Trends of development of IT in Kiberstrakhovaniye's insurance Insurance of cyber-risks Smart insurance
In modern insurance market information technologies are that driving force which allows insurance companies to interact with more and more exacting and impatient clients successfully. Consumers, perfectly understanding technology new products and actively using them in everyday life, expect the corresponding technological service level and from insurers.
Insurance in Russia
The main statyastrakhovaniye (market of Russia)
"Sberbank insurance" insured DoDo Pizza company from cyberrisks
On July 11, 2019 SK "Sberbank Insurance" reported that it insured from cyberrisks information systems and resources of DoDo Pizza company, including the software, corporate e-mail, the Website, "cloud" service and databases.
SK "Sberbank insurance" signed the agreement with DoDo Pizza company according to the MyCyberInsurance Optima program. The program provides insurance of losses from a break in business activities and from unauthorized write-off of money from a customer account as a result of a cyberincident and also civil responsibility insurance for harm which can be caused to the third parties, as a result of a cyberincident.
| ||On to data FINTSERT, in 2018 the number of unauthorized transactions from accounts of legal entities grew by 7.3 times to more than 6 thousand, and the amount of plunders from cyber attacks was about 1.4 billion rubles. These are very impressive digits therefore one of key tasks of business – information system protection from cyberthreats, and not only due to optimization and improvement of IT technologies, but also due to insurance upon cyberincidents,|
notes Dmitry Popov, the head of SK "Sberbank Insurance"
| ||DoDo Pizza is the international network of pizzerias. We use information technologies to improve processes and to do a stable qualitative product. In heart of our network — a cloud management system for a pizzeria Dodo IS. It is the ERP system which covers all aspects of our business: customer orders, mobile application and the website, processes of preparation of pizza in pizzerias, work of cash desk and payment acceptance, all operational work of a pizzeria and many other things. It is very most part of our business and to us it is important that our information system ran smoothly therefore we invest in its development including IT protection, and now also in insurance protection,|
reported the chief financial officer of DoDo Pizza company Dmitry Solovyov
Digitalization level more than at 30% is estimated by 37% of insurance companies
Insurance companies in Russia rather optimistically estimate the level of the digitalization. So, the level of digitalization of the activity more than at 30% is estimated by 37% of insurance companies in Russia.
Declared it in June, 2019 the Head of Department of insurance and economy of the social sphere of Financial University under the Government of the Russian Federation Alexander Tsyganov at the second All-Russian scientific and practical.
As told with reference to these researches of Department of insurance and economy of the social sphere of Financial University under the Government of the Russian Federation Alexander Tsyganov, practically all insurance companies use in the activity technology of "Internetization of business processes" (93% of respondents) today. A half of insurers announce use of technology of Big Data (57%) and new production technologies (47%). The technology of wireless communication uses 40% and artificial intelligence technologies of 30% of insurers.
Other new digital technologies listed in the program of the Government of the Russian Federation "Digital economy" including blockchain technology, according to Alexander Tsyganov, by insurers it is practically not used.
| ||"The insurers who participated in poll rather optimistically estimate the level of digitalization of the activity (the relation of business processes using new digital technologies to the total number of business processes). So, the level of digitalization of the activity over 30% estimate 37% of insurers respondents. At the same time another 37% of insurers believe that their level of digitalization is in range of 5-20%", - Alexander Tsyganov specified.|| |
On an appreciation of level of digitalization of own activity as Alexander Tsyganov noted, could have an impact a high share of Internet sales of insurance services, especially in a CMTPL segment and also professional belonging of most of representatives of the insurers who are filling out questionnaires to IT departments.
A half of insurance companies, according to Alexander Tsyganov, specify the high cost of new digital technologies (50%) as basic reasons of the low level of development of digitalization of an insurance activity; lack of demand for the digitized insurance programs (47%); insufficient adaptation of digital technologies for insurance services (47%).
"Sberbank insurance": The market of cyberinsurance can reach 8-10 billion rubles by 2025
On May 24, 2019 the company "Sberbank insurance" reported that Russian market of insurance cyberrisks it can reach 8-10 billion rubles by 2025. The main incentives of development of this segment will become growth of cyberthreats against the background of development of digital technologies, improvement of the legislation in the field of data protection and increase in information culture of citizens and entrepreneurs.
On information of the company, number of cybercrimes in Russia constantly grows. On to data MINISTRY OF INTERNAL AFFAIRS, in their 2018 it became 92% more, than in 2017. By data FINTSERTA Bank of Russia, in 2018 417 thousand unauthorized transactions with use payment cards for the total amount of 1.3 billion rubles were made. It is 31.4% more in quantitative and for 44% — in terms of money in comparison with 2017. By estimates of Sberbank, by 2022 1 trillion devices will be connected to worldwide network, and the damage from cyber attacks for world economy can grow to $8-10 trillion a year.
| ||The main risks for business are date leak and stay productions because of DDoS- the attacks, influence harmful viruses and application by malefactors of methods of social engineering. On expert evaluations, the average damage from a cyberincident to the large companies is 11 million rubles, for small and medium business — 1.6 million rubles. Having faced cyberincidents, the companies increase budgets on security. In addition, demand for protection against cyberthreats with the help gradually begins to form insurance. We expect the "explosive" growth of the market of cyberinsurance in five-year perspective, by 2025 the share of this segment in the all-Russian charges on insurance not - lives can make about 0.5-0.7%|
Vladimir Novikov, director of risks of SK "Sberbank Insurance"
The volume of the Russian market of cyberinsurance for May, 2019 is measured by tens of millions of rubles, however in the closest years of analytics SK "Sberbank Insurance" expect rapid development of this segment. The main contribution to formation of "fashion" will be made, most likely, by the large companies, however the main volume and demand will create the small and medium enterprises and also individuals — all who use the smartphone.
