4. HIGHLY CONFIDENTIAL – DO NOT COPY
Insurance2.5
Insurance2.0
Insurance3.0
Insurance1.0
Analog
Insurance
Companies
• manual entry
• stacks of
paperwork
• effective and
lean processes
IT-Enhanced
Insurance
• e-commerce
• online quote-
and-bind,
• paperless billing,
• automated
underwriting,
• self-service
capabilities,
• high- touch
claims process.
• insurance to
smart- phones
Forays into
Digital
• predictive
behavioral
analytics
• market
intelligence
• drones, aerial
pictometry and
advanced
cartographic
• onboard devices
• insurance on
demand
• Social insurance
• mobility services
Digital
Insurance
Platforms
and
Products
• customer centric
• disrupters
• adaptive
• agile
Cyber in Insurance
The Digital Evolution
2015, The Insurance Industry as s Digital Business (NTT Innovation Institute, Inc)
5. HIGHLY CONFIDENTIAL – DO NOT COPY
Digital Revolution – path to higher revenues and lower costs
Potential savings from digitalization of prototypical German P&C Insurer
2017, Digitalization in Insurance: The Multibillion Dollar Opportunity (Bain & Company; Google)
6. HIGHLY CONFIDENTIAL – DO NOT COPY
“Any risks that emanate from the use of electronic data and its transmission,
including technology tools such as the internet and telecommunications
networks.
It also encompasses physical damage that can be caused by cybersecurity
incidents, fraud committed by misuse of data, any liability arising from data
storage, and the availability, integrity and confidentiality of electronic information
− be it related to individuals, companies, or governments.”
Cyber Risk
2014, The Cyber Risk Challenge and the Role of Insurance (CRO Forum)
7. HIGHLY CONFIDENTIAL – DO NOT COPY
Top Global Risk
2017, Insurance Banana Skins survey (CSFI/PWC)
2017 Top Global Risk According (Insurance Banana Skin Survey - CSFI/PwC)
2018's Most Dangerous Risks for Insurers (Willis Towers Watson)
2018’s Top Operational Risks (risk.net)
8. HIGHLY CONFIDENTIAL – DO NOT COPY
A bigger threat than regulation
2017, Insurance Banana Skins survey (CSFI/PWC)
9. HIGHLY CONFIDENTIAL – DO NOT COPY
Use of Automation
and Artificial
Intelligence in
Insurance
Insurance
Distribution Is Being
Redefined
Changing Market
Dynamics due to
Value Chain
Disaggregation
New Products for the
Sharing Economy
Increasing Use of
Digital and Mobile for
Risk Management
Better Customer
Experience
Use of Analytics for
Improved Profitability
and Customer
Experience
Greater Use of
Internet of Things
(IoT) for Building
Data and New
Models
Increasing Use of
Value-Added
Services
Blockchain to Enable
Streamlined
Insurance
Operations
Greater Use of
Augmented Reality
in Insurance
Industry Disruptors & Forces
2017, Top Insurance Trends (Cap Gemini)
10. HIGHLY CONFIDENTIAL – DO NOT COPY
Use of Automation
and Artificial
Intelligence in
Insurance
Insurance
Distribution Is Being
Redefined
Changing Market
Dynamics due to
Value Chain
Disaggregation
New Products for the
Sharing Economy
Increasing Use of
Digital and Mobile for
Risk Management
Better Customer
Experience
Use of Analytics for
Improved Profitability
and Customer
Experience
Greater Use of
Internet of Things
(IoT) for Building
Data and New
Models
Increasing Use of
Value-Added
Services
Blockchain to Enable
Streamlined
Insurance
Operations
Greater Use of
Augmented Reality
in Insurance
(In time horizon)
Present Near Future Future
Industry Disruptors & Forces
11. HIGHLY CONFIDENTIAL – DO NOT COPY
ACTOR
• Criminal
• Competition
• Government
• Terrorist
Vulnerability
• Flaws
• Weakness
Motivation
• Financial
• Political
• Publicity
Industry Vulnerabilities
THREATS
ASSETS
• IP
ü Risk Strategies
ü Sensitive
Proprietary
Information
• Personal
Identifiable
Information (PII)
• Client Data
Staff Data
IMPACT
• Fines;
• Legal fees,
• Lawsuits; and
• Fraud
monitoring
costs.
• Brand & market
value
Rapid
Digitization
Cybercriminals' Shifting
Targeting Strategies
Comparatively
Lax Regulatory
Landscape
12. HIGHLY CONFIDENTIAL – DO NOT COPY
Industry Compliance
APRA
Will check extent of Insurance
Industry preparedness to
Cyber attack in 2016
NAIC
Principles for Effective
Cybersecurity Insurance
Regulatory Guidance
Germany
The supervisory examination of the
management of cyber risk is usually
performed through on-site inspections
CBI
Increasing Focus on Cyber
Security Threat
European Cyber Law
NIS directive identifying operators of
essential services, including Financial
Industry
France
L’Autorité de Contrôle Prudentiel et de
Résolution (ACPR) categorises
supervision related to cyber risk under
Information System (IS) control
Netherlands
Benchmarking for cyber risk
management
Singapore
Industry-wide simulated
cyber incidents simulation
UK
CBEST tests and adopt
individual cyber resilience
action plans
13. HIGHLY CONFIDENTIAL – DO NOT COPY
Industry Incidents
2 American Health
Insurance Companies
• Credit Card & PII Breach
• 91m policy holder information
An American State
• Data Server Compromised
• Workers compensation
claimants
2 German Insurer
Group
• DD4BC – DDoS for BitCoin
• Company web servers
A French Insurer
• Internal penetration testing
• Unauthorized Access to
Accounting Tools
French mutual
insurance company
• Internal data theft
• Identity theft and false claims
Netherlands Insurer
• CEO Hack
• phishing cyber attack
London-based private
healthcare group
• Data Breach
14. HIGHLY CONFIDENTIAL – DO NOT COPY
Tip of the Ice Berge
2015, the New York State Department of Financial Services
Top Cyber Techniques in Insurance Sector
Malware
(58%)
Phishing
(33%)
Botnets
(33%)
Pharming
(25%)
Others
(33%)
Known
Incidents
Organizations want to
avoid losing face and
potential brand damage
Limited regulation mandating
publication of incidents
Undetected Breaches
15. HIGHLY CONFIDENTIAL – DO NOT COPY
Global Costs to Resolve Consequences of the Cyber Attack
2017, Accenture Cost of Cybercrime Study
16. HIGHLY CONFIDENTIAL – DO NOT COPY
Global Costs of Cyber Security
2018, Information security spending worldwide from 2016 to 2018 (www.statista.com)
+14%
+8%
17. HIGHLY CONFIDENTIAL – DO NOT COPY
Global Costs of Cyber Security
2015, Cyber Security For Business – Counting The Costs, Finding The Value
On-premise Cloud-based Outsourced
18. HIGHLY CONFIDENTIAL – DO NOT COPY
How do Insurers handle cyber incidents & losses?
2016, 19th Global Information Security Survey 2016-17 for Insurance Sector (EY)
61% of insurer say that it takes months
to detect successful security breaches
34% of insurer have proper cyber
incident escalation paths
Insurers’ internal security teams
discover only 66% of effective
breaches
“We have to assume we have already been breached”
Brian Krebs (Krebs on Security)
19. HIGHLY CONFIDENTIAL – DO NOT COPY
Perimeter defenses are consistently breached
2014, Cisco Talos, Deliotte Financial Advisory service, Deloitte & Touche LLP, Mandiant, RSA, Verizon RISK -
CyberArk Threat Report: Privileged Account Exploits Shift the front lines of Cyber Security, The New Cyber
Battleground, CyberArk
Over 28 Billion spent on IT security in 2014!!!
Over 90% of organizations breached
20. HIGHLY CONFIDENTIAL – DO NOT COPY
$400B
Annual Losses from Cyber Attack
Additional costs that are hard to
quantify: damage to company
reputation, erosion of consumer
confidence, immediate and future lost
sales as well as subsequent and
necessary security enhancements
$150B
Insurance
industry’s
global cyber
risk exposure
$2.5B
Cyber
insurance
premiums
$53B
Information
security
spending
Cyber Risk Insurance
2015, The role of insurance in managing and mitigating the risk (UK Government)
2014, Net Losses: Estimating the Global Cost of Cybercrime (Centre for Strategic and International Studies)
2015, Speech by John Nelson, Lloyd’s Chairman, at the AAMGA, (www.lloyds.com)
2018, Information security spending worldwide from 2016 to 2018 (www.statista.com)
Combined
Ratio
80%
21. HIGHLY CONFIDENTIAL – DO NOT COPY
Tip of the Ice Berge
2015, the New York State Department of Financial Services
Top Cyber Techniques in Insurance Sector
Malware
(58%)
Phishing
(33%)
Botnets
(33%)
Pharming
(25%)
Others
(33%)
Known
Incidents
Organizations want to
avoid losing face and
potential brand damage
Limited regulation mandating
publication of incidents
Undetected Breaches
22. HIGHLY CONFIDENTIAL – DO NOT COPY
How much does Cyber actually cost the Industry?
Income Expense
Savings from
Digitalization
Margin from
Cyber Insurance
Increase in
premiums
Cyber
Investments
Cyber Security
Expense
23. HIGHLY CONFIDENTIAL – DO NOT COPY
How much does Cyber actually cost the Industry?
Income Expense
Cyber
Investments
Cyber Security
Expense
Cyber Attack
Slow-burn Cost
Cyber Attack
Immediate Cost
Savings from
Digitalization
Margin from
Cyber Insurance
Increase in
premiums
24. HIGHLY CONFIDENTIAL – DO NOT COPY
American International Group, Inc. (AIG) is a leading global insurance organization. Founded in 1919, today AIG member companies provide a wide range of property casualty
insurance, life insurance, retirement products, and other financial services to customers in more than 80 countries and jurisdictions. These diverse offerings include products and
services that help businesses and individuals protect their assets, manage risks and provide for retirement security. AIG’s core businesses include Commercial Insurance and Consumer
Insurance, as well as Other Operations. Commercial Insurance comprises two modules – Liability and Financial Lines, and Property and Special Risks. Consumer Insurance comprises
four modules – Individual Retirement, Group Retirement, Life Insurance and Personal Insurance. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock
Exchange.
Additional information about AIG can be found at www.aig.com and www.aig.com/strategyupdate | YouTube: www.youtube.com/aig | Twitter: @AIGinsurance
www.twitter.com/AIGinsurance | LinkedIn: www.linkedin.com/company/aig. These references with additional information about AIG have been provided as a convenience, and the
information contained on such websites is not incorporated by reference into this press release.
AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information,
please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not
be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-
casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by
such funds.