Insurance risk assessments rely on having a rich history of data and accurate information on current conditions. The more we know about what happened in the past, the more we can predict risk in the future. But what happens when a future without precedent rushes headlong to meet us?
That’s the problem facing insurance companies today as they deal with a new class of connected, smart technology devices. These devices are everywhere, connecting wirelessly to the internet and to each other. Internet-enabled thermostats and connected plugs control our homes and office buildings, while an increasing array of sensors measure everything from moisture to vibration.
The Internet of Things (IoT) that these devices are collectively creating offers insurers unprecedented opportunities, but it also brings more complexity and evolving changes to the risk factors. It will challenge an industry that has spent hundreds of years perfecting its approach to risk and liability, uprooting the way that it thinks about these things.
New risks will crop up just like connected devices now do—at high volume, at high speed, and in unexpected places. They will stem from problems in IoT security and could have potentially disastrous consequences. Consider the following:
An online criminal uses the built-in web server in a connected lighting control system as an ingress point, infecting other parts of the network and stealing sensitive data.
An organized hacking group uses a zero-day flaw to infect a company’s internet-connected security cameras, which were publicly exposed to the internet and searchable using the Shodan IoT search engine. It then uses the cameras to launch a denial-of-service attack against an unrelated third-party target, costing the company $500,000 in lost revenue.
Alongside new insurance risk-assessment headaches, the IoT will also create more complex conversations around liability. In cases such as these, will the device manufacturer or the service provider that installed the equipment be to blame? Or will it be the company that owns and uses the devices? How does one measure and monitor firmware updates to the IoT device and who is responsible?
The liability challenges extend beyond the home and office and onto the road. Self-driving vehicles, trained by data gathered from thousands of road trips, are already in operation. We can expect many more on our roads in the years to come.
In traditional vehicle accidents, insurers can assume that one of the drivers involved was to blame. When dealing with an autonomous vehicle, the liability question becomes far murkier. It could extend to the vehicle itself or, more accurately, to the entire value chain that produced it.
The car may have caused the accident through a technical error. Who is liable in that case? It could be the manufacturer, due to an error in their algorithm. But the car maker may have created and offered an update that the user refused, or offered a manual override function that the user did not take advantage of. Who is liable in those cases?
What happens if both cars in an accident are autonomous? Perhaps in some future science fiction scenario, one car could activate another’s electronically coded insurance policy and claim damages directly via a blockchain-based smart contract.
The problem for insurance risk-assessment professionals (underwriters and loss control consultants) is that yesterday and today’s science fiction is fast becoming tomorrow’s business fact, and legal frameworks will struggle to keep up. Lawyers will spend thousands of hours navigating how to decide some of these cases, setting precedents for the rest of the industry to follow.
The increasing complexity of these cases will also lead to a more diverse array of insurance claims and contracts. Expect to see an increase in subrogation cases as insurers are forced to pursue third parties when honoring claims. Alongside consumers, insurers must also protect manufacturers who may not have considered the need for a product liability insurance policy before. And, consumers may not be savvy-enough to understand the need for an identity-theft or a cybercrime insurance policy.
So insurance companies face many unknowns. But there are some things that we do know, and one of them is that data will be an important tool in navigating these uncharted waters. Data from connected sensors, controllers, and vehicles will be important for capturing what happened during an incident. It will also reveal important root cause and claim trends that will inform future insurance risk assessments and possibly alter policies. This also gives the insurance company the opportunity to proactively monitor risks, potentially preventing a loss from occurring.
Insurers must be prepared not only to collect data that they have never handled before, but to analyze it. They will need both the data platforms and the data science skills to manage it.
Solutions are already available to help. Connected devices can return an array of data points collected on a per-second basis. Exciting new technologies such as blockchain are helping to collect data across highly distributed networks of connected devices—and preserve them cryptographically to prove that they have not been tampered with. At the back end, tools such as Apache Hadoop and Apache Nifi can help to manipulate data and reveal actionable insights. Insurers that invest in these capabilities now can prepare for the future—before it catches them by surprise.
To find out more about the role of big data in insurance and to explore some of the opportunities that it offers, read this article.