Embedded Insurance and Cyber Security
Embedded insurance is a hot topic in many insurer boardrooms across EMEA for all the right reasons. Ben Dulieu, Duck Creek Technologies Chief Information Security Officer, encourages a parallel discussion around cyber security
For insurers across EMEA, tapping into a technology ecosystem offers significant opportunities to reach new customers with innovative, relevant and accessible products – something that is particularly important in the current economic climate with rising inflation, interest rates and the spiralling cost of living all having a significant impact on consumers.
The potential to embed insurance products into seamless customer journeys across insurance classes is a natural evolution within this ecosystem, but in order to work properly, multi-stakeholder tech platforms need to be able to ‘talk to each other’; and exchange data.
This in turn involves the integration of multiple application user interfaces (APIs) within insurer technology ecosystems.
It is remiss to consider exploring embedded insurance innovations without considering security risks, a key topic that goes hand in hand. Some of these notable risks include:
- Embedded Insurance Product Security Risks
- Ecosystem Security Risks
- API Security Risks – including excessive data exposure, security misconfiguration and insufficient monitoring
From home insurance smart devices, to commercial auto insurance black boxes, and pet insurance smart collars, the global rise in the use of intelligent devices increases cyber risk, particularly those for physical loss or data breaches.
Cyber criminals – who are becoming increasingly sophisticated – are already migrating to new platforms, such as smart devices, with mobile wallets increasingly being used for financial transactions, for instance. The frontiers of cyber risk are constantly evolving and since embedded insurance propositions and the APIs and ecosystems on which they rely all serve as conduits for third-party integration, they are susceptible.
And yet, digital ecosystems are critical to the successful growth of modern insurers – they are constellations of innovators that dramatically improve the distribution and service levels for insurance. Quite simply they are the future of insurance, and the existential risk to insurers of not harnessing these innovations is greater – in my opinion – than the risk of getting involved.
It should reassure insurers that their technology providers are on the case. The answer is not to disconnect from these ecosystems or to fear them, it is to understand the risks. And in truth, it is very simple: cyber risks increase exponentially when insurers rely on outdated operating systems and unsupported software which limit their ability to create intuitive solutions without creating bottlenecks or disruptions within digital ecosystems.
Before joining a digital ecosystem, insurers and their core platform providers should carry out a rigorous due diligence review of potential partners. In addition, standard safeguards to facilitate the secure automated exchange of data through ecosystem APIs are a must – the establishment of a kind of digital identifier, if you will, for partners in the ecosystem to present so that a machine can verify that another platform or app has access rights.
Ultimately for insurers, protecting their data and their customer data is crucial. Here at Duck Creek Technologies, we deploy modern cloud core systems architecture and work with insurers that are putting their digital capability at the heart of their enterprise, and as a result are pulling ahead of their traditional rivals.