Modern Insurance Magazine Issue 65

ISSUE
65
ISSN 2515-3803
I SPY CYBER
Hiscox:
Businesses See
No Relief From
Cyber-Attack
Cyber
Protection
Culture
with Jim Steven
The Cyber
Security
Arms Race
with Ken Munro
Modern
Claims
Awards
2024:
Winners Edition
INSUR.TECH.
TALK
Insurtech Insights
2024 Contributors Media Partners

eady for hire.
ready to help.
ready to partner.
difficult journey

WELCOME
Welcome to Issue 65 of Modern Insurance Magazine,
where we’re considering the present-day cyber risk
landscape in insurance.
According to Munich Re’s 2024 Cyber Risk and Insurance Survey, 84%
of global decision makers state that their organisation is not adequately
protected against cyber risks. With an increased reliance on connectivity,
coupled with mounting geopolitical unrest and the growing prevalence
of new forms of cyber-attack creating a global cause for concern, what
more can the insurance industry do to support their staff, customers, and
shareholders?
Amelia Barlow, Editor
Turn to p.8 to learn from Hiscox, who have kindly shared some of the key
findings from their most recent Cyber Resilience Report. In addition, Ken
Munro (Pen Test Partners) took some time to chat with me on p.12 about
some of the common hacking vulnerabilities found in connected vehicles,
alongside Jim Steven (Experian UK), who joins me on p.14 to consider the
contemporary need for adequate data breach preparation and response.
Our valued collective of Editorial Board contributors make their return
from p.17 - followed by several articles from our pool of esteemed industry
associations (p.29 onwards) and our growing panel of fraud-fighting
rockstars (from p.38).
I’m also delighted to introduce our 2024 Modern Claims Awards Winners
from p.59, alongside a selection of my favourite photos from the night and
some key highlights from our valued guests. My mega thanks again to the
incredible team at S&G Response for really getting into the spirit of things
as our amazing Headline Sponsor. We can’t wait to welcome you back for
more of the same antics in 2025!
Rachael Pearson, Project Manager
Rachael Pearson
Project Manager
Modern Insurance Magazine
rachael.pearson@charltongrant.co.uk
As always, my final word of gratitude goes to Megan Kuczynski - President
at Insurtech Insights – for the tireless effort she puts into curating a bestin-class
panel of insurtech trailblazers for each issue of INSUR.TECH.TALK.
Further cementing this partnership, myself and the rest of the team at
Modern Insurance Mag will be heading stateside for Insurtech Insights’ USA
Conference in June, with many more treasured industry connections sure to
be discovered as a result.
It’s exciting times here at MIM HQ, and we can’t wait to see what lies in
store for the rest of 2024!
Amelia
Amelia Day Barlow,
Editor,
Modern Insurance Magazine.
amelia@charltongrant.co.uk
ISSUE 65
ISSN 2515-3803
Editor
Amelia Barlow
Project Manager & Events Sales
Rachael Pearson
Modern Insurance Magazine
is published by Charlton Grant Ltd ©2023
All material is copyrighted both written and illustrated. Reproduction in part or whole is strictly
forbidden without the written permission of the publisher. All images and information is collated
from extensive research and along with advertisements is published in good faith. Although the
author and publisher have made every effort to ensure that the information in this publication
was correct at press time, the author and publisher do not assume and hereby disclaim any
liability to any party for any loss, damage, or disruption caused by errors or omissions, whether
such errors or omissions result from negligence, accident, or any other cause.
MODERN INSURANCE | 3

Contents
8
14
59
12
38
67
4 | MODERN INSURANCE

8
12
14
17
29
38
44
49
51
53
55
Insight
Businesses See No Relief From
Cyber-Attack, by Eddie Lamb,
Group Chief Information Security
Officer, Hiscox
Interviews
The Cyber Security Arms Race with
Ken Munro, Pen Test Partners
Cyber Protection Culture with Jim
Steven, Experian UK
Editorial Board
Find out what our editorial board
panel of industry experts have to say
in this edition of Modern Insurance
Magazine.
Associations
Assemble
Modern Insurance’s panel of resident
associations outline the burning
issues in insurance.
Fraud Board
Don’t miss this issue’s instalment
of The Fraud Board, where our
collective of fraud experts convene
to discuss the key factors affecting
the fight against insurance fraud in
our industry today.
Features
FMG: The Most Overlooked Part of
the Claims Process
Friction Is the Key to Customer
Success, by Jonathan Roomer,
Co-Founder and Head of Customer
Success, YuLife
Put the Sugar in First, by Eddie
Longworth, Director, JEL Consulting
Europcar: A Total Loss Could Be An
Electric Gain, by James Roberts,
Head of Insurance Sales, Europcar
I Love Claims / ARC 360: The
Evolving Risk of Cybercrime
57
59
10 Mins with...
10 minutes with... Erez Barak, Chief
Technology Officer, Earnix
In Celebration
Modern Claims Awards 2024
Insur.Tech.Talk
Interviews
67 Welcome
Megan Kuczynski, President,
Insurtech Insights
68
70
73
74
76
79
Google Cloud
Monica Shokrai, Head of Business
Risk and Insurance, Google Cloud
AXA XL
Caitlin Alpern, Senior Cyber
Underwriter, AXA XL
Munich Re
Dikla Wagner, Head of Tech Scouting
in Israel, Munich Re
UConn School of Business
Laurissa Berk, Director, Global and
Experiential Education, UConn
School of Business
Lisa Pollina
Insur.Tech.Talk
Editorial Board
Experts from the insurtech sector
join us once more to share their
unique insights!
INSUR.TECH.TALK BOARD
Disclaimer: Our publications contain advertising material submitted by third parties. Each individual advertiser is solely responsible for the content of its advertising
material. We accept no responsibility for the content of advertising material, including, without limitation, any error, omission or inaccuracy therein. We do not endorse,
and are not responsible or liable for, any advertising or products in such advertising, nor for any any damage, loss or offence caused or alleged to be caused by, or in
connection with, the use of or reliance on any such advertising or products in such advertising.
MODERN INSURANCE | 5

