Embedded insurance and cybersecurity
Tapping into a technology ecosystem offers significant opportunities to reach new customers with innovative, relevant and accessible products.
For insurers across the globe, tapping into a technology ecosystem offers significant opportunities to reach new customers with innovative, relevant and accessible products — something that is particularly important in the current economic climate with rising inflation, interest rates and the spiraling cost of living all having a significant impact on consumers.
The potential to embed insurance products into seamless customer journeys across insurance classes is a natural evolution within this ecosystem, but in order to work properly, multi-stakeholder tech platforms need to be able to ‘talk to each other’; and exchange data.
This in turn involves the integration of multiple application user interfaces (APIs) within insurer technology ecosystems. It is remiss to consider exploring embedded insurance innovations without considering security risks, a key topic that goes hand in hand. Some of these notable risks include:
- Embedded insurance product security risks.
- Ecosystem security risks.
- API security risks — including excessive data exposure, security misconfiguration and insufficient monitoring.
From home insurance smart devices to commercial auto insurance black boxes, and pet insurance smart collars, the global rise in the use of intelligent devices increases cyber risk, particularly those for physical loss or data breaches.
Cybercriminals — who are becoming increasingly sophisticated — are already migrating to new platforms, such as smart devices, with mobile wallets increasingly being used for financial transactions, for instance. The frontiers of cyber risk are constantly evolving and since embedded insurance propositions and the APIs and ecosystems on which they rely all serve as conduits for third-party integration, they are susceptible.
And yet, digital ecosystems are critical to the successful growth of modern insurers — they are constellations of innovators that dramatically improve the distribution and service levels for insurance. Quite simply, they are the future of insurance, and the existential risk to insurers of not harnessing these innovations is greater than the risk of getting involved.
It should reassure insurers that their technology providers are on the case. The answer is not to disconnect from these ecosystems or to fear them, it is to understand the risks. And in truth, it is very simple: cyber risks increase exponentially when insurers rely on outdated operating systems and unsupported software which limit their ability to create intuitive solutions without creating bottlenecks or disruptions within digital ecosystems.
Before joining a digital ecosystem, insurers and their core platform providers should carry out a rigorous due diligence review of potential partners. In addition, standard safeguards to facilitate the secure automated exchange of data through ecosystem APIs are a must — the establishment of a kind of digital identifier, if you will, for partners in the ecosystem to present so that a machine can verify that another platform or app has access rights.
Ultimately for insurers, protecting their data and their customer data is crucial. Insurers that understand the limitations of outdated operating infrastructure and implement modern cloud core systems into their digital capabilities will pull ahead of their rivals.
Ben Dulieu is CISO at Duck Creek Technologies.
Related:
Parametric insurance: Expanding the toolbox for covering risk
More than 70% of car buyers interested in embedded offerings
Build a strong security culture to guard against risks