/*
Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

/*]]>*/

AI vs IA

August 17, 2021

AI v IA: Serving Today’s Cyber Insurance Needs 

Artificial Intelligence (AI) has the potential to impact every industry, and numerous InsurTech startups intend to solve industry problems with it. These are ambitious goals that can be very effective with mature volumes of industry data. But how does AI serve today’s cyber insurance needs? AI applications are going through massive development efforts every day, and are built on numerous data sets. In each case, these initiatives are dependent upon the availability of that data, which can both enable and restrict its potential. 
AI cybersecurity best practices insurance RMM cyber risk assessment

What best practices are usable NOW?

Limitations of AI

San Francisco-based Michael Chui at McKinsey Global Institute is an AI thought leader.  According to Chui, Ai has “significant limitations that, at least for now, stand in the way.” Some are purely technical, concerning whether applications can truly explain the function of their algorithms, or the validity of outcomes and predictions made. Other limitations are more practical. Machine learning requires more than data programming, but the training of models leveraging enormous data sets. Whether the data is actually available is a fundamental question. However, others come into play; is that data labeled, requiring enormous amounts of human labor? How can you collect this data and train it for ingestion? Is there any bias in the training set? These issues represent major work and evolution ahead.

Near-Term Capabilities

To serve the today’s cyber insurance needs, some forms of AI will undoubtedly evolve faster than others. One example is in Natural Language Processing (NLP). The imitation of human interaction has spread fast with chatbots and voice applications that mirror human consciousness, and are spreading quickly.

Author and Commentator Steven Marche recently wrote “The application of machine learning to NLP achieves the imitation of consciousness, not consciousness itself, and it is not science fiction. It is now.” He too argues limitations, stating that Navigating AI’s possibilities in NLP “will require an integration of technology and humanism. Unfortunately, those two worlds are separated by a vast chasm. An integration of humanism and technology is not an ideal or a dream or some kind of hope, but a requirement of advancement.”

Solving Cybersecurity Insurance Issues

Serving today’s cyber insurance needs with AI is a balancing act. Today’s market needs a combination of the best of human processes and computed intelligence tools. Where these two forces meet is where the cyber insurance business can best focus its efforts. To focus on those it’s useful to evaluate present industry data availability;

  • Cybersecurity Incident Data (mature) Sizable volumes of cybersecurity breach data exist in accessible data sets. Costs of breach activities are becoming well understood. New threat emergence are well documented.  The more insight that can be gleaned from scenarios, and observed industry-specific risks can be extremely useful to modern risk profiling. It’s use in underwriting is immeasurable.
  • Cybersecurity Claims Data (growing) With the relative maturity of the industry still emerging, claims data is indeed accelerating.  Meanwhile, new cybersecurity risks are emerging at a much faster pace, and it’s difficult to anticipate likely trends in claims data on the horizon. Guy Caspi, CEO of Deep Instinct says “there are anywhere from 500,000 to 700,000 new malware types identified per day. Keeping up with that analytical workload is stressing both humans and machines.” 
  • Cybersecurity Customer Data (minimal) Currently, the process to acquire cybersecurity intelligence from clients seeking cybersecurity coverage is antiquated and insufficient. The primary source is an over-simplified application that neither agents nor clients often complete reliably. Alternative methods to discover details of security practices and posture are limited to remote security ratings that ping websites for “externally observable data.” This area represents a large gap in the process of tailoring client risk strategies and managing loss prevention, and desperately requires improvement.

What is IA? How does it impact cybersecurity?

To serve today’s cyber insurance needs let’s flip the acronym. It’s time we look at immediate methods to improve client engagement and operational insight in the cyber insurance space. We stress a complement to AI with something we call IA. There are several flavors of the IA acronym that can be used in ways that can help insurance professionals today. Here’s how to address longstanding market problems immediately by combining technology and humanism.

IA means Inquisitive Assessments

A human-driven independent technology risk assessment is one of the best ways to integrate technology and humanism. We know from research that humans outshine machines in areas of prediction, deduction, emotion and common sense reasoning.  When these  are encompassed in a rigorous process using industry knowledge, probing and scrutiny of response, the results can be powerful. Independent risk assessments can be used to solve customer data problems for all players in the insurance industry, from carriers, MGA/MGUs, Wholesalers and retail agents. In a recent Deloitte survey of American company executives listing top reasons for purchasing stand-alone cyber insurance, independent risk assessment was top of the list.  