Editorial Board
17
19
21
23
A VARIED APPROACH TO
COUNTER FRAUD
Karen Campbell, Chief Information
Officer, Carpenters Group
2024: A YEAR OF
EVOLUTION FOR THE
INSURANCE INDUSTRY
Will Prest, Product Manager,
ParaCode
CONSUMER DUTY
DEFINES THE ROLE
Jim Loughran, CEO, e2e Total Loss
Vehicle Management
REACTING TO 2024’S
KEY TRENDS
Tom Lawrie-Fussey, senior director
of product management, UK and
Ireland, LexisNexis Risk Solutions,
Insurance
THE VIZION STANDARD
Chris McKie, Managing Director,
Vizion Network Limited
STANDING FIRM WHEN
FLOODS SURGE
Lisa Bartlett, Chief Operating
Officer, International Operations,
Crawford & Company
EMBEDDING CONSUMER
DUTY EXCELLENCE
ACROSS THE SUPPLY
CHAIN
Adrian Furness, Managing Director,
Motor Repair Network
25
DATA SECURITY AT THE
HEART OF BUSINESS
Deborah Edwards, Chief Executive
Officer, RTW Plus
DATA SECURITY AT EDAM
GROUP
Phil Wood, Group IT & Facilities
Director, EDAM Group
ROBUST DEFENCES
AT THE VELLA GROUP
Dave Jones, Technology and
Change Director, The Vella Group
27 STEERING
SUSTAINABILITY
CRITERIA FOR A GLOBAL
COLLISION REPAIR
INDUSTRY
Dr. Natalie Wong, Marketing &
Portfolio Management Lead, BASF
Automotive Refinish UK & Ireland
FMG: BRINGING
CAREERS TO LIFE
Luke Macrae, Head of Downtime
Management, FMG
The Fraud Board
38 WELCOME
Mark Allen, Assistant Director, Head of
Fraud and Financial Crime, Association
of British Insurers (ABI)
39
CHARLES TAYLOR
Counter Fraud Activity: UK vs. US
Bobby Gracey, Global Head of Counter
Fraud, Charles Taylor
Editorial Board Contributors
6 | MODERN INSURANCE

EUROPCAR
NEW BRAND BLOCK
Color gradient background
File: 20151645E
Date: 7/10/2015
AC/DC validation :
Client validation :
41
43
47
FRISS
Global Fraud Survey:
The Results are In
Martyn Griffiths, Sales Manager UKISA,
FRISS
RGI SOLUTIONS
The Distinct Landscapes of
Insurance Fraud
Sarah Glenn, Commercial Director,
RGI Solutions
VERISK
Navigating the Insurance Fraud
Landscape: A Transatlantic Perspective
Kaye Sydenham, Product Manager,
Anti-Fraud, Verisk
LV= GENERAL INSURANCE
Improving Agility, Maintaining Integrity
Ben Fletcher, Head of Financial Crime,
LV= General Insurance
NETWATCH GLOBAL
Fighting Malicious Insider Threats
Josh Bonser, Analyst Team Lead,
NetWatch Global
SYNECTICS SOLUTIONS
The Holistic Approach to Insider Risk
Thomas Whitaker, Account
Development Director, Synectics
Solutions
WHITELK
Lucky All The Time
Matt Gilham, Director, Whitelk
66
67
68
69
70
31
71
72
73
75
Insur.tech. talk and
Editorial Board
Welcome - Bradley Collins, Chief
Commercial Officer, Insurtech
Insights
AXA Retail - Tara Foley, CEO of AXA
Retail
Munich Re - Dr. Fabian Winter, Group
Chief Data Officer at Munich Re
EIS - Anthony Grosso, CMO of EIS
BIBA
Zego Helping - Sten Leaseholders: Saar, CEO of Zego The New Fire
Safety Reinsurance Facility, Alastair
Blundell FCII, Head of General Insurance,
Aon British - Marguerite Insurance Soeteman-Reijnen,
Brokers’ Association
Chairman (BIBA) Executive Board, Aon
Holdings
APIL
Arma The Karma Automated - Ben Vehicles Smyth, CEO, Bill, Gordon
Arma Dalyell, Karma Committee Member and
Treasurer, Association of Personal Injury
Revolut Lawyers - Balázs (APIL) Gáti, Global Head of
Insurance, Revolut
33 CHO
BIMA - Mathilda Strom, Co-Founder
& Deputy CEO, BIMA
Cