Connect with us

Wealth Management

HOW CAN FIRMS AVOID A CLAIMS SHOWDOWN WITH THEIR CYBER INSURER?

Dr Mike Lloyd, CTO at RedSeal 

How can you tell that cyber insurance is a hot topic today? When lawyers find the amounts of money involved worth fighting over. Major cases are emerging of serious disputes between multi-nationals and the companies they’ve taken out policies with to help mitigate their risk exposure. On the one hand, this is partly to be expected of such a nascent sector. Yet it may also be a sign of a deeper problem: a lack of visibility into which security controls and policies actually reduce risk and therefore need to be mandated as part of a policy.  After all, in health care, we know precisely how bad smoking is, and this helps make the insurance market far more effective.  We lack a quantified science of how much an organization will lose if they fail to follow any given security hygiene practice.

This is where digital resilience scores can help insurers draw up tighter contracts and reduce the chances of costly legal disputes down the line.

Insurance for everyone

A decade ago, most firms effectively self-insured for any cybersecurity losses. The attitude was that online threats could be pretty easily handled by setting aside a “rainy day fund” to deal with the fall-out of a major incident. Unfortunately, this approach is no longer sustainable at a time when the sheer volume and variety of cyber threats facing organizations has never been greater.

One vendor detected over 48 billion threats in 2018 alone and has been recording 10’s of billions of issues for several years now — an indication of the growing number of covert, targeted attacks. From BEC to phishing, credential stuffing to digital skimming attacks and IoT sabotage to ransomware, the black hats have a huge list of tools and techniques at their disposal, supported by a thriving underground economy.

The financial impact of such threats is growing rapidly. Not only must organizations fork out for remediation, clean-up and investigation of a successful attack, they could be hit by major new regulatory fines under legislation such as the GDPR. Then there’s the impact on corporate reputation which may also affect the bottom line: think tumbling share prices or customer attrition. Legal costs are also increasingly common as consumers band together to launch class action suits.

One report estimates the average cost of a data breach to be nearly $3.9m, which easily reaches the level where boards want to know that they have appropriate insurance coverage. Last year, Lloyds of London released a report estimating that a serious cyber attack on one of the top three global cloud providers could lead to outages costing US firms $19bn. Earlier this year another report claimed a global ransomware attack could cause losses of $200bn.  It’s this concern about correlated losses that really holds back insurers, and leaves companies scrambling to stack up dozens of insurance products to give themselves enough coverage.


A brave new world

In an era where no organization is safe, cyber insurance has therefore become hugely popular as a way to transfer risk. An analyst report from last year claimed three-quarters (76%) of global organizations have some form of insurance in place to cover cyber-related losses, although far fewer (around half) had “comprehensive” coverage.

Yet as insurance coverage increases, so do legal disputes. Back in January it emerged that confectionary giant Mondelez was suing Zurich Insurance for failing to pay out following the infamous NotPetya ransomware attack of June 2017. The $100m lawsuit was launched after the insurer invoked an exclusion for any attacks resulting from “hostile or warlike action in time of peace or war.” Although governments including the UK and US have publicly attributed NotPetya to Russia, they have released no evidence to support this, which could make it difficult for Zurich to prove its case.  War exclusions are commonplace, but seldom invoked, because most industrial or commercial claims aren’t war related.  They exist precisely because of the correlated nature of losses in wars – too many people all claim at once, because we all get bombed together.  Is this an appropriate mechanism for cyber warfare?  It’s going to be interesting to see how this evolves.

Another major area of dispute in cyber insurance lies with exactly what should be required of companies before they can sign up to a policy and subsequently claim. It recently emerged that law firm DLA Piper is also in dispute with its insurer over a NotPetya-related payout, although this time not over any act of war exclusion. Interestingly, it has been reported that the firm was crippled globally by the ransomware worm because its network structure was too flat. Although the firm is now segmenting those networks, there is a case for arguing it should have been made clear by its insurer right from the start that this security failure would have invalidated cover for such an attack. Perhaps it was — we will no doubt find out in time.

