What happens when big data and big insurance collide? Here’s the inside scoop on a revolution shaking the very foundations of finance
When vast amounts of corporate and consumer information began their migration to the cloud several years ago, the protection of these oceanic digital pools was not taken seriously.
Enter hacktivists, breachers, crackers, spammers, cybercriminals, and a painful litany of compromised databases. Sony. Target. Facebook (again and gain). Steam. LinkedIn. Walmart. Stuxnet. Conficker. Heartbleed.
The fallout from these multiple indiscretions forced cybersecurity firms, tech companies, and the financial sector to launch an arms race in data protection. They needed it as much as us, with our sensitive passwords and credit card numbers.
But try as they might, a sense of futility continues to haunt their best efforts. As one legal expert put it, protecting information is like clutching sand. No matter how hard you grip, it slips through your fingers.
There is an industry, however, that is keeping a watchful eye over this drama. They are the world’s insurers.
The public tends to think insurance companies are always behind the curve. But now, more than ever, the ritzier investment bankers, traders, and hedge funds are splurging on the latest software and intel that can improve theirs odds in the market. (See Michael Lewis’ book, Flash Boys.)
Insurance going high tech? Actually, insurance companies stay ahead of the curve too. They have to, because the more streamlined commerce becomes, the greater the risk for the consumer and the corporation, their customers.
Insurance today, specifically in Asean and China, is hurting.
Every major forecast since the previous year indicates the world market is now “hard,” proof that business is not what it used to be.
True enough, before the financial meltdown of 2007–2008, worldwide insurance premiums were becoming lower and lower to keep apace with new markets beyond the stable G20.
Well, not anymore.
According to the latest industry research, the three biggest trends shaping insurance today are—
The unprecedented scale of natural disasters
Fresh prospects in emerging markets
Ensuring clients are well-protected from so-called cyber risks.
Of the three, the first is a headache, the second a given, and the third the latest addition in every risk portfolio— those unmanageable problems and setbacks insurers have to underwrite.
Take it from multinational advisory firm Marsh & McLennan. Their current head of global client service, David Bidmead, is a strong believer in how data breaches benefit underwriters.
"Every time we, as an industry, learn more about what can happen and how substantial the ramifications of a breach are—we have an opportunity,” he said in an interview.
“The insurance industry is responding really well,” Bidmead observed. “Not only in providing the right amount of risk capital, but a real preparedness to manuscript contracts to better make them easier for our large, sophisticated buyers.”
This is precisely what a breach (or a hack or a dump) is, a risk.
Risk is huge business, especially when modern insurance serves as large-scale asset management. The risk business is so essential, in-house risk analysis has given way to a new industry segment focused on studying risk.
Firms like Deloitte, Crowe Horwath, and IHS, to name a few, use scholastic research methods, newsroom analysis, and hard numbers to sell risk forecasts as a product.
Take it from the World Economic Forum, whose Convergence of Insurance and Capital Markets report in 2008 described the institutional attitude toward risk: “As the ultimate risk-holders, insurers must make significant investments in due diligence. To manage their exposures, they must be aware of and seek to control moral hazard.”
With cyber risk in particular, insurance companies are not taking any chances in allowing their clients to be compromised.
A PricewaterhouseCoopers report entitled How P&C Insurers Are Creating An Advantage With 3rd Party Data suggested deeper customer connectivity was the best way, among several methods, for insurers to profit in the brave new world of big data.
“The emergence of new technologies along with new data enables the linkage and consolidation of unique forms of customer information,” wrote one of the authors.
Thanks to big data, “carriers now have the ability to automatically generate cross-sell leads, detect fraud, and identify lower-risk affinity groups,” the PricewaterhouseCoopers report said.
In simpler terms, insurance companies must take a hands-on approach when protecting client information.
Multinational insurance provider Zurich admitted this in its new Asia Risk Report, which identified cyber threats among current headaches like public reputations, natural catastrophe, regulation, human capital, economic trends, and political crises.
“Historically, cyber insurance coverage was only triggered when the insured suffered data breaches or hacking attacks,” the report stated. “However, many policies now provide coverage for a broad range of technology failures.”
So far, countless seminars and conferences are being held where insurance companies and fund managers exchange notes on how to discourage the dreaded data breach. At these events, the humble USB flash drive, the swanky iPad, and the cleaner who collects trash during after-hours are subject to intense scrutiny.
The same anxiety has reached Asia, which Zurich’s Risk Report identified as the world’s cyber threat hotspot, with distressing amounts of hacker activity found in China and Indonesia.
China being the epicenter of the biggest spurt in asset management is a reason for insurance providers to worry.
The problem is, fund mangers of every stripe have to accept that China is no longer growing like before. Its carefully managed economy plods along a predictable course for the sake of balancing risk in every form.
Based on data gathered by Bain & Company for its annual Wealth Study, China’s approach is good for the long- term.
A whole generation of wealthy Chinese are more invested in asset management along with wealth protection and preservation rather than the breathtaking wealth creation of the last 25 years.
China is a huge mobile market with a robust e-commerce culture. This feeds a cybercrime problem that has reached epidemic levels. Web security firm Trend Micro even publishes reports cataloging its breadth and variety, with the latest entitled The Mobile Underground Cybercriminal Market in China.
No wonder a cybersecurity outfit like Guardtime, led by CEO and co-founder Michael Gault, a British entrepreneur who lives out of his suitcase, received ample funding from the Chinese government and Li Ka Shing to introduce encrypted signatures for the mainland’s SMS traffic in 2010.
Gault and Guardtime then expanded to the Philippines and won more contracts for encrypting data transfers between government agencies in the country. This year, Gault delivered the keynote during the 11th Philippine General Insurance Summit to drive home the importance of cyber risk. Guardtime’s thriving business is proof of how essential expert protection is from the dreaded info breach.
“Guardtime’s technology helps to remove the need for trust by providing an independent record for everything that has happened on electronic networks,” Gault told an industry publication. “If you consider how much electronic data there is and how much people care about it, you realize the potential size of our business.”
This is apparent in the emerging markets of Asean, whose financial sector is conservative and overly cautious. The exciting growth stories of Indonesia, Vietnam, and the Philippines contrast with the attitudes of local insurers made complacent by enduring relationships with legacy clients.
Meanwhile, in the same country where Internet speeds are ranked among the region’s slowest, the prevalence of mobile devices and their close proximity to elusive homegrown hackers and cybercrime syndicates should serve as red flags for top insurers, preoccupied as they are with natural calamities.
But since the Philippines is a favored destination for BPOs and multinationals, who cluster in urban hubs like Global City or Cebu, there are untold metabytes of information that need to be secured.
So who is doing the grunt work and underwriting cyber risk?
The private sector? The government?
At present, it is hard to tell. One estimate puts the number of cyber- risk insured companies based in the Philippines at a meager 10—or less.
A rare selection of boutique outfits have arrived to fill the gap. Firms like AON, JLT Group, Marsh, and Lockton have offices in the Philippines working as brokerages for select insurance providers. With cyber risk not yet in vogue, underwriting is often forked over to a multinational insurer.
It is high time the insurance and asset management crowd recognize cyber risk and its impact on their business model.
Data protection is a must, an invisible fortress needed to deter invisible enemies.
Print ed: 06/14