8 minute read
A ‘clear’ case for adoption in Guatemala
Seguros El Roble is a multi-lines insurer commanding more than 20 per cent market share in Guatemala.
It’s constantly reviewing and trialling digital solutions – both customer-facing and in the back office – and it was this open-minded attitude to innovation that led it to a tech show in Las Vegas in late 2019 where Clearspeed, then only three years old, was exhibiting its voice-based analytics technology.
More than 100 companies piqued the insurer’s interest at the show, but only Clearspeed progressed to production, so impressed was it by the simplicity of the solution and ease of integration into its existing fraud detection stack.
Jorge Luis Linares, Seguros El Roble reinsurance project manager, said a solution that could help us confidently assess the risk of fraud in a claim simply by analysing the answers to a handful of yes/no questions ‘was to us like magic’.
“It was easy to implement and the impact was very high. For me, it’s still kind of magic!” he said during a webinar early last year.
At the time, the insurer had recently implemented the Dutch trust automation platform FRISS and was looking to further enhance the impressive affect that had already had on straight-through processing of vehicle claims.
The technologies are complementary to one other. Every claim is run through FRISS and 90 per cent of them are settled without intervention; for the remaining 10 per cent that receive a ‘red’ or ‘orange’ FRISS score or are a total loss or theft claim, the company activates Clearspeed.
“We are not denying claims based on either the FRISS score or a call with Clearspeed. They’re only a tool to say, ‘we should look into this’,” said Linares.
Most customers – more than 90 per cent – sail through. But applying Clearspeed to the remainder delivered a 31-times return on its investment in the technology during the first year. The results were so impressive that in 2022 poverty and fight climate change. Clearspeed aligns with the organisation’s philosophy and values, especially through products such as Clearspeed Surge, which helps to mitigate the impact of extreme events and supports people in times of greatest need.
“Clearspeed is proud to be developing socially responsible technology with the support of impact funding,” says Martin. “We have a group of incredible investors who want to make a meaningful difference to people’s lives, and that gels perfectly with our values as a technology innovator. It’s about creating products that establish direct value and impact, while retaining their accessibility and quality in use.”
“Our products are helping people every day in insurance and other fields, and we are committed to finding new and socially responsible uses for voice analytics where the risk-speed paradigm must be flipped to favour building bridges not walls.” the insurer began looking at applying both FRISS and Clearspeed to its health insurance line, too, where the ability to analyse responses to questions such as ‘do you smoke?’ are obvious. And now it will be moving Clearspeed to the top of the funnel, to apply to all claims.
Clearspeed has not only helped identify claims that legitimately need referring to the insurer’s special investigation unit but has also saved it from paying out claims in instances not covered by the policy wording, such as a driver under a certain age being at the wheel of a car or where a driver’s licence has expired.
“In all these cases where we used to pay before we can now say to the customer ‘there is no coverage for that’,” said Linares. “One of the measurements for success for any tech is if you keep using it – and our intention is to keep using both [Clearspeed and FRISS] because they do not replace but complement each other.”
How can business, governments and insurers prepare for what some at this year’s Davos summit warned is a ‘gathering cyber storm’? We asked Resilience Cyber, which helped lead the debate among global leaders, to share its views
According to the World Economic Forum’s annual Global Cybersecurity Outlook 2023, 93 per cent of cyber leaders and 86 per cent of business leaders now believe a catastrophic cyber event is on the horizon, which will likely impact them within the next two years.
The Forum put cybercrime/ cyberinsecurity on its Top 10 global risks for the first time in 2023, as political instability, maturing technologies and a shortage of cyber talent among the ‘good guys’ ramped up the threat – which was described by some at the Forum’s annual gathering in Davos in January as a ‘gathering cyber storm’.
Experts who presented their concerns to world leaders made clear there is not a minute to lose in addressing the risk as digital transformation across industries exposes the world to more vulnerabilities.
Just this month (February), the UK government called for organisations ‘with an interest in software security and digital supply chains’ – aka anyone with a stake in the modern economy – to contribute their views on how best to address software risks to improve resilience to cyberattack. The consultation, which is open until May 1, came as work began in the EU on a proposed Cyber Resilience Act, which seeks to tighten up potential weaknesses in the connected hardware and software ecosystem. The Act, which will likely take several years to implement, will affect manufacturers, importers and distributors within the single market.
Among those steering discussions around these issues in Davos were representatives from Resilience Cyber, an American cyber risk management and insurance provider, which recently entered the UK.
With the cost of global cybercrime set, by some estimates, to rise from £7trillion in 2022 to £20trillion by 2027, we asked Resilience Cyber’s Rehan Hussain, head of underwriting UK, Europe and Lloyd’s of London, Simon West, cyber advisory lead, and Tom Egglestone, international claims leader, UK and Europe, how insurers, businesses and governments can work together to ward off disaster.
THE INSURTECH MAGAZINE: Premiums for cyber insurance have soared in recent years as insurers (and reinsurers) became concerned about their exposure in the face of exponential increases in attacks. Insurers have also been more selective in the type of cover they take on, or they’ve weighed policies down with exclusions – so much so that some companies are saying the policies aren’t worth having and it’s better to invest the money in security. What more could insurers be doing to reduce the risks, and therefore reduce the premiums, by, for example, leveraging technology, information and data collection?