SK "Sberbank Insurance" offered the first in Russia mass products on insurance of cyberrisks. So, in 2017 the company included in an insurance packet for small enterprises risk of a break in production as a result of cyber attacks. At the end of 2018 the company offered this type of insurance to natural persons, having included risk of cyberthreats in a product on insurance of bank cards. For half a year of action such policies issued already about 2 million clients.
CIO "Ingosstrakh" on TAdviser SummIT - about IT priorities in the insurance industry
Within the TAdviser SummIT conference last on May 30, 2018 and brought together in total more than 600 participants, the open interview with Alexey Klepikov, the vice president for IT of Ingosstrakh company took place. Answering questions of the Chief Editor of TAdviser Alexander Levashov, he lit the vision of trends in the field of digitalization, IT priorities in insurance and told about a number of projects in Ingosstrakh.
According to Klepikov, it is possible to speak about three main trends in the field of digitalization now:
- exit of technologies in clouds, including – emergence of completely autonomous cloud DBMS working without participation of the person, in particular with Oracle 18c – the representative of new generation of systems;
- artificial intelligence – the subject directly connected with the first trend as autonomous DBMS of people does not administer, besides – speech analytics, chat-bots;
- use of Agile of methodologies in big scales, not very well, what – SCRUM, Kanban, etc.
Speaking about the last, Alexey Klepikov noted that in Ingosstrakh application of Agile of methodologies started in 2016. However, in 2018 after the analysis of results of work it became clear that implementation of more complex approach is necessary, and in April implementation and use of methodology of SAFe (Scaled Agile Framework) which allows to solve Agile scaling problems began.
| ||There will be big growth of online sales of insurance products, affiliate programs, work with aggregators, and there will be new types of insurance – for example, owners of drones, insurance of IT assets, - the representative of Ingosstrakh noted, speaking about influence of trends directly on the insurance industry.|| |
Answering a question of IT priorities, Alexey Klepikov noted that there are business challenges and there are IT tasks which should support business. Among priorities of IT for the company he designated three main. The first of them – creation of the fastest, scalable IT infrastructure. And cloud computing in this context gives great opportunities, in particular – at deployment of test environments.
Online sales on digital channels, without participation of agents, for Ingosstrakh make "couple of percent" for today, Klepikov told. Reaching new levels of digital business is very important for the company, he therefore in 2017 the website and mobile application of Ingosstrakh were completely changed emphasized and also the new product on online insurance of KASKO without visit to office when remote survey of an object by means of special mobile application of IngoMobile is executed is created.
The second important priority of development of the company - the complete involvement of IT specialists into processes of the business customer assuming pro-active offers from IT to business. And in this context the third priority - creation of cross-functional teams for the purpose of project implementation is important to exclude situations of misunderstanding of business and IT.
During the interview the subject of use of services of outsourcing was touched. The representative of Ingosstrakh noted that as of the end of May in the company more than 340 IT specialists and that for successful business the correct adaptable combination of outsourcing and insourcing is necessary. It will allow to provide optimal time of an output of products for the market.
In conclusion Alexey Klepikov focused attention that insurance in the long term will strongly be transformed, but, despite all innovations, agency and partner networks "will never be gone".
The TAdviser SummIT conference took place in Moscow on May 30, 2018 year and attracted more than 600 participants. Increase in business performance and the state using digital technologies became principal themes of an action. Representatives of large customer companies and a public sector provided the best practices of use of IT in the organizations, and suppliers of IT solutions – the new developments. Within a plenary part and five thematic sections more than 60 reports and public discussions were heard. The action took place in 5 Digital October halls.
Alfacyber - the policy of assurance of cyberrisks
In February, 2018 AlphaInsurance, understanding importance of insurance protection against cyberdangers, released the product Alfacyber on the Russian market. The policy protecting from cyberrisks will allow to minimize financial and information risks practically of any business or the companies which will be put at cyber attacks in the future.
Insurance upon cyberthreats, attacks on ATMs and cryptocurrencies
The first trend: appearance of new viruses and expansion of an arsenal of cybercriminals due to use of new technologies
- Cybercriminals will attack more often developers of legitimate software, but not ultimate goals. In a risk zone the big companies with reliable and multilayer cyber defense. In such cases it is much simpler to use the intermediary as whom the producer of the popular programs used in a corporate segment can act.
- Criminals will continue to extend actively viruses-encoders. Many attacks with their help can be directed to the industrial systems.
- One more target, attractive to hackers — personal data. They are characterized as "new oil". At the same time Big Data will be used also in the attacks — for more address address to the user.
- Also the complexity of detection and removal of malware thanks to DNS, to enciphering, incorporeality and other technologies will increase.
The second trend: infrastructure cyberthreats
- Within this trend attacks on program interfaces, mass cracking of routers and modems, cracking of ATMs and POS terminals, gain of control over infrastructure of Runet, creation of the centralized control system of communication networks and also attacks on cloud services are predicted.
The third trend: attacks on cryptocurrencies
- For these purposes cybercriminals will actively use a botnet network for mining and also to carry out attacks to the exchanges and users.
The fourth trend: changes in the legislation
- In 2018 became effective the law on security of critical information infrastructure. Thus increase in the expenses on ensuring cyber security relating to KII that "will provoke" a further technology "race of arms" will become a priority trend of activity of the companies.
- Authors of a research emphasize that the Central Bank becomes the regulator in information security field for financial institutions.
- Besides, since May 25, 2018 the European regulations of GDRP (General provisions on data protection) will begin to be applied that will inevitably lead to increase in expenses of the Russian companies which activity is connected with EU Member States.
