The Insurance IndustryInsurance has been called the “DNA of Capitalism” and the “Oxygen of Free Enterprise”. Without insurance banks do not open, planes do not fly and hospitals do not function.
As our society becomes increasingly reliant on everything digital, the significance of Insurance in the cyber domain also increases by the day. Guardtime offers a host of KSI-based solutions that help insurance companies to better run their business and offer various cyber-related services, from supporting reinsurance standards, insurance policies and claims, new cyber liability policies, subrogation, regulatory compliance, to connected vehicle and health-care sectors.
A Dematerialization Blockchain for PoliciesThe blockchain is helping revolutionize finance by powering crypto-currencies that do not rely on centralized authorities for currency issuance and transfer.
In the insurance domain the blockchain has the potential to eliminate fraud by providing a means for independent verification of the veracity of policies and claims, displacing the roles of a trusted third party for preventing duplicate transactions and providing a verifiable public record of all transactions (without violating data privacy)
In the US alone medicare fraud, including false billings, tampered documents and fake identities stretches into the billions of dollars. An independent record of all transactions has the potential to stop this fraud in it’s tracks.
CyberliabilityIn the wake of numerous recent data breaches, much has been published on cyber liability insurance. Professional liability policies for companies providing computer hardware and software services have grown to include not just technology providers but all those collecting, storing and processing electronic data from their customers.
The approach of modern security is based on the same core principle: search for vulnerabilities. Firewalls scanning traffic that enters the network, signature-based malware detection schemes etc. Yet, despite of all the efforts, and hundreds of billions of dollars invested in cybersecurity, large scale cyber breaches are and continue to be everyday news.
KSI adds a new real-time capability for security professionals by focusing on the integrity of the assets that make up a network - the configuration of every switch and router, firmware, event logs, binaries etc the state of the network can be verified independently and in real time. It’s the difference between searching for needles in a haystack and having real-time certainty of the position and properties of every straw of hay.
Post-Breach one of the biggest challenges for insurers is proving exactly what happened when.
There is no equivalent of photo inspection in the digital world.KSI provides instrumentation for forensics – there is no dispute about what happened when allowing liability to be distributed, simplifying subrogation procedures and enables electronic evidence to hold up in court.
That said, the focus of the insurance industry is turning to pre-breach with resilience and mitigation processes. Mitigation is the real solution to cyber breach as in other perils like flood and cyclone that have been managed for years. Insurance and reinsurance is a secondary solution once mitigation is in place allowing the industry to minimize the risk and warranty against the mitigating standards.
KSI allows a cyber resilience program to be put in place from mitigating, identifying, responding and recovery in the shortest possible timeline. This is what the regulators want to see now as the industry becomes more au fait with the risk and can progress to mature cyber risk management.
- Ernst&Young whitepaper: Cyber Insurance Thought Leadership
- Whitepaper: The Black Swan Event for the IT Industry
- Native forensics, integrity instrumentation and breach management
- 6 reasons why encryption isn't working
- Our answer to Peter Thiel: start with integrity
- Google, subrogation and cloud data residency
- Target: a confidentiality or integrity breach?
Big Data Lakes: Hadoop-based Long Term Archiving and Solvency RegulationThe recent Global Financial Crisis in 2008 has changed the way regulators and governments look at systemic risks especially for banks. Insurance although relatively unaffected by the crisis now has to deal with the aftermath of new regulation based on minimum solvency and capital requirements. This regulation is called Risk Based Capital and affects every country trading in insurance. One of the challenges for insurers here is operational risk mitigation for data privacy, transparency and retention of insurance records longer than the lives of the insured and spanning organizational changes in commercial and Government organizations.
Supervisory directives demand changing rules of retention of data under the banner of e-Discovery. E-Discovery requires the ability to produce as evidence all potential data and requires meetings to discuss the status of the data from whence it came, has it been tampered with and when was it created. This means that all electronically stored insurance information needs to be stored for long periods.
Regulations regarding archiving typically inhibit the adoption of Big Data Lakes for all types of data as they do not meet industry regulations and corporate requirements for retention. Typically in order to be compliant an enterprise will need to extract the data and move to long term archiving storage hardware. This is both grossly inefficient and expensive. Within the telecommunications industry it is often more efficient for operators to pay the fines for failure to meet compliance for CDRs than to pay the archiving costs.
By integrating KSI in to the design of Big Data platforms every data record stored comes with independent proof that the data is in its original state and has not been manipulated. This allows all the data in a data lake to meet regulatory compliance for retention – it is possible to prove compliance to regulators and auditors without the need for separate dedicated hardware. Further as the KSI signatures are portable, data can leave organizational boundaries and be delivered electronically to third parties with complete chain of custody maintained.