Silent Cyber Threatens Brokers, Too: E&O Risk in Cyber

“Silent cyber” is the possibility that an insurer of a non-cyber insurance policy will assume risk triggered by cyber peril such as a ransomware attack, denial-of-service attack, or data breach that would otherwise be insured under a full cyber insurance policy. Note the definition I’ve used specifies insurer – because the carrier is the one most directly impacted by any claims, or disputes over claims, that arise from a cyber event.

But the carriers clearly aren’t the only actors in the insurance ecosystem. As such, they are not the only ones potentially impacted by a major cyber event. Brokers themselves have a duty to their clients, and errors and omissions (E&O) risk could arise from that duty where claims intersect with the cyber coverage the broker has advised their client to (or not to) purchase.

Silent Cyber: A Primer

If you’re not familiar with the term, there are a few key things to understand about silent cyber. First, not all policies that omit cyber language present silent cyber risk. For first-party risks like Property and Cargo, the policy must also cover damage to property and business interruption. For third-party risks like General Liability or Personal Injury, the policy must insure liability exposures that might be triggered by other events. These are both low hurdles, but are essential: it is these coverages, combined with omittance of cyber-specific language, that produce the conditions for silent cyber risk.

If a ransomware attack causes business interruption when thousands of employees cannot use their laptops for work, are those losses tacitly covered under a standard Property/BII cover? Perhaps yes and perhaps not.

In the insurance industry we have seen this kind of ambiguity in policy language before, in the development of new underwriting categories. It typically results in years of costly litigation before the right coverage and pricing prevails. Considering the scale of losses relating to data breaches witnessed in the past five years or so, that is a grim prospect for carriers, policyholders and the industry.

A recent statement from the Prudential Regulation Authority (PRA), the UK’s insurance regulator, underlines this risk, and effectively ups the ante for all insurers. Their statement, issued in January of 2019, demands that insurers “develop an action plan by H1 2019 with clear milestones and dates by which action will be taken” to reduce the unintended exposure to non-affirmative cyber risk. Notably, the PRA does not just impact UK companies — it also regulates Lloyds of London, and thereby the $250 billion U.S. Commercial P&C insurance industry that is reinsured by Lloyd’s. Yet insurers have been slow to respond, with none wanting to be the first to exclude Cyber in a given class and then suffer the consequences of an efficient market wiping out some of their share.

Brokers, Cyber, and Errors and Omissions

Brokers, of course, want clarity of coverage as much as anyone in the chain in order to better serve their clients. Any broker that has persevered through the lack of clarity around claims of Terrorism (particularly resulting from the 9/11 attacks), Pollution, or Employment Practices know that clients can be lost when a claim is not responded to in clear fashion by their insurers. Perhaps even worse, brokers can expect claims against their own Errors & Omissions policies and retentions from clients who find insurer response to claims unfair.

This particular form of risk is worrisome given the dynamic nature of the offerings available. When the market for affirmative cyber policies was still nascent, one could argue that this untested area of insurance was not an obvious choice for a given client, especially considering that their property policy was silent about cyber, and coverage for damages could be assumed. What may have been a reasonable defense against a claim a few years ago may not be today, given the offerings now in the market for cyber coverage, and the precedent of disputes over cyber coverage.

The Way Out of the Thicket

The insurance market is making its first attempts to address Silent Cyber. Insurers like FM and AXA now offer some high-end Property accounts with coverage against certain Cyber Perils-related losses. While this is good news for brokers and their clients, in its present stage it presents a heightening of risk for brokers. What happens to brokers when they place coverage with an insurer that does not offer Affirmative Cyber and a claim payment is denied as a result of Silent Cyber positions? It is almost better for brokers to have no insurers offering coverage.

The solution, of course, is more integrated Affirmative Cyber offerings across the marketplace, not fewer. If “software is eating the world,” as venture capitalist Marc Andreessen — the inventor of the first commercial web browser — famously wrote, then insurers need to respond with its corollary: Cyber Insurance is eating Commercial Insurance. More robust strategies are needed by insurers. Brokers should demand them.