- Also cyber security will be affected by entry into force or transfer of the Yarovaya Law, import substitution policy and gain of requirements to litsenzenta on data protection.
The fifth trend: social aspect
- Within this trend development of the idea of insurance upon cyberthreats is noted. The companies will begin to consider cyberthreats as one of key commercial risks. As a result of change of the legislation, the company will book more often audit of security of the automation systems, risks assessment of cybersecurity and to look for ways on their decrease or transfer. Financial institutions and the technology companies will be the first who will implement insurance of such risks.
- Also growth of manipulation and cracking of media and social media for the sake of generation of profit from the retail fluctuations provoked by information forgeries is expected.
- At the same time Internet users will remain "a weak link" and one of the main tools of cybercriminals. The majority of viruses are caught in a corporate net via e-mail and opening by employees of files and links.
In Russia e-wallets from hackers for the first time insured
'Protection of electronic instruments of payment becomes more and more relevant. Digitalization gets into all spheres of human life and fraud is displaced from the physical world in virtual. The threat of cyber-risks increases therefore, it is sure, we managed to propose the timely solution demanded by the market', – the CEO of Zett Strakhovaniye Igor Fatyanov said.
The insurance provides compensation at theft of means by hackers to 10 thousand rubles. Such insurance only in Russia in Purse of MTS service works. Insurance does not extend to other services, however also other players in the market can use practice.
Cybersecurity in banks and insurance companies (a research of TAdviser and VMware)
The VMware company provided results of the research of the largest financial institutions conducted together with analytical center TAdviser in December, 2017. According to the report, it is more than a half (52%) of banks and insurance companies of Russia and the CIS increased the budget by information security in 2016-17 in connection with growth of cyberthreats and activities harmful 
The main statyaissledovaniye of TAdviser and VMware
Systems of actuarial modeling
Actuarial modeling – creation of mathematical models for forecasting of insurance risks and calculation of rates. Calculation of insurance rates is a key task of actuaries in insurance companies, and the accuracy of these calculations directly affects marginality of business and a market share of insurance companies. Competition aggravation in some types of insurance (for example, in the market of KASKO) induces actuaries to look for new methods of increase in accuracy of calculation of rates. Those organizations which the first will begin to calculate rates individually for each of clients will get notable competitive advantage.
For the solution of this task the Guild of Actuaries carried out the analysis of solutions and industry experience of vendors of analytical software based on which as organizers of a practical work invited experts from SAS company.
Within the practical seminar experts of SAS showed to actuaries, than modern methods of machine learning and constructions of forecast models differ from traditional in what situation it is better to use this or that approach and as using software of SAS to carry out modeling of rates, using algorithms.
Then consultants of SAS together with actuaries step by step solved a problem of forecasting of losses of KASKO. In the course of the solution the particular emphasis was placed not so much on the principles of work of algorithms how many on process of creation of predictive models on their basis. When comparing different methods of modeling experts in parts opened as qualification of the analyst, the quality requirement and to data preparation process, accomplishment of the assumptions of statistical properties of data influence the accuracy of results. The second part of workshop was devoted to a relevant trend of the Russian financial market – to use of optional data from external sources on clients as practice shows, as in banks, and in insurance data from external sources (such as social networks or data from mobile operators) significantly increase the accuracy of decision making systems. The effect is especially noticeable in business processes where the volume of internal information on the client is small. As it is possible to include interests and events from life of insurers from social networks in process of modeling it was visually shown on a specific example using technologies of text analytics of SAS.
Development of a system of assessment of cyberrisks of AIG CyberEdge
In December, 2017 the AIG company announced start of the system estimating cyberrisks of clients and providing more advanced analysis of insurance upon the hacker attacks. Since November, 2017 underwriters of AIG use a method of the computer analysis which integrates information from the new insurance application developed for this process and data on the current cyberthreats to generate estimates according to different concurrent factors.
Main article: AIG CyberMatics CyberEdge Insurance of cyberrisks
In Russia standards for services in insurance of information risks will appear
Within the Digital Economy program to the second quarter 2020 it is going to develop industrial standards and other regulating documents for services in insurance of information risks. It is offered to charge this task to the Central Bank of the Russian Federation, the Ministry of Finance and Association Guild of Actuaries self-regulatory organization.
The draft of the actions plan of the Digital Economy program for the section Information security also assumes a number of the measures directed to promoting of insurance mechanisms of protection of information resources of the enterprises. According to preliminary estimates, expenses of the federal budget on promoting of cyberinsurance will make 200 million rubles. The document is developed by the competence center in this direction created based on Sberbank.
| ||Content of insurance service in cyberinsurance is not standardized, in world practice varies from the country to the country and depends on the legislative environment, the document says. — the Tracing-paper from the American or Western European product practically does not meet requirements of the enterprises for the Russian jurisdiction. Respectively, there is a gap risk (gap) between the insurance coverage and risks of the domestic companies offered by the international insurers.|| |
By September, 2018 it is offered to develop rules of collecting, processing and transfer to the single database of information on insurance contracts of information risks, insured events and payments. Also maintaining the register of such agreements should be organized. According to authors of the document, maintaining the statistician will be required for tariffing of products of insurance of cyberrisks.
It is planned that already insurance of cyberrisks will be referred to the beginning of 2019 on cost value in accounting. The relevant amendments are offered to be made to Article 263 of the Tax Code, having included in expenses on compulsory and voluntary property insurance expenses on insurance of cyberrisks. Including responsibility of personal data operators and breaks in activity as a result of cyberrisks should be considered.