Focus on resilience scoring


The problem for insurers is that they’re used to dealing with underwriting physical things like houses or cars. Cyber risk is more nebulous and harder to define. Yet it is important they do so in order to produce more accurate, watertight policies with less risk of dispute in the future. With third-party risk scoring tools they can take a “virtual x-ray” of a client network to see how resilient it is to cyber-threats. They can then assess whether a company is ready to sign up to a specific policy and/or attach various preconditions to it. In this way, a lack of adequate security processes and controls could increaser premiums or invalidate a policy altogether, for example.  However, this only works if the risk measurement is really a view inside the organization, not just an outside view.  Some insurers have turned to external scan techniques, but this is similar to giving a doctor a selfie the patient took rather than an x-ray.

In the case of DLA Piper, the policy itself wasn’t even a specific cyber-insurance contract but something more general. A seemingly similar dispute between a Virginian bank and Everest Insurance hinges on whether the former was covered under a separate rider for computer crimes. This is another sign of the relative immaturity of the sector.

Both sides could do better: insurers should work towards reducing the ambiguity of small print policy details, using reliable third-party risk scoring to help them draw up better policies and conduct more effective due diligence. But companies also need to be more transparent about their cybersecurity posture, and realistic about how far coverage can reach. If a firm bolts its digital front door but then leaves all the windows open, it should be in no doubt that any policy claims will be invalidated.

Much of the current churn is only good news for the lawyers. But in time, the rulings from these disputes should provide more legal clarity over who is liable for what. All parties have a reason to want insurers to improve their assessment of cyber risk: it will make the underwriters more competitive and profitable, and force their clients to improve baseline security across the board.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Stories

ENTERPRISE BLOCKCHAIN: DRAGGING INSURANCE OUT OF THE DARK AGES

Ryan Rugg, Global Head of The Industry Business Unit at R3

 

The history of insurance traces back to the development of modern business and insuring against its risks; property, cargo, medical and death. Insurance helps mitigate losses, wary of the financial losses a capsized ship could cause, forward-thinking vessel owners established communal funds that could pay for damages to any individual’s ship within the group. While this basic concept holds strong to this day, insurance is now a multi-trillion dollar industry that impacts almost every other sector of business, from healthcare to capital markets and aviation.

Despite the insurance industry’s image of being a conservative sector, insurers have been consistently innovative in the property and perils they protect against, but the supporting technologies and infrastructure have remained antiquated and unfit for purpose. Operational inefficiency is the single biggest threat facing the insurance industry today, and insurers are now taking steps to tackle this challenge head-on with purpose-built enterprise blockchain technology.

 

Ryan Rugg

Inefficiency and fragmentation

Blockchain provides a solution to drive efficiency and security that would allow private data to be shared in a secure manner. Many policies are still sold over the phone rather than online, and the policies themselves are then processed on paper contracts, introducing huge potential for manual errors in claims and payments. This anachronistic infrastructure is even more surprising when you consider the complexity of the insurance ecosystem and the amount of parties involved in a transaction, including consumers, brokers, insurers, reinsurers and more.

The costs of this inefficiency and fragmentation are well documented. Inaccurate, disparate sources of data acquisition lead to long underwriting cycles and inaccurate risk profiling. Extensive manual intervention is required across the insurance value chain, ranging from contract placement to claims settlement. Archaic billing systems and complex billing processes lead to high reconciliation costs. Ambiguity in loss conditions, assessment procedures and claim settlement delays leads to increased litigation risk. It has been estimated that as much as 60% of customer premiums is consumed by these inefficiencies.[1]

In addition, increasingly stringent and dynamic regulatory requirements continue to impact areas such as renewals and claims assessment. Insurers often have a complete lack of visibility of their liabilities and obligations, and a lack of transparency across the entire business. In today’s regulatory climate, it is unsurprising that authorities are beginning to demand more from insurers.