Want to learn more about Silent Cyber risk? Check out our free whitepaper, Silent Cyber: Threat or Opportunity?


What can Brokers do about Silent Cyber risk?

You’ve probably heard folks in the industry talking about Silent Cyber risk. You even might have an idea about what silent cyber risk is, and understand how it might impact your clients.

The persistence of the issue over nearly a decade is attributed to complex issues that are high in the insurance value chain. So what can a broker, on the front lines of the issue, do to find solutions for their clients?

Before we answer, let’s look at why solutions have been hard to come by.

You’d be forgiven for thinking, upon surveying the options for cyber coverage, why don’t insurers simply add it to the form and underwrite the risk!? It’s a valid question. The industry has already coined a term of art for this avenue: “affirmative cyber.”  While underwriting the risk is the most logical response, there are at least three problems for large incumbent insurers.  

First, not all commercial insurers underwrite cyber insurance directly. They may not offer a stand-alone cyber insurance policy or know how to underwrite the risk. There’s a simple lack of expertise standing in the way.

Second, even if a carrier offers a standalone policy, offering affirmative cyber as part of a Property policy requires writing endorsements, or mini-policies attached the larger policy. This requires legal and regulatory scrutiny, and adds a significant new source of complexity to policies that have been carefully honed over decades. If your competitors are staying silent on cyber and the sky hasn’t fallen, all of that complexity and expense seems daunting.

Third, bringing these solutions to market will be a huge endeavour for P&C insurers because of the manner in which they organize themselves. P&C insurers build towers of authority and business acumen based on the types of insurance policy — departments for Property Insurance, Products Liability Insurance and so on. Each of these units has their own slice of cyber risk that overlap with their historical perils, and each requires something a bit different from cyber underwriting. But none of these incumbent product lines is staffed with cyber underwriters. The ability of these insurers to cross-institutionalize their know-how will be a huge test.

Cyber Underwriting is Different, Plain and Simple

Aside from structural issues, there is also friction that will be caused by the new cyber underwriting process. Full cyber policies require completion of lengthy applications and reviews that will need to be done many, many times over at these insurers.  “Skinny” Cyber endorsements have smaller premiums and require only a subset of knowledge of the overall Cyber risk landscape.

One way to solve for this challenge is automation of the quoting process, starting with smaller accounts.  At Corvus that is for accounts up to $300MM in revenue. We expect to continue to increase this functionality as our Data Science team continues to find ways to use techniques like machine learning, a type of artificial intelligence (AI), to process more data around Cyber breaches and Corvus scores.

What can brokers do?

For all of the reasons stated above, brokers can’t rely on the incumbent carriers to solve the issue for their clients. Brokers need to look elsewhere in the insurance ecosystem for creative solutions.  

Brokers can take advantage of the data from companies like Corvus and other third parties that sell similar information. Each of us in this sector aspires to provide the most value to brokers and their customers. By informing their clients about the extent of their cyber risk, and the limitations of their current P&C policies in protecting them, brokers can gain their trust to pull together solutions that include standalone cyber policies that add value with digital tools as well as novel combinations of cyber policies with specialty lines like Property, Cargo or Tech E&O.

It’s not as elegant as delivering a single set of P&C policies that cover cyber perils from their longtime insurer, but in Corvus’s experience as an MGA, clients appreciate the forward-looking and creative solutions brokers can deliver by looking outside the normal channels. Once clients see the need, they are open to trying new things.

So brokers: dig in and choose your digital weapons. Don’t let Silence win out!   

To learn more about Silent Cyber, check out our whitepaper. Click here to download.

Historical data won’t predict Cyber claims. Here’s what will.

In most insurance arenas, historical loss data is paramount in perfecting pricing and other underwriting strategies. Not so in Cyber Insurance. An examination of large data sets relating to prior breaches is not without interest, of course. But most aspects of Cyber Risk are dynamic: the types and sources of attacks, levels of awareness and defense on the part of organizations, and the ever-growing digital surface area of organizations — these are all in flux. As a result, reliance upon historical loss data, that pillar of insurance underwriting, will likely lead to a false sense of security among many insurers.