As authors of the document explained, reference of expenses of insurance to cost value in accounting will allow to insure information risks from cost value, but not from profit. For this purpose it will be required to make changes to the insurance legislation regarding selection of insurance of cyberrisks in separate type of insurance and equatings of insurance of information risks with insurance of "physical" assets of the enterprise.
For personal data operators it is offered to fix normative duties to have a financial guarantee of responsibility according to a class of an information system on personal data processing. As a financial guarantee own means, the bank guarantee and the policy of assurance can be used.
Besides, introduction of the standard on statutory audit of information security for the enterprises of separate branches of the economy is supposed (for example, financial and banking sector, strategic industries — metallurgy, mechanical engineering, shipbuilding, aircraft industry, etc. and also the airports, stations, ports and. dr).
Including it is offered to introduce requirements for compulsory insurance of cyberrisks in the specified industries, at the same time the list of risks should include risks of a break in activity as a result of implementation of cyberthreats. At the same time it will be logical to introduce from the Central Bank the requirement for insurance companies for reinsurance of cyberrisks in RNPK, authors believe.
It is expected that thanks to introduction of the specified measures insurance will be led on the basis of risks assessment, and existence of the report on audit will allow to simplify and accelerate carrying out such risks assessment. Besides, obligatory cyberinsurance for certain industries will allow to create the corresponding market.
Mains: The market of cyber-insurance by 2025 will reach 1 billion rubles
In November, 2017 an insurance broker of Mains Insurance Brokers & Consultants, Allianz and Infosecurity submitted the forecast of market development of insurance of cyber-risks in Russia. According to estimates of experts, by 2025 in this market insurance premiums will reach 1 billion rubles.
In 2017 in the European region where Russia enters, cyber-risks took the second place among the most serious risks for the enterprises. It is said in the annual research Allianz Risk Barometer which is conducted among directors and risk managers of large enterprises.
In 2016 by the number of the registered information leaks Russia took the second place (213 registered cases of leak of confidential information and 70 million attacks on the Russian information resources). On average one stolen record costs the company $158, and in the future this digit can increase to $200-300. The damage from cyber attacks in Russia in 2015 was 203.3 billion rubles (0.25% of GDP).
Among loud cyber attacks in Russia of the last years — personal data leakages and the SMS at the cellular operator MegaFon in 2011, attacks to banks for the purpose of racketing (an incident with Bank of St. Petersburg) in 2016 and in 2015 and also the attacks of WannaCrypt0r 2.0 virus. In March, 2017 the virus got in a row ATMs, the enterprises (MegaFon, Russian Railway), banks (Sberbank) and state institutions (Ministry of Internal Affairs).
The affected organizations were not insured from cyber attacks. What extent of potential damage can be? According to Allianz insurance company, the large companies on average spend about 11 million rubles for mitigation of consequences, average and small – 1.6 million rubles. And it without the size of a direct loss.
Against the background of the increasing threats of investment into information security are extremely necessary. At the same time it is necessary to remember that preventive measures do not give 100% of a guarantee for this reason it is important to think of minimization of possible damage if nevertheless the attack did not manage to be stopped. For such cases there are products of insurance of cyber-risks.
The volume of insurance premiums in Russia in this market does not exceed 10 million rubles. However according to estimates of Mains Insurance Brokers & Consultants, in 2019 the exponential growth of the market will begin, and in 2025 its volume will reach 1 billion rubles.
It is important to note that there is a direct dependence between the speed of detection and neutralization of leak and settlement cost. Every year such expenses grow that speaks about need of investments into technologies of data protection and development of internal examination for reduction of time of reaction and detection of leak and also to be sure of compensation of attraction costs of third-party experts for decrease in the size of a loss.
The legislation in an insurance field of cyberrisks
In Russia the legislation regarding violation of safety of data is developed poorly. The amount of penalties varies from 1 to 50 thousand rubles. However the situation should change in the next years. Within the Digital Economy program the state implements the measures directed to formation of the civilized market of cyber-insurance in Russia. Obligatory purchase of the policy of assurance of cyberrisks can become one of such measures.
"Legislature as in Russia, and abroad, show great interest to regulation online of the environment and content – confirmation to that serves the Yarovaya Law and GDPR which should become effective in the summer of 2018. Along with toughening of job requirements of the companies, these laws increase also the value of personal data. Even if insurance of cyber-risks will also not become obligatory, legislative premises for voluntary insurance cyber-risks become more and more" — Vadim Mikhnevich, the Associate director of department of insurance of financial lines of Allianz comments.
Large European Banks began to insure the capital against cyber attacks actively
Even more often banks address to insurance companies with the purpose to save the capital from operational risks, including it concerns cyber attacks and dishonest employees. Representatives of insurance agencies said that they will be able to help creditors, in the form of the additional level of examination from their party.
After a series of expensive legal procedures and interruptions in work of IT of infrastructure, such banks as Credit Suisse, Deutsche Bank and Lloyds began to look for methods of minimization of expenses on similar episodes. The partial covering of risks insurance companies was recognized most the way out of a situation.
The majority of similar insurance agreements are made out in a private order, and parts are not published anywhere. However last year public attention was drawn by sale of bonds by Credit Suisse bank for the amount of 220 million Swiss francs for a covering of possible operational risks.
Advantageous conditions about more than 4% per annum were provided to bond buyers, but they can also suddenly lose the investments, for example if to employees of the bank charges of commission of crimes of official are brought or on bank cyber attack will be made.
The covering of potential losses was undertaken by Zurich Insurance insurance company.
Insurance companies employ the specialists in operational risks who had work experience in large banks for the best understanding of an overall picture and adequate assessment of the situation in financial institutions.
The Basel Committee on Banking Supervision defines an operational risk as "risk of loss as a result of inadequate or wrong actions in work with internal processes, personnel, systems or as a result of external factors". Cyber attacks, interruptions in work of IT infrastructure, industrial espionage and financial frauds fall under determination.
