The speed at which connected technologies are being embedded into the operations and products of big business presents an abundance of both opportunities and risks. Richard Robertson, Global Head of Information Security at Pro Global, demonstrates how innovation is inextricably linked with potential risk failings when it comes to IoT.
In his latest book, the arrestingly titled Click Here to Kill Everybody, InfoSec guru Bruce Schneier suggests that in the near future doctors’ surgeries will have bio-printers and should they be hacked it could be possible for human viruses to be synthesised and distributed globally creating a pandemic.
I’ll give you a moment to recover if you just spilled your coffee in shock.
Why would such an eminent security practitioner feel justified in making such an alarming claim? With the Internet of Things (IoT), such a scenario is unfortunately far from the unlikely nightmare it may appear to be.
Let’s take a step back. There’s no mystery to why big business is bullish on the IoT. The number of connected devices is astonishing and has already surpassed the number of people on the planet – pens, cars, coffee cups (yes really – not quite yet but soon), even t-shirts.
Projections anticipate the figure growing to 21 billion devices by next year, potentially ballooning to over 100 billion by 2025. This new interconnected IOT reality is undoubtedly exciting – for our personal lives as well as healthcare, manufacturing, transportation, all commercial sectors and governments.
But the benefits made available by connecting devices capable of ‘smart’ behaviour are matched by serious dangers. Each of these devices is a potential entry-point for an attack by hackers. And according to multiple studies, around 70% of the most commonly used IoT devices have significant security vulnerabilities.
As the adage has it – you can have good, cheap or fast, but you can only pick two. Current news stories and market theory shows that in the rush to create new products, cheap and fast will win the race.
And it doesn’t take a rocket scientist to know that it is unlikely that cheap and fast products will offer advanced security protection from hackers.
The usual password protection on our devices is already failing. Default passwords are often left as default permanently, meaning the devices are forever highly vulnerable to attack, while security measures like two-factor authentication is only just starting to catch on – way behind the proliferation of smart devices in our homes and places of work.
Until this burgeoning mountain of vulnerable devices is secured, almost anything is open to attack, including baby monitors and even cars. One thing we can be sure of is that this is not a problem that will disappear quickly. Combined with global marketing plans, could we be moving apace towards Bruce’s printer pandemic scenario?
In 2015, a billboard was a billboard. In 2019, billboards are starting to contain computers which recognise you and tailor advertising to you. Yes that’s right, just like Tom Cruise experienced in Minority Report, except you could be experiencing it sooner than you think.
Your phone will share data with the billboard and the billboards owners whose computers may then be advised of your precise movements, shopping habits, likely income and possible holiday destinations. This information will come not just from fitness apps and travel booking sites but free-to-play games and even the meta data hidden in your photographs edited with bunny ears.
When such data is fully anonymous, companies can use it sell to large market segments. But far more valuable, and historically more difficult to get, is data that relates to us as individuals.
When a supermarket knows your favourite tipple they can offer you completely personalised deals. It’s great business. But it also means that any information that’s tracked about us can be linked back to us.
This can be calls you make, texts you send, food and clothes you buy, photos you take and even the conversations you have. Once your connected devices are happy talking to each other, the picture of you available to corporations and national and local government departments will be more detailed than you could ever imagine. And it’s for sale. Privacy, or our traditional offline concept of it, is dying.
As ever cheaper devices invade our every moment – the word infest was used at a recent security conference – they will become more and more embedded. We will likely barely notice the encroachment but they are coming and this is important when it comes to security.
And so, back to printers. In 2017, over a weekend someone hacked hundreds of thousands of printers, forcing them to print nonsense messages. 3D printers could be similarly vulnerable, but what if we consider bio-printers?
While bio-printers are still in their infancy in 2019, imagine a future where they are in every hospital and surgery. A remote hacker could force a printer to produce a lethal virus, for instance. If the virus spreads widely enough and infects enough people we might wish big business had heeded Bruce’s warning. How on earth will the insurance industry respond to such a scenario?
Due to the level of risk that goes hand in hand with the exciting opportunities presented by the IoT, vulnerability and emerging threat discovery assessments should be included when a company is carrying out its cyber audit.
