Keywords

1 Context

1.1 How Insurance Works

Modern Insurance was first borne out of the great fire of London, where leading city figures sought to introduce a mechanism to ‘safeguard the interests of the leading men of the city whose lives had been ruined by the destruction of homes, businesses and livelihoods’ (Boobier 2016, p. 2).

At its most fundamental, insurance a story of risk identification, quantification and mitigation. In this context,Footnote 1 risks can be external (i.e. the ‘insured risks’) or internal (Moral Risks, such as Fraud) (Huber 2002). Insurers must manage both these risk types successfully to keep a profitable business.

A customer (be that consumer or commercial), takes out an insurance policy for a set fee and duration in return for the insurer taking on the liability of an agreed set of risks (e.g. an accident occurs or some damage is caused). Should these agreed events then occur within the defined period, the customer makes a claim against the insurer, who is now responsible for the financial and administrative consequences as set out within the policy, and for returning the customer back to the position they were in before the risk occurred (a concept known as indemnity).

For example, should an insured property flood, the insurer would cover the costs to repair the property, alternate accommodation and any other foreseen cost agreed under the policy. The insurer will likely also have administrative commitments to coordinate the repairs and remove the burden from the customer.

There are three important concepts on how insurance works, which are pertinent to understand the impact of big data on the industry:

  • The use of proxy data to define risk probability: Each insured (external) risk, according to the Insurance Risk Management Institute’s definition, has an uncertainty arising from the possible occurrence of given events. While typically only a small handful of ‘pure’ external risks exist for a given insurance policy, these pure risks cannot be directly quantified. Instead insurers use a range of proxy data as an indication to the likelihood of an insured risk occurring for a given policyholder. (For example, the risk of vehicle damage caused by a traffic accident is quantified by proxies such as car type, driver age and previous accident history.)

  • The use of risk distribution to manage exposure: To manage a particular insurer’s exposure to risk (i.e. the cost of claims due to risks that have occurred) and by consequence their financial standing, risks are either pooled (to manage low-impact, higher frequency claims), or spread across multiple underwriters through reinsurance (where the risk is high-impact, but likely low frequency).

  • Information asymmetry: Information asymmetry refers to transactions where one party has more or better information than the other. In current insurance contracts, the customer is the owner (or guardian) of the information needed by the insurer to successfully quantify the risks insured. Insurers are reliant on the truthful provision of information by the customer, and on the insurers ability to elicit correct and useful information. Particularly in the commercial insurance space, the majority of risks are estimated based on past data and/or using statistical models based on small samples, due to the sheer logistical and administrative challenge of collecting raw data.

1.2 Towards Transformation

The evolution of technology used in the financial sector is reshaping the broader landscape of linked financial services, including the more conservative insurance industry (Oliver Wyman 2017). Insurance companies are improving their business operations through digitalisation, exploring new business models, upgrading their propositions and developing innovative products and channels. Wyman (2017) cites five key technologies that are driving this change: Cloud computing, the Internet of Things (IoT), big data, artificial intelligence and blockchain.

1.2.1 Cloud Computing

Cloud computing refers to the storage, management and processing of data via a network of remote servers, instead of on a personal computer or physical server hardware located on company on-site premises. Cloud services extend the in-house capability of insurers and provide a flexible and scalable IT architecture to grow in size, pace of development and technical sophistication. Cloud service providers augment insurers capability to store, manage and process vast amounts of disparate data, through offerings at the physical infrastructure layer (Infrastructure as a Service—IaaS), the platform layer (Platform as a Service—PaaS) and the software layer (Software as a Service—SaaS). The cloud computing architecture provides insurers with a pick-and-mix IT environment to suit their digitisation vision and adoption strategy: from data centres, servers and storage solutions, high-performance computing, development tools, database and analytic environments to applications and cognitive computing services. The ecosystem of technologies and solution providers range from the dominant big tech giants such as Microsoft, IBM, Google and Amazon to specific platform and software service providers specific to Insurance, such as Cognizant Cloud Insurance Platform (Cognizant 2019). However, not all proprietary solutions are private. In 2018 Allianz, one of the world’s leading insurers set up an open source version of its Allianz Business System (ABS) so that anyone could contribute to value-added services, and easily develop systems on top of Allianz’s platform ecosystem (Allianz Group 2018). In 2019 Allianz announced a strategic partnership with Microsoft (Allianz Group 2019), aiming to digitally transform the insurance industry by moving core pieces of its insurance platform to Microsoft’s Azure cloud, with the aim of accelerating innovation by creating a plug-and-play architecture for larger insurers and for start-ups, often referred to as InsurTech companies.

1.2.2 Big Data and Analytics

The volume of information that insurers manage is huge. ‘In 2012 the UK insurance industry created almost 90 million policies, which conservatively equates to somewhere around 900 million pages of policy documentation’ (Boobier 2016, p. 5). Also, the quantity and array of different types of information available to insurers—structured in databases or unstructured in documents—from a range of sources is growing at an unprecedented level. 90% of the available data has been created in the last two years alone.

The term big data, to describe this phenomenon, was first popularised in 2005 by Roger Mougalas from O’Reilly Media, to describe a large set of data that is almost impossible to manage and process using traditional business intelligence tools (The New York Times 2013). The key to understanding the role and relevance of big data in relation to insurance is shown in Table 1, which lists the five commonly understood characteristics of big data.

Table 1 Five characteristics of big data in the context of insurance
Full size table

Data analytics, or the analysis of data, is recognised as a key capability for insurers to unlock the value in their data. Sophisticated data analytics can garner valuable insights to enhance operational efficiency, business growth and manage risks. Boobier (2016) outlines a hierarchy of four types of analytics: Descriptive (reporting why, when and what), predictive (what will happen), prescriptive (what should be done about it) and next generation cognitive (analytics with real time, natural language and learning capability).

Insurance already has a legacy of analytical thinking as a result in the rise of Business Intelligence (to measure and control strategic and operational activity) and as a necessary result of actuarial processes. However, actuaries have found the use of classical statistics has several key limitations when it comes to big datasets and are increasingly looking towards machine learning (ML) as an approach to solving complex problems, that simplifies goodness-of-fit calculations, protects against over-fitting and permits easy hyperparameter tuning. However, actuaries are finding that ML has its drawbacks: it is often much easier to apply judgement to statistic models and explain their findings to non-technical stakeholders (Labram 2019).

