Insurance has been called the “DNA of Capitalism” and the “Oxygen of Free Enterprise”. Without insurance, banks do not open, planes do not fly and hospitals do not function, says Mr David Piesse from Guardtime. Having reliable, authentic electronic data is paramount to the process and he addresses the use of a new standard for cyber liability insurance called Keyless Signature Infrastructure (KSI).
Increasing reliability of electronic data is the main message in this article and we will explain how keyless signatures can help improve the combined ratio of an insurance company within the realms of reputational and operational risk.
The following beneficial use cases to insurance have been identified based on global market research. The list is not exhaustive and is driven by emerging trends in the financial, insurance, logistics, defence, telecommunication and IT industries. The use cases apply to all insurance-based organisations, banks, aggregators, telecommunication companies and software vendors.
• Cyber Liability Insurance;
• Electronic Trading of (Re)Insurance;
• Dematerialization of Policies and Claims;
• Physical authentication for insurance documents such as Certificates of Insurance;
• Solvency regulation data and long term archiving;
• Insurance fraud prevention from Internet based Channels;
• Telematics and Motor insurance; and
• Healthcare Liability Management and Fraud Protection.
Insurance issues affecting profitability
The insurance industry is very conservative and change does not happen fast. There is a need to get regulator acceptance for new practices and a lot of the future risk management lies with the industry’s expansion to public-private partnerships and use of the capital markets.
As new risk sources such as natural catastrophes, asset bubbles, longevity, pandemic and data volumes, increase exponentially, the need for reliable authentic data will only increase. This is occurring as more people go online, interacting with social networks and cloud computing using the internet, dovetailing with multiple devices such as cell phones and tablets all connected to the web. Recent cyber-attacks on USA, Germany, Korea and China show that challenges over data can lead to a loss of trust, destabilising the business sectors involved.
Fraud is a major loss to the insurance industry bottom line especially in the healthcare sector but this extends to all lines of business. Document fraud, identity theft, cover-note fraud and operational risk on systems and procedures impacts profitability.
Increasing expense ratios such as cost of distribution and back office expenses inflate the combined ratio and the companies with the strongest underwriting, leanest expenses, reserving and good claims management will have the best profitability and ratings.
Internet distribution and cloud computing processing offer new channels and cost savings to the industry. A perceived lack of security by regulators, boards of directors and agencies can prevent companies moving in this direction and thus not benefitting from direct insurance selling and lower costs offered by a cloud model.
Liability insurance requires prevention measures and warranties to be in place in the policy wordings of contracts with customers. Without this enforcement by brokers and insurers, claims and expenses will rise and profitability will be affected.
Use of KSI also about applying value added services
The use of KSI is not solely about defence and improvement of profitability via a combined ratio. It is also about applying value added services to new product ranges for increased competitive edge, differentiation and in some cases, new products that will evolve directly around data protection and give rise to innovation and new sources of premium and capital.
The insurance industry was not in the epicentre of the recent financial crisis and cannot generate systemic risk per se. However in the wake of the financial crisis, new solvency rules are being introduced to the industry to promote more financial stability.
One of the deliveries of this is holistic risk management containing new rules about risk data handling and retention. The internet, mobile networks and cloud computing will all play a major role as trading moves online and steps need to be taken to protect trade integrity and transparency at all times.
KSI – “lie detector for data”
KSI standard evolved from a cyber-attack on Estonia in 2007. Recently the world has seen a massive increase in data across all industries. In the insurance industry, as long term storage is regulated and catastrophe/historical claims data grows, the need for technologies that can verify the authenticity of data will be key.
KSI can be thought of as a “lie detector for data”, a simple process of signing a piece of data by software whether it is a policy, claim, reinsurance transaction, PDF document, email or analytical data.
Data signing can also be imbedded in devices producing documents or files such as medical equipment, printers and map-making operations.
KSI provides keyless signatures to deliver proof of signing authority, signing time and data integrity. Verification is based solely on mathematics and does not rely on a trusted third party or the security of cryptographic keys. Thus for organisations, there is no need to worry about being compromised by counterparty risk. No people or system administrators are required for the signing and verification process.
How to determine if data is authentic and intact
In the insurance industry, data is arguably the greatest asset and can reside in multiple locations. How can top executives be sure that the data is authentic and intact?
In an industry where regulatory policy and industry standards dictate the process, data can be called upon for evidence many years in the future. In this respect the content must be verified to the entity that sent it and the data must withstand organisational and operational changes over time. As insurance is a social business, it protects people and companies so data privacy, transparency and integrity are key risk indicators.
The keyless signature proves three things for the top executive:
• The time that the insurance related data was signed;
• Proof that the data has not been tampered with since the time of signing; and
• What entity, process or machine signed the insurance data.
A key feature of this provable signature service is that the signatures are mathematically verified using integrity codes published in newspapers or insurance publications. This removes the need for trust after the signing process.
Recent offering of KSI for keyless signatures for transactions and documents in conjunction with secure cloud platforms has led to increases in security guarantees backed by legal service level agreements.
Cloud computing is an information technology (IT) development, deployment and delivery model enabling real time delivery of products, risk management, services and solutions over the internet.
For insurers, this takes IT away and allows it to be managed elsewhere leaving the business to transact insurance. This enables core cloud services such as policy and claims administration, reinsurance, billing and payments, rating and value add services for customer management and security. KSI is a value added cloud service for security and risk management and is deployed here to align the technology and business with the new industry drivers under the operational risk sphere of influence.
The future
Factors that will drive KSI adoption in various scenarios are -
• Data growth will continue at an exponential rate in the insurance industry;
• Increased number of cyber-attacks targeting data;
• Increased dematerialization moving the industry towards electronic media for storage;
• Increased online selling of insurance and telematics in M2M(machine to machine) world;
• Increased focus on standards;
• Increased regulation on the need for authentic data; and
• Increased urgency of limiting liability and reducing fraud in an electronic healthcare world.
Conclusion
A wise man in insurance once said that insurance is the business of claims, claims and claims. Without prompt settlements of claims in good faith, how will be trust will be gained in an industry where the business relies on an upfront payment as a promise to pay if an event which may never happen, happens?
In developed countries over the last two centuries, this has been an acceptable way of protecting business and people and contract certainty was taken for granted and disputes over claims was handled by third parties and litigation as last resort.
However the world is changing fast but the promise to pay and the principles of insurance remain as they were at the start of the industry all those years ago. What is changing is technology, new distribution channels, new customers from market not previously associated with insurance (and banking) and increased regulations and standards.
The key word that is consistent through this process from past to present is trust and we need to have trust in technology, trust in distribution channels such as mobile phone, gain the trust of billions of people seeing insurance for the first time globally and also gain trust of people who regulate national and international business to allow business to transact in the modern world.
Trust is a very big word and in the cyber space, it is the key issue to address where often “trust is not enough” to carry the day. We must protect society and entrepreneurs in the new world as we did in the old, allowing risks to be taken without fear of loss. KSI will make that happen for cyber liability as other warranty standards did for the property world as we now protect digital assets as well as physical.
Mr David Piesse is a Member of Guardtime Advisory Board.