When it comes to reviewing these hyperconnected technologies businesses are reliant on for the smooth running and future success of their services, whether it be in healthcare, manufacturing, transportation or in government, cyber audits will require more than just a soft touch. They need to be considered more than just a box ticking exercise.
While general cyber security audits will only provide a general snapshot of a business’ cyber security, at Pro we provide greater insight and solutions into how best to improve cyber health and, with our expert partner Cyber Security Associates, allow for 24/7 monitoring of a business’ systems to identify and mitigate attacks.
You may not be insuring bioprinters yet, but there are likely vulnerabilities in your current systems that a box-tick cyber audit won’t expose.
For information on how we can better assist you with an independent, comprehensive cyber audit, contact our dedicated team: https://www.pro-global.com/uk/what-we-do/cyber
As one often does on the streets of EC3, I recently bumped into a ‘London market face’ and we had the what-are-you doing-now conversation. My former colleague remarked how things had changed in the market from when we both set out on our insurance careers; how the market had become more professional, and how the things that had blighted it in our formative years – the collapse of the Sass syndicate, the infamous LMX spiral, the claims and bankruptcies resulting from Asbestos – had all gone away.
After we parted, I thought about what he had said and, like the American TV detective Lieutenant Columbo, there was just one thing bothering me. Asbestos. Gone away.
Asbestos reared its very ugly head in the insurance market around the late 1980s and early to mid-1990s becoming the most prevalent industrial disease covered under Employers’ Liability or Workers’ Compensation policies. Fuelled by unexpectedly large legal awards in US courts, the claims spiralled and, in the case of Lloyd’s, many individual names went bankrupt as their syndicates had indemnified general liability insurance written from the 1940s to the mid-1970s for companies with exposure to Asbestos claims.
To be clear, Asbestosis is the condition resulting from exposure to asbestos and is usually associated with professions such as construction workers, especially laggers and shipbuilders. This was a consequence of the widespread industrial use of asbestos from the 1950s to the 1980s. While a potentially disabling condition, worse was to come in the form of Mesothelioma, a cancer that can take many years to develop following the inhalation of asbestos fibres.
In my previous blog Worker’s Compensation and Asbestos in the Lloyd’s Market I looked at the history and impact of Asbestos and its resulting disease Mesothelioma. In this second part, I will address how claimants are being supported through a streamlined approach to claims payments and how insurance companies are continuing to support further research into the disease.
Somewhat ironically, when I began my insurance career in the 1970s I was closer to asbestos than I realised. Having occupied several old City offices where refurbishments of the time would have routinely involved the use of asbestos containing materials. In those days, it was not unusual to have both asbestos boarding and possibly even asbestos lagging of structural steelwork literally just feet from where I sat.
Since then I have been, if you like, a barometer of how the insurance industry has responded to the asbestos tragedy. Whilst there isn’t a happy ending, recent developments and initiatives have been encouraging, heartening even, bringing some degree of comfort to those diagnosed, with efforts to accelerate compensation so that matters may be resolved during claimants’ lifetime.
During the last four to five years the number of living claimants have increased. Treating doctors are much more likely to tell their patient, upon diagnosis of Mesothelioma, that they should talk to a lawyer sooner rather than later. When this news reaches the insurer, or Claims Handling Organisation, the most important thing we try to achieve is to resolve any issues of liability and seek to deliver compensation, even by way of an interim payment
In most cases the areas of dispute have narrowed over the years. In a relatively high percentage of cases there can be a very early if not immediate admission of liability, and frequently interim compensation.
Perhaps to the surprise of some people, there is now positive and ongoing co-operation between all parties: claimants, their lawyers and insurers.
Today insurers are taking their involvement further. Several major carriers have made contributions via the British Lung Foundation funding research into Mesothelioma. A new initiative, the MesoBank, is the first UK-wide Mesothelioma tissue and blood bank, established to supply tumour samples to assist with continued research.
The Association of British Insurers along with the industry managed to put in place the Diffuse Mesothelioma Payment Scheme where a potential claimant can pursue compensation if they are unable to trace a previous employer where they may have contracted this disease. The scheme is funded by a tariff made on all Employers’ Liability underwriters.