1.2.3 IoT and Telematics

The Internet of Things (IoT) is a commonly used term to refer to any device, vehicle, building and other products embedded with electronics, software, sensors and actuators along with network connectivity, which enables these objects to collect and exchange data. The amount of the world’s data is predicted to grow from 33 trillion gigabytes in 2018 to 175 trillion by 2025, according to the IDC (Reinsel et al. 2018), and much of this will be produced by connected devices with embedded sensors.

Telematics is a form of advanced IoT application in vehicles and has been the focus of early IoT adoption in the car insurance. Commonly collected data include list of trips, trip duration and distance, average speed and driving style. Telematics can be collected from engine management systems in the vehicle, external devices that plug into interfaces in the car, smartphone apps or driver dashboard applications. Telematics is used to assess and calculate risk, enabling new forms of car insurance, such as Usage-Based or Pay-As-You-Drive Insurance policies. A recent study proves the value of telematics-based data in the risk selection process with only three months of data being sufficient to obtain the best risk estimation (Baecke and Bocca 2017).

1.2.4 Artificial Intelligence (AI)

Defining the term artificial intelligence is fraught with controversy and many definitions tend to be either overly vague or overly scientific. We do not endeavour to define the term here, however, when financial institutions say they are using AI, they are typically referring to analytical automation based on machine learning (ML). ML extracts patterns from unlabelled data (unsupervised learning), or efficiently categorises data according to pre-existing definitions embodied in a labelled data set (supervised learning). ML systems rely on vast quantities of data to find hidden relationships and use reinforcement to improve its own performance automatically. The process relies on experimenting with a number of different algorithms and different ML approaches, on large sets of training data, in order to refine a ML model that can be used to perform specific pattern matching, categorisation or predictive tasks. There are two key requirements however, for ML to be applied on a wider scale. Firstly that there is enough compute power available to handle the amount of data that needs to be processed and the second, that there is enough data (Patel and Lincoln 2019). ML is different from previous forms of automation and statistical analysis because it enables many actions to be taken without explicit human instruction. The risk associated with using ML techniques therefore is of adequate oversight and understanding of how these black boxes work and the application of automated decisions based on algorithms can lead to the propagation of biases that can be difficult to identify and root out. Insufficient transparency can also lead to damaged trust in financial services. The benefits of adoption of AI and the risks of getting left behind create powerful incentives for insurers to collect every more personal and private data and implement AI solutions on a rapidly accelerated timeline, which presents huge risks to the Industry in itself (Patel and Lincoln 2019) as well as ethics, governance and policy challenges (Renda 2019).

1.2.5 Blockchain

Blockchain is a distributed ledger technology used to store static records and dynamic transaction data, allowing for a collective bookkeeping in an immutable ledger of digital events. A distributed ledger can only be updated by consensus of the majority of the participants in the system and once entered, data can never be erased. Blockchain is a secure and transparent means of conducting business transactions that provides a single source of truth that is updated in near real time. Many insurers are experimenting with distributed ledger technologies for fraud detection, risk prevention and smart contracting. However, research has shown that there are legal risks associated with distributed ledger which regulators need to grapple with, these being; data privacy, insider trading and market abuse (Tarr 2018).

1.3 Challenges for Insurers

All insurers strive to excel in three key elements of their business, that is; operational efficiency (through cost reduction, claims management and productivity), profitable growth (through customer acquisition and retention, cross-selling and upselling) and risk management (through capital efficiency and operational risk management) (Boobier 2016). Throughout this chapter real-world use cases, describing the application of these new technologies and data-driven approaches in the insurance value chain, are provided.

Section 2 highlights some of the developments in the use of big data for traditional insurance functions, in particular, being better able to detect fraud and provide greater personalisation for customers. Section 3 presents examples of where data and analytics are changing the basis of competition by enabling, not only improvements to core operations but to launch entirely new business models. Section 4 outlines the rise of the InsurTech, because although insurers have valuable historic data, they may struggle to keep pace when competing with new start-ups who will often create business models on real-time new data extracted from IoT, social media and other digital records. It is important to note that the insurance value chain is embracing data-service providers who provide a particularly important capability in the ecosystem of products and services when it comes to big data. Finally, Sect. 5 presents a perspective on the ethical, trust and regulatory aspects of big data and artificial intelligence in the insurance industry.

2 Developments in the Use of Big Data for Traditional Insurance Functions

2.1 Leveraging New Forms of Data and Technologies

Insurers increasingly are employing advanced data analytics and artificial intelligence to help them make better decisions and improve business operations across the traditional insurance function chain, that is; pricing and underwriting; quote, bind, issue; policy administration and central systems; claims and settlement. Examples of application areas include smartphone sensor data to augment vehicle telematics, geospatial analytics and aerial imagery, drone inspections, virtual auto claims using integrated smartphone technology, robotic process automation to automate manual document workflow, workplace wearables and trackers, cyber risk analytics, hyperlocal weather analytics and conversational chatbots (CBInsights 2019).

Most significant area for improvement, however, is to be able to better detect fraud.

2.2 Being Better Able to Detect Fraud

According to the Association of British Insurers (ABI), in 2018, an average of 1,300 insurance scams were detected each day, with the average scam reaching £12,000 (Association of British Insurers (ABI) 2019). Given this is approximately £5.7 billion per year in detected fraud, the value of fraud detection to Insurance organisations is self-evident.

Insurance fraud can take many forms, with multiple opportunities across the Insurance Ecosystem. Fraud can occur internally or externally to an insurance organisation, at the point of underwriting or at the claims phase, and it can be Soft (opportunistic) or Hard (organised crime) (Viaene and Dedene 2004). The City of London Police IFED (Insurance Fraud Enforcement Department) presents a range of examples (City of London Police 2016) surmised below:

At the underwriting (policy) stage:

  • Misrepresenting or not disclosing material facts to lower the insurance premium.

  • Purchasing a policy using another’s details to gain more favourable terms.

At the Claim’s Stage:

  • Claiming for damage that did not occur in the manner described.

  • Deliberately causing an accident with an unsuspecting party.

  • Including additional parties in a claim to increase pay-out.

  • Two or more parties deliberately causing a collision and making a claim.

  • Exaggeration of genuine injuries and/or the loss incurred as a result of a genuine incident, or of fictitious incidents.