Blockchain technology is not a panacea for all of these problems, but with the right architecture a platform can address and reduce inefficiencies.  There are also new revenue and growth opportunities in cutting-edge sectors such as cyber insurance that blockchain technology can help enable.

 

Tackling the blockchain privacy challenge

Blockchain offers insurance firms a new way to coordinate information between each other, by using a pre-agreed technology solution instead of relying on a third party’s bookkeeping. The technology enables disparate parties to connect via a shared platform environment. While this premise may appear simple at first glance, the insurance industry has specific requirements in relation to privacy and security that only certain blockchain platforms can fulfil.

For example, if a blockchain has the appropriate data privacy architecture in place, each insurance firm can maintain the same amount of control over their data as today, but with more flexibility. Unlike the traditional permission-less blockchain platforms – in which all data is shared with all parties – Corda shares information with those who have a “need to know,” ensuring the confidentiality of trades and agreements while also capturing the benefits of a shared distributed ledger infrastructure.

Blockchain platforms such as R3’s Corda have been purpose built for enterprise usage in industries such as insurance and tackle issues such as data privacy, scalability and security head-on. Following a period of experimentation with multiple consortia and technologies, insurers are now consolidating their blockchain efforts around Corda.

Testament to this is the recent decision of the industry-leading B3i consortium to port from IBM’s Fabric to Corda or RiskBlock decision to port from Ethereum.  All the major insurance groups and ecosystems are coalescing on Corda in order to effect change and form standards. As Metcalfe’s Law states, the value of a network is proportional to the number of connections in the network squared – the more insurers that build upon on a common platform, the more valuable the platform becomes to all participants due to the interoperability of applications. The consolidation around Corda creates network effects industry-wide.

 

Contract placement: leveraging the network effect

To more tangibly examine the benefits of these network effects, we can look at a specific insurance use case that involves a network of many different entities and counterparties – contract placement.

Contract placement is the process of negotiating a potential insurance contract between a broker and an insurer in order to issue the contract to provide coverage for an end customer. For most commercial and specialty insurance scenarios, except for small commercial and some mid-market products, this is an arduous, complex process involving several entities – a broker, one or more insurers, and potentially a reinsurer and reinsurance broker. Furthermore, outsized risks generally mean that multiple insurers come together to insure the risk at the requested limit price, resulting in additional complexity for the broker in managing the placement process.

Contract placement, with the extensive negotiation cycle between a broker and insurers, as well as between an insurer and reinsurers – with or without a reinsurance broker thrown in – has several inefficiencies related to inter-firm coordination. Extensive manual intervention and reconciliation is required for brokers, insurers and reinsurers to keep track of requests and responses; high IT spend is required for all participating parties to maintain an audit trail of the negotiation history between different entities; and each firm must make heavy investments in document storage systems to maintain separate contracts over the policy lifecycle.

Leveraging the network effect by connecting brokers, insurers and reinsurers onto the same blockchain platform can deliver numerous benefits. These include:

  • Near-instantaneous communication between participating parties to eliminate delays associated with reconciliation and coordination;
  • Real-time consensus among all parties involved in the contract on coverage, price, terms and conditions;
  • Complete audit trail from all sides of negotiations and data exchanges;
  • Greater regulatory compliance throughout the insurance industry due to instantaneous communication of in-force contracts to the regulator;
  • Eliminating the “double spend” problem of having the customer buy the same policy from different insurers by involving the notary (regulator);
  • Reduced IT spend for individual firms, with eventual decommissioning of legacy document storage systems and reducing spend on document generation systems.

 

A brighter future

Blockchain technology offers great promise across many avenues, not only contract placement. Platforms like Corda can add value to many insurance business segments – commercial and specialty insurance, life insurance, personal lines and health insurance, along with niche areas like marine and trade credit.