Banks for the first time began to look narrowly at insurance of operational risks ten years ago, just before approach of financial crisis. Then discussion of the matter was postponed until the best times. And here, according to insurance agents, last year several banks started over again showing the strengthened interest in this subject.
Compulsory insurance of cyberrisks can appear in Russia in 2022
Russia is going to create the large-scale market of insurance upon cyberrisks. The working group is headed by Sberbank. The policy of information security can become obligatory since 2022 for banking sector, the airports and stations and also for the industries of metallurgy, mechanical engineering, shipbuilding and aviation industry. It is written by the Kommersant newspaper with reference to the actions plan of the program.
Besides, in Russia will enter the industrial standard on statutory audit of information security. Conditions of insurance and collecting of statistics, model of actuarial calculations of rates will be registered in it.
For project implementation it will be necessary to make amendments to the Law on the organization of insurance case — to add new type of insurance. At the same time expenses on the project will have to reduce tax base therefore amendments will also be made to the Tax Code.
You watch also Cyber crime and the cyber conflicts: Russia.
Trends of the market of insurance in Russia
- Enlargement – more than 65% of volumes of insurance is the share of 10 major insurers
- Nationalization – increase in participation of the state in the capital of the insurers and influence on processes (creation of the Russian national reinsurance company)
- Activity of mega-regulator – the Central Bank of Russian Federation
- Transition to the new chart of accounts of RAS - in the IFRS standard
- works after transfer of reporting system of insurance to the XBRL standard Began
- Formation of a field for electronic sales of insurance – adoption of amendments to the Federal Law "About Insurance". In fact – transition to the paperless system of insurance.
- B this "new" sales channel in AlphaInsurance made 2016 2.3% of the general charges and rates of its growth exceed growth rates of charges of the company in  twice .
- Since 2016 in connection with changes in 40FZ "About the CMTPL" insurance companies had an opportunity to sell policies of the CMTPL in electronic form.
- 1/1/2017 this opportunity passed * C into a duty and despite the general unprofitability of this type of insurance insurance companies increased sales volumes EOSAGO many times - from 2.2 billion in 2016, to ~ 21 billion in 2017 (forecast)
- In due time the CMTPL became the driver of development of retail insurance in Russia, EOSAGO has serious chance to become the driver of transition of insurance to an electronic form
- Requirements of the Central Bank for on-line of availability of information systems EOSAGO of insurers such which are not shown to on-line banking and other public financial services.
IT priorities of insurance companies
- Further expansion of electronic sales channels for retail types of insurance (B2C)
- The Client becomes principal focus of work of the insurer
- Development of value individual propositions for the client, including fight against fraud
- Respectively – the analysis of his requirements, behavior in the market and in life
- Active development of the "heavy" analytical systems working both with traditional data sources, and with "big data" - sources
- Systems of machine learning and artificial intelligence
- Customer service quality – the second important focus
- Fast and high-quality settlement of losses,
- the Additional services having customer value
- Recurrence of insurance => it is necessary to build the correct communications with the client (unostentatious reminders, convenience of payment)
- Expansion of application of elements of Internet of Things (IoT)
- "Black boxes" of telematics in cars - sources of data both on behavior of the driver, and on his status in road accident and the organization of quick help
- Use of gadgets in medicine, telemedicine in voluntary medical insurance
- Use of information the current and future state. information sources through SIEI and/or a Unified identification and authentication system
- Optimization of internal costs in insurers – the maximum transfer of internal communications "in digit" (Digitalization, acceleration of changes)
- Transition from traditional approach in development "the customer-IT a development-system" to "the customer (it is a developer) – IT control of quality system" BI BRMS ()
- Broad integration of systems, as with external services (external data sources, including BD, the systems of partners and regulators), and inside – transition to API technology of development of the systems, microservices.
- Increase in speed of implementation of changes – new approaches to internal development and deployment of changes (Agile, DevOps)
- At insurers (as well as at bankers) competitors on their SOBSTVENNOM a field, first of all – on electronic sales began to appear
- Aggregators are the companies which help clients to pick up the best conditions of insurance (function of "customer focus").
- Payment services – "are implemented" to us as the payment partner and gradually become aggregators.
- Telecoms – using the customer base can and already begin to act as aggregators, and potential at them is very high.
- Paraphrasing G. Gref (Sberbank) "If earlier it was just feeling that it is terrible, and these children really begin to eat our lunch, then now clearly a definirovana a problem for the large companies"
- The only thing that so far rescues insurance companies – they not only we sell, but also pay damages. But this loneliness is temporary.
- Behind the horizon:
- cars without driver (what to do with car insurance?)
- smart homes – radical change proprietary insurance of physical persons
- insurance of cyberrisks - forever
- a blockchain – possible transition to pear2pear to insurance or societies of mutual insurance
2012: Research Accenture
According to survey results of Accenture, 91% of analysts of the insurance industry consider that use of technologies is crucial for activity of insurance companies. At the same time more than a half of them estimate the current level of the technologies used by insurers as 'low' or 'needing improvement'. Today it is possible to select eight main trends which will define development of IT in the insurance industry within the next five years.
1. The platforms of data providing easy access to information. Already now insurers should work with large volumes of data, and in the future these volumes will grow in geometrical progression. Data can be distributed on different internal and external storages in all regions of the world. Before insurance companies there is a problem of the most effective distribution of the available arrays, including by means of cloud computing if it allow the security requirement and confidentiality of information. Providing a universal possibility of instant data access from any type of devices considerably will increase efficiency of insurers.
