Back in the 17th century of Lloyd’s coffeehouse, a ship set sail for the New World with insurance policies covering the hull and cargo. The task of the underwriters was to evaluate the risk of damage and loss, decide whether or not to accept and insure the risk, and determine how much it would cost to do it. In making these gutsy decisions, the underwriters drew from the experiences of similar ships that had traveled the same route.
As objects, physical structures and modes of transport get wirelessly connected, answers to questions about liability—and insurance—for those disconnects causing damage are becoming unclear. Instead of allowing coverage confusion and gaps to persist, underwriters say they need to tear down internal walls between product lines specialists and partner with tech companies to posit what-if loss scenarios and develop new products.
For centuries thereafter, the discipline of underwriting did not stray far from these origins. Every time a novel risk emerged like environmental and employment practices liability, the historical data was relatively straightforward. In all cases, a specific party or set of specific actions caused the loss, providing enough clarity to make informed underwriting decisions.
No longer is this the case, as the Internet of Things (IoT) has profoundly altered traditional risk paradigms. In the IoT, everyday objects are connected to the Internet, allowing them to send and receive data, in many cases wirelessly. This year, 6.4 billion connected things will be in use worldwide, up 30 percent from 2015, according to research firm Gartner.
Sensors are already embedded in cars, appliances, wearable technologies, implanted medical devices, thermostats and drywall to report on conditions like air temperature, moisture content, heart rate, oil pressure, blood pressure and the presence of microscopic particles like carbon. This data causes things to accelerate or decelerate speed, increase or decrease temperature, turn on or shut off, and even be repaired remotely.
When this information travels wirelessly, it is susceptible to intrusion—from well-intentioned efforts like those taken at a distance by the dishwasher’s repair technician to malicious actions perpetrated by hackers. When something goes awry and causes a loss of some sort—damage or destruction of property or bodily injuries and death—assessing the cause of the loss is problematical because the thing itself has changed. A rose is a rose is a rose, until someone attaches a sensor to it.
Gail McGiffin, partner, principal and global lead for underwriting at EY, spends a good part of her time thinking about how the Internet of Things is fast changing the nature of underwriting and the demands on underwriters. “Anything with a chip in it is a potential risk exposure for hacking,” McGiffin said. “The question then arises how this affects the performance of the underlying insurance policy. For underwriters, this is most concerning.”
A case in point is drywall, the material attached to framing structures to make walls in homes and buildings. Some drywall manufacturers are generating a competitive differentiation by making the material with an embedded wireless sensor that monitors and measures heat and moisture. This is an important safety breakthrough, as this information travels over the Internet to inform homeowners and building owners of an electrical or plumbing malfunction. Actions can then be taken to mitigate the problem before the damage gets worse.
But what if a malefactor hacks into the wireless system and shuts down the sensor or in some way causes it to report erroneous information? What if the home or building subsequently catches fire or suffers a burst pipe on the wintriest of wintry days? “There is now a confluence of factors possibly involved in the loss,” McGiffin explained.
Passing the Buck
From an underwriting standpoint, what used to be an easy-to-evaluate risk of loss from an electrical fire or burst pipe is now compounded by a long list of potential causes. Even more challenging is determining which of the many insurance policies related to these causes will be on the hook for the financial loss. Leveraging the aforementioned scenario (in which a sensor fails to work because the sensor program is hacked or because it simply malfunctions), here’s a list of potential responsible parties and the insurance policies designed to absorb their loss costs:
- The drywall manufacturer, which is covered by product liability insurance, general liability (GL) insurance, and errors and omissions (E&O) liability insurance.
- The drywall installation contractor, which is covered by GL and E&O insurance.
- The manufacturer of the sensor, which is covered by product liability, GL and E&O insurance, and possibly cyber insurance.
- The programmer that created the code for the sensor, likely covered by E&O insurance.
- Third-party manufacturers that contributed components to the original equipment manufacturer, in this case the maker of the sensor, each likely covered by product liability, GL and E&O insurance.
- The company that embedded the sensor in the drywall, assuming this is a third-party enterprise, covered by GL, E&O and possibly cyber insurance.
- The providers of Internet and wireless services, since the hacker was able to penetrate these systems, covered by GL, E&O and cyber insurance.
- The maker of the data analytics system interpreting the signals coming from the sensor, covered by GL, E&O and cyber insurance.
- And, of course, the house or building owner’s traditional package of first-party and third-party property and bodily injury insurance policies.
As McGiffin noted, “You’ve got nearly a dozen and maybe more risk considerations, each of which may source back to a range of different insurance product responses. This leads to the strong possibility of finger pointing when a loss occurs.”
She is not alone in this concern. “The Internet of Things completely reshuffles the risks and who has to pay for the losses,” said John Lucker, principal and global advanced analytics market leader at Deloitte Consulting LLP.
Not only could this lead to litigation—with each of the different insurers contending the loss is not theirs—but there is also the possibility of insurance policy gaps, said McGiffin.
How can this be? One would think that with all these different insurance policies, certainly one of them would absorb the financial loss. But, as with anything contractual, the devil is in the details. For instance, typical E&O policy forms are not intended to address property damage claims, and few cyber policies cover property damage. Might a traditional liability policy cover the loss?
