis and partnerships with government, technology companies and specialist firms."

We have become used to the idea of an earthquake or windstorm causing large financial losses and human misery, so it takes time to adjust to the idea that a human typing on a laptop or the loss of an unencrypted memory stick might cause the same level of threat.

The reality, however, is that cyber connectivity is an existential threat to insurers’ balance sheets and those of their clients. It is surely time to address the issue collectively - insurers, government, and risk managers - before it is too late.

*Russell Group is taking part in the Singapore International Reinsurance Conference, Nov 2-4 2015.


Russell Group is a leading risk management software and services company fast expanding its operations across Asia. Through its ALPS suite of products, Russell Group provides a truly integrated framework for insurance and reinsurance clients operating across the specialty classes.

With an underwriting risk framework that delivers a complete understanding of underwriting exposure, Russell Group helps clients generate clearer risk insights and assessments, robust capital utilisation and improved portfolio return on equity.

As a pioneering UK-based data analytics company, Russell Group offers insurers and reinsurers across Asia proprietary technology that factors in the realistic, probabilistic and unexpected for better scenario modelling to give more accurate pricing in underwriting risk management.

If you would like to learn more about Russell Group’s ALPS solutions, please contact rbrown@russell.co.uk
Company: Russell Group
Contact Name: Richard Brown
Contact Email: rbrown@russell.co.uk
Contact Phone: +447949019797

Visit website »