Externally to the insurer:

  • Illegal intermediaries (either an individual or a group) who misrepresent themselves as an insurance broker, agent or insurer for profit. In this scenario, either fake insurance policies are provided to the unsuspecting customers, or otherwise the illegal intermediary alters information provided by the customer to get a reduced policy cost from an insurer, siphoning off the difference and leaving the customer inadequately or not insured.

  • Where associated professionals to the insurance industry (e.g. solicitors, engineers, doctors, vets, Accident Management Companies, etc.) provide false professional information to support a fictitious or enlarged claim.

Internally to the insurer:

  • Employees within the insurance process submit fraudulent claims ‘under the radar’ due to their knowledge of the internal checks, or otherwise aid the process of fraudulent claims submitted by others.

  • Sensitive information is obtained (data theft) from insurance company systems.

The ability to detect fraud brings significant benefits to insurance companies. In simple terms, possible fraud is identified through ‘triggers’ in the behaviour of and information provided by the customer (and through other available sources). Cases that have ‘been triggered’ then undergo further, more detailed investigation.

Due to the sensitive nature of insurance fraud, insurers are unsurprisingly coy about what triggers they use; we can however generalise that insurers are looking for outliers within the experience of their data trends. Fraud detection is inherently limited by the data sources available for the analysis. It requires data matching and rules-based decision-making to flag cases for further investigation.

While insurers are, on the whole, considered effective in their ability to stop fraud, the exercise is a costly one. The nature of the analysis is high volume, prone to false positives and resource intensive. The general sentiment of the industry suggests that most types of insurance fraud are rising, in some cases exponentially, only adding to the pressure.

While new and improved sources of data present opportunity for fraud departments to better-identify fraudulent activity, existing methods alone will likely buckle under the quantity of information. To combat this, predictive analytics can be used to automate and augment current fraud defences.

Predictive analytics is the use of data, statistical algorithms and machine learning techniques to identify the likelihood of future outcomes based on historical data. While the general concept isn’t new, recent advancements in pattern recognition (supported by the increase in data and computing capability) enable more accurate and efficient fraud detection.

Esure and Synectics Solutions: Precision Platform

Synectics Solutions Ltd., a software company in the data analysis sector, has developed a predictive analysis and data science platform entitled ‘Precision’ (Synectics Solutions Ltd., n.d.). It is a ‘Software as a Service’ (SaaS) offering aimed at connecting sources of risk data and enabling the advanced analysis of that data.

Esure, a major UK insurer for consumer lines such as motor, home and travel, is one such user of the Precision Platform. Being SaaS, it allows Esure to utilise advance analysis capability without the upfront investment in the underlying technology and the recruitment of upfront additional in-house data science expertise (however, as with the adoption of any new system or methodology, an amount of staff training is always required).

Based on the internal company data (fed from Esure into the Precision platform), integrated with data from SIRA (another Synectics Solutions service which aggregates a range of external risk data sources into a workflow-based offering), an array of algorithms and modelling techniques are used to evaluate the risks (consisting of a mixture of data science and machine learning methods), resulting in a risk score for each insurance claim. System-driven profiling alerts are triggered based on certain rules to support Esure’s fraud detection workflows.

Esure combines manual referrals, cross-matching clear and suspect claims and policies and other intelligence with the Precision scoring and alerts to inform which suspected fraud activities are referred to the internal Special Investigation Unit. This predictive analytics service is used alongside traditional fraud trigger methods.

Adding this predictive component has increased the accuracy that Esure can achieve and, by recalibrating their decision model on the back of this new data source, has enabled Esure to reduce the number of false positives referred to the Special Investigation Team.

2.3 Providing Greater Personalisation for Customers

New data on customers’ habits, preferences, interests and abilities are generated every second online, tracked through cookies, advertising systems, social media platforms, through our purchase history and with the interactions we make with companies generally. Resultantly, a significant data profile now exists for each consumer looking to purchase any insurance line.

This influx of data, which can be bought and harvested by insurers, represents an opportunity to target, personalise and customise insurance policies, thanks to advances in consumer preference analytics. Opportunities are many-fold, depending on the level of change an insurance business may wish to adopt:

  • Targeted Marketing: Perhaps the earliest use of consumer data in this list—online advertising has long enabled insurers to focus their advertising strategies on specific demographics, using a combination of social media data, search/viewing history and shopping habits. Insurers can utilise this data to support cross-selling and upselling with ever-increasing success rates.

More recently, user sentiment analysis can be used to understand which parts of an insurance policy (and reasons for buying the policy) will resonate most with the customer and adapt their marketing accordingly.

Knowing the right time to run an ad, send a message or offer a price can also have a big impact on its effect, which can be much better targeted given the massive increase in geospatial information available (for example, knowing when someone is travelling versus on the move to ensure that the customer is in a position to accept a policy offer). In a similar strategy, life events (e.g. the birth of a new-born child, moving home or change of job announcement) to trigger advertising of applicable insurance products, and flag changes which may affect existing policies.

  • Policy Price Optimisation: Using a range of data but specifically including previous purchase history, insurers can now use prediction-based analytics to accurately and dynamically adjust the price for a specific insurance policy. This type of technology allows insurers to maximise their profit and reduce the amount of rejected policies, both for new policies and for renewals.

  • Customer relationship systems: As part of a wider shift towards a customer-focused service provision, advanced customer relationship systems can now offer context-aware information which supports call handlers when fielding customer enquiries. For example, knowledge of ongoing claims, previous complaints or (for example) a recent wedding, can be flagged to the customer service representative in an easy to understand manner to help support a positive experience for the customer.

Furthermore, customer-centric systems can remove the friction of clunky, segregated business processes that can frustrate the customer (for example, the need to re-confirm the identity when changing departments or the time taken for the call handler to change systems to identify the previous complaint).

  • Policy recommendation systems: Advances in customer service systems, and technologies including conversational AI, chatbots and recommender AI, has now reached a level of maturity whereby relatively accurate granular analysis of customer data, and response to questions, can guide the customer to specific products or services, and make recommendations on the appropriateness of a given policy.

  • Policy customisation systems: The next logical step from recommendation systems, by accessing and understanding key data about each customer, insurers can now adapt what is included in a specific insurance policy to better suit a customer’s requirements (or anticipated requirements), without a lengthy and resource-intensive onboarding process. As well as providing much more targeted cover based on the needs of the customer, the length of cover can be flexible, leading to on-demand insurance.