Insurance underwriting – the traditional way

In order to demonstrate how Cyber Insurance poses new challenges to the commercial insurance industry, we must first consider traditional underwriting approaches. Let’s approach it through the lens of Property Insurance. There is an immense amount of historical data about the frequency and severity of property losses from major perils like fire. Through both intuition and the gathering of data over decades, insurers are able to identify distinguishing risk characteristics and to quantify those differences.

For example, property losses may be several times as likely to commence in a building made of wood as opposed to a building made of non-combustible materials. Property losses are also mitigated by common defenses that have been well studied. Greater losses are more likely to occur in a building without a modern sprinkler system than one with a system of sprinklers. Consider also temporal conditions. The fire hazard posed by the operations of a paper goods wholesaler or a law firm has not changed in decades. The operations of these companies and the fire risk arising from them are well studied. The past can accurately predict the future.

Cyber Risk is immensely dynamic

Digital risks are much more challenging for insurers to measure. This is due in part to a lack of expertise. Most do not examine, in a digital fashion, the IT Security of their prospective insureds other than by asking questions on a quickly-outdated application. Over time, insurers have gone deeper into the Cyber Insurance market and have suffered losses that can produce intuitions and data-driven assumptions about future risks. This information is certainly important—but the tendency in insurance to rely upon historical data may finally meet its match in Cyber Insurance. Digital risks should be evaluated using digital tools.

Cyber Risk is not as static as most other arenas of risk. Unlike fire, whose nature does not change, the Cyber Risk peril is in constant motion. Consider cyber thieves. They don’t rest idly with their current methods, waiting for law enforcement or the security industry to catch up — these thieves make a living inventing new types of scams, ransomware attacks, and phishing formats. They are innovative in a way that fire risk simply cannot be. Their strategies change in order to increase the likelihood of success. The international nature of the internet along with powerful state actors like North Korea make the source of the peril ever-changing.

Of course, the nature of the peril is not the only dynamic aspect. The defenses used by organizations are also in constant motion. New Cyber Security companies seem to pop up like mushrooms in the spring. They offer new detection and prevention systems for companies large and small. It is a challenge just to identify the nature of these changes, never mind evaluating their effectiveness. Sprinkler systems never had to change so quickly.

The biggest source of unreliability in prior experience is the use of the internet by the policyholders themselves. It seems that every function is moving to digital platforms with cloud-based systems. Not only does this pose new aggregation risk for insurers, but it also means that most organizations are increasingly reliant on web-based platforms for customer orders, logistics, quality control, product operation, safety, and more. Thankfully, this is countered by an increasing level of attention being paid to Cyber Risk security by organizations.

Lastly, the use of static underwriting tools like document-based applications leads to a tendency to collect information that is quickly outdated. While insureds are seldom malevolent, there is a tendency nonetheless for many to put less than their full effort into the underwriting process — particularly when it seems so antiquated by the nature of its questions.

How can insurers respond to this new risk environment?

There are a number of strategies for insurers to address the ever-changing risk dynamics of Cyber.

First, underwriting information needs to be focused on the near past instead of the distant past. That means opening up to the possibility of using proactive measures to assess risk at a point in time, not just by using an aggregation of past data. Put differently, if the digital “footprint” of a business is constantly growing and evolving, the most accurate assessment of risk will necessarily be one that examines an organization’s digital landscape as close as possible to the moment the policy is quoted — not what it looked like last quarter or last year, or generally over the past 5 years.

To accomplish this up-to-the-moment assessment, insurers need platforms that use AI and machine learning to automate the process of scanning web-facing infrastructure, and which can process new information about threats and defenses far more quickly than a labor-intensive questioning process about the company’s systems. These kinds of scans are typically found within the realm of cyber security, where vendors work to actively protect clients rather than underwrite risk. But such technologies are making inroads in the insurance industry as their value for underwriting becomes better understood. A side benefit of using an automated assessment is that it bypasses the human element, eliminating inaccuracies based on misunderstanding, error, or laziness.

