On November 2, 2017, more than 380 insurance professionals gathered at Braden Auditorium, Illinois State University’s Bone Student Center for the 56th Annual Central Illinois CPCU All Industry Day. This is a day set aside to bring insurance professionals together for education and to celebrate the achievements of 59 new Central Illinois CPCU designees. A variety of speakers were brought together to inform the audience on topics related to the theme of this year’s program - Insurance in the Digital Age.
The program for the morning was moderated by Lisa Shasky, Director of Enterprise Compliance & Ethics at State Farm. Lisa opened the day with a story about her dog, and how excited he gets about his tennis ball. She challenged us to think about our own tennis balls…what gets us so excited that it’s all we can focus on? Lisa then introduced each of the speakers throughout the day, and it became evident that many of them were sharing their tennis balls with us through the topics they were discussing.
Mark Sakalares, from the National Insurance Crime Bureau, provided insights into the investigation of Medical Fraud by framing up where we were, where we are, and where we’re going. It was interesting to learn that the earliest fraud on record is circa 300BC, and that according to the FBI, between 3% and 10% of all health care costs today are fraud related. Medical fraud investigation has evolved from paper investigations with paper claim files to social network analysis, analysis of vehicle black box data, and utilization of Big Data to identify everything from doctors billing more hours than they’re working to organized crime ring activity.
Michael Bernico, Data Scientist at State Farm, began his time with us by defining data science as the intersection between software engineering, business, economics & social sciences; and math, statistics and machine learning. Because they bring both business knowledge and computer science knowledge, data scientists provide a company the ability to go from understanding the business idea to building and executing on the solution. This “full stack analytics” eliminates hand-offs in the process and decreases time to market. In today’s environment, this can be a critical competitive advantage.
Kevin Algrim, Associate Professor at the ISU Katie School of Insurance and Risk Management, shared his insights about InsurTechs, which are start-up companies finding new ways to apply big data to the insurance industry.
The advances of InsurTechs offer many opportunities to traditional insurers. For example, telematics could provide an opportunity for an insurance company to send a message to a driver in a congested, accident-prone area alerting him or her to bad weather and suggesting another route, or give him or her a $5 gift card to a coffee shop and suggest they pull in and wait out the storm. Employee Sensors could be used to reduce work comp claims in manufacturing facilities, by recommending a worker take a break when their posture looks fatigued. Drones can be used to recommend loss control measures and inspect claims. A connected home can alert the owner when a window or door is opened, possibly preventing theft losses. Life/health underwriting can be done through a selfie with new technology. Many insurance companies are partnering with InsurTech companies to stay current as technology advances, and these will likely be the companies that endure into the future. Kevin reminded us of the quote from Darwin that says, “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is most adaptable to change.”
Thomas Pienkos and Andrew Schlidt, partners with the law firm Husch Blackwell, talked to us about data security and the legal considerations of data breaches. Rapid technological changes are requiring insurance companies to work with a wide variety of non-traditional partners such as device manufacturers, analytics providers, telecom providers, and software developers. With these partnerships arises an increased risk of data breaches, along with the question of data ownership and control. In the first half of 2017:
- 791 data breaches were reported (37% increase from 2016)
- 12.4 million people were affected
- 60% of the breaches involved social security numbers
- 75% of breaches were by outsiders, which means 25% were internal
- 51% involved organized criminal groups
Currently, there are state laws, federal laws, and intellectual property laws, which may or may not align with each other. The Insurance Data Security Model Law was drafted in April, 2016 as an attempt to bring uniformity to what happens where there’s a breach, as well as the obligations of the company. It is expected to be included in the 2018 legislative packages for many states in 2018.
It is critical to ensure your company has a plan in the event that a breach occurs, and that it is updated regularly. There are ten key components that should be considered in a breach response plan: legal counsel, immediate IT Security response, forensic review, notification of law enforcement, notification of regulators, insurance coverage, a public relations plan, stakeholder identification, consumer notification, and personnel management.
April Yu, Manager of Predictive Analytics at Global Indemnity Group, invited us to think about peer to peer insurance and potential issues for both traditional insurance companies and consumers:
While it’s unclear whether premiums are adequate in peer to peer insurance, this new model is putting downward pressure on premiums overall. If peer to peer insurers are able to offer lower premiums, can traditional insurance companies offer lower premiums as well?
Since peer to peer insurance is for the layer under the traditional deductible, are the deductibles currently offered by traditional insurance companies sufficient? Will consumers want higher deductibles in the future?
Every member of a peer to peer insurance group must have the same coverages, limits, deductibles, etc., so how will that influence what people choose for coverage?
With peer to peer insurance, the group decides whether a claim should be paid. Will the timing of a claim determine whether it gets paid? Who drafts the contract and ensures fair claim treatment?
Tim Zeilman, Vice President at the Hartford Steam Boiler Inspection and Insurance Company, provided us with some fascinating information about cybercrime, Ransomware, and the insurance industry’s response. Generally, cyber insurance has been for data breaches, but the anonymous transactions made possible by the rise of crypto currency in recent years has resulted in a corresponding rise in cyber extortion (a cyber-threat combined with a demand for money). Criminals have found a way to capitalize on this trend through the creation of Ransomware - software that provides an automated way to conduct cyber extortion…the cybercriminal no longer has to select their victims individually. Phishing is generally used to get the Ransomware onto the victim’s system, then the program encrypts the data and notifies the user they need to pay to get the decryption key. It can be used to make money, but also as a distraction for other crimes such as industrial espionage, as a way to probe vulnerabilities in a system, or even just to do damage to people, causes or companies the criminal doesn’t like. It is a low effort, low risk, high volume (monetary demands are generally low, but they’re able to target thousands of people at once) crime. Recent examples include the WannaCry and Notpetya attacks in May and June of 2017.
DIY Ransomware kits have been available for purchase on the dark web since 2015, but ironically, credibility matters in Ransomware. People will only pay if they believe they are going to get what’s promised. There are several “credible” Ransomware programs on the market, including CryptoLocker, CryptoDefense, and CryptoWall.
Insurance for Ransomware has been included in cyber insurance for quite some time, and regulators seem ok with it, but it is too early to say how it will play out in the courts. The coverage typically involves reimbursing policyholders for payments made to the criminals, as well as the cost of a negotiator or investigator in connection with the extortion threat.
With the increases in technology and the growth of the Internet of Things, cyber extortion has the potential to be even more impactful and disruptive in the future…imagine having to pay to get a decryption key to get into your car…or your house!
After the speakers concluded, Stanley Plappert, Secretary-Treasurer of the CPCU Leadership Council and Sharon Taylor, President of the Central Illinois Chapter of CPCU, presided over the conferment of the new designees in the audience. We then had the opportunity to recognize Stanley for his years of service, along with Bret Eckberg and Cory Heim, before adjourning to the ballroom for a delicious luncheon and a fun and interactive presentation by inspirational speaker, Craig Zablocki. His unorthodox approach and ability to push us out of our comfort zones was very well received, as he encouraged us to act more like children. We role-model seriousness for children…kids laugh 250 times a day, while adults only laugh seven times.
- Kids are not self-conscious
- Kids are curious
- Kids are ok with the unknown
- Kids don’t worry
- Kids live in the moment
- Kids are fearless
A key message from his inspirational time with us was that our reactions to various situations in our lives are the problem. We need to unlearn fear, ego, and worry (FEW) and live in the moment.
All in all, the 56th Central Illinois CPCU All Industry Day was a great success. Special thanks to all the committee members for a job well done!
The 2018 All Industry Day will be held Thursday, November 8. Look for registration to open in late September!