Privacy and Cybersecurity Concerns Around Insurtech Developments

Internet of Things eine Gefahr - Bild von Gerd Altmann auf Pixabay

Insurtechs bringen Fortschritt in die Branche. Aber mit der technischen Entwicklung wie dem Internet of Things (IoT) kommen auch Probleme – sogar mit tödlichen Folgen. Wie das passieren kann und was getan werden muss, erklärt Chris Jones von TurnOnVPN in einem Gastbeitrag.

Insurtech, short for insurance technologies, has really shaken up the insurance industry in the past few years. After decades of relative stagnation, insurance companies are suddenly all about innovation. The reason is clear — technological disruption attracts big money. More than $8 billion has been invested in insurtech since 2012, according to the Ernst & Young report.

Internet of Things (IoT) is one of the leading technologies used by the insurance industry. Connected devices, such as smartphones, fitness trackers and Echo Home, are a gold mine of information. Thanks to data harvested from IoT, insurers can predict risk with much greater accuracy than ever before.

Unfortunately, there’s a drawback to IoT integration in insurance. IoT devices tend to suffer from severe privacy and security issues. With a growing data protection awareness in the population, these cybersecurity threats could stand in the way to widespread IoT adoption.

Match made in heaven: IoT and insurance

Internet of Things is the key to the Holy Grail of insurance: personal data. Connected devices are equipped with all kinds of sensors and trackers that monitor users 24/7. This constant stream of information provides a much higher volume of data and of much better accuracy than any insurance form.

Traditionally, an insurer would ask policyholders to fill in their information in the form. Typically, most of this data would be indirect indicators like age, gender, or profession. The insurer would then estimate risk based on averages for a given demographic group. If 40-year-old mothers of two tend to be better drivers than 25-year-old bachelors, they would pay lower premiums.

With IoT, the underwriting process can be infinitely improved. Instead of a form, the insurer would provide the potential policyholder with a driving app to be downloaded onto their smartphone. The app would then track their driving habits, from how often they speed, whether they drive at night, and how suddenly they brake. All this in-depth information would allow auto insurers to determine premiums with way better accuracy, based on the real driving behaviors of the individual.

Privacy and security concerns

The applications of IoT have immense potential for the insurers. For the users, however, there is a serious flip side in the form of privacy and security concerns.

Just this year, we learned the distressing news about Amazon and Google eavesdropping on users’ smart home devices. Recordings from people’s Google Home and Alexa were being collected and sent to contractors for transcription. Both companies stated that the move was an effort to improve services and train AI in better human speech recognition. The scientific goal, however, did not change the fact that users were unaware of the practice and rightly upset.

The silver lining is that home appliances can at least be protected with a VPN router, which encrypts Internet traffic on all connected devices and blocks out snoopers. That much can’t be said about IoT devices on the go, however. Once outside the reach of their protected home network, users are exposed to all kinds of hacking attacks. Some of them even life-threatening.

In 2015, a group of undergraduate students conducted an experiment to check just how vulnerable IoT devices are. It only took them a few hours to hack the pacemaker installed in a simulated human, iStan, and use it to torture and “kill” the robot. Similar hacks were successfully completed with insulin pumps and other medical devices, exposing the shocking security vulnerabilities.

In short, IoT devices suffer from two types of vulnerabilities. One is the lack of comprehensive data privacy regulations which allows manufacturers to over-collect user data and engage in all kinds of grey area practices. The other is poor cybersecurity planning, which makes IoT devices exposed to hacking attacks.

The future of IoT in insurtech

Incorporation of IoT in insurtech faces a double challenge. Even though there is still a growing tendency for IoT adoption, the scandals around connected devices might eventually put consumers off. In any case, the bad press will make users less enthusiastic about sharing access to their IoTs with third parties, such as insurance companies, even if they’re incentivized with lower premiums.

Additionally, insurance companies are now looking into a moral dilemma. Is it fair to encourage customers to use IoT devices with perks and discounts, when you’re aware that those very devices put their data privacy and security at risk? This a question future insurers will need to answer for themselves.

It will certainly be interesting to see what the future of insurtech brings in this regard. Will the insurance industry realize its dependence on better IoT security and become involved in improving it? Or will they stay complacent? Time will show.

Autor: Chris Jones