Insurers should also be wary of becoming too reliant on the historical data approach that has served so well in everything from Property Insurance to Workers Compensation to Products Liability Insurance. Looking back at a decade of cyber attacks to judge risk at the point of quoting a policy isn’t enough. With dynamic cyber crime trends, information about current risks should be both included in the initial risk assessment and also shared with policyholders as new information becomes available. The cyber crimes relevant in 2017 may not be relevant in 2019. Insurers can protect themselves from increased risks by helping their policyholders proactively protect against new threats throughout the policy period.

Digital tools are needed to assess digital risk. The sooner insurers accept and act upon this directive, the better cyber insurance will be for insurers and policyholders alike.

What is Silent Cyber Risk?

By now, you’ve likely heard about “silent cyber” — after all, it’s been the most talked about term in global commercial insurance for the past year or so. It seems like every major reinsurer, broker, and insurance publication has commented on the topic, and explained the risks it poses.  

What you may not have heard yet are suggestions for how insurers can take action to avoid those risks. It’s a difficult problem for insurers to solve, for a number of reasons — but there are ways to start mitigating the risk through the use of technology. We cover these challenges, and suggestions for overcoming them, in our new whitepaper: Silent Cyber: Threat or Opportunity? If you want to read more in-depth on the issue, head over to check out the full whitepaper now.

If you’re just getting started, read on as we discuss the basics of the issue of silent cyber: what it is, and how we got here as an industry.

What is Silent Cyber Risk?

Silent cyber risk is a term describing the possibility that an insurer of a non-cyber insurance policy (e.g., Property, Business Interruption, General Liability) could assume risk triggered by a cyber peril such as a ransomware attack, denial-of-service attack, or data breach. Importantly, the policy in question must be “silent” about cyber: neither mentioning cyber risk as part of the coverage, nor excluding it. By covering things like damage to property or business interruption that are potentially impacted by a cyber attack, but not defining how that situation will be handled, you have the conditions for silent cyber risk.

There are a few different ways silent cyber risk can manifest. Sometimes the insured business does not have any sort of standalone cyber insurance policy at all — only non-cyber policies that are silent on cyber. In others, a business may have a cyber insurance policy, but also have cyber-silent policies covering property or general liability. Those non-cyber policies may still be impacted by certain perils that are beyond the scope of the standalone cyber policy. Lastly, there may be cyber-specific language (“affirmative cyber”) included in some non-cyber policies, but not others.

Needless to say, things can get complicated with ambiguity at various levels. Each situation is unique to the business and its coverage.

How Did We Get Here? A Brief History of Silent Cyber

The first cyber insurance policies, issued in the 1990’s, were limited in scope. Over time, as new risks emerged and demand for insurance grew, insurers offered increasingly complex insurance policies. That expansion of coverage allowed insurers of other traditional commercial Property & Casualty (P&C) insurance policies to remain silent, hoping that cyber policies would come to the rescue if there were claims.

The mode of complacency was shaken in 2017, when a series of attacks on major global businesses rocked the insurance industry. The NotPetya and WannaCry ransomware viruses affected large, global businesses like FedEx, Merck, Mondelez, WPP, and Maersk, among others. In each case costs ran to the tens or hundreds of millions of dollars. At the high end, total losses for some companies were reported to have exceeded $1 billion.

Costs were driven not only by direct damage, such as infected computer hardware, but also business interruption losses. Property/Business Interruption insurers covering the affected companies likely did not underwrite cyber risk under their policies, nor did they charge an explicit premium for the risk. Alarm bells began sounding in insurer board rooms across the world.  

The attacks had the effect of magnifying the silent cyber issue. In several cases insurers paid out millions in affirmative cyber coverage, but those claims represented a small fraction of overall losses for businesses. The rest of the losses, due to business interruption for instance, remained ambiguous due to cyber silence and left insurers open to the risk of disputes if insured companies were to seek redress. With hundreds of millions in losses uncovered, the stakes are high for all involved.