The industry’s recent consolidation around Corda reaffirms that data privacy is pivotal for a network of enterprises and that the platform’s peer-to-peer data sharing approach matters for insurance blockchain applications going into production. For a highly regulated industry like insurance, only Corda can ensure that the entire supply chain of brokers, insurers, reinsurers and consumers can interact in a seamless, secure and private manner.

From contract placement to insurance as an industry, we are excited to see the new opportunities and efficiencies that blockchain technology will enable between this wide ecosystem of participants now that the right network – Corda – is in place.

[1] https://marketplace.r3.com/solutions/Blocksure%20OS/448484fb-ad8d-40c1-8a1f-47e76381fb85

 

Continue Reading

Wealth Management

TWO TO TANGO? MARKET DATA AND OPINIONS IN INVESTMENT MANAGEMENT

MARKET DATA

Sebastien Lleo is Associate Professor of Finance at NEOMA Business School (France)

 

Analyst views and expert opinions matter. They are an invaluable complement to market data when it comes to formulating relevant capital market expectations and to strengthening risk management models and practices. But watch out for behavioral biases!

“Garbage in – garbage out!” Every investment management professional has heard the warning that poorly formulated capital market expectations will get portfolio optimisers to produce inefficient, unrealistic, and even outright dangerous portfolios.

Thus, considerable efforts have taken place to turn available economic and market data into accurate capital market expectations. These lead to the development of slick statistical methods, effective econometric techniques, and powerful machine learning algorithms.

Opinions can also be an invaluable source of insights to construct accurate capital market expectations.

What are the types of opinions on financial markets?

Opinions take multiple forms in financial markets. They include analyst views, opinions from political and economic experts, super forecaster predictions, and investor polls.

Moreover, opinions abound on financial markets. Consultancy Quinlan & Associates reported that the bigger banks and brokerages emailed over 40,000 pieces of research every week in 2016, despite continuing job cuts in the financial sector. Social media also contribute to the spread of opinions: according to the financial website Modestmoney.com, there are at least 839 active financial blogs published in English.

Why should I use expert opinions?

Opinions have three key benefits.

First, opinions can be a crucial complement to traditional economic, corporate and financial market data to construct realistic capital market expectation, and keep those up-to-date. This statement is especially true in times of heightened uncertainty, such as market bubbles and financial crises, when traditional data fail to provide an accurate assessment of market conditions.

Second, opinions can strengthen risk management models and practices. Opinions can widen the range of scenarios considered in portfolio optimisation and risk management. Dissenting opinions provide a cornerstone for the construction of meaningful stress test scenarios.

Third, we can use opinions, even when traditional data are not. For example, assessors evaluate insurance claims, and appraisers estimate the value of illiquid assets, such as real estate and collectables, periodically.

How easy is it to collect opinions?

The inclusion of opinions requires extreme care.

Let’s look at analyst views and expert opinions. We all know that not all experts or forecasters are equally accurate. A widely reported study by CXO Advisory Group LLC tracked 6,582 forecasts for the U.S. stock market published by 68 experts between 2005 and 2012. The study found that average accuracy across experts was 47.4%, with individual accuracies ranging from a low of 21% to a high of 68%.

Therefore, investment management teams need to implement a process to guarantee the relevance of the opinions used in their models. This process, known as “elicitation,” is described in abundant literature. The books by O’Haghan (2006) and by Meyer and Booker (2001) are an excellent place to start. Essentially, the elicitation process helps to construct views that are specific, explicit, and structured. Opinions need to focus on a specific variable or parameter, such as the price of a given asset or the mean of a distribution. Opinions need to explicitly provide a mid-point or most-likely scenario, a confidence interval, and to relate the confidence interval to a probability distribution. Finally, opinions need to be structured to provide a transparent and auditable trail.

What are the implementation challenges?

Three main implementation challenges need addressing.

The first and most dangerous challenge is that opinions are often subject to the behavioral biases. Behavioral biases, in particular overconfidence, excessive optimism, conservatism, confirmation bias, and groupthink play an essential role in how finance professionals perceive and process information, and on how they form their forecasts. Recently, in a simulation study, Davis and Lleo (2020) recently found that the presence of biases explained nearly 70% of excess risk-taking. Therefore, it is crucial to debias forecasts before using them in any model.