“It has to do with a policy’s ‘intent,'” said McGiffin. “So aside from all the finger pointing, there are these potential gaps in terms of the coverage intent.”
What used to be clear from an underwriting standpoint is now muddied. Said Lucker, “The gray (areas) will lead to a lot of rationalization among carriers regarding their willingness to incur liability while arguing for companies to purchase additional insurance policies…that they didn’t have to previously, just to be sure they’re covered.”
The totality of risk in the IoT has become so immense and amorphous, even for something as ordinary as a slab of drywall, that uninsured losses are possible across multiple parties. In this complex and still evolving environment, the only people certain to come away with cash are the various attorneys collecting their checks from the finger pointers.
Looking at Loss Differently
Obviously, the onus is on the underwriting community to rethink the intent and scope of the industry’s current insurance policies, if not develop a range of entirely new products. Alternatively, insurers might decide to simply cover losses related to the Internet of Things in their traditional homeowners and building owners policies—causation be damned.
If the latter is the case, then the challenge is the same one confronting the underwriters at Lloyd’s coffeehouse in the 17th century: to evaluate the risk of damage and loss, decide whether or not to accept and insure the risk, and determine how much it would cost to do it. The difficulty with the IoT is the lack of historical experience across all the potential causes of loss to adequately inform decisions to absorb and price the risk.
This is serious stuff, as the possibility of vastly underpricing a risk can have stark consequences. Imagine a New York City subway train derailing because a hacker commandeered the sensors implanted along rail tracks. The gargantuan first-party and third-party property damage and bodily injuries and deaths would be financially devastating. While New York City could bear the weight of these losses, what if the startup that made the sensors is found liable? It is unlikely the company’s insurer ever imagined a loss of this magnitude or charged a premium commensurate with this possibility. If it had, it’s doubtful that the startup could have afforded it.
Madhu Tadikonda, American International Group
These issues are front and center now for insurance underwriters. At AIG, the carrier’s new chief underwriting officer for commercial insurance, Madhu Tadikonda, who hails from the world of data science, has been studying how insurance can respond to a world in which so many things are connected. “We are asking ourselves how the liabilities shift when something goes wrong with a very straightforward piece of equipment that used to be watched by a human being and is now operated by a smart technology using sensors,” he said. “We’re tracing through the liabilities, teasing them apart to learn where the points of failure are.”
In this thoughtful process, which Tadikonda calls an educational journey, the goal is to provide clarity around nebulous risk exposures, as there is not much in the way of a loss history to inform underwriting decisions. “First you want to understand what these risks are, who seems to own them, and whether they are covered by insurance or not,” he said. “Then it gets a bit tricky, as you have to hypothesize scenarios to see where a loss may fall through gaps in the coverage. This all becomes very complicated from a pricing perspective.”
Nevertheless, he and other underwriters are confident that the industry has the will and the resources to rewrite existing policies and develop new products to address the uncertain risk paradigms brought about by the Internet of Things. “We’ve all been stymied by the lack of historical data for underwriting purposes,” said Kathy Drengler, assistant vice president of technology underwriting at CNA. “This makes it difficult to know the right price and the risk controls that should be in place. But we are constantly revising our policies to address new risks.”
In making these changes, the insurer is tearing down the walls separating the underwriting of one set of products from another set of products. “The underwriter handling property sits across the table from the one handling E&O, D&O (directors and officers liability) and cyber,” said Kristen Charlton, also a CNA assistant vice president of technology underwriting. “By sharing perspectives, the hope is it will lead to products more closely mirroring the new risk paradigm.”
Jeffrey S. Grange, president of specialty insurance at QBE North America, said the goal for the industry in rewriting current policies and inventing new ones should be to provide sleep-easy, all-risk insurance for buyers. “A fire is a fire is a fire; the homeowner or building owner cares less about why the house burned down than if the insurance covers it,” he explained. “Our job is to understand these emerging forms of causation from the Internet of Things and reflect them in our terms, conditions and pricing.”
While Grange believes current insurance policies are malleable in their coverages, he acknowledges that they are not flexible enough to address the emergent threats introduced by the IoT. “As much as this is a challenge, I see this as an opportunity to develop new products,” he said. “We have to move at the same speed as our customers’ risks.”
Jeffrey S. Grange, QBE North America
Tadikonda presented how AIG is catching up. “Right now, the focus as a market leader is mining our data to identify low-frequency events—like when a sensor failed and it cascaded to other problems,” he said. “We then put these stories together, look for common patterns and then work with our clients to determine how they might play out in their worlds.”
For example, one what-if scenario might posit the risk of a hacker shutting down a manufacturing system, based on the report last year in Wired magazine that ethical hackers had penetrated the infotainment system of a Jeep Cherokee automobile, using this entry point to take over the acceleration and braking. “There are some very thoughtful risk managers already thinking through these scenarios,” Tadikonda said. “We’re making progress.”
In this regard, he noted the importance of knowledge sharing and industry partnerships between technology companies and insurers. Lastly, as new forms of insurance are developed, he said he believes insurers need to provide upfront diagnostics and post-event loss mitigations before binding a policy, the case today with AIG’s cyber product. “We could see similar services offered with these complex coverages,” he said.
These suggestions make great sense. By getting close to the causes of loss and how these play out across all the parties, underwriters will become smarter in their tasks to everyone’s (and every thing’s) benefit.