  • Telematics and Behaviour-driven pricing: In a much more fundamental change in the working principles of insurance, telematic data and behaviour-driven pricing can be used to completely tailor insurance to the individual. Again, we discuss this more in Sect. 3 below.

Sunday Insurance

Sunday Insurance (www.easysunday.com), based in Thailand, is an InsurTech company that offers customisable consumer car insurance policies and business health insurance policies. It advertises itself as a “one size doesn’t fit all” company, Car insurance policies are based on provided customer data (note: not telematics).

The service is hosted on the cloud (in this case on Amazon’s AWS platform), which gives the company the flexibility to scale up with reduced outlay costs. Insurance premiums are calculated using artificial intelligence, specifically machine-learning -trained algorithms, which in this case are provided by H20.ai.

The core proposition of Sunday is to make the insurance process simple for the customer and is therefore reliant of a fully functional website with few technical issues. While the insurance application still needs basic information about the customer (e.g. name, address, car type), Sunday Insurance is different in that, after selecting which baseline package you wish to start customising from (for example, Third Party vs comprehensive vs comprehensive with addons), it then allows individual customisation of various cover parameters.

While common add-on variables such as roadside assistance and windshield cover are available, the full range of additional options is much larger than a traditional insurer provides. This is in addition to the customisable cover limits.

It should be noted that, by transferring the choice of cover limit to the customer, it is reliant on the customer having a much-more informed understanding of the risks they need to mitigate and their resultant policy cover requirements. Less-informed customers may be encouraged to go for the cheapest option at the expense of having sufficient cover in the event of an accident.

Source Amazon Web Services, Inc. (2019).

3 New Opportunities from Big Data, Intelligent Applications and IoT

In Sect. 2, we presented new opportunities that broadly fall into the existing business practice of the insurance industry. However, there are also opportunities for completely new insurance concepts, driven in particular, by the rise of IoT connected devices. These opportunities can be exploited across the insurance value chain, by existing incumbents and newer InsurTechs alike.

An extension of the trend towards personalised insurance discussed above, new sensing devices can provide insurers with direct data for many insurance lines. This is a major change for the industry, as for the first time, insurers can access near-real-time data of assets in which to base policy premiums, either retrospectively (based on data over a previous period) or reactively (based on the current state of the information received).

  • In the motor vehicle sector, telematic data (transmitted from ‘black boxes’ or using customer mobile phone data) supply real-time location and speed data, which insurers can use as a much better proxy for driver behaviour than traditional markers (for example age or job description).

  • A significant uptake in the use of wearable sensor devices (such as fitbit), or the fact that we many people keep their phones on their person all day, allows the tracking of fitness. Policies can be incentivised to encourage good health habits, further mitigating the overall risk of a claim over a long-term period.

  • A rise in connected home devices can send a wealth of data to insurers, who could provide active security monitoring services.

  • In the commercial sector, asset data (for example fridge temperature data) can be monitored, with insurance pay-outs automatically triggered based on certain conditions. Premiums can be reduced when customers can prove that their buildings have been operated within set criteria (e.g. that fridges have been maintained at 4 degrees and have not been switched off—which would cause food to spoil and a potential claim).

  • In a different example, shipping cargo can be tracked across the world, and much more closely associated with the prevailing weather conditions, allowing for cheaper policies in good weather. If cargo is lost overboard, this can be identified much more quickly, and automatic pay-outs can be triggered.

  • Predictive maintenance capabilities (for example on wind farms) enabled by connected sensors within the machines, can further reduce policy premiums, as serious failures can be identified and rectified before they occur.

3.1 IoT and Telematics for Customised Insurance Offerings

In what could be described as ‘level 1’ IoT data use, insurers can offer customised policies which are based on ‘real-world data’. The common denominator in these examples is that the insurers now have access to proxy data that is much closer to the real risks than before. This allows insurers to be much more granular in their risk management. Resultantly, policy premiums can be much more closely mapped to the actual risk, and the level of risk pooling can be reduced, if not eliminated.

While this will benefit some parties, this situation also presents a risk that, at the other end of this spectrum, insurance prices will increase further. As the averaging of risk (both in terms of granularity and in risk pooling) reduces, some customers may find themselves uninsurable.

Auto—Root Insurance

Root Insurance (www.jointroot.com) is a US usage-based automotive insurance company. Root Insurance tracks actual user behaviour using a smartphone application to evaluate the risk and provide a policy quote to the customer. At the expense of data privacy, Root Insurance says its customers receive rates up to 52% lower than for traditional insurance methods. A combination of data science and machine learning methods are used to identify key indicators of risk, such as movements like braking, route regularity, and the speed at which a customer turns a corner.

While some smartphone-based/telematics systems track behaviour over the lifetime of the policy, Root Insurance is different. Through a mobile phone application, a user’s activities are tracked 24/7 for a two-week evaluation period (prior to the insurance policy starting). It is not possible to stop this tracking at any point during this evaluation period and still receive a quote.

After the evaluation period, a customised policy offer is provided, based on the data profile collected. After this point, no further data collected will affect the policy price. The customer can then switch off the tracking within the phone. If they fail to do so, data may still be collected, but it is only used to refine the insurance data models, rather than to influence policy price.

Using mobile phone sensor data (including accelerometer, gyroscope, global navigation system data and compass) presents a series of challenges to the insurer. Sensor data of this type is very noisy, of which risk evaluation models need to account for. Collecting this type of data also may not provide the necessary context in all situations—without additional information, the insurer cannot identify if you are the driver or the passenger, or if you are in a taxi. If the movement of a plane or train (at slower speeds) is akin to car speeds, this might also pick up without careful filtering of the data.

Sources Crunchbase, Inc. (2019) and CNBC LLC (2018).

Property—FloodFlash

FloodFlash (floodfash.co) is an InsurTech specifically focused on supplying building flood insurance cover using simplistic, parameter-based triggers. FloodFlash operates by providing customers with a proprietary sensor to install at their property. If water reaches a certain level, a cash ‘settlement’ is automatically triggered and paid out.

