For further information about Technology click here

Technology is reshaping the insurance industry.  From AI to generation Z, we discuss the developments you need to know about.

Technology predictions

Health tech will improve risk data and fraud exposures, but privacy will remain the big issue

There is a wide range of health tech, including wearables, insertables and connected health monitors, contributing to the global pool of health data. New health tech will keep coming. For example, Google’s sister company, Verily, is looking to turn contact lenses into devices that monitor diabetics’ glucose levels. Insurers will compare an individual’s health data to big data sets to assess their health risks. This will result in better risk modelling, new products including “just-in-time” cover, and improved fraud protection. Individual health data will also be used in court proceedings as evidence of activity levels or injury. Privacy will remain the big issue and the main legal battlegrounds will involve device security and the current ambiguities in privacy law.


Artificial intelligence and deepfakes will be used by hackers to undermine cybersecurity

Artificial intelligence (AI) will usher in a new era of offensive cyber-attacks and defensive cyber security measures. Businesses are implementing AI as part of their cybersecurity defences to protect data and help thwart cyber threats. It is inevitable that attackers will equally look to the same technology to open new doors as quickly as they are closed. It may not be long, therefore, before AI cyber security becomes an arms race in itself.  Deepfakes, the modification of images, video and audio recordings through AI so that they appear genuine, could pave the way for more personalised scams and frauds.  Many cyber-attacks begin with a phishing email – maliciously fooling individuals into disclosing credentials or authorising payments through emails that are surprisingly convincing.  If hackers are able to utilise the sophisticated technology behind deepfakes, it is conceivable that they could mimic human voice commands by telephone so they appear to come from a trusted source.  Rapid advances in AI are also raising new technological possibilities, particularly in the field of cyber security.  Those companies that have the resources to access this technology may fare best in this new arms race. Unfortunately, those organisations that do not, risk becoming the new “low hanging fruit” for cyber attackers.

Big name IT providers may be the next hit for an ICO enforcement action

The GDPR introduces direct obligations on data processors (the party who processes personal data only on the instructions of the data controller). Although fewer and fewer companies’ operations fall under processor activity, due to the narrow definition applied by the Information Commissioner’s Office (ICO) in the UK and more and more sophisticated uses of data by service providers, the new liability which attaches directly to data processors means that in certain circumstances they can be sued directly by data subjects and fined directly by the ICO for data breaches. With many IT providers having much deeper pockets than their clients, we consider it possible that we will see a big name IT provider adt the forefront of an enforcement action very soon.

GDPR: further action for incorrect use of data  

The Information Commissioner’s Office (ICO) has already issued its first enforcement notice under the GDPR concerning a company’s incorrect use of data (Aggregate IQ, a data analytics company closely linked with Cambridge Analytica).  This was not a monetary penalty, but we predict that monetary penalties for non-security GDPR breaches will follow.  In 2019, we have already seen the ICO’s notice of intent to levy significant fines on Marriott Hotels and British Airways for their security breaches.  Our prediction is that the ICO and other regulators across Europe will wish to flex their powers and impose monetary penalties for a full range of GDPR breaches, not just those associated with security.

An Irish Perspective: There will be an increase in multiparty actions under the GDPR

The Irish Government introduced a Public Services Card which the Data Protection Commissioner (DPC) considered was in breach of the GDPR. The DPC concluded that the manner of information collection and retention on millions of citizens was unlawful and is planning to launch enforcement against the relevant government department. A civil liberties group plans to submit a legal complaint on behalf of over 1000 people. This matter is significant and has raised awareness in Ireland of multiparty actions due to breaches of data protection rights. This would also set the stage for the opportunities under the proposed Representative Action Directive.

An Australian Perspective: Malware will target information, public sector, education, healthcare, banking and professional services industries

New strains of malware, such as the trojan malware Emotet, are evolving and continue to expose organisations holding sensitive information to cyber-attack. The recent strain of Emotet was so widespread it triggered an investigation by the Australian Cyber Security Centre. Malicious emails, often containing attachments with viruses, will remain one of the favoured channels of attack for hackers. As the malware can spread very quickly through an organisation’s network, it’s critical that businesses respond quickly to contain and fix the problem. They also need to quickly assess information security and potential privacy breaches, as well as communicate promptly with employees and other affected stakeholders.

Insurers will invest heavily in tech, disrupting existing actuarial, insurance distribution and claims management activities

Insurers will continue to embrace tech for all of the myriad advantages it offers. We will see increased reliance on blockchain-enabled smart contracts being used across insurance categories to improve customer access, transparency and data security. Customers will use smart devices to directly interact with insurers’ software bots, disrupting existing distribution and claims management activities with a service that is responsive, accurate and less costly. Insurers will also use big data and sophisticated analytics to model risk, predict claims outcomes, inform pricing decisions and minimise fraud. This will lead them to rely on an individual’s data and the comparative set, rather than actuarial modelling. For insurers, backing the right tech, securing investment funding and managing privacy risks will be the key issues.


Innovative technology will introduce new ways of working and new enterprise risk

Digital asset and blockchain technologies are two examples where financial institutions (FI) have pushed forward the innovative use of products which involve third parties vendors who are not themselves the subject of the same regulatory scrutiny as their FI clients. Without product development by FI underwriters, unexpected gaps in cover will appear where losses occur, whether through disruptive IT system attacks or technology outages, which involve such innovative products in a relatively unregulated environment. Underwriters will need to consider the extent to which the increased enterprise risk should be accepted under FI products.   

A US Perspective: Directors’ & officers’ liability related to privacy violations will increase

The past couple of years have seen directors and officers in the United States subject to alleged liability in connection with 1) the failure to provide properly for and oversee an information security program or 2) failure to give customers prompt and accurate information in disclosing a breach. With laws in Europe setting the basis for a corporate penalty, the upcoming enactment of the California Consumer Privacy Act in January 2020 may lead to disputes about directors’ and officers’ compliance obligations and those exceptions in response to deletion requests from Californian residents.  


Modernisation of Lloyd’s and London Market will gather pace

The publication by Lloyd’s of Blueprint One – following the unveiling of the Future at Lloyd’s prospectus in May 2019 – underlines the determination of the London insurance market to modernise and to cut the costs of doing business in London. The Blueprint sets out six improved ways of working, underpinned by a heightened focus on digital, data and technology to deliver greater benefits to customers. Phase 1 will be delivered during 2020 and will include early quick wins, including the launch of an electronic risk exchange which could, over time, process as much as 40% of Lloyd’s risks. In addition, Lloyd’s will pilot a solution that automatically triages claims to speed up settlement and introduce simplified onboarding for Lloyd’s coverholders. With electronic placement of business already gathering pace, structure and methodologies of the market will continue to change with brokers in particular having to review their business models.


Cyber clarity will not be straightforward but must be prioritised

Since 2015, the Prudential Regulation Authority (PRA) has been escalating its scrutiny of cyber risk.  Lloyd’s has accelerated this process, publishing Bulletin Y5258 on 4 July 2019.  This imposes a timetable for syndicates to provide clarity to customers on coverage for cyber exposures, with sanctions threatened where syndicates fail to comply.  The PRA will expect similar steps to be taken by insurance companies. This will not be straightforward to implement.  There is no clear definition of cyber risk.  The scope of cyber risk in insurance also continues to evolve, which is a good thing as innovation is needed as cyber threats are also evolving.  Cyber clarity is nonetheless a laudable objective and, with or without regulatory pressure, something which the market must prioritise.

Should cyber insurance cover extortion?

The official position of the US and UK governments is that they will not pay money to kidnappers.  Italian law goes further and families are barred from paying ransom demands or negotiating with kidnappers, except with the permission of a prosecutor and the co-operation of the police.  The assets belonging to the kidnapped victim's family are automatically frozen.  The rationale is obvious.  So why have governments stood back, allowing the targets of cyber extortion to pay in the hoping of receiving decryption keys? In the early days of ransomware, the typical demand was for a payment of US$300 (£230) in Bitcoin.  It made sense to pay rather than risk disruption.  Nowadays, demands can run into millions of dollars, with attackers researching their target’s ability to pay and timing their attacks with precision. On 2 October 2019 the FBI made an announcement seeking to discourage ransom payment. Europol also supports an initiative called “No More Ransom”. Beyond initiatives like this, governments have held back from making payment unlawful.  Is the current position sustainable?  Regulators could use AML regulations to target companies who facilitate payments.  Or governments may decide that the greater good demands a broader prohibition.  This won’t be easy when the targets are, say, hospitals or emergency response services.  One thing is for certain – the more time that passes before a concerted effort is made to address this issue, the more serious it will become. 


No easy solution to tackling misdeclared dangerous cargo, but something needs to be done

2019 has seen a worrying number of container ship fires. While there is agreement that the cause is misdeclared dangerous cargo, there is currently no consensus as to how to address it. Some argue for increased inspections/verification before loading, although time, cost and technology are an issue.  Others see the answer in fining shippers of misdeclared cargo, but brass plate shell companies may limit the effect. The International Union of Marine Insurance is focussing on improving fire-fighting systems, which have their own limitations.  Another potential aid is blockchain, which could significantly increase transparency around goods being shipped. All interested parties agree a solution needs to be identified before there are more fatalities.

Will crewless vessels overtake automated vehicles?

The view that fully automated vessels will follow well after automated vehicles (AV) may be changing. While the significant infrastructure required for a reliable AV network is still some way off, and likely to be very costly, the infrastructure for automated vessels will not need to be nearly so extensive. Equally, the remote controlled stage for crewless vessels will potentially allow the transition to fully automated vessels to be quicker than with AVs.  There is also likely to be less disruption for marine insurers and P&I Clubs: liability will remain with the vessel owner, whereas AVs will see a significant shift from driver to product liability. On the regulatory front, a scoping exercise by the International Maritime Organisation is now well advanced, with further guidance expected in 2020.

The solution to reducing damage to sub-sea cables/interconnectors caused by anchors and fishing gear: co-operation or deterrents?

The rapid expansion of offshore wind farms and the development of a transnational electricity grid in the seas around the UK has significantly increased the number of power cables crossing the seabed.  One consequence has been an upsurge in incidents of hugely expensive damage to interconnectors caused by anchors and deep-sea fishing gear.  Co-operation between interested parties, such as agreeing designated corridors for cables and no anchor/trawler zones, helps mitigate incidents.  Nevertheless, rogue fishing vessels will still risk damaging cables to pursue a catch on the basis that their liability for any claim will be limited.  The introduction of fines by the EU/UK government might prove to be a more effective deterrent.


Artificial intelligence will transform the healthcare system, but will require risk management

The use of artificial intelligence (AI) is already changing how healthcare is being delivered.  AI powered health checks are helping the patients of some digital providers understand how their physical and mental health may be affected by current and past lifestyle choices.  AI is being used in medical diagnosis, particularly for pattern recognition (detecting meaningful relationships in a data set), for example in radiology and pathology.  However, when AI-enabled software takes over aspects of healthcare involving a level of “intelligent” assessment, it is important that the risks and potential liabilities are understood and managed appropriately.  While responsibility for the overall care of a patient rests with a delegating clinician, there are expected to be circumstances where the liabilities for any defects in AI technology is tested or litigated.  The suppliers of AI solutions may increasingly become targets for litigation.  It remains to be seen whether traditional tortious (Bolam) liability tests will apply or whether contractual provisions will be over-arching. We suspect a combination - primarily tortious liability between clinician and patient and contractual liability between clinician and AI provider. Covers will need to be refined to reflect this.

Healthcare data will transform risk analysis

Healthcare analytics is not only informative for individual healthcare, but it will become transformational for claims, driving benefits for insurers and healthcare providers.  Predictive analysis will become a tool of choice for assessing claims exposure, and insurers will be able to use their data to predict claims outcomes and assist with pricing risk appropriately.  This will, in turn, offer a virtuous circle of risk management for healthcare providers themselves, allowing them to focus on areas of risk, and enhance/reduce their claims exposure. 

