The UK’s First Personal Insurance Policy for ‘driverless cars’: Too early or just in time?

The UK’s First Personal Insurance Policy for ‘driverless cars’:  Too early or just in time?

Yesterday, we received a press release announcing the launch of a new insurance proposition targeted at personal use for ‘driverless cars’ from Adrian Flux in the UK. This news arrives hot-on-the-heels of the Queen’s Speech last month that announced the UK Government’s intention to go beyond its current ‘driverless’ trials in selected cities and legislate for compulsory inclusion of liability coverage for cars operating in either fully or semi-autonomous mode.

As the press release suggests, this may be the world’s first policy making personal use of driverless cars explicit in its coverage (we haven’t been able to validate this yet). Certainly, up until now, I suspect that most trials have been insured either as part of a commercial scheme or, as Volvo indicated last year, by the auto manufacturer itself or trial owner. 

What I find particularly interesting about this announcement is that they have laid the foundation for coverage in their policy wording and, in doing so, been the first to set expectations paving the way for competition.

Key aspects of the coverage (straight from their site) include:

  • Loss or damage to your car caused by hacking or attempted hacking of its operating system or other software
  • Updates and patches to your car’s operating system, firewall, and mapping and navigation systems that have not been successfully installed within 24 hours of you being notified by the manufacturer
  • Satellite failure or outages that affect your car’s navigation systems
  • Failure of the manufacturer’s software or failure of any other authorised in-car software
  • Loss or damage caused by failing when able to use manual override to avoid an accident in the event of a software or mechanical failure

Reflecting on this list, it would appear that coverage is geared more towards the coming of the connected car rather than purely being a product for autonomous driving. Given recent breaches in security of connected car features (the most recent being the Mitsubishi Outlander where the vehicle alarm could be turned off remotely), loss or damage resulting from cyber-crime is increasingly of concern to the public and the industry at large – clearly an important area of coverage.

Given the time taken to legislate, uncertainty over exactly what the new legislation will demand, and then for the general public to become comfortable with autonomous vehicles, I suspect that it may be quite a few years before a sizeable book of business grows.  Often, the insurance product innovation is the easy part – driving adoption up to a position where it becomes interesting and the economics work is much harder.

Maybe this launch is a little too early?  Or maybe it's just-in-time?  Regardless of which one it is, in my opinion, this is still a  significant step forward towards acceptance. I also suspect that some of these features will start to creep their way into our regular personal auto policies in the very near future. I wonder who will be next to move?

If you’re interested in learning more about the potential impact of autonomous vehicles on the insurance industry, why not register here for Donald Light’s webinar on the topic tomorrow.

 

Troll insurance, cyberbullying, and millennials

Troll insurance, cyberbullying, and millennials
As I read through my myriad of promotional mail, I came across an interesting insurance offering – troll insurance. Chubb, a multinational insurance company, is offering its clients in the UK the first ever troll insurance. Chubb personal insurance policy holders will be able to claim up to £50,000 (approximately US$75,000) towards expenses that include professional counseling, relocation due to online abuse, or time spent off work due to cyberbulling. Cyberbullying is defined by the insurer as three or more acts by the same person or group to harass, threaten or intimidate a customer. The inclusion of cyberbullying into Chubb’s policies is a result of a survey of the target audience and brokers. Although the new policy is primarily tailored towards worried parents, adults who become victims of online abuse will also be covered. The policy money can be used to pay a reputation management team that would restore the person’s public image, or even to hire a forensic specialist to trace the origins of the trolling. However, the coverage is pricey. It can only be purchased as part of Chubb’s top-of-the-line home insurance package which costs at least £2,500 ($3,730) per year and is targeted at high-net-worth individuals. While I find it unfortunate that this type of insurance is required, I applaud Chubb for creating an innovative product to cover a gap in the current insurance offerings. Online harassment has real consequences, but the law against it tends to be hit or miss. Ironically, a few American insurers have policies pertaining to cyberbullying, but they protect people who are accused of the offense rather than the victims or harassment. Insurers continue to look for ways to be relevant to the Gen-Xers and Millennials in the marketplace. Chubb’s troll insurance provides a coverage that is relatable to these tech savvy demographics. It’s time for this insurance in North America as well.

Voice recognition access means one less password

Voice recognition access means one less password
If you are like me, you have at least 15 passwords or PINs that you must remember. Passwords are a necessary evil of the digital world. I have a user ID and password for everything from accessing my child’s homework assignment to checking my bank balance. Most annoyingly, the passwords never have the same expiry date so they are never synchronized. I, like many others, ironically keep my passwords in an app that requires a password.   One financial services company, Manulife Financial, has come to the rescue by providing the ability to access your accounts by using only your voice. I say ‘hallelujah’!   Celent is often asked by insurers about voice recognition IVR and will now be able to point to a working model. Nuance Communications is providing the voice recognition technology. The software stores the customer’s unique voice patterns and characteristics. When accessing the account through the call center, the caller repeats a passphrase and access is granted when the voice is matched to their stored ‘voiceprint.” This is an optional service, but I am sure everyone will want to take advantage of having one less password to remember.   Insurers continue to look for ways to increase customer loyalty, improve the overall customer experience and reduce call center costs. With the introduction of the voice recognition IVR, Manulife has addressed all three salient points. New uses for biometrics will continue to lead the insurance world into the future one innovation at a time.