FloodFlash represents one way in which the global insurance protection gap can be lessened. High risk areas, where flood insurance would be prohibitively expensive under traditional insurance models, can now be covered using parametric insurance, also known as ‘event-based insurance. Customers can reduce their premiums by adjusting the trigger level in which a pay-out is due and the amount that would be paid out in that event.

As only the water level verification is required and settlements are fixed, this represents a much less resource-intensive claims process. In this type of insurance arrangement, only cash is provided in the event of a claim (which is fully automated), meaning that the insurance company does not need to provide large swathes of administrative support typical of most insurers.

Source Oxbow Partners Ltd. (2018).

3.2 IoT, Behaviour-Based Insurance Pricing and Active Risk Mitigation

In more engaged (‘level 2’) IoT application examples, insurers can introduce insurance services which not only monitor user activity, but also seek to actively influence the behaviours of the customer(s) and the related risks. While there is some inherent influence on behaviour when customers provide real-time data (‘level 1’ applications discussed above), these ‘level 2’ applications are characterised by a more intrusive effect on the fundamental insured risks and the provision of an active service which reduces risk. To give two examples:

  • In health insurance, insurers can encourage healthy lifestyles by incentivising exercise to ensure a longer-term reduction in health-related claims.

  • In car insurance, insurers could potentially integrate with navigation systems and adjust insurance based on which route is chosen (e.g. a user could be presented with the choice of two routes and may choose the journey that takes longer but costs less to insure).

  • In buildings insurance, a raft of new in-home CCTV cameras, smart speaker devices, thermostat controls and other connected technology can provide real-time data of the state of a particular dwelling or building. Insurers can monitor this data for security risks, building failures (for example, electricity or burst pipes) and engage with the customer to fix problems. For example, if the door is left ajar for a certain length of time, the customer could be alerted. Or if a smart speaker picks up the sound of breaking glass, they could alert the police to a potential intruder.

This active engagement with the customer to reduce the likelihood (or severity) of insured risks represents a fundamental change in insurance mindset, by reducing the risk ‘upstream’ of the point of claim. By incentivising the customer to reduce the risk, both parties share benefits of successful risk mitigation. This arrangement is sometimes called Shared Value Insurance (Jais et al. 2017).

Health—Vitality

Vitality (www.vitality.co.uk) is a South African Insurance brand (owned by Discovery Holdings and used in many global markets) which provides health and life insurance policies. Vitality sells directly to customers, but also through various partnerships with other organisations/insurers in different markets.

The fundamental premise of Vitality is to reward customers for living a healthier lifestyle, thus reducing the risks to the insurer. Both health and life insurance products have a number of innovative features, but the major selling point for both policies is the use of the reward system.

The reward system tracks user activity data (e.g. walking, going to the gym, eating healthily or visiting the dentist) using information from devices like Fitbit or Apple watches. In exchange, customers can earn cashback, premium discounts and rewards (e.g. spa breaks, cheap flights, cinema tickets, free coffee or subsidised technology).

The available reward benefits are dependent on the ‘status’ of the customer. When first joining the vitality programme, customers are enrolled at the bronze level. As points are earned, the status can be increased to silver, gold or platinum, unlocking better rewards. At the premium level, rewards are significant (e.g. 40% off the premium price) to inspire customers to exercise more. The scheme also enables the purchase of highly desirable products (such as the apple watch at time of writing), based on reward points, at deeply reduced prices, attracting more customers and improving the data flow into the company.

This application uses both a carrot and stick approach, and should the level of exercise drop, the premiums go back up. This combined approach is suggested to change the fundamental human behaviours and psychology.

Smart Homes—Neos

Neos (neos.co.uk) is a smart technology and insurance provider (by partnering with Aviva). They provide (leak sensors, smoke alarm battery sensors, CCTV cameras) as part of the insurance policy offering. Customers pay more per month for more sensor devices but get additional peace of mind. The technology can also be purchased standalone.

The Neos offering is additional a responsive one. Through an application, customers can manage their devices and also interact with Neos. Sensor devices are monitored (e.g. for security, for leaks), providing customer peace of mind. For example, if a water leak is detected, Neos can respond to that and make arrangements to investigate without the customer being at home.

4 InsurTechs and the Data Services Ecosystem

4.1 The Rise of InsurTech

InsurTech is a relatively new word that represents a subcategory concept from the broader financial technology world. It encompasses more than the narrow aggregation of activities combining traditional insurance with technology. It represents the ability to disrupt the incumbent value chain and allow new business models to form. InsurTech businesses often have the ability to position the customer at the centre of their offerings and provide customised services through improvement of information symmetry. The InsurTech definition therefore includes all innovation types: process, product, service and design, that can improve or create new insurance service and products.

Although InsurTech businesses are based on technology (and technological tools such as ML, AI, big data, IoT) it is not only their novel products and services, it is about the way in which these start-ups actually develop their products. Often these technology start-ups adopt agile principles and innovation practices, for example releasing Minimum Viable Products (MVPs) to the market in much quicker development and release cycles than larger firms are able to adopt. They are therefore more responsive to new developments in technology and external changes in the market. InsurTech innovations have been the subject of recent academic research. Stoeckli et al. (2018) have studied 208 InsurTech innovations and created an emergent model, classifying 14 transformational capabilities under five main themes: Digital infrastructure operations, data-driven infrastructure operations, digital service provisioning, insurance service development, customer network promotion and partner network promotion.

InsurTechs’ ability to identify and link technologies to a specific service, quickly puts them ahead of the incumbents in many ways and is very much a customer-centric industry, focusing on how to improve and optimise customer experience. By improving the customer’s experience and therefore relationship with respect to their insurer is a game changer in this industry. However, the first InsurTechs were not start-ups, but rather direct insurance companies that challenged existing incumbents in the retail motor sector, such as Geico in the US, Admiral and Compare The Market in the UK (Ricciardi 2018).

With the value of the InsurTech modus operandi being recognised by the major insurers, partnerships are forming to maximise the expertise and experience of both collaborators, big and small. In 2016 one of the biggest insurers in the UK, Admiral Insurance, partnered with a tech start-up Onezero Me (onezero-me.com) to create a new data-driven car insurance product for young drivers. The ‘firstcarquote’ product was aimed at new drivers and used Facebook posts to analyse the personalities of car owners and set the price of their car insurance accordingly.