Second, expert opinion models are Bayesian and therefore require the specification of a prior distribution. We can overcome this difficulty with some original thinking, as with Black and Litterman’ reverse optimisation exemplifies.

Third, aggregating of multiple expert opinions is considered an essential conceptual and computational problem because it requires engineering a joint distribution out of a collection of univariate distributions.

 

How can I integrate opinions in my portfolio selection model?

Currently, several families of portfolio selection models use opinions as input. The best-known and oldest is the Black and Litterman (1992) model, which uses analyst views to generate capital market expectations in a Markowitz-style single-period optimisation framework. This approach has been extensively discussed and developed in a large number of subsequent papers and chapters.

However, the Black-Litterman approach has two fundamental limitations. First, it is static, meaning that it locks portfolio managers into a “buy-and-hold” strategy, ignoring the possibility that portfolio managers may shift their asset allocation as financial market conditions change. Second, it ignores the presence of behavioral biases in expert opinions.

To address the first limitation, Frey et al. (2012) and Davis and Lleo (2013,2020) proposed two closely-related dynamic portfolio management models. Although both models are developed in continuous time, we can transpose them to a multiperiod discrete-time setting.

The second limitation has proved more elusive. At the moment, Davis and Lleo (2020) is the only dynamic portfolio selection model that addresses for behavioral biases.

 

References

Black, F., Litterman, R., 1992. Global portfolio optimisation. Financial Analyst Journal 48 (5), 28–43. Davis, M., Lleo, S., 2013. Black-Litterman in continuous time: the case for filtering. Quantitative Finance Letters. 1 (1), 30–35.

Davis, M., Lleo, S., 2020, Debiased expert forecasts in continuous-time asset allocation. Journal of Banking and Finance. 113.

Frey, R., Gabih, A., Wunderlich, R., 2012. Portfolio optimisation under partial information with expert opinions. International Journal of Theoretical and Applied Finance 15 (1). O’Hagan, A., 2006. Uncertain Judgments: Eliciting Expert’s Probabilities. Wiley.

Meyer, M., Booker, J., 2001. Eliciting and analysing expert judgment: a practical guide. ASA-SIAM Series on Statistics and Applied Probability. Society for Industrial and Applied Mathematics.

Continue Reading

Magazine

Partner Events

Trending

Top Stories4 hours ago

ENTERPRISE BLOCKCHAIN: DRAGGING INSURANCE OUT OF THE DARK AGES

Ryan Rugg, Global Head of The Industry Business Unit at R3   The history of insurance traces back to the development...

Technology4 hours ago

DISPELLING BIOMETRIC MYTHS AND MISCONCEPTIONS

By Lina Andolf-Orup, Head of Marketing at Fingerprints Gangsters cutting off enemies’ fingers to access secret locations and spies lifting...

Videos10 hours ago

FUTURE FX PROMO

Videos10 hours ago

FutureFX Profile

BANKING BANKING
Banking3 days ago

FOUR WAYS OPEN BANKING AND AI WILL REVOLUTIONISE ACCOUNTANCY

Ed Molyneux, CEO and co-founder of cloud accounting software company, FreeAgent   It’s been just over two years since the...

FINANCIAL SERVICES FINANCIAL SERVICES
Finance4 days ago

HOW FINANCIAL SERVICES CAN GET TO GRIPS WITH RISING SUPPLY CHAIN RISK

By Alex Saric, smart procurement expert, Ivalua   UK businesses have never been more dependent on their suppliers to help...

MARKET DATA MARKET DATA
Wealth Management5 days ago

TWO TO TANGO? MARKET DATA AND OPINIONS IN INVESTMENT MANAGEMENT

Sebastien Lleo is Associate Professor of Finance at NEOMA Business School (France)   Analyst views and expert opinions matter. They...