For the Russian insurers the specified trend acquires relevance first of all in the context of creation of the integrated information environments within which partner interaction (brokers, agents, STOA, health facilities, joint stock company, NAEB) and clients is performed. The possibility of effective use of information within such information ecosystems allows to cut down, on the one hand, expenses on operational partner interaction, and with another — considerably to increase the speed and customer service quality.
2. Analytics tools for increase in efficiency of business processes and the best understanding of needs of the client. Knowledge of the client which is provided by predictive analytics is especially important in the conditions of constantly changing client preferences. The analytics significantly increases the effectiveness of marketing efforts, allowing to offer the client the necessary products in due time, reducing a sales cycle and increasing cross-sales. Tools of analytics facilitate process of implementation of new products. The predictive and behavioural analytics allows to foretell what response will receive a specific product at clients. In a question of settlement of losses use of analytics helps to diagnose cases of an insurance fraud timely.
As well as around the world, in Russia the need for use of powerful analytical tools for insurance is big. The main complexity is a low quality of data in systems sources. It is not so often possible to see the centralized full-function insurance systems supporting transactions in the online-mode nationally. The decentralized local installations connected by the mechanism of periodic replication and having very inefficient protection against input of malformed data meet more often. Other weak point of analytics in Russia — lack of the general for all insurance market of the infrastructure services giving the chance to keep account and to exchange key information on agreements, losses and so forth. Creation of such services will allow to raise qualitatively technology a maturity of the market and will provide an opportunity for expense optimization of insurers.
3. Use of cloud computing. Cloud computing did not play that revolutionary role what they already played in other industries in the insurance industry yet. The reason of such delay is that insurers are quite often forced to use outdated IT systems which are not always simple to transferring to clouds. However the situation gradually changes. Obviously, use of the cloud SaaS models ('the software as service') and PaaS ('the platform as service') will become the most significant for insurers which provide to insurance companies the high speed, flexibility and scalability, improve reaction and allow to optimize processes, for example underwriting.
Cloud computing in the Russian insurance market is not so strongly widespread. But clouds can become the platform for creation of the general infrastructure services mentioned above. For example, such services can be interesting in respect of preparation of certain types of the reporting. Today in Europe there is a difficult work on formation and implementation of requirements of Solvency II and options at which the general platform for calculation of the set of indicators necessary for Solvency II meeting requirements will be created are considered. Similar solutions can be interesting and in the field of counteraction to fraud and also regarding ensuring interaction between different market participants.
4. Use of the service-oriented architecture instead of the server - focused. Excessively expensive and outdated systems are the main barrier on the way of insurers to creation of effective business processes. For achievement of the business objectives insurance companies should pass from use of the architecture focused on the server to the architecture focused on service.
Today transactions of the Russian insurers are often supported by the monolithic systems combining configuration functions of products, tariffings, accounting of agreements, accounting of receipts and payments, work with compensation payments, settlement of losses, reinsurance and also accounting and the reporting. On the other hand, in process of market development and emergence of need for more and more advanced functionality on certain areas, such as settlement of losses and management of a commission fee, before insurers there will be a choice: develop this functionality within the existing monolithic system or buy separate specialized solutions and integrate them with main system. For the solution of this task the service-oriented architecture becomes an important factor.
5. The reflexive systems of IT security directed to protection of the most vulnerable areas. The problem of protection of client data always was in the center of attention of insurers, but now, owing to toughening of normative regulation and after a number of the widely publicized scandals with date leaks, data protection became one of the main priorities. In process of growth of data volumes it becomes more difficult to provide the due security level, and 100% of a guarantee of data protection are represented by unreal perspective at all. In these conditions it is more reasonable for insurance companies to apply selective approach to security which allows to provide the differentiated protection level for different data arrays. For this purpose insurers need to reveal the most vulnerable areas and using technologies to ensure safety of processes, data and infrastructure. The companies are also recommended to minimize influence of a human factor which is a basic reason of leaks and gaps in security.
In process of complication of architecture of applications of the Russian insurers (implementation of centralized systems, customized applications and integration with the systems of partners) questions of information security will become more and more relevant. The aspects concerning potential external threats and the problems connected with a possibility of date leak because of malicious actions of staff of insurance companies will be equally important.
6. Risk-oriented approach to confidential data protection. As well as in a case with security to guarantee 100% confidentiality of data it is impracticable. At the same time any violations of confidentiality can have serious effects. Insurers need to reveal sections of the greatest vulnerability and to use risk-oriented approach in work with data of clients.
Questions of confidentiality of data began to be of particular importance for the Russian insurers with adoption of Federal law No. 152-FZ. Taking into account Russia's accession to the World Trade Organization and gradual toughening of the requirements including concerning work with personal data, the Russian insurance companies will be forced to implement a package of measures (both infrastructure, and organizational), directed to confidential data protection.
7. Social platforms as new opportunities for a business intelligence and communication channels with clients. Consumers more and more willingly impart experience interactions with the companies on social networks. Insurers use it in the purposes, actively expanding the presence at different social platforms, for example in Facebook. Development of social media opens potentialities for sales increase and improvement of quality of client service. Competent communication on social networks allows to strengthen trust and to come into direct contact between insurance companies and their clients.
The Russian insurers take the first steps on social networks. So far it is difficult to judge efficiency of their presence at Facebook and other platforms. Today this presence is, as a rule, limited to providing information. The market for the present did not define the most effective model of use of capacity of social networks. However taking into account promptly growing popularity of social platforms and increase in volume of the personal data which are voluntarily provided by users, interest in use of social networks among insurers will increase.