To serve the needs of today’s cyber insurance industry, we offer multiple cyber risk assessments. This range of cyber risk assessments fit different types of businesses. Our process is thorough and uses educated questioning techniques, informed reasoning and skilled deduction to identify and profile risk in a simple, fast and affordable way. TEKRiSQ is combining AI and humanism with avatar-driven risk assessments that we use in our TEKCHEK product.

IA means Intelligent Automation

There are key areas of focus in present-day insurance industry workflows that offer opportunity for machine optimization (i.e.handling tedium, speed, recall), such as document population & exchange, policy & form matching, marketing processes and multiple other areas. Once reliable customer cybersecurity data is collected, translating responses into actionable data is critical. This actionable data can then address friction in present-day business processes caused by time consuming, boring activities that people dread.

Our technology can automate the distribution of key data points, and convert them into valuable, actionable documents. These include clear Executive Summaries free of industry jargon, Risk Reviews that provide the detail underwriters require, and Instant Indications that auto-populate applications & supplements thereby streamlining complexity for both client and agent. These assessments are easily conducted, and require as little as 30 minutes online to complete. 

IA means Inside Analysis

Today, the limited ability to capture reliable customer cybersecurity data threatens to upend the industry, and may result in reduced profitability, driving more players out of the market. While data collection methods continue to evolve, the principal means are based on fundamentally flawed premises. These are;

  • The Insurance Application– A static document that serves as a snapshot in time, often incomplete, and populated by underlings who cannot answer the questions accurately, or will not in order to improve their chances of favorable underwriting. Both clients and agents dread the application process, and find it painfully time-consuming with growing complexity. They often opt for the shortest application rather than suffer through what they perceive as a heavier lift than any other coverage. Despite their thirst for more data, carriers are forced to abbreviate their process.
  • Externally Observable Security Ratings– Very popular for bringing some degree of technology scrutiny, but far too limited in diagnosing true risk. Often data is limited to easily correctable website configuration issues that represent relatively minor threats for organizations who are not e-commerce. These fail to identify key security fundamentals, such as presence and status of policies and procedures, levels of training and risk education within the workforce, specific security solutions in place and an understanding of unique risk faced by the client.  

IA Also Means Insider Access

Analysis must go deeper to properly protect clients, and determining true vulnerabilities requires action. It must go inside the organization, to understand and benchmark status as well as measure progress. These answers do not come from AI engines or external pings. They happen inside the firewall, and can only be discovered through human interaction. At TEKRiSQ we engage clients in a process that uncovers what others cannot. We both profile responses and evaluate validity & certainty of those responses.  We use questioning techniques and confidence measurement.  These processes are the best way to ensure accuracy, and a complete upfront understanding. 

IA Means Incredible Advantages

When evaluating AI v IA and the needs of cyber insurance today, consider a few things. These techniques will address fundamental problems the industry faces, and more. They offer greater opportunities to properly serve clients, provide stronger value than ever before and strengthen your brand. 

  • Properly Serve Clients– the process of independently identifying risk free of client or agent bias offers objectivity. It also establishes a benchmark to be used to measure progress against, and enlightened the client on ways to help them minimize risk. Making this discovery fast, painless and affordable prevents the heavy lift that often is the reason for apathy and inaction. 
  • Provide Stronger Value– cybersecurity complexity is overwhelming businesses of all sizes. By delivering understandable visibility of risk to your clients with fundamental recommendations backed by skilled third-party professionals, you will shepherd them through the unknown. Protecting clients from risks, both seen and unseen, is your obligation. Do this well, and they’ll follow your lead and put greater trust in your judgement. 
  • Strengthen Your Brand–  Trust, wisdom and reliability are the cornerstone of building a strong insurance brand. Well thought out, deliberate processes enhance your brand. Clients are delighted when this is delivered as a friendly, professional service. You absolve them from the tedium of technology minutiae. You reinforce the strength of the relationship. These incredible advantages can be your secret weapon in the marketplace. They will further differentiate your reputation as a trusted advisor. 

Well now you have our thoughts on AI v IA. When serving the needs of cyber insurance today, TEKRiSQ is adding significant value. This is in both cybersecurity best practices & insurance innovation. Cybersecurity best practices find their way into everything we work on with our clients. Regardless, cyber incidents and subsequent chaos are difficult to avoid.  They require acceptance that these events will happen, and a willingness to build resilience to them. This prevents devastation and makes you well prepared for the inevitable.  Can you afford not to get ahead of the curve?

Schedule a discussion with TEKRiSQ to bring fast value to your clients.