Facebook users who write in short and concise sentences, use lists and arrange to meet friends at a set time and place [..] would be identified as conscientious. In contrast, those who frequently use exclamation marks and phrases such as “always” or “never” rather than “maybe” could be overconfident. (Ruddick 2016)

However, it was not all plain sailing. The Guardian reported that Admiral pulled the product less than two hours before it was officially due to launch (Ruddick 2016) with concerns raised by both Facebook and the Open Rights Group. Jim Killock, executive director of Open Rights, said: ‘Young people may feel pushed into such schemes because of financial constraints. The right to keep things private shouldn’t be the preserve of those who can afford it’.

Christl (2017) highlights the extent of corporate surveillance in everyday life (noting that insurance companies were among the first to use statistical models to predict consumer behaviour) and the consequence of pervasive consumer surveillance. The report notes that in recent years a vast landscape of partially interconnected databases has emerged from various industries that ‘collect, analyse, acquire, share, trade, and utilize data on billions of people’. Furthermore, ‘much of corporate data collection and utilization happens invisibly, often with neither knowledge nor consent of the subjects’ (ibid., p. 5).

Many of these data providers are InsurTechs who provide business to business (B2B) data services specifically to collect and analyse vast datasets for insurers, however, not all provide data services about people.

4.2 InsurTechs That Provide Data Services to the Industry

4.2.1 Insurdata (US)

Insurdata (insurdata.io) is a US InsurTech firm that provides reinsurance underwriter provides services specificallys with property-specific data to support their pricing, underwriting and portfolio management decisions. Insurdata specialises in high-resolution, peril-specific exposures and building-level risk data, using technology that includes mobile augmented reality and 3-D model creation, providing both desktop and mobile solutions.

4.2.2 Betterview (US)

Betterview’s (www.betterview.net) risk management platform helps carriers to identify and score roof condition and other property risks. Betterview does this by using machine learning and computer vision to analyse manned aircraft and satellite imagery. Betterview then combines this data with other sources such as building permits, assessors’ data and historical weather to determine the characteristics and condition of a roof to determine the risk of future losses.

4.2.3 Rezatec (UK)

Rezatec (www.rezatec.com) provides a geospatial data analytics platform for the infrastructure, forestry and agribusiness sectors. Its proprietary algorithms process data inputs from satellite, airborne and ground sensors to predict outcomes for key assets across a range of industry verticals.

4.2.4 Cape Analytics (US)

Cape Analytics (www.capeanalytics.com) uses AI and geospatial imagery to provide instant property intelligence for buildings across the USA so insurers can more accurately assess a property's risk and value.

4.2.5 CrowdAI (US)

CrowdAI (www.crowdai.com) is an image recognition software that combines machine learning, computer vision and human intelligence to maximise value for self-driving car, automated drone and satellite image companies. Currently targeting enterprises, CrowdAI accurately and cheaply provides scalable, high-quality image annotation, with plans to enter industries like medical imaging and the military.

4.2.6 Groundspeed Analytics (US)

Within the property and casualty insurance market, massive amounts of data remain tied up in unstructured or semi-structured documents, such as PDFs and Excel files, to scanned images and emails. Unlocking this data presents a real opportunity for insurers, reinsurers and brokers to help improve underwriting efficiency and automating submission data capture, to identifying underwriting profit pools and market-wide changes in loss exposure. CBInsights (2019) reports that there is a notable investment by companies into commercial data automation, an activity at the early adoption stage in the Industry. Those, insurers who are investing in Natural Language Processing (NLP) for example are starting to unlock the value of unstructured and semi-structured data. For example, the commercial data automation firm Groundspeed Analytics (groundspeed.com) provides services specifically for insurance. They use artificial intelligence to harvest, normalise, enhance and extract data to client’s specification so that it can be used to unlock the value in unstructured data.

5 Challenges

5.1 Ethics, Systemic Trust and Compliance

The explosion in available data that can be used as proxy indicators toinsurance risk is shifting the balance of knowledge towards the insurance organisations and away from the customers. With so much information now available to insurers,Footnote 2 it is less of a question of what *can* be done and more one of what *should* be done.

Many consumers and small businesses do not trust the insurance industry. The Chartered Insurance Institute set out the challenge of trust in the industry (Chartered Insurance Institute 2018); with consumers finding the language confusing, having difficulty comparing policies and a poor understanding of products. Clearly insurers have a long way to go to win the trust of consumers who are inherently untrustworthy of both the insurance sector and new AI technologies.

While data itself brings a range of ethical risks, the greatest focus should be how the wider ‘data system’ (inclusive of people, processes and technology) makes use of this new data and the decisions made as a consequence of that data use.Footnote 3 It is this systemic perspective that defines whether it is ethical and trustworthy.

For example, a large majority of new data coming from the motor vehicle and the health insurance sectors is geolocative in nature. This is necessary to derive many of the key risk indicators (e.g. speed of travel, where a car is parked, how much movement a person does etc.). However, raw geolocation data allows insurers to see much more than this, if they were so inclined. In addition to driver behaviour triggers, the same source data could be used to identify the locations you have visited, who you have met, whether you have visited a hospital or if you are religious, among other data points.

As big data, AI and other related technologies are still new and emerging, global society is yet to reach a coherent view on what we should and shouldn’t be doing with data. Clearly, unfettered and unscrupulous access to data is not a desired state for most, but insurers will need at least some access and trust to modernise their risk evaluation methods to utilise new data sources.

The successful adoption of ethical data use into society requires a multi-pronged approach. At one end of the spectrum, Governments will need to legislate for acceptable use of data. At the other, the insurance sector will need to push itself forward to adopt appropriate codes and behaviours that are compatible with the law and societies expectations.

5.1.1 It’s Not One Ethics Perspective

Across the globe, the perspective on what is and isn’t ethical data use changes. While perhaps an over-simplified view, we compare three countries on the subject of data protection:

  • The European Union, with activities such as GDPR, is very much a people-first culture of data ethics that ensures the right for information self-determinism.

  • In the USA, data protections come from consumer law, as opposed to any fundamental rights.

  • China, which is known for active monitoring of its population, puts the rights for data access with the government over and above the individual.

Consequently, data systems designed and built in each of these countries will have fundamentally different principles of data protection built within them. While the fourth industrial revolution is pushing society towards a connected world where borders are less relevant than before, insurers looking to adopt new data systems must be careful to ensure the systems they use are compatible with the local definition of data ethics.