8. Improvement of customer service by means of use of mobile, video and game technologies. The design of business processes was always created proceeding from reasons of optimization and cost reduction. In the future ensuring the best client experience will become the main factor. Mobile technologies are principal direction of development today. According to forecasts, by 2020 the number of mobile phones in the world will increase up to 3 billion, and the number of the transactions made by means of mobile devices — up to 450 billion. Distribution of smartphones and tablets sets insurance companies thinking on how to use them in internal interaction and in customer relations. Besides, in client service video and game technologies can be applied. Video technologies provide visualization of information, and via game applications it is possible to inform clients on new products more effectively, than by means of advertizing and other traditional communication channels.
Many Russian insurers already have the mobile solutions implementing functions of providing information on products, addresses of departments and centers of settlement, the notification on a loss, etc. Obviously, the functionality and demand of these applications will only increase. Emergence of the products working by the principle of pay as you drive and operating mobile technologies with support GPS/ is possible GLONASS. If the program of development of GLONASS is implemented in full and in cars without fail will install the corresponding 'black box', insurers will be able to receive the enormous information volume which can be used for more exact tariffing taking into account the nature of driving of the car and also for more effective investigation of cases of road accident and settlement of losses.
Each of the listed trends is important in itself, but from use of new technologies insurers should develop integrated approach for extraction of the maximum benefit. Here the role of IT heads who should develop full strategy of response to market changes is especially important. Use of all complex of technologies will increase both efficiency of insurance companies, and customer satisfaction their services.
In Russia insurance of cybersecurity risks is the direction rather new and substantially low-demanded. In Russia and abroad the most widespread insurance program which as one of components enters insurance upon electronic and computer crimes is the program of all-inclusive property insurance of banks (Bankers Blanket Bond, BBB) now. At the same time banks incur 80% of losses on this type of insurance because of the disloyalty of personnel which is expressed in theft of money from bank accounts using computer systems. As in this case often can be difficult quickly to define, the bank by malefactors from within the IT infrastructure or outside was attacked, banks quite often practice along with the policy of BBB to purchase also the policies of Computer Crime insuring against external cyber attacks.
There are also unique drafts of insurance programs developed in our country. Authorship of one of them belongs to Allianz company. She offers insurance of remote banking upon damages at attacks not only on information systems RBS of banks, but also on client. In practice there are already precedents of insurance payments for such insured events.
Representatives of Allianz company expect that since the beginning of 2013 interest in rearrangement of risks of RBS on insurers will increase in connection with approach since January 1 of new year obligatory for banks under the law 'About National Payment System' of compensations for clients of RBS of damages from stealing of the money which is on bank accounts.
Insurance cost as within the BBB and Computer Crime programs, and in general, is defined by conditions of insurance and results of preinsurance examination of the insurer. Expertize is carried out by either independent experts, or experts of insurance company. During audit experts reveal such indicators as number of staff of the insurer, statistics of losses, the organization of access to these or those information blocks, the used means of protecting, certificates of conformity to the existing regulatory requirements and so forth. On the basis of results of audit the cost of insurance and an insurance sum is determined.
The resulting document governing the relations of the insurer and insurer is the insurance contract — the insurance policy. The higher security of the IT resources will be shown by the insurer (including using the documents confirming compliance to the existing standards and laws), the to him insurance costs cheaper (including costs for audit). Now each Russian insurer has criteria which he uses at purpose of an insurance sum and insurance premium.
Banks and representative offices of the foreign companies fulfilling the requirements of corporate standards are engaged in insurance of cybersecurity risks generally. At the same time the range of cybersecurity risks (even in only one banking sector) and losses from them are much wider, than those that become covered by policies of BBB and Computer Crime.
The closeness of activity of the Russian financial institutions prevents the insurer to carry out obligatory and rather detailed questioning of potential insurers for examination to what and in what degree to cybersecurity risks they are subject. Practice shows that as soon as such questionnaire gets on a statement to cybersecurity service of bank, she lays down under cloth and the transaction on insurance quite often 'dies'. Experts claim that only providing necessary information to insurers will be able to break a situation to the best in an insurance field of bank cybersecurity risks.
The main part of the insurance companies operating in Russia is not engaged in risks insurance, the IT connected with use, and is concentrated on those segments where to count insurance sums and cover amounts of risks much more simply.
Those few insurers who work in Russia in an insurance field of cybersecurity risks use generally foreign experience for determination of conditions of insurance. So, in the international practice of insurance audit is paid by the one who acts as the initiator of the agreement on insurance. Cases when the insurer selects about 2.5% of an insurance premium for carrying out audit of the insurer are frequent.
In 2011 in Russia the 'Community of Users of Standards on Information Security of ABISS' non-profit partnership was created. One of tasks of the committee on insurance of information risks created within ABISS — carrying out the analysis of the legislation, standards and practice of their application for the purpose of development of suggestions for improvement of a regulatory framework in the field of insurance of cybersecurity risks. Among other functions of committee there is an explanatory work in the professional environment on practical application of recommendations and rules of insurance of cybersecurity risks, initiation of conducting independent examinations of insured events, development of the general recommendations about drawing up the rules regulating relationship of the insurer and the insurer in an insurance field of cybersecurity risks since contents of the questionnaire with which filling audit begins.
The standard of the Bank of Russia on information security support of the organizations of a banking system of the Russian Federation (service station of BR IBBS) recommends to insure a part of cybersecurity risks. As in the Russian courts the number of the cases connected with the false payment documents processed through electronic payment systems is multiplied the amount of the amounts stolen using IT grow, and consideration of such affairs lasts of half a year and more, it is possible to expect that the recommendations of service station of BR IBBS regarding use of insurance of cybersecurity risks as the mechanism of compensation shifting to shoulders of the insurer including weight of judicial proceedings will be followed by the increasing number of the Russian banks. Experts also expect that the range of possible insured events in the field of cybersecurity will extend, extending to support of availability of IT services, providing requirements of regulators, etc.
