AI vs IA

Story by Bill Haber / August 17, 2021

AI v IA: Which Serves the Needs of Cyber Insurance Now?

Limitations of AI

San Francisco-based Michael Chui at McKinsey Global Institute is an AI thought leader.  According to Chui, Ai has “significant limitations that, at least for now, stand in the way.” Some are purely technical, concerning whether applications can truly explain the function of their algorithms, or the validity of outcomes and predictions made. Other limitations are more practical. Machine learning requires more than data programming, but the training of models leveraging enormous data sets. Whether the data is actually available is a fundamental question, but others come into play; is that data labeled, requiring enormous amounts of human labor? How will you collect all the data and train it to be acquired? Is there any bias in the training set? Obviously, these issues represent a lot of work and evolution in front of us.

Author and Commentator Steven Marche recently wrote “The application of machine learning to NLP achieves the imitation of consciousness, not consciousness itself, and it is not science fiction. It is now.” He too argues limitations, stating that Navigating AI’s possibilities in NLP “will require an integration of technology and humanism. Unfortunately, those two worlds are separated by a chasm as vast as it has ever been…An integration of humanism and technology is not an ideal or a dream or some kind of hope; it is a requirement of advancement.”

Solving Cybersecurity Insurance Issues
Ultimately, the combination of the best of human processes and computed intelligence tools are what is needed in the marketplace. Where these two forces can presently meet is likely where the cyber insurance business can best focus its efforts. As we focus on those things, it’s useful to appreciate the present state of industry data availability;

• Cybersecurity Incident Data (mature) Sizable volumes of cybersecurity breach data exist in accessible data sets. Costs of breach activities are becoming well understood. New threat emergence are well documented.  The more insight that can be gleaned from scenarios, and observed industry-specific risks can be extremely useful to modern risk profiling. It’s use in underwriting is immeasurable.
• Cybersecurity Claims Data (growing) With the relative maturity of the industry still emerging, claims data is indeed accelerating.  Meanwhile, new cybersecurity risks are emerging at a much faster pace, and it’s difficult to anticipate likely trends in claims data on the horizon. Guy Caspi, CEO of Deep Instinct says “there are anywhere from 500,000 to 700,000 new malware types identified per day. Keeping up with that analytical workload is stressing both humans and machines.” 
• Cybersecurity Customer Data (minimal) Currently, the process to acquire cybersecurity intelligence from clients seeking cybersecurity coverage is antiquated and insufficient. The primary source is an over-simplified application that neither agents nor clients often complete reliably. Alternative methods to discover details of security practices and posture are limited to remote security ratings that ping websites for “externally observable data.” This area represents a large gap in the process of tailoring client risk strategies and managing loss prevention, and desperately requires improvement.

What is IA and how does it impact cybersecurity?

It’s time we look at immediate methods to improve client engagement and operational insight in the cyber insurance space. We stress the opposite of A.I with something we call IA. There are several flavors of the IA acronym that can be used in ways that can help insurance professionals today. Here’s how to address longstanding market problems immediately by combining technology and humanism.

IA means Inquisitive Assessments

A human-driven independent technology risk assessment is one of the best ways to integrate technology and humanism. We know from research that humans outshine machines in areas of prediction, deduction, emotion and common sense reasoning.  When these  are encompassed in a rigorous process using industry knowledge, probing and scrutiny of response, the results can be powerful. Independent risk assessments can be used to solve customer data problems for all players in the insurance industry, from carriers, MGA/MGUs, Wholesalers and retail agents. In a recent Deloitte survey of American company executives listing top reasons for purchasing stand-alone cyber insurance, independent risk assessment was top of the list.  

Our range of inquisitive Technology Risk Assessments fit different types of businesses. Our process is thorough and uses educated questioning techniques, informed reasoning and skilled deduction to identify and profile risk in a simple, fast and affordable way. 

