Garry Booth comment: UK watchdogs sound the cyber alarm

Garry Booth comment: UK watchdogs sound the cyber alarm

The risks and opportunities around digitalisation are high on the agenda at both of the UK’s insurance industry watchdogs. In a stern letter to London market CEOs recently, Chris Moulder, director of general insurance at the Prudential Regulation Authority (PRA), warned that the risks emanating from writing cyber insurance “are potentially significant to the viability of the firms involved and the reputation of the UK insurance industry as a centre of excellence and innovation”.

He’s worried that, against a background of softening rates and challenging market conditions, insurers might not be managing their cyber risk exposures as well as they should. Moulder said that most firms simply don’t use robust methods for quantifying and managing ‘silent’ cyber risk (that’s where liability insurance policies don’t explicitly exclude cyber risk). Moreover, the PRA’s work suggests that insurers writing affirmative cyber cover don’t fully understand the real extent of its aggregation and tail potential. “Firms are limited by a lack of expertise and an insufficient length of claims data. Moreover, using past claims data to estimate future cyber losses may not be appropriate due to data being non-stationary,” Moulder said.

The introduction soon of the EU Data Directive is likely to add to the number of firms looking to expand their offering in Europe as well. Any perceived geographic diversification benefits for insurers could be offset by an increase in cyber risk aggregation potential, Moulder has warned.

Meanwhile over at the UK’s Financial Conduct Authority (FCA), chief executive Andrew Bailey is taking a wire-brush to Big Data and specifically how the technology could revolutionise the insurance model – and not necessarily in a way that benefits consumers. In a nutshell, Big Data is allowing insurers to move the boundary between risk assessment based on aggregate modelled behaviour and, on the other hand, risk assessment that’s based on the observed behaviour of the individual. The use of telematics in motor insurance is the best example.

In itself that’s no bad thing but what worries Bailey is that insurers might deploy Big Data to exploit their customers. For example, Big Data could be used to identify customers more likely to be “inert”, and insurers could use that information to differentiate pricing between those who shop around and those who do not. The latter will pay more and thereby cross subsidise those who do shop around. 

In another example, Bailey posits that genetic identification revolutionises the prediction of life expectancy and each person’s probability of suffering from dementia. The implications for the life insurance market are potentially profound as it might limit some people’s access to insurance they would routinely buy.

Bailey develops an interesting argument around what responsibility the FCA might have in controlling insurers. He thinks that it is the regulator’s job to stop insurers exploiting naïve or inert consumers (in the shopping around case) but that it is the role of government to decide on a public policy issue like genetic testing.

It made me think how fast digitalisation is likely to change the industry. But the interventions by the PRA and FCA reveal how slow the industry itself is in recognising the mixed blessings digitalisation represents.

What’s not to ‘like’

An indication of how ill-prepared insurers can be when rushing into the Big Data age was provided by the UK motor insurer Admiral. In November it trumpeted an initiative called firstcarquote that would allow it to use customers’ Facebook posts to help it price their insurance premiums. The idea is that analysis of first-time car owners’ Facebook accounts will reveal personality traits that are linked to safe driving. For example, individuals who are identified as conscientious and well-organised will score well.

However, on the first day of the trial, just two hours before it was due to go live, Facebook declared that it would not let Admiral access its users’ posts after all. They might have been worried about the adverse publicity that was building around privacy and social media (even though people had to opt in to Admiral’s project). Or they might have thought they should hold on to this valuable Big Data asset for themselves.

Either way, Admiral had to climb down. But how odd they didn’t think harder about the ethics of tapping social media and the potential for controversy such a move would create. As Jim Killock, executive director of the Open Rights Group, told the BBC: “Insurers and financial companies who are beginning to use social media data need to engage in a public discussion about the ethics of these practices, which allow a very intense examination of factors that are entirely non-financial.”

Once bitten, twice shy

Renewing my home and contents insurance recently, I had cause to think about why insurers shouldn’t always rely on algorithms. After receiving the renewal letter from Direct Line I decided to see what the rate was if I applied as a new customer. Sure enough, with all the same risk information the premium was about 40% cheaper. When I called Direct Line and told their agent what had happened he said I should apply online again as a new customer. I’m with another insurer now and shan’t be going back to Direct Line in a hurry…

Latest Issue

Summer 2019


 In this month's Reactions

  • Jean-Paul Conoscente interview
  • LatAm conference coverage
  • Captives and domiciles Report
  • London market in Focus
  • Atlantic hurricane Feature



Follow Us on Twitter @reactionsnet

Catastrophe Centre

Catastrophe Centre