Mesothelioma is not well known in the public arena; it is responsible for the death of some 2,500 per annum, and hence does not attract the research support of other better more well-known cancers, stroke and heart disease which, quite rightly, are supported by high profile and well funded charities.
Few ‘famous deaths’ from Mesothelioma however do spring to mind, Hollywood legend Steve McQueen and former manager of the Sex Pistols, Malcolm McLaren, both allegedly died from the disease.
It is good to see at the personal level the insurance market stands as one for the benefit of Mesothelioma claimants and their families, and that insurers and the legal profession have combined efforts that seek to alleviate as far as they can the anxiety and hardship caused by this disease.
When it comes to regulation, practitioners in the UK insurance industry might be forgiven for recalling the well-known urban myth about London buses; you wait an age for one, then three all come along at once.
It seems we’re having a similar amount of legislation traffic piling up here in the Square Mile.
First we had Solvency II Pillar 3, now in force, but drawing its roots from the banking crisis of 2008. Ironically though it only applies to insurance and, in a nutshell, requires the industry to obtain more data from Coverholders and Delegated Authority specialists.
Then there is the International Financial Reporting Standard, better known to its friends as IFRS 17 which, as the acronym implies, will be in force later this year. Delivering the latest financial regulations, more directives about accompanying data and progress is ongoing with specific reference to insurance contracts.
And thirdly, there is the General Data Protection Regulation (GDPR) which comes into force on 25th May, 2018, replacing the UK Data Protection Act (DPA). This European legislation substantially broadens the obligations for organisations that hold and process data relating to EU citizens. GDPR will standardise and significantly strengthen the restrictions on the use of personal data across all EU member states.
Hearts may temporarily flutter with the hope that, as Brexit is now underway, the United Kingdom will be absolved from this EU legislation; sadly not, the government has already confirmed that the UK’s decision to leave the EU will not affect any implementation of GDPR.
Admittedly, these 3 buses didn’t all come along at once (GDPR was four years in the making) and here the analogy must end, for none of these pieces of legislation will drive the industry to any particularly exciting destination. GDPR represents radical changes to European data protection legislation, it contains stringent obligations, many of which will take time to prepare for, and will have an immediate impact from the end of May next year.
GDPR will establish a tiered scale of infringements up to a maximum of 4% of the annual worldwide turnover of the company in breach. Understandably, these potential fines are certainly attracting the attention of every board level executive.
The obligations of GDPR on brokers, underwriters and MGAs are considerable and the scale of the fines for misuse of data is designed to incentivise early preventative action.
All market players need, at the very least, to understand the implications for their own organisations.
As I see it, mid-size London market organisations are grappling with GDPR at the moment, and there’s a real need for a standardised model that could help all syndicates and brokers – “GDPR in a box” if you will.
So, that’s the bad news over with. In my next blog, I will look at what effect GDPR will have on London and other insurance markets, outline what industry specific challenges within the data supply chain will emerge, and share with you some real life statistics of organisations working on this topic right now.
After the ‘bad news’ in my last blog, let me try to cheer you up with my favourite subject: food, or rather, cooking.
Many of us will have offered to prepare somebody a special meal and then been horrified when confronted with the mountain of ingredients, the endless recipe and the complicated instructions before ringing the local bistro in panic and begging for the best table.
Looking at the requirements of General Data Protection Regulation (GDPR), you might feel a similar sense of foreboding. However, if you break it down and tackle every part of this legislation in bite size chunks before the 25th of May 2018 then, like your cooking task, it becomes a lot less daunting and much more manageable.
So what effect will GDPR have on London and other insurance markets? The answer is, not too much if it’s done in a timely, ordered and supported process.
At the beginning of June, Pro held a GDPR seminar for 30 people from interested parties. One of the conclusions drawn from the very lively discussions was that company boards in the main are supporting the implementation of GDPR, but one of our real-life statistics showed less that a quarter fully agreed that GDPR had been sufficiently communicated across their business.
Despite this, I don’t feel that the London market is lagging behind other sectors but it’s clearly not on top of GDPR as much as it could be.
Underwriters and brokers need to engage in mapping the different parts of their businesses, conducting a data inventory to ascertain the size of the challenge to fully comply with GDPR, and then prioritise the tasks ahead.