KPMG’s revealing survey about cybersecurity and what we can do about it

KPMG’s revealing survey about cybersecurity and what we can do about it
Some of you may remember my post this spring about the breach of my family’s information by a major health insurer. I think about that a lot, as I am sure many of you do as well. It feels like we read about another major hack on a daily basis. We now have major governments funding hacks. The perfect is example is the recent breach of the IRS. This recent health IT survey by KPMG really caught my eye: 81% Of Healthcare Organizations Have Been Compromised By Cyber-Attacks In Past 2 Years. 81%! The survey covered both insurers and providers. I am stunned my mailbox does not overflow with notifications every day, but what concerns me is all of the breaches of which we are still blissfully unaware. It is particularly disconcerting because there are so many rules around patient privacy that we should be able to expect that our information is being managed securely. It is not. It would be easy to point fingers at those breached and blame it on their lack of preparation. And I suppose that is true in some cases. It would also be easy to point all the blame where it belongs, on the hackers. The big question for me, though, is what can I do about it? In short, the answer is not much. I can’t imagine querying an ambulance driver about the information security processes of a hospital. Even if they knew, would you divert to a different hospital based on the answer? Of course not. In a similar fashion, one would be unlikely to change insurers based on information about data security. But that doesn’t mean customers don’t care about it, and data security is something the audience of this blog can do something about. Regardless of your role in the company, ask some questions. Keep pounding the drum that our industry needs to stop being passive and needs to make the investment, even more investment, in security. We tend to think of the “big breach” as the area to invest, but there are so many more areas on which to focus. The survey showed that 35% of the respondents had a data breach from their own employees. So when you’re beating the aforementioned drum, make sure to discuss your internal risks too. As important, if you are in a position to do so, help ensure this is a topic discussed with the CEO of your company. They need to be aware, and be prepared, for the almost inevitable breach. Your company wants to handle it quickly, professionally, and competently. This would be in stark contrast to the insurer mentioned in my previous post, which took 3 ½ months to notify me, and started with my 4-year-old. In the words of Sergeant Esterhaus in the incomparable ’80s classic Hill Street Blues, “Let’s be careful out there.”

A four year old’s employment records (or how not to handle a data breach)

A four year old’s employment records (or how not to handle a data breach)
Yesterday one of my four year old twins received a letter from a major health insurance carrier (we’ll leave them nameless, tempting as it is). The letter states that the carrier had a data breach and that his information may have been included. The list was pretty extensive, including name, address, telephone number, email address, date of birth, social security number and employment history. That’s a pretty big list and everything you need to steal an identity. They assure me that no health information was shared, but I think they have their priorities wrong. I don’t care if the thief knows I have high cholesterol, but I do care that they have my social security number. I admit I am curious about the employment history of my four year old – I think he has been holding out on me. I wondered how he had so many Legos. The challenge? We’ve never had a policy from this particular carrier. Their FAQ site (a whopping four pages of minimal information) says it could have been because they process for other carriers, but nope, none of them either. So I set out to find out more information, particularly whether others in the family were affected, since we are all on the same policy (Mom, Dad and five small kids). I started my quest at 8:45am, on the website, and then the phone center opened at 9am. What a frustrating two hours. After talking to 11 people, from 4 different companies, do I know the answer to any of the questions? Not a single one. It all started with the vendor that the problem was outsourced too. I feel for those phone clerks, as they were provided almost no information. I then found a way to the carrier (a blog post in its own right), who didn’t know any more, but managed to transfer me to two other insurance companies, neither of whom had a clue why as they didn’t have a breach and I was never their customer. My concern is that this means they don’t even know what was stolen, where it was stolen, who’s information was stolen and more. If they don’t know that about me, what about you? I honestly don’t know how you protect yourself. You can’t really go off the grid. I could do without credit cards, and go to cash, but I can’t do without utilities or health insurance. I also understand that identity theft is big business, but the protections taken by major companies feel so lax. This is the FIFTH major breach of our family in less than 18 months. My credit card, from a major bank, has been replaced three times (only one breach was their own). So to the point of the post, for those still with me: If I was responsible for data security at any of these firms, I’d fire myself. There are solid, dependable companies doing security work. If you r company has not hired one to test your security, do it. Do it today. You should be doing penetration tests, at least annually. You should have solid company policies on data access, and that access should be extremely limited. People need information to do their jobs, but they don’t need all the information. Does your company have a data governance policy? If not, start today. We all know that IT budgets are limited and that our user communities, including our customers, want more and broader access. I just caution that you move with speed, but not without safeguards. Everything can be breached. Your firewalls, your apps, your website and even, as in the case of one breach, your cash registers. More important than all of this, though, is how you handle the breach when it occurs. Even with the most amazing safeguards, some pretty smart people, and governments, are hacking into private data. When it occurs, it should not be a shock to your company. You shouldn’t mobilize a task force after it happens. You should never consider this an IT problem – it is a major problem for the most senior levels of your company, and your reputation. Your company probably has, I hope, an IT Disaster Recovery (DR) plan. Does it include a data breach? Many don’t. They worry about floods, power outages, even pandemics, but not a data breach. Even if your DR plan does include data breach, are the actions your company will take fully laid out? If you are going to use a vendor, have they been chosen and briefed and is the conduit of key information already prepped? Is the spokesman for your company prepared and ready to speak publicly immediately? In my case, the time between the public announcement of the breach and the time we received the letter was over three months. Three months! Hopefully this post will cause at least one reader to start asking questions in their company and that those questions will be well received. You don’t want to be the next company in the news, do you?