Why Can’t Insurers “Speak up” on Cyber?

If you’re interested in learning about why silent cyber risk persists, and what can be done about it, we invite you check out our free whitepaper: Silent Cyber: Threat or Opportunity.

While you’re at it, follow us on Twitter for more content and commentary on cyber insurance and the intersection of insurance, data and technology: @CorvusInsurance  

Three Ways to Use Data to Win New Business in 2019

2019 is upon us and many brokers are already into their new production year. Organic growth from new accounts or new lines of property and casualty business are two major means of meeting and exceeding these goals— but organic growth is difficult, and so is grabbing the attention of insurance buyers. InsurTech advances are allowing for some exciting new developments in differentiated product development that can help open doors for new clients and help round out accounts with new kinds of coverages, such as cyber insurance. In particular, the use of previously ignored or inaccessible data can move the needle and get the attention of insurance buyers in 2019. But how can you do that with everything else on your desk? We’d like to pitch some ideas.

First, align yourself with partners that can put data to work for you. Corvus is one of many data suppliers to the industry. Others, using a SaaS (Software as a Service) model sell “seats” or “licenses” to brokers. Prominent among them are AIR Worldwide and RMS, which use data to predict the likelihood of catastrophes such as earthquakes and windstorms. Their data is also used to help brokers and insureds determine the maximum probable losses in certain situations. In the same way, Corvus provides reports from externally sourced data that can help you and your clients predict and prevent claims.

Second, determine which coverage areas have the most potential for you and your clients to leverage novel data sets. These will generally be in areas that are causing anxiety for customers, such as property catastrophe risk, cyber insurance, and areas with large severity exposure. Predicting and preventing large and uncertain claims is far more urgent for insurance buyers than managing smaller events like slip and fall liability claims– or even more predictable events, such as auto claims.

Finally, demonstrate your expertise by using social media. LinkedIn and Twitter are business favorites, but in some communities, Facebook can be a strong tool in getting out the news about new risks and solutions. Effective social media is frequent, with headlines that grab attention (but aren’t sensational), and timely (linked to recent news developments). It can be enhanced with strong graphics and links to larger reports and external sources. Corvus and other marketing-oriented underwriting partners provide this information to its brokers. You should not need to find this information yourself.

While Corvus is not the only company to master unique data sets in order to support insurance brokers and their clients, we are digital natives. Everything at Corvus is built with digital integration in mind. From data science to data analytics to social media and other marketing tools, it all results in victory.

For more information about how Corvus can empower your 2019 New Business plans, contact Gerritt Graham, Chief Commercial Officer at ggraham@corvusinsurance.com. Here’s to a happy and successful 2019!

scientists

The Big (Uninsured) Risk for Early Stage Life Science Companies

Early stage Life Science companies are invariably betting a great amount of capital on the human clinical trial testing of their first products. Immense work and expense go into lining up clinical trial sites, scaling up early manufacturing (or contract manufacturing) and building the team of Clinical, QA/QC, Medical, Legal, and related resources.  All of that overhead is devoted to just one thing— advancing the clinical material into clinical trials. However, something as simple as spoilage of a shipment can lead to an immense uninsured loss.

Time to market may be a huge factor of course, but risks associated with idle unproductive employees and the associated salaries, benefits, rent, and other overhead that often add to losses while the batch from the shipment is being recreated are usually uninsured with standard Ocean Cargo policies.

This proverbial tightening of the funnel should be a great target for important insurance coverage but has been left uninsurable by incumbent insurers in the market. Amy Sinclair, Life Sciences Practice Leader in the Boston office of Arthur J. Gallagher said, “A loss of clinical trial material in transit can lead to a Business Interruption and Extra Expense Insurance loss. We can cover that under a Property Insurance policy while the goods are in a fixed location like our client’s manufacturing building.  But until now, we have been unable to get insurance for our clients that responds to the risk exposure caused by a loss of goods while in transit or at warehouse or clinical trial locations.”