REHAN HUSSAIN: The cyber insurance market is still reaching a level of maturity and continues to evolve as market dynamics change. As a product matures, changes in coverage are not uncommon as they are generally in response to new evolving threat vectors and could be viewed as the “growing pains” of a maturing product line.
We believe that rather than thinking about insurance in a silo, companies need to connect their risk transfer strategy to their technical visibility and cyber hygiene efforts to build a holistic strategy. This allows them to incorporate their insurance coverage into their overall cyber resilience efforts.
Carriers should support building cyber resilience by offering services such as enhanced cybersecurity visibility with actionable cyber hygiene recommendations, and continuous engagement throughout the policy. We’ve seen success with building more cyber resilient clients, leading to fewer losses, and a more sustainable insurance market from a price and coverage perspective. are approaching cyber risk in response to the constantly-evolving landscape. This is perhaps most notable in the UK, where the Information Commissioner’s Office (ICO) have introduced changes which they advise is in line with a renewed focus on openness and transparency in dealing with regulated companies suffering data breaches. enforcement/ government agencies should absolutely be on the agenda, particularly when you look at the success of measures such as the FBI Financial Fraud Kill Chain in the USA.
TIM: In November 2022, a Delinea study found that just 30 per cent of cyber insurance holders are covered for critical risks, including ransomware, ransom negotiations and payments. Despite this, Lloyd’s says the global cyber insurance market is likely to grow from $12billion worth of annual premiums today to $60billion over the next five to 10 years as threats increase. How are cyber policies then likely to evolve?
REHAN HUSSAIN: Due to the spike in ransomware activity over the past several years, extortion coverage can be difficult to obtain for companies who have not had proper investment in security controls or have a history of significant losses. Underwriters need to take a different approach to this risk in order to provide more flexibility for clients. Looking at a company’s paper application is a snapshot in time and doesn’t present a full picture of its risk.
UK Information Commissioner, John Edwards, has made clear he wants to move away from what he called the ‘money go round’ of paying fines as the sole regulatory action, while implementing new measures to drive accountability and transparency. One such new measure is the publication of all companies receiving reprimands from the Information Commissioner’s Office (ICO) following a data breach on the ICO website.
It remains to be seen whether this revised approach will yield the results the ICO is seeking: better cybersecurity practices and improved behaviours around data privacy. However, what it does have the potential to do is to increase the risk of litigation and reputation harm for companies affected by privacy breaches.
Claimant firms will likely monitor the ICO website as a source for building potential group actions. For affected companies, it increases the importance of robust pre-incident planning and the value of an effective incident response, ensuring that future litigation risk is taken into account early on alongside other pertinent financial and commercial factors.
However, the way in which that relationship works is a work in progress, particularly given sensitivities around the privacy of affected victims. To that end, in the UK we are working with market peers and the National Cyber Security Centre (NCSC) to foster an environment where victims of cyberattacks feel willing and able to engage with law enforcement and government agencies during incidents to deliver better outcomes and improve broader societal cyber resilience.
We are also heavily engaged with the Ransomware Task Force, which called for the cybersecurity community to ‘develop a clear, actionable framework for ransomware mitigation, response, and recovery’ in its initial 2021 report. The basis for this framework is the Blueprint for Ransomware Defense built by Resilience, the Center for Internet Security, and a number of Task Force partners. It includes a subset of these best practices, or safeguards that are most relevant to combating ransomware.
Rather, insurance providers should work to build a partnership with their insureds that can establish a continuous engagement. This allows for greater visibility for the provider to see the valuable work clients are doing in strengthening their security throughout the year and can lead to more flexibility in underwriting. It also allows the insurer to provide intelligence and recommendations for addressing new threats that arise during the course of the policy.
TIM: How will the evolution of cyber regulation in various jurisdictions impact risk and cover?
TOM EGGLESTONE: We have already begun to see shifts in how regulators
Taking a global view, more and more countries are introducing new privacy laws or improving their existing laws. As time passes, a greater and greater proportion of the world's population will become subject to such laws. Firms should ensure that they stay ahead of the game and are informed of the applicable laws affecting their business operations to ensure they remain compliant with those laws and regulations to mitigate the chances of regulatory action or third-party litigation, with the resultant potential reputation harm.
TIM: We’re beginning to see closer cooperation between banks and regional and cross-border law enforcement, trying to steer a path between privacy laws and security in order to not just limit but prosecute fraud. Would you like to see a similar focus on enforcement?
SIMON WEST: Better collaboration between industry and law
Companies need to connect their risk transfer strategy to their technical visibility and cyber hygiene efforts to build a holistic strategy
In April 2021, the Ransomware Task Force launched its seminal report, Combating Ransomware: A Comprehensive Framework For Action. The product was developed with more than 60 experts from industry, government, law enforcement, civil society and international organisations. After several months of work, the report provided 47 specific recommendations and advocated for a unified, aggressive, comprehensive, public-private anti-ransomware campaign. The report’s impact was immediately felt, as governments moved to adopt new policies to empower their agencies to counter the threat, and as organisations found and implemented new tools to keep them and their customers more secure.
