Building an Insurtech Prototype
Be Kind. Do Good. Have Fun.
The Digital era is flowing powerfully in every business veins, and brings with it cyber risks.
Every day is possible to find on the newspapers some huge business stopped or slowed by crackers attacks like it happened just in the last 6 days to Geox, Garmin or Disney, Microsoft, Nintendo and other 50
These are just the biggest ones, but everyday small and medium business are blackmailed through very simple crackers attacks requesting for an amount of money.
This is even more true now that the world is working from home, with employers connected to sensible companies data with insufficient network securities.
Opportunity
The business opportunity targeted for this exploratorium is about the servitization of Cyber Insurance Policy. The goal to be reached is to understand and evaluate if there are digital technology opportunities to facilitate insurance and brokerage in the management of the insurance policies and to speed up the insurance indemnification in case of claim.
Insurance servitization example: in Italy when you break the glass of your car, you just bring the car to an express glass service to replace it, without paying for it in advance and waiting for the insurance company to refund you. In this case, the glass service will directly deal with the insurance company for you, offering you a replace service instead of a monetary refund.
That’s the best user experience, but still this isn’t the case for almost all the other kind of insurance bills.
If you want to know more about Insurtech opportunities
Could underwriters offer platform for next stage in insurtech evolution?
Five managing general agents choosing to carry their own risk
Questions to be answered
How might we reduce the management time needed for Cyber Insurance risk?
How might we reduce the indemnity delivery time in Cyber Insurance policy?
Are cyber insurance policies willing to be servitized with real time tracking tools to detect IT network variations?
The Partner
Wide Group, is one of the few players in the Italian insurance world to have embraced digital technologies to make operating processes more efficient and improve the insurance experience of its customers and collaborators.
The partner will make its know-how, its network and all the skills necessary to maximize the return of this exploratorium available to Uqido.
The Prototype
Once challenges and ‘million-dollar’ questions were identified, we interviewed Wide Group’s experts to understand the state of art of cyber insurance policies and the indemnification procedures currently in use globally:
From these interviews, we understood that insurance stakeholders manage the flow of insurance practice, from risk assessment to monitoring, based on information and data of a generic nature of the client company .
This method is used for the vast majority of cases where cyber insurance coverage is sought. Only at the time of any compensation, the insurance company analyzes the conditions of the corporate IT network.
We therefore explored which technological solutions can undermine this procedure based on purely quantitative and non-qualitative data from the corporate IT network, for the risk assessment and monitoring phases, and how these solutions can give a benefit on the possible management of compensation.
We created a prototype for this digital solution: a blackbox that, when installed on the network of the corporate company, will identify its point of failures and risks
[DETAILS] You can have a look more in detail of the design and development details here
In order to determine the initial status of the corporate IT network, this data will be unambiguously and unchangeably recorded when the insurance contract is concluded.
All along the insurance policy lifetime, the plugged-in blackbox will register the real-time data flow, reporting increased or decreased risks.
Thus, this system allows the company to identify and prevent possible cyber attacks such as phishing and malwares (like ransomwares, cryptolockers, spoofing attacks, etc.).
For the broker or insurance company to constantly be up-to-date with the system status, we created a control dashboard that records real-time data transmitted by the plugged-in blackbox and notifies the receiver of the variations.
In the control panel, we installed an automatic ECP service for corporate diligence, which allows the insurer (or the broker) to recognize possible interactions between the client and third-party entities that are affected by operational restrictions due to legal processes or affiliation to government black lists. This service could also be extended to track the insurance coverage of corporate shareholders, hence increasing the volume of information accessible to the insurance company to properly estimate the risk of inter-corporate cyber frauds.
This technological approach allows the insurance corporation to verify the real-time risk faced and gives the insurer (or broker) the opportunity to stipulate a policy based on real and qualitative data.
Moreover, by making available the actual information of the IT infrastructure, this solution facilitates a client-centered insurance service.
Conclusions
Through the interactions and information collected during the dialogues with the partner Wide Group, we asked ourselves if the main stages of the process can be automated and managed through digital systems: monitoring, managing and analyzing the customer's IT infrastructure.
This solution hypothesis has received target customers interests, since it allows the insurer to "photograph" in a certain and unequivocal way the conditions of the IT infrastructure at the signing of the contract and to monitor its variations (therefore to reduce the time of management of the insurance practice) and guarantees to the insured that any change or modification of their IT infrastructure is recorded and therefore the damage occurred is immediately ascertainable (therefore it offers the opportunity to significantly shorten the compensation practices).
This hypothesis can therefore change the approach of insurance companies by moving the assessment of insurance risk from generic data to objective and relevant data specific to the infrastructural nature of the IT systems of the client company.
Main takeaways
digital technologies allow you to optimize 3 processes which at the moment represent a friction for the parties: the insurance company estimates the risks on the basis of administrative data and not on the real state of the IT risks and it sustains the costs of the damage analysis phase. On the other hand, the customer company is not sure if it’s fully covered and at best it must invest time and resources to be compensated;
Process Innovation is not always just a matter of cost optimization: in this case it also represents the opportunity to launch new (insurance) products on the market that potentially open up to new customer clusters;
Regardless the fact that you manage an insurance company, a chain of stores, a consulting agency or a product company, in this precise historical phase the more specific data you own, manage and process, the better you can serve your customers and the more easily you can evolve your business model.
Next Steps
On a scale from 0 to 10, where 10 represents the certainty of having created a new desirable, feasible and viable product, in this sprint we have reached 3.
If we were outside the exploratorium, a player interested in continuing this path should in our opinion proceed first of all with the validation of the feasibility of the new insurance product with an influential insurance company and the validation of the new 'serviced' compensation process. On the technical side, however, the blackbox must be made ‘bombproof’ and it should be investigated which other data it is useful to collect from the customer through it.
What do you think about this prototype?