It is likely that adopting a data system developed, for example in china, and then using itFootnote 4 in the EU, without being explicitly designed to cater for the local ethical profile, will fall short of regulatory requirements and societal expectations. Even in good faith, emergent and unexpected differences in culture will likely introduce ethical incompatibilities.

The European Union’s GDPR Regulations

In 2018, A General Data Protection Regulation (GDPR) was introduced which enshrines seven principles of personal data use into law (Information Commissioner’s Office 2018).

  1. 1.

    Lawfulness, fairness and transparency

  2. 2.

    Purpose limitation

  3. 3.

    Data minimisation

  4. 4.

    Accuracy

  5. 5.

    Storage limitation

  6. 6.

    Integrity and confidentiality (security)

  7. 7.

    Accountability.

These principles guide and direct the trajectory in which businesses (in the EU and working with people in the EU) can collect and make use of personal data. The GDPR legislation is substantial, despite its fairly simplistic principles. Although the regulation has been active since 2018, many issues in its use are still yet to be resolved, and the insurance industry is still grappling with its correct application, as many anticipated industry guidelines are yet to be produced (Insurance Europe 2019).

Most significantly for businesses, the GDPR regulations have introduced rights to erasure (commonly known as ‘the right to be forgotten’) and rights to correction (when personally identifiable information held about a person is known to be wrong). Although noble in its intent, this undebatable right for the erasure and correction of personal data brings many issues for many insurance data systems, which were never built with this facility in mind. If this right is exerted, companies will likely find themselves manually searching, editing and removing data from their current systems.

This is not to say that newer systems, built on machine learning fair any easier. It is not yet clear how companies should handle erasure/correction requests where the previous data has been used within a machine learning model; would changing that data affect the performance of the model. Machine Learning methods are like baking a cake—you cannot get the eggs out once you’ve made it. If insurers end up having to re-run machine learning algorithms with corrected data, this will be of significant burden.

Similarly, Blockchain, which by its intended design is an immutable and permanent record of transactions, runs headfirst into the problem of a right to erasure (Insurance Europe 2019). In many organisational implementations, it is impossible to correct data once entered. In others, while possible, needs the coordinated actions of multiple parties to ‘force’ a change across the distributed record, an incredibly resource hungry process.

The GDPR regulations are a good example of how data ethics vary by country. In the EU, individuals have the right for publicly available data to be removed. By contrast, the USA holds a much stronger freedom of expression bias, where it is thought that leaving information available for anyone to see is considered the fundamental right. Additionally, we can consider the US upcoming Clarifying Lawful Overseas Use of Data (CLOUD) regulations:

The USA’s Cloud Regulations

The CLOUD Act is a federal law enacted in March 2018 that governs the handling of any data outside the United States. It is significant in its scope because it removes the boundaries so that it is irrelevant where the data is processed or stores.

In short, any US company, or company with a US presence, has to support the US authorities when it comes to any aspect of their jobs (including criminal investigations). It creates a legal framework fin the US where the data a company holds, regardless of type or location globally, can be requested by US law enforcement. This could be personal or company data, from business details to trade secrets and intellectual property.

The US CLOUD Act is directly at odds with the EU GDPR regulations when it comes to personal data protections. Under GDPR, personal data can only be shared with other countries which apply the protections of GDPR and importantly, can only be done so where there is a mutual legal assistance agreement in place. Simply put, a request for personal data from a company covered by GDPR requires a court agreement to do so from the EU country involved. This is directly at odds with the CLOUD regulations, which require unfettered access without court involvement to that same data.

Consequentially, should insurers fall under both legal jurisdictions, they must inherently not comply with one set of the regulations, and risk significant legal recourse. It should be noted that this does not only apply to the insurers themselves, but also the companies that insurers use in the process of handling data. For example, Microsoft, Google and Amazon are all US companies widely used by UK insurers for cloud computing capability. Resultantly, any data processed by these companies (regardless of geo-location) is “fair game” under the CLOUD legislation.

Source Ionos (2019).

5.1.2 The Future Direction?

To understand further the future trajectory of data ethics, we look at the parallel work on ethics and trustworthiness in the context of AI. The use of AI and the use of data is inextricable in this systemic perspective; it is not an extreme position to suggest that AI is merely advanced data use, as modern AI is fundamentally a data-driven concept. While it is the ‘bigger’ societal impact of AI that is driving current ethics discussions, the consequence of this debate will ripple back through the supporting ‘stack’ of emerging data technologies, including big data.

A wide array of national and international bodies has recently published guiding principles on the ethical use of AI and data. While it is not the purpose of this book to review the detail of each and every guidance paper, a clear set of principles are being endorsed across multiple, independent organisations. To evidence three:

  • The Organisation for Economic Co-operation and Development’s (OECD) Council on Artificial Intelligence states that AI should be inclusive, sustainable, promote well-being, be human-centred, fair, transparent, explainable, robust, secure, safe and accountable (OECD 2019).

  • The World Economic Forum states that data use should be secure, accountable, transparent, auditable, equal to all (fair and unbiased) and ethical (protecting the rights and aspirations of the vulnerable) (Hoffman et al. 2019).

  • The IEEE Global Initiative for the design of Autonomous and Intelligent Systems states that systems should respect and protect human rights, increase human well-being, empower data agency, have evidenced effectiveness, are transparent, accountable, consciously guarded against misuse and used by competent persons.

While the above three examples use different words on occasion, the trajectory towards human-oriented, human first data use is clear. Of other notable trends, insurers must be aware of the trend towards transparent and accountable systems, which will require functionality not currently seen in many application cases. While these forward-looking principles are not yet enshrined in law, they are a clear indicator of intent. The OECD recommendations are pertinent, as these recommendations have subsequently been endorsed and adopted by the G20 group of countries (June 2019) (G20 2019).

While the IEEE is a standards body, we know that, over time, voluntary policies and adopted strategies become best practice, which in turn shifts the focus from ‘those who do’ apply good standards to ‘those who don’t’ as wider adoption spreads. Where commercial and societal pressures do not influence change, governments may then legislate to change voluntary standards into compulsory ones.

5.2 Regulation and RegTech

The reporting process for insurers is complex and can be very expensive. Regulatory disclosure provides the means to compare one organisation with another and is a legal obligation. Effective and accurate disclosure also provides evidence of an organisation’s ability to meet its obligations to its financial stakeholders, demonstrates solvency and that key stakeholders are adequately protected.

