Technology gone bad

Technology gone bad | Insurance Business

Technology gone bad
Never mind the challenge of innovating within the industry – technology is opening up new exposures across multiple sectors, and insurance needs to take note

It’s nothing new to say that technology is changing the world, but while much lip service is paid to how digital innovation is affecting the insurance industry internally, less is known about some of the new risks that technology is opening up in many lines of business.

Current issues range from the problem of connected devices and who will be liable for them in the future, to the network of cybercriminals using digital techniques to execute sophisticated scams.

“With the interconnectedness of the world, every company is becoming a tech company to a certain extent,” says Emy Donavan, Allianz’s global head of cyber.

From semi-autonomous cars to household appliances, connected devices are creeping into more and more people’s homes and lives. But while many tech companies have a good understanding of some of the exposures these products can bring, just as many firms do not.

“Tech companies have this in hand, and I think actually they’ll be the ones that lead us down the way,” Donavan says.

“What concerns me more are the non-tech companies that are now doing tech,” she adds, pointing particularly to product manufacturers that are starting to integrate connected technologies into their offerings.

The problem is exacerbated by the fact that there is a limited number of people who can advise on these products and the surrounding liabilities. Manufacturers of connected consumer products may end up facing major issues and product recalls if they are unable to get a handle on the vulnerability gap these devices open up, which can include the threat of hacking, as well as malware programs that can break devices.

As there is so much focus on speed to market and early adoption, companies may well be pushing out products without an understanding of the exposures they could face.

“I think that companies that haven’t yet been forced to think about security aren’t yet,” says. “If, as an organisation, you aren’t hardwired to think about those kinds of exposures, you inherently won’t.”

The potential shift in liability as a result of these devices’ exposures is yet to be worked out, and Donavan believes there needs to be far more communication between the insurance industry, its regulators and the technology community to figure out how they will respond to these challenges.

“Who ends up holding the bag?” she says. “I don’t know the answer to that – but I think people should start to think about how they want that to look.”

And it’s not just devices that are vulnerable – cybercriminals are now using technology to manipulate people in “a modern-day version of the old con scams”, says Greg Bangs, XL Catlin’s global crime insurance head.

Social engineering fraud – in which criminals gather information from social media platforms and company websites to use as psychological manipulation – is one of the hottest talking points in the crime insurance space. Two of the most common forms of scam are vendor impersonation, in which criminals impersonate a business vendor to reroute payments to themselves, and CEO fraud, where thieves pretend to be executives within the company and convince employees to transfer them funds. CEO fraud is particularly rife in Europe, Bangs says, and is especially difficult to protect against.

“This one is a little more insidious because the fraudsters are very good at using psychological pressure points,” he says, “so when they’re talking to the individual to try to convince them, they recognise right away what the right buttons to push are.”

Bangs says while these scams are happening “all the time”, the picture is still a little cloudy when it comes to coverage.

“It’s an interesting landscape; a lot of [insurance] companies don’t cover [social engineering fraud] at all because they’re not comfortable with it, so they stick with the standard crime coverage and say, ‘We don’t like that; it’s too exposed.’ ”

Others, including XL Catlin, do offer coverage, but limits vary, as there’s still some hesitancy in the space as the risks develop.

Loss-wise, Bangs says there’s been an “explosion” in the computer fraud and wire transfer area, which has insurers concerned.

“With the increasingly technologically superior capabilities of the fraudsters,” he says, “it seems they are always one step ahead of the good guys.”