We have suggested that the key industry specific tasks within the data supply chain are, in order:
By the beginning of this month we would expect underwriters and brokers to have completed the first three tasks leaving them with implementation (July to end of December) for review, revision and embedding the principles by design and default (January 2018 onwards).
Any breaches will be monitored by the UK Information Commissioner’s Office (ICO) and, despite the best planning, its likely your company will have a data breach. But, in my opinion, if you can show the requisite policies and processes are in place and that you have done everything to adhere to GDPR, then you shouldn’t have much to worry about. The ICO is taking this seriously; indeed, according to an article in Reactions Magazine on 19th June, it has already held preliminary discussions with insurers concerning the possibility of sharing cyber security breach data.
There is also one ‘London-ism’ that everyone needs to be conscious of – who owns the data? The data controller (usually the underwriter but, in this case it’s likely to be multiple parties) must ensure their element is compliant. As data passes through the chain from broker to underwriter to reinsurer, each needs to demonstrate their adherence to GDPR.
So, keep calm, treat GDPR like a cooking recipe and, as with the applause that follows the production of a good meal, the satisfaction of a job well done will be remembered long after the washing up has been put away. Bon appétit!
Companies in the UK have been at it for years… running off books of business and freeing up capital for insurance and reinsurance companies. Now, the opening up of the legacy market via new Rhode Island legislation is expected to allow insurance companies on the other side of the Atlantic to do the same.
For those of you who don’t know, the recently approved Rhode Island laws mean that for the first time in the state, insurers and reinsurers will be able to cede run-off commercial books with court-sanctioned finality. In March ProTucket, a subsidiary of Pro Global Insurance Solutions, became the first company to receive a licence to provide legacy transfer services in the state.
Many said that the US did not have the stomach to enact the legislation, but the tide of capital efficiency is a hard one to stem. The market needed this reform and Pro has made sure that it has been backing it all the way, not only supporting it, but also racing to become the first company to be licensed in the state.
There are still challenges ahead – this legislation and our licence are just stage one. But getting this far is monumental for the US insurance market, and we feel optimistic that we are clearing the hurdles one by one and can see the finish line.
The run-off sector is seeing increased interest as the market starts to realise its full potential, according to independent run-off service provider Pro Global Insurance Solutions (Pro). Richard Lawson, global head of client engagement at Pro, said that the run-off market had seen perhaps two or three major transactions a year in the 2013/14 period; in contrast, now there were now dozens of transactions occurring every year.
When you try to think what our industry could look like in 15-20 years it’s hard to visualise, but in my opinion, a lot will change:
If the reinsurance industry evolves as a whole – the players within will need to change too. Change cannot happen without the appropriate people driving and delivering an organisation forward.
And – it may be that new market players bring fresh talent to the forefront of our industry. But when we plan and prepare for our own future we need to understand what type of talent is required within our organisations.
In my opinion skills, mindsets and behaviours will evolve over the next 15-20 years, for example:
Well-Networked Communicators: well-connected people that can use a variety of communication styles, formal and informal. Comfortable with all communication channels: digital mediums, instant messaging and the traditional large scale briefing. Open and at ease with information sharing.
Analytical Decision Makers: people who have an in-depth understanding of the intelligence and insights that come from big data, and are able to confidently apply data to their decision making.
Holistic Agile Professionals: both analytical and people-oriented professionals, able to work across physical boundaries and seniority levels, able understand the wider picture and business landscape.
The umbrella term that brings these together is an organization’s ‘corporate culture’. But what exactly does this mean? I personally like to define ‘corporate culture’ as: Leadership, Values, Communication, Decision Making and Collaboration.
We all know that changing corporate culture in an organisation takes time, sometimes up to 10 years, and of course there are many dependencies and influencing factors.
One thing is certain – to be ready for the future, we need to start thinking about this topic now!
Knowing all this – where should you start?
Pro is hosting a Roundtable to debate this topic in Zürich, Switzerland. Watch this space for a high-level summary of our findings. Alternatively feel free to contact our experts to discuss how we can help people adapt to your future culture in reinsurance Inken.Schaeppi@pro-global.com
London, 06 September, 2019:
Global re/insurance outsourcing and consulting specialist Pro Global Holdings Limited (‘Pro’) is delighted to announce that its dedicated distribution services and managing general agency incubator unit, Pro MGA Solutions Inc (‘Pro MGA Solutions’), has formed a strategic partnership in the U.S with intelligent decision platform provider QOMPLX Inc. (QOMPLX).