Corvus Insurance, with a deep understanding of Life Sciences logistics, has developed a proprietary Extra Expense form in an attempt to make whole those Life Science companies that suffer an insured loss (from spoilage or any other insured peril – theft, fire, windstorm, etc.).  

“This new coverage from Corvus fills a gap that responds to a critical, but previously ignored, risk exposure for Life Science companies,” said Steve Sawyer of Woodruff Sawyer in San Francisco. The policy form is available on request from Corvus.

Corvus Insurance Holdings underwrites Smart Cargo™ Insurance for the Life Sciences and Food industries on behalf of Argo Insurance Group (Best’s Rated, A, XIII).  Brokers on our platform are bringing needed, innovative and differentiated product into the market and great value to their clients.

 

Handshake

Venture Capitalists, InsurTech and Choosing Your Customer

As Corvus contemplates its next stage of fundraising, after respecting the August VC break, we are having some interesting conversations, not just about Corvus but about how VCs see the world.  Some thoughts about VCs, distribution channels, and number of products seemed worthy of sharing to other entrepreneurs in the space.

 

First, an attempt at categorization of InsurTech.  Everybody has one, here is mine. Many, perhaps most InsurTechs are focused on efficiency and reliability of back-room systems for insurer processes, examples range from blockchain for reinsurance transactions to new data that improves underwriting.  Customer – insurer.

 

A second category focuses on digital distribution of insurance.  From term life to renter’s insurance to SME business covers, these InsurTechs rely on SEM and awesome digital experience combined with behavioral economics and other tech insights in order to connect with online shoppers.  Customer – small premium consumer.

 

Still others are working alongside Corvus to build tech-enabled commercial insurance products sold through brokers.  Whether new data comes from social media, mobile phones, IoT sensors, and the like makes little difference to these InsurTechs.  They key is getting to commercial sized organizations that benefit from the new data. And the only road to the mid-sized commercial insurance market is through brokers.  See Zenefits and their $500MM of capital if you still think otherwise. Customer – insurance brokers.

 

A few InsurTechs are attempting to combine several of these tech advantages.  In the presence of these more ambitious challengers is where Corvus flies. We are trying to master more than one of these InsurTech capabilities.  In fact, we think that mastery of new data sources in order to create tech-enabled commercial insurance products requires a very thoughtful approach to building digital platforms.  Combining our tech-enabled products with a digital experience designed to make our brokers look like heroes and builds barriers to entry for our competitors that will invariably come into the market.  Platforms like our CrowBar will support multiple products, building a brand that can leverage sales, marketing, SEM, and a digital platform. Corvus knows it customers – Commercial Insurance brokers.

 

Some VCs think that the key choice is around the product. They advise companies to stick with one product or one digital capability in order to try to master it before moving on years later.  That may be because one product companies have easier exit strategies – build to sell. Thankfully, some VCs are more ambitious and see that the choice of customer is a more critical defining factor for InsurTech success.  Having chosen a customer to serve, tech needs to be built for all aspects of the experience.

 

As a closing comment, those InsurTechs that aspire to build tech for brokers but also to work around brokers disrespect the channel at their peril.  We won’t forget – commercial insurance brokers. IMHO.  InsurTech. For You.

We Built the First Commercial Insurance Policy Powered by the Internet of Things (IoT)

…And why it’s not all about the IoT

Corvus Insurance, a tech-enabled MGA, was founded in early 2017 in order to leverage existing technologies and data that might be used to predict and prevent commercial insurance claims. Putting this data to work can greatly improve underwriting, loss control and claims outcomes while driving down the overall cost of risk to organizations. Corvus hopes it will make the world a safer place.

 

Corvus, comprised equally of veteran tech and insurance leaders read the same tea leaves that were available to everyone in the commercial insurance industry in the past few years. Data is everywhere and expanding exponentially. Experts and futurists all predicted that IoT data would empower new innovation in insurance. Incumbent insurers are as aware as any tech startup about this opportunity. A recent LexisNexis survey reports that 70% of top insurer executives think having an IoT strategy is important while 79% report that they don’t have an IoT strategy. Why did it take this long to happen and how did a little startup pull it off?