Telematic solutions in car insurance
Data of J'son & Partners Consulting
The market of car insurance undergoes serious changes. The traditional model of insurance based on risk assessment when demographic characteristics of the driver are considered, such as sex, age, solvency, driving experience is forced out by new model of insurance where the risk is calculated depending on individual style of driving of each client. This type of insurance is called "smart" insurance or "insurance on the basis of the actual use" (Usage-Based Insurance, UBI) which helps drivers to cut down expenses on insurance premiums, to monitor safety of the driving, and to insurance companies more precisely and effectively to calculate the cost of an insurance premium, estimating risk with the minimum errors and also to reduce the number of road accident
"Smart" insurance helps drivers to cut down expenses on insurance premiums, having broken down the developed stereotypes about style of driving, depending on social and demographic signs. For insurance companies withdrawal from traditional model will allow to calculate more precisely and effectively the cost of an insurance premium, estimating risk with the minimum errors.
Among main advantages of "smart" insurance for insurance companies:
- Acquisition of competitive advantages, increase in client loyalty and satisfaction with service;
- Increase in operational efficiency;
- Minimization of an insurance fraud
Main advantages of "smart" insurance for clients/acquirers of the insurance policy:
- Economic benefit and increase in own security;
- Multifunctionality of the telematic equipment.
From the technology point of view one of the main elements of a system of "smart" car insurance is the telematic module. This equipment collects data on style of driving using measurement of speed of movement, a corner and sharpness of commission of maneuvers and to other parameters. The acquired information is stored in the database of the company on the basis of which the decision on the price of the insurance policy is made.
All range of the existing telematic modules used to "smart" car insurance can be separated into the following types:
- the devices connected to the diagnostic connector of the car (OBD-dongles);
- the telematic modules which are built in by the producer of vehicles (OEM device);
- the modules reacting to vibrations of a windshield (windscreen);
- smartphones (some modern models of smartphones in a combination to customized applications can be used as independent telematic modules);
- "black boxes" (all types of the telematic modules installed in the vehicle which do not belong to above-mentioned enter this concept).
The greatest share of devices in a segment of insurance telematics in the world belongs to OBD-dongles (in 2016, according to Ptolemus Consulting Group-of 56%).
World market of "smart" insurance
According to Berg Insight in 2015 in Europe and North America there were 11.6 million policies of "smart" insurance (5.3 million in Europe and 6.3 million in North America), in 2015-20 the European and North American markets will reach 25.8 million and 42.1 million, respectively.
Players of the market of "smart" insurance
The chain of value creation of the policy of "smart" insurance covers several industries: insurance companies, suppliers of the telematic equipment in the field of insurance, mobile operators and also producers of cars.
Insurance companies interact with all links of a chain of value creation and are most closer to the end consumer. They closely cooperate with suppliers of the telematic equipment in the field of insurance as directly, and through cellular operators.
- In the world: Progressive, Allstate Corporation, Liberty Mutual idr.
- In Russia: AlphaInsurance, Ingosstrakh, Liberti Strakhovaniye, etc.
Telematic service providers (TSP, Telematics Service Provider)
Technology providers (TTP, Telematics Technology Provider)
- In the world: MetaSystem, Xirgo and Danlaw, etc.
Producers of cars
Russian market of "smart" insurance
Growth of the Russian market of "smart" insurance is characterized by low rates that is caused by the adverse economic situation which caused decrease in the Russian market of an autocomprehensive insurance in 2016 both in natural and in value term. In 2017 negative dynamics was overcome, however at the same time there was a decrease in an average insurance premium an autocomprehensive insurance and total volume of awards.
Participants of the market of insurance are forced to look for new ways of development, expense optimization and increase in profitability. The essential impulse can give to the market of "smart" insurance use of the upgraded ERA-GLONASS terminals and the built-in solutions of car makers and also active use of the mobile applications replacing OBD-dongles, "black" boxes and other telematic devices.
In the long term 5 years penetration of "smart" policies in an aftermarket segment can reach 350 thousand (no more than 10% of the number of operative policies autocomprehensive insurance), and due to use of the built-in telematic solutions based on "ERA-GLONASS" (including in a segment of compulsory insurance) - 3.25 million.
Among drivers of growth of the market of "smart" insurance:
- Possibility of providing additional services, for example, anticreeping, E-Sall, B-Sall and other services with the added value;
- The general global trend to growth of number of the implemented telematic solutions in car insurance.
In Russia J’son & Partners Consulting carries to the main barriers of market development of "smart" insurance:
- Failure from any kind of voluntary insurance in connection with decrease in a disposable income;
- Conservatism of insurers, mistrust to insurance companies, concerns on failure to provide confidentiality of data.
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Botha's botnet
- Worms Stuxnet Regin
- Information loss preventions (DLP)
- Skimming (shimming)
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)
- ↑ Insurance upon cyberthreats, attacks on ATMs and cryptocurrencies: cyber security trends in 2018
- ↑ the programmissledovaniye carried out the analytical agency TAdviser among 50 largest banks and insurance companies of Russia and the CIS. As experts heads of IT departments, their deputies and also heads from services cybersecurity acted. The agency used a format of telephone interviews. The research was conducted in July — August, 2017.
- ↑ Russians will force to be insured against hackers, but not as in Europe and in the USA
- ↑ Large European Banks began to insure the capital against cyber attacks actively
- ↑ tselomiz the presentations
- ↑ "IT in insurance company. Whether not too slowly we run?" Pedorenko Andrey Vasilyevich, Director of the department of information technologies of JSC AlphaInsurance
- ↑ the Market of "smart" insurance in Russia and in the world, 2016 - 2022.