QOMPLX introduced its U.K. based MGA providing underwriting services through Pro’s U.K based MGA incubator earlier this year. Its first product provides insureds with one single and simple insurance policy for multiple perils.
The QOMPLX MGA uses the QOMPLX:INSURANCE decision platform to create an integrated data-driven underwriting platform.
Through the partnership with Pro, this capability will be extended to Pro and QOMPLX’s respective U.S operations, where the focus is on the growth of technology-based solutions in the MGA sector.
The move follows Pro’s launch into the distribution services sector in the U.K and the U.S earlier this year through the acquisition of MGA incubator platform Vibe MGA Management (‘VibeMM’) in London, U.K – a deal which has now received regulatory approval from the U.K Financial Conduct Authority – and through the formation of Pro MGA Solutions Inc, based in York, PA, U.S.
Artur Niemczewski, CEO of Pro, said: “A strategic partnership between QOMPLX and Pro has the hallmarks of a perfect match – we have been hugely impressed with the innovative, forward-thinking and client-first approach that QOMPLX have taken in developing a data-driven MGA solution, and look forward to expanding this concept in partnership with our ‘MGAs to Order’ initiative in the U.S, with a strong Trans-Atlantic value proposition.
Embracing technology, streamlining processes and expanding our global MGA capabilities are the clear direction of travel for Pro, fuelled by strong demand from ambitious underwriters for entrepreneurial platforms for growth. We are looking forward to further expansion in Europe in the coming months, so watch this space.”
Danny Maleary, CEO of Pro’s U.K MGA incubator, added: “Our regulatory green light ensures our business is poised to expand our combined expertise and the global concept of MGA management responding to strong demand for global reach, expert service and growth support capabilities.
This paves the way for VibeMM to soon rebrand and continue its dynamic growth journey as a combined entity, responding to strong demand for global reach, expert service and growth support capabilities in this space.”
Alastair Speare-Cole, President and General Manager of QOMPLX:INSURANCE said: “I’m very pleased to be embarking on this strategic partnership with Pro.The traditional underwriter-driven MGA creation journey is evolving, and cost-effective, data-driven MGA structures are going to drive growth. We are very pleased to be embarking on this strategic partnership with Pro.”
Dr Raveem Ismail, General Manager of QOMPLX’s U.K. MGA said: “The ability to utilise our technology to enhance customer driven service, coupled with the experience and capabilities of Pro has created an exciting and unique proposition. We will work closely with capacity and develop unique distribution channels for insurance products across multiple territories.”
Pro is a leading international consultancy and service provider that focuses on delivering flexible outsourcing solutions for live and run-off business, operational consultancy and audit services exclusively to the global insurance industry.
Founded in 1993, Pro has some 160 clients spanning the global insurance market, including insurers, reinsurers, brokers, lawyers and corporate investors.
The company has over 500 employees around the world, with recent geographic expansion in Germany and North America. Pro has offices in London, Cologne, Zurich, New York and Buenos Aires, all supported by regional delivery centres, enabling Pro to act for clients across multiple markets, cultures and territories.
For more information, please visit: www.pro-global.com.
QOMPLX (formerly Fractal Industries) makes it faster and easier for organizations to integrate all of the disparate data sources across the enterprise into a unified analytics infrastructure to make better decisions at scale. This broader analytics infrastructure is provided through QOMPLX OS, an enterprise operating system that powers QOMPLX’s decision platforms in cybersecurity, insurance, and quantitative finance. Headquartered in Reston, VA, QOMPLX also has offices in New York and London. More information about QOMPLX can be found at www.qomplx.com.
Roddy Langley
Lysander PR Limited
roddy@lysanderpr.com
07740 633 296
Helen Wright
Lysander PR Limited
helen@lysanderpr.com
07842 729 579
Alan Mangelsdorf
Public Relations
QOMPLX Inc
alan.mangelsdorf@qomplx.com
001 845 235 4628