 

At first it is difficult to understand why no other insurer had demonstrated success in IoT. Data from sensors can be used to predict the likelihood of a claim if the data measure a precurser to a major type of claim (pressure from the weight of snow on the roof) or if they can measure and respond on the spot to slowly developing claims (think water leaks). Given that data, Corvus could select it s customers and price its commercial products better than competitors. And, Corvus could use the data to warn customers about impending or more likely claims, something we now call Dynamic Loss Prevention™ to bring added value to customers by helping them to act to prevent claims from happening. We could even use the data to provide benchmarking and other business intelligence as a differentiator. So, how did the journey take shape?

 

We started by looking at use cases (that’s the tech vocab) for causes of loss. We tried to answer the question: What causes of loss are monitored by sensors with data collected? That was easy, sensors are indeed everywhere – in vehicles, on machines, on HVAC systems, security systems, temperature sensors, light sensors, and water overflow sensors. That is part of the problem, sensors are in too many places to start to narrow the search.

 

So, we decided to start at the other end of the problem. We asked the question: what industries had a lot of claims that might be predicted by sensors? While we could find some use cases in liability insurance most were related to property insurance. Still, lots of industries share the same set of common losses – theft, fire, temperature, collapse. Our initial focus was on buildings since they sometimes had integrated systems for a combination of insurance perils like theft, water leakage, and fire.

 

We contacted numerous large sensor companies and some niche players, as well. They all seemed aware of the opportunity to use data to predict and prevent insurance claims. They were willing to work with a startup like Corvus, too (perhaps because we had funding from Bain Capital Ventures). We started to negotiate terms, it all seemed great. Except for one thing. They would not give us the names of their customers, and it seemed we could not guess at that since most of them had modest market shares. If we presented an IoT empowered insurance product to brokers and told them it was good for any building owner that had sensors from company A, the brokers would quickly retort: how will we know if my client’s building has sensors from company A, they only represent 10% of the market so I will be wrong 90% of the time. Worse, most of the use cases lacked even rudimentary data to predict which data scores are predictive of claims. Back to the drawing board.

 

That forced us to think narrowly. What industry bought a lot of insurance for a significant risk that could be predicted by data from sensors? We eventually found our way to the market leader for temperature sensors for food and pharmaceutical goods – the major cause of loss for goods in transit for these companies was spoilage. And they measured the temperature of the goods frequently, not for insurance purposes but for regulatory reasons. Finally, time to roll up the sleeves.

 

In April of this year, we launched Smart Cargo Insurance™ coverage to insurance agents and brokers and their clients in the Food and Pharmaceutical industries. We are quoting and binding business. While it is too early to declare victory, we achieved a small milestone for the insurance industry. The first commercial IoT-based Insurance policy.

 

Not only does the policy allow us to better price risk, it also allows us to identify accounts with the lowest risk factors. And we respond to that by offering broader coverage, particularly around the spoilage peril, to accounts with high scores. We don’t stop there, however, since we use ongoing data from the IoT sensors to inform us about trends for our insureds, providing them with Dynamic Loss Prevention™ reports that can help prevent a claim. And we use minute by minute shipment data to enhance our subrogation rights, allowing us to reduce cost for us and the policyholder.

 

But, what we learned along the way is that our model, our playbook if you will, is just as applicable to any new source of data. So, while building a IoT policy is a happy milestone for Corvus and the insurance industry, it has exposed us to thinking about other sources of data to inform underwriting, loss control and claims, all to benefit the policyholder and their broker.

Insurance as a Force for Good in the World

I have been fortunate to be in the world of insurance, developing insurance products for new technology companies in industries including life sciences, software, internet, and renewable energy. With the help of brilliant and thoughtful colleagues, my previous company had successfully helped large and small technology organizations around the world manage the risks inherent in new technologies and operating businesses.