IA means Intelligent Automation

There are key areas of focus in present-day insurance industry workflows that offer opportunity for machine optimization (i.e.handling tedium, speed, recall), such as document population & exchange, policy & form matching, marketing processes and multiple other areas. Once reliable customer cybersecurity data is collected, translating responses into actionable data is critical. This actionable data can then address friction in present-day business processes caused by time consuming activities, tedium, etc. 

Our technology can automate the distribution of key data points, and convert them into valuable, actionable documents. These include clear Executive Summaries free of industry jargon, Risk Reviews that provide the detail underwriters require, and Instant Indications that auto-populate applications & supplements thereby streamlining complexity for both client and agent. These assessments are easily scheduled, and require as little as 30 minutes via face-to-face online conference to complete. 

IA means Inside Analysis

Today, the limited nature of collecting reliable customer cybersecurity data threatens to upend the industry, and may result in driving more players out of the market. While data collection methods continue to evolve, the principal means are based on fundamentally flawed premises. These are;

• The Insurance Application– A static document that serves as a snapshot in time, often incomplete, and populated by underlings who cannot answer the questions accurately, or will not in order to improve their chances of favorable underwriting. Both clients and agents dread the application process, and find it painfully time-consuming with growing complexity. They often opt for the shortest application rather than suffer through what they perceive as a heavier lift than any other coverage. Carriers are forced to simplify the process, despite a significant thirst for more critical data.
• Externally Observable Security Ratings– Very popular for bringing some degree of technology scrutiny, but far too limited in diagnosing true risk. Often data is limited to easily correctable website configuration issues that represent relatively minor threats for organizations who are not e-commerce. These fail to identify key security fundamentals, such as presence and status of policies and procedures, levels of training and risk education within the workforce, specific security solutions in place and an understanding of unique risk faced by the client.  

To properly protect clients, as well as determine true vulnerabilities that require action, analysis must go deeper. It must go inside the organization, to understand and benchmark status as well as measure progress. These answers do not come from AI engines or external pings, but happen inside the firewall, and can only be discovered through human interaction. 

At TEKRiSQ we engage clients in a process that uncovers what others cannot. We not only profile responses, but evaluate validity and certainty of those responses though questioning techniques and confidence scores.  These processes are the best way to ensure accuracy, and as complete of an upfront understanding as possible. 

IA offers Incredible Advantages

Leveraging these techniques will not only address the fundamental problems the cyber insurance industry faces, but offer greater opportunities to properly serve clients, provide stronger value than ever before and strengthen your brand. 

• Properly Serve Clients– the process of independently identifying risk free of client or agent bias offers objectivity. It also establishes a benchmark to be used to measure progress against, and enlightened the client on ways to help them minimize risk. Making this discovery fast, painless and affordable prevents the heavy lift that often is the reason for apathy and inaction. 
• Provide Stronger Value– cybersecurity complexity is overwhelming businesses of all sizes. By delivering understandable visibility of risk to your clients with fundamental recommendations backed by skilled third-party professionals, you will shepherd them through the unknown. Protecting clients from risks, both seen and unseen, is your obligation. Do this well, and they’ll follow your lead and put greater trust in your judgement. 
• Strengthen Your Brand–  Trust, wisdom and reliability are the cornerstone of building a strong insurance brand. Deliberate processes that are well thought out and delivered as a friendly, professional service will delight your clients, absolve them from the tedium of technology minutia, and reinforce the power of the overall relationship. These incredible advantages can be your secret weapon in the marketplace, and further develop your reputation as a trusted advisor. 

TEKRiSQ processes are adding significant value throughout the insurance industry. Brandable options exist for everything we do. Cybersecurity incidents and subsequent chaos are difficult to avoid, and require action. Can you afford not to get ahead of the curve? Schedule a discussion with TEKRiSQ about what we can do to bring fast value to your clients NOW. 

Categories: Blog

Tags: Cybersecurity, insurance, risk, AI, Artifical Intelligence, IA, automation, insurtech