Insurance Edge chatted with Simon Viney and Chris Andrew from BAE Systems, to get the latest news on Coronavirus related cyber threats for brokers and insurance companies. We also take a look at the challenge posed by remote working for teams becoming the norm.
IE; Let’s start with the online security issue for insurers who are now trying to set up hundreds of staff at other locations, or working from home. One thing that occurs immediately is that there isn’t an IT dept to call on extension 237 any more.
SV; Yes it will be difficult for companies for a variety of reasons. The key thing regarding IT support is telling everyone that there’s a particular place to go for answers to specific IT or security issues. You need a Cyber security lead in place so you have a structure and staff aren’t simply Googling problems themselves. Thing is, staff can have the best intentions when it comes to sharing tips and advice but just because someone saw a solution online doesn’t mean it’s the correct thing to do.
IE; Would a kind of in-house Google help companies share information on Corona related cyber threats?
SV; It could, but it all hinges on curation of the information. For example threats can evolve very quickly, so not only do you need to post the latest news on a particular suspect email, but you also need to delete the outdated notification, in case someone sees that older post first.
IE; What new cyber threats have emerged after Corona?
SV; We have already see a slew of malicious apps and websites. So typically an app can be created in just a few days now, not months, and criminals really see COVID-19 as a huge opportunity to lure people into downloading suspect apps. These tend to promise case-by-case data, potential vaccines or cures etc. Despite people knowing the site or app could be dodgy, they may be tempted to have a look and then the app will harvest as much personal – or company – data as it can. Or transfer malware into a device.
IE; This crisis is especially challenging right now in terms of claims isn’t it, much more to come in the rest of the year too?
CA; Definitely. The latest information released by the Association of British Insurers (ABI) suggests that Covid-19 related travel payouts will cost the industry in excess of£275m., I suspect that this figure will be higher, as the initial wave of travel claims is, in parallel, matched by business owners claiming and homeowners stuck abroad potentially suffering losses and/or exceeding the typical 30-day insurance policy clause surrounding occupancy. The entire Covid-19 situation is going to be immensely difficult for brokers and insurers to manage, as they have staff at home self-isolating, others perhaps working at home where the WiFi isn’t good. The other key thing that insurers need to think about is that they may not have access right now to the proper systems and controls and associated checks for fraud-related claims as they enter the system. The usual red flags might not (immediately) appear, as the whole infrastructure (people, process and technology) is under significant pressure. This highlights how an existing IT infrastructure might struggle to keep pace with the evolution of technology, operational resilience and new fraud attempts.
Over the next 12 months or so, there is going to be an increasing amount of pressure on insurers to pay all valid claims swiftly and this may well encourage a small minority to essentially `try their luck’ with a fake claim. Insurers need to evolve new systems, new protocols, to combat this inevitable reaction to the avalanche of claims – some will see this moment as the perfect opportunity to put in a fake claim, no doubt about it.
IE; Is this the time to utilise AI and automated systems much more?
SV: Yes definitely, but insurers need to focus on operational resilience overall. How can they deploy more AI and maintain essential services when the whole system is under extra load due to the virus? There’s perhaps a certain amount of testing that has to be carried out first. How does a new AI feature perform, does it have a flaw, are all compliance issues being resolved and so on?
CA; This whole thing is a complete paradigm shift for the insurance and IT industries. As the FCA has noted, the customer should still be treated fairly under the extremely difficult conditions, so there is always the risk that if things are rushed and new AI systems don’t work 100% effectively you kind of drive up the level of disloyalty when its renewal time, or open the door a bit to more fraud. Difficult balancing act for many companies and I do think there will be more fraud attempts right now, as people are under financial strain, plus others see the overload in work as being the perfect time to pursue opportunistic organised fraud attempts.
IE; Looking ahead over the next 12 months, how can all the calls held in queues, the emails and texts get triaged better – can software help that process?
CA; Setting up your staff at home with a secure VPN and login details is perhaps the easiest part of this. Then the real work begins in joining up all the data, the different contact points within a company, or even between the insurer and claims, accident, recovery, legal and other third party outsourced companies too. The sheer volume of emails and messages over the next few months will be hugely challenging to handle effectively and there will inevitably be delays, dissatisfaction, complaints and Ombudsman involvement.
SV; In theory you should be able to scale up your usual communication channels. There could be separate IT systems in some larger companies, say where the claims department is entirely standalone. Right now, you probably need to break those in-house barriers down, without making your systems more vulnerable to attack. Fraudsters will see the big spike in demand for information on Coronavirus testing, vaccines etc. as a perfect way to compose a phishing email. The National Crime Agency has already said that people are being tricked into visiting sites that offer maps of infection, testing kit availability and so on. Your normal reticence to click onto something can vanish if you think there is something in that email that may save your life.
CA; The other factor regarding fraud is that if travel insurance policies exclude Corona claims, and holiday companies don’t refund money, then people can be tempted to try other types of insurance fraud to get recoup some money. Insurers need to be able to track a variety of information on different policies, claims history, locations etc. before settling claims – the more verifiable data and insight you have, from multiple sources, the better.