In 2003, I took a year off from my role as CEO to attend a mid-career program at the Kennedy School of Government at Harvard. As happy as I was to attend this year-long program, I was more than a bit intimidated by the accomplishments of my mid-career classmates. One had been a member of Congress, another a leader at Save the Children, another a founder of a women’s shelter, yet another a captain in the US Army. And me, well I was serving as a small town’s elected leader, but compared to my classmates, I felt immensely out of my league being mainly an property & casualty insurance executive.

At the end of the first day of orientation, I found myself sitting with a classmate, one of those persons with a kind ear, to whom I rather freely admitted my insecurities. I must have said something like, “you guys are all engaged in work that is so much more important to the world than me, running an insurance brokerage firm”. Maybe it was just the beer talking but I really did feel out of my league. While I can’t even tell you the name of that classmate today, I will never forget his message. A state legislator, he said something like: “you totally underestimate the importance of insurance. In government, insurance is another way of expressing our collective goals for each other, goals of financial security for families, the disabled, and seniors. In business, the fair functioning of responsible parties in commerce. As a percent of the overall federal budget, when you combine Medicare, Medicaid, Unemployment, Social Security, Workers Compensation, and the like, there is no bigger collective expenditure that we make as a society.” That was my denouement to the idea that insurance could be a force for good in the world. I remember feeling my shoulders pull back a little, a dose of self-respect had entered my being.

Over time, I became obsessed with finding examples of how insurance, particularly my main field of insurance, property and casualty insurance, could be a force for good in the world. Certainly, I understood that liability insurance, for example, could be seen as an essential element in providing security to landlords and customers. There is comfort in knowing a business would have the backing of a large insurer should their business operations cause harm from something as simple as a trip and fall or something more complex like product liability.

Some examples of “Insurance as a Social Good” are more reactive than proactive, but still powerful indeed. Slumlords with devastating lead paint peeling off their walls were forced to clean up their acts when insurers refused to offer liability insurance without proof of de-leading.

The Catholic Church and similar institutions certainly found religion around sexual misconduct in part due to the unwillingness of commercial insurers to offer them any more liability insurance without a big clean-up of their sexual misconducts. Today, sports leagues are being forced to address the long-term impact of CTE and concussions due to the unwillingness of their insurers to continue to pay claims. We can hope that the Federal Flood Insurance program might be changed to follow this strategy of incentivizing development only in less flood-prone areas, if policymakers get it right.

But, I didn’t fathom insurance’s possible social purpose fully until I read the obituary of a friend’s father, an insurance agent in a safe quiet suburb, who made it a point in his career to cajole large insurers to offer liability insurance to minority business owners in the inner city of Boston. His effort helped those business owners to get a lease for their storefront businesses and to help restore neighborhoods in the 60’s and 70’s.

Reacting to bad behavior by making insurance fair is one powerful tool. Promoting good results proactively is quite another. So, I set about looking for ways to build insurance products that reflected a higher social purpose and that made great financial sense, as well.

Bad things happen in the world. Roofs collapse, shipments of food spoil, drivers are too aggressive, cyber thieves are proliferating, sexual harassment certainly hasn’t gone away. While businesses and individuals can buy insurance against these risks, that passive response is no longer an acceptable strategy to make the world a better place. And, as with so many other aspects of our lives, there is a whole new set of technology tools that can promote active risk management responses by harnessing data that was previously difficult or impossible to collect.

Today, with an app on a phone, we can measure, gamify and improve the driving behavior of commercial drivers by scoring their braking, acceleration, and even their distracted driving behavior from cell phone use, which is causing the first bump in accident and death rates in my lifetime. With sensors on building roofs and cargo shipments, we can anticipate collapses or spoilage, and in turn intercept the problem before a claim occurs. We can detect the likelihood of litigation by examining social media and big data sets in ways that reveal trends that typically cause lawsuits, and destruction.

Harnessing this data requires a mission to make the world a safer place. Insurers, who pay the costs when bad things happen, are uniquely situated to leverage new forms of data to proactively put technology to work in order to make the world a safer place. Corvus exists to turn that mission into a reality.