The UK has two regulatory bodies for the insurance industry; the Prudential Regulatory Authority (PRA) and the Financial Conduct Authority (FCA). The PRA promotes the safety and soundness of insurers and the protection of policyholders. The FCA regulates how these firms behave, as well as the integrity of the UK’s Financial markets. In recent years, following the growth of different business model within the insurance industry, data and risk management is no longer the mandate for the incumbent in this market but rather a set of data and data analytics suppliers that provide new mechanisms for risk management capabilities. Many of these suppliers are operating from outside of the UK domain. Thus, the regulators are constantly required to follow global trends and changes to make sure the general public good is preserved with respect to discrimination, pricing, data protection.

The regulator in Europe, to which UK Insurers need to comply, is the Insurance and Occupational Pensions Authority commonly known as ‘EIOPA’—a sort of industry watchdog. Solvency II (which came into effect in January 2016) is the European regulation that governs the amount of capital that an EU insurance company needs to remain solvent and whether their risk management practices are sufficient. The principle has been adopted by main other countries who have created their own regulatory models based on this such as the US’ Risk Management and Own Risk and Solvency Assessment (RMORSA). The new Solvency II regulation has come under much criticism. Firstly, the cost of compliance has been much higher than expected, with some major insurers incurring tens of millions of euros (Boobier 2016, p. 39; Butler and O’Brien 2019). Other criticisms include: the significant computing power required to comply with reporting; the fact that sensitive data is leaving the premises, the country or both; and the overall skill needed for compliance in a smaller insurer makes it difficult to fund in-house. Increasingly insurers are looking to regulatory ‘service providers’ to support their compliance.

EIOPA is actively engaged with updating regulation in the Insurance sector while encouraging innovation at the same time. In a recent roundtable discussion of Industry experts, EIOPA acknowledged that in the context of rapid digitalisation, big data and AI: ‘regulatory and supervisory authorities have a role to play, by encouraging financial innovations while, at the same time, ensuring a well- functioning consumer protection framework and financial stability. In doing so it is necessary to respect key supervisory principles such as proportionality, market integrity and technological neutrality. Initiatives such as regulatory sandboxes, innovation hubs or public-private partnerships show that it is possible to be innovative in the approach to foster financial innovation’ (EIOPA 2017).

Over 50,000 regulations were published between 2009 and 2012 in the G20 (Butler and O’Brien 2019) and compliance is task that insurers are keen to digitalise where possible. RegTech is IT that helps firms manage their compliance and while some believe that RegTech will help determine the future of financial services by helping people innovate while generating trust from consumers (Roy 2019), others are much more sceptical.

While these technology systems offer powerful compliance tools, they also pose real perils. They permit computer programmers to interpret legal requirements; they mask the uncertainty of the very hazards with which policy makers are concerned; they skew decision-making through an “automation bias” that privileges personal self-interest over sound judgment; and their lack of transparency thwarts oversight and accountability. These phenomena played a critical role in the recent financial crisis. (Bamberger 2009)

Machine Learning, Natural Language Processing (NLP) technologies and the use of common ontologies have the potential to provide some real benefits for insurers and their requirement to comply with regulatory frameworks but, AI will do little to overcome the issue of human error in the so-called experts, systematic misconduct and fraud in the system (Bamberger 2009).

6 Conclusions

New technologies and the emergence of big data provide huge opportunities for new and existing organisations alike to make significant gains in the market, however, there are many external and internal influences that challenge organisations capability to maximise those opportunities. The challenge for incumbents is to simultaneously keep pace and exploit new technologies and data, react and adapt to disruptive InsurTech competitors in the market, while endeavouring to make sense of the often hyped and over-evangelised technological innovations on the market.

The application of digital technologies is a topic of vivid debate in the insurance industry and the proliferation of white papers, industry conferences and online knowledge bases alone can fuel this hype and act as ‘expectation generation devices’ for future insurance markets (Meyers and Hoyweghen 2018). The pressure to move quickly and deploy AI solutions to remain competitive, may lead to risks including insufficient testing and an overreliance on AI and data specialists (Patel and Lincoln 2019). While AI adoption spurs competition, it could also lead to market concentration. Root Insurance Co (2017) uses AI to proactively target low-risk drivers, which presents ethical questions for the regulators as it has the potential to transform market structures. Shifting the burden of higher risk drivers to others.

While machine learning systems, leveraging the exponential grown of new forms of data, enables insurers to evaluate risks at a much more granular level, this capability will in fact disadvantage certain customers and challenge consumers’ concept of fairness. Customer trust could be damaged not only through insufficient transparency of algorithmic decisions, but the potential of AI models to propagate biases that can be difficult to identify and correct (Patel and Lincoln 2019). The concept of redlining (a historic discriminatory practice in property insurance, to deny credit or provide credit on poor terms for reasons unrelated to creditworthiness) has been around since the 1990s. However, recent research has raised concerns that ‘algorithms in the housing arena have the potential to operate in a manner that perpetuates previous eras of discrimination and segregation’ (Allen 2019, p. 219). An additional key risk for the insurance sector is to find and retain specialist talent who can design, develop, deploy, test and maintain AI systems—in order to mitigate the risk of ‘optimisation at the expense of social benefit’ (Patel and Lincoln 2019).

Findings from a 2019 (Capgemini and EFMA 2019) survey (of 75 insurance executives from across 20 markets) highlight that over 70% of insurers believe that: not only that advanced data management capabilities would be critical to establishing a future-state insurance marketplace but also they need to shit focus to holistic risk solutions for customers.

Many insurers are now differentiating themselves by providing holistic risk solutions through value-added services. In the ‘smart’ home for example, these include security monitoring with links to emergency services, property concierge services and remote care monitoring and assistance focused on specific health and well-being needs. The most advanced of these service offerings are in France, where some insurers sell télésurveillance at a €200–€400 annual fee to more than 10% of their home policyholders: the most sophisticated are specialised value propositions for the elderly and a platform of property services delivered by a network of local certified providers (Carbone 2019). These new value propositions mark a step change in the industry: from selling insurance products to proving ‘assurance services’ and perhaps with it, a change in the trust relationship between customers and the industry. Customer perception of fairness and overall trust in the industry will remain critical in this wave of innovation.