A US Perspective: Cyber threats will evolve in healthcare - software risk is on the rise

Data breaches will continue to dominate the risks faced by companies in the healthcare industry in 2020.  The industry is facing a new and significant threat with the emergence of web-based software platforms utilised by established companies as well as start-ups in the drive for medical innovation.  These platforms are often designed to evaluate troves of patient data or to enable interconnectivity across systems or platforms, but adequate data security is often neglected.  Currently, companies in the global healthcare industry are unintentionally leaking sensitive information about millions of patients.  Class action lawsuits are likely to occur before the risk can be effectively mitigated.


Mass market adoption of automated vehicles will take longer than previously predicted

A global audience of insurance professionals recently predicted that fully automated vehicles (AVs) will only become commonplace within twenty years, longer than previously predicted. Almost two thirds of delegates at the DAC Beachcroft/ Legalign Global event believed that the speed of technological advance, governmental initiatives and consumer appetite for more sustainable forms of transportation will lead to mass market adoption over the next two decades.  Legal, technical and societal challenges, including public wariness of “new” technologies, remain significant as do matters of cross-border co-operation and compatibility.  A widespread and multi-jurisdictional desire and willingness for advancement in these areas will result in an ever increasing level of certainty and reliability which will in turn address some of the public concerns in the technology and its usage.

The Government will come under increasing pressure to legalise e-scooters

Increased ownership and usage combined with the concomitant need for regulation and a desire to address environmental concerns including city air quality and pollution will increase the pressure on the Government to legalise e-scooters and similar personal light electric vehicles (PLEVs). E-scooters are legal in many other European countries including France and Germany and the UK Government has committed to conducting a review. With organisations such as Transport for London entering the debate in favour of legalisation, expect the current limitations on the use of such modes of transport to become less sustainable and justifiable.  A formal legal structure for their use and regulation will be increasingly demanded by users, manufacturers and environmental campaigners.

Highly Automated Road Passenger Services will fundamentally change the insurance model

The adoption of a modern public transport system in which Highly Automated Road Passenger Services (HARPS) play a significant role will realise a number of social benefits in specific environments where the infrastructure allows. Private car commuters will be drawn by the ability to work and engage in productive tasks while travelling, while the young, elderly and infirm will benefit from improved independence. HARPS will accelerate the change from mass private vehicle ownership to mobility as a service, encouraging multiple occupancy ride sharing. Over time, this will reduce the number of vehicles on the road, improving congestion and air quality. Such societal changes will give rise to major challenges for the insurance industry, which will need to develop new products to meet the changing needs and demands of passenger service operators.


China will offer insurers opportunities and challenges

China’s Belt and Road Initiative, Made in China 2025 Strategy and Foreign Investment Law 2020 have significant implications for the global insurance market. Chinese manufacturing is moving up the value-chain, with investment in high-end production of specialised goods and innovation in fields such as robotics, clean energy (including electric vehicles), new synthetic materials and emerging bio-medicine as well as rail, aerospace and maritime engineering. These industries are central to the “fourth industrial revolution” – the integration of big data, cloud computing and other new technologies into global manufacturing supply chains. Chinese insurers are leading the way in adopting automation into their own processes and in the launch of new, technology-driven solutions and insurance products (such as “First Set” cover). The global insurance industry needs to incentivise the take-up of product liability and recall insurance by Chinese manufacturers, not only as an essential facilitator of product innovation and technological advancement but also to drive improved quality standards and instil consumer confidence in “Made in China” goods.

Farm to fork traceability – is blockchain the magic ingredient?

Manufacturers, retailers and regulators are increasingly looking to blockchain technology to increase trust and traceability in global food supply chains. Tracking ingredients in real time from farm/producer through processing and global supply chains to the retailer and consumer ought to make food fraud harder and increase consumer confidence.  While the technology may be secure, care will still be needed to ensure input points – from data entered by a producer to bar codes and other identifiers to track food – are not compromised. Improved traceability should also mean improved food safety and targeted remedial action – an end to blanket recalls?  Time will tell if blockchain is the panacea the global food industry, regulators and consumers have been waiting for.

The hidden health risks of 3D printers

Insurers will need to ensure that insureds involved in the manufacture or use of 3D printers are providing adequate warnings and risk assessments to make sure this technology is used as safely as possible, especially as use extends into schools and homes. Studies report links to adverse health conditions including asthma and cancer, with the printing producing high amounts of ultrafine particles and volatile organic compounds while in use (potentially for extended periods of time), which can pass through the lungs and travel to other organs and also transfer toxic material into the body. It is thought that critical to these levels is the formulation of the filament (for example additives to increase shine) and the temperature to which it is heated.  This continues the trend requiring increased awareness around the health risks of emerging technologies.

Online retailers at risk of being held liable for defective goods sold by third-party traders on their platform

A US federal appeals court recently ruled that online retailers could be held liable for defective goods sold by third-party vendors via an online marketplace. The decision, under Pennsylvania law, diverged from prior judicial reasoning that an online retailer had insufficient title or control over the sale of the product to be considered a seller under product liability law. Instead, the court found on the basis of a public policy argument that an online retailer was in a position to prevent the circulation of defective products and it was in consumers' interests to be able to assert a claim directly against the online retailer. This will in turn facilitate subrogation actions by insurers, where the manufacturer is outside the jurisdiction, untraceable or insolvent. As sales of consumer goods via online marketplaces continue to increase exponentially, there will be increasing pressure on English courts to hold online retailers liable for defective products supplied on behalf of absent or insolvent third party traders - even where the online retailer is acting merely as an agent for the third party.  

A US Perspective: Autonomous consumer products will alter a major sector of the product liability landscape

Autonomous consumer home electronics will identify hazards, pre-empt malfunctions, capture data and communicate with end-users in real time.  This has huge potential to reduce the volume of property damage related insurance claims, but at the same time gives rise to new exposures in the shape of product liability claims, cyber attacks and data breaches. Liability assessments and relationships with component suppliers and big box retailers will become more complicated and the market for traditional product liability insurance coverage will be disrupted.

Drones – an increasing risk

Drones have made their way into every-day life and their number will rise as soon as ways of using them commercially (especially in transport to end customers) become common. There is a multitude of legal aspects to be covered, from shared use of the skies to liability questions in respect of crashes, accidents and hacking/use of malware. Insurers have begun to identify drones as an increasing risk and addressed their use in private liability insurance. Risks will become larger as drone use for the distribution of goods matures, and insurers will have to re-define exclusions in general commercial liability insurance. Recovery actions will also increase where there are software or technical flaws.

A German Perspective: E-Cigarettes

E-Cigarettes or “vape pens” have become a hot topic since the outbreak of lung injuries took its first casualties in the US. That has not gone by unnoticed in Europe, and dangers of vaping e-cigarettes are publicly discussed. While the inclusion of harmful ingredients in vaping aerosols are regulated in Germany, the risk from goods imported into Europe from abroad (legally or not) exists. Putting aside the obvious liability aspects (which are to some extent similar to claims against the tobacco industry some years ago), this could have an impact on the approach to the licensing and labelling of new potentially harmful technology.


Financial Advisers: The rise of robo-advice will continue to disrupt the wealth management industry

Existing financial advice businesses and new entrants are increasingly looking at digital solutions as an alternative to more traditional advice models.  Robo-advice will increase competition and potentially allow advisers to reach underserved consumers. However, these developments present challenges for firms in circumstances where the rules and guidance on what advice is and how it is given were developed for an analogue age.  A digital solution can enable firms to mitigate risks associated with human advisers but bad design will more directly lead to systematic mis-selling issues.

Surveyors: Property valuation is likely to be complicated by environmental concerns

As automated valuation model technology fast becomes the primary valuation tool for lenders, and surveyor input is restricted to the more difficult cases, the impact of environmental change should not be under-estimated.  Flood risk analysis is likely to come into sharp focus as predictions suggest properties at risk will more than double by 2050 to 1.9m.  Similarly, as awareness of localised air pollution data rapidly grows, momentum is gathering pace for a ratings system to be introduced.  Adverse conclusions in either instance are likely to result in certain localities falling out of favour, which would inevitably have a potentially dramatic impact on values.  The availability and accuracy of such data, not to mention the skill of its interpretation in valuation terms, is going to be a critical ingredient of future valuation methodology.

Legal Indemnity: PropTech presents an opportunity for legal indemnity insurers

The shift in the real estate sector towards PropTech and the requirement for comprehensive provision of electronic property data presents an opportunity for legal indemnity insurers.  Property passports are emerging in the private rental sector as a way of speeding up the letting process. If this proliferates more widely, property owners may come under pressure to identify and address title and defects earlier in the conveyancing process. Early exposure to an insurer or broker will help property owners meet these challenges. Transparency, quality advice and pricing are likely to be the key differentiators in this market.

Technology E&O: AI and blockchain will move from noise and talk to practical applications

Insurers will increasingly deploy artificial intelligence (AI) and blockchain based solutions in their underwriting and claims management processes and their customers, particularly large and sophisticated ones, will deploy the same technologies in their claims submission processes. The use of AI and blockchain for practical applications will also impact insurers in other ways. The anticipated increase in the deployment of AI, together with the large cost of such solutions and existing skills shortage, are likely to result in an increase in claims against developers of such solutions


Underwriting for the unknown in renewable energy

The Haliade-X wind turbine has a blade length longer than a football field.  It is currently being tested but how can the engineers design for all the conditions this 260m offshore turbine is likely to encounter?  A bladeless turbine is currently being developed and may come to market within 12-18 months.  If more efficient than ‘traditional’ turbines, the oscillating rods will take underwriters back to square one as to the likely losses.  Looking forward, insurers will need to be cautious while also enabling new renewable energy technologies to have access to affordable insurance and thereby lowering our dependency on fossil fuels. 

Insuring lifestyle and the death of disclosure

Technological developments will pave the way for insurers to shift their focus onto insuring individuals rather than objects. On-demand functionality and better collection and use of data will allow individuals to update their cover from moment to moment, whether they are boarding a plane, leaving the house or being driven to work.  This may then mean that all the recent Insurance Act and Consumer Insurance Act developments on disclosure will ultimately become redundant and be replaced by real-time automatic status updates.  The ultimate goal is a completely frictionless future, where customer experience will be king.

An Australasian Perspective: Silent cyber risks in smart homes and offices will become loud issues for insurers

Smart homes and offices create various data protection and privacy risks. Cybercriminals can potentially access voice-controlled command centres and use electricity surges to destroy appliances or breach physical security. Even online smart fridges sending delivery orders could be vulnerable to attack and expose insureds to personal data theft and identity fraud risks. The term ‘silent cyber’, the exposure to cyber incidents contained in traditional policies, will start to get a lot more attention as technology is increasingly relied on. In England and Wales, Lloyd’s have already mandated that policies should expressly affirm or exclude cyber risk, starting with property policies by 1 January 2020.  Australasian insurers should follow these developments as they too start to exclude silent cyber risks in traditional policies in the property and liability insurance markets.


Market will face more significant cyber loss than NotPetya

The NotPetya attack in June 2017 is the nearest the cyber world has come to a systemic shock.  Regulators took notice, with the Prudential Regulation Authority and Lloyd’s ramping up measures to require insurers to manage exposure to cyber risk.  Surprisingly NotPetya has not resulted in universal take-up of cyber insurance, even by large enterprises. Even those that have taken it up have not always purchased adequate cover. It is inevitable that there will be repeat  attacks like NotPetya, with repercussions across the globe.  Insurers and insureds must plan on this basis. 

Cryptoassets – watch out for Facebook’s Libra in 2020

In the past year, two decisions stand out in the fast-changing world of cryptocurrencies. In Singapore, a dispute arose between traders when grossly inaccurate rates of exchange were adopted in a Bitcoin/Ethereum swap. In the UK, following a theft of Bitcoin, an asset protection order was obtained over a Coinbase wallet.  Making legal history, the court found that Bitcoin should be viewed as property.  Although Bitcoin dates back to 2008, and over 2000 cryptocurrencies are traded, they have yet to break through into mainstream commerce. It will be interesting to see if the Facebook initiative, Libra, can achieve this. It aims to reduce volatility by being pegged to a basket of fiat currencies, with 50% of the basket comprising US dollars. The anticipated launch is some time in 2020.

Back to top
Legalign Global Logo