EARLY RETIREMENT EARLY RETIREMENT
Wealth Management5 days ago

AN ULTIMATE GUIDE TO TURNING YOUR EARLY RETIREMENT DREAM INTO A REALITY

Rick Pendykoski is the owner of Self Directed Retirement Plans LLC, a retirement planning firm based in Goodyear, AZ.  ...

FINANCIAL SERVICES FINANCIAL SERVICES
Technology5 days ago

WHAT EVOLUTIONARY AI MEANS FOR FINANCIAL SERVICES

by Babak Hodjat, VP of Evolutionary AI at Cognizant   Many banks and other financial services institutions (FIs) are beginning...

ANALYTICS ANALYTICS
Business5 days ago

HARNESSING ANALYTICS IN THE FIGHT AGAINST FRAUD

By Anna Lykourina, EMEA Fraud Analytics Expert at SAS   In the past, the fight against fraud has been a...

ONESPAN ONESPAN
News5 days ago

ERSTE BANK HUNGARY IMPROVES AND SECURES THE REMOTE BANKING EXPERIENCE WITH ONESPAN MOBILE SECURITY

Leading Hungarian bank deploys OneSpan’s Mobile Security Suite to one million customers to make mobile banking convenient while fighting fraud...

FINANCIAL FINANCIAL
News5 days ago

HOW WILL LENDERS TREAT THE FINANCIAL SYMPTOMS OF COVID19?

COULD the coronavirus pandemic spark a financial crisis similar to that which was seen in 2008? Tim Kirby, Group Commercial...

PAYMENTS PAYMENTS
Finance6 days ago

ISO 20022 – THE BEDROCK FOR PAYMENTS TRANSFORMATION

Lauren Jones, Global Payments Ambassador, Icon Solutions   The financial services industry has seen ISO 20022 grow firmly over the...

STRUCTURED DATA STRUCTURED DATA
Business6 days ago

2020 VISION: TRANSFORMING THE LEGAL DOCUMENTATION LANDSCAPE THROUGH STRUCTURED DATA

Jason Pugh, Managing Director, D2 Legal Technology   The derivatives industry has been transformed by the proactive engagement of its...

LANDLORDS LANDLORDS
Wealth Management6 days ago

WHY LANDLORDS SHOULD MAKE THE MOVE TO THE ALTERNATIVE PROPERTY INVESTMENT SECTOR IN 2020

Reece Mennie, CEO of leading UK investment introducing firm, Hunter Jones    The new decade is expected to bring with...

Loss Loss
News6 days ago

PROTECTING YOURSELF AGAINST LOSS OF FUTURE INCOME IN A RECESSION

By Gerard Visser, Financial Planning Consultant at Alexander Forbes Financial Planning Consultants.   With low GDP growth, credit ratings downgrades and the COVID-19 pandemic,...

MOBEY FORUM MOBEY FORUM
News6 days ago

MOBEY FORUM TO ADDRESS DATA PRIVACY AND INNOVATION IN THE AGE OF AI WITH NEW EXPERT GROUP

Mobey Forum, the global industry association empowering banks and financial institutions (FIs) to shape the future of digital financial services, today announces...

SMALL BUSINESS SMALL BUSINESS
Business1 week ago

HOW TO MANAGE YOUR SMALL BUSINESS’S FINANCES

There are a lot of fantastic business ideas that end up failing during the early years. Why? A lack of...

CFO CFO
Top Stories1 week ago

THE EVOLUTION OF THE TECH CFO

Gavin Fallon,General Manager, UK, Nordics & South Africa Board International   Chief Financial Officers (CFOs) have traditionally been seen as...

FRAUD FRAUD
Business1 week ago

IS FRAUD PREVENTION CONVERGING WITH REGULATORY COMPLIANCE?

By Manuel Rodriguez, Fraud Solutions Manager at SAS   Several relevant reports show how the world of fraud and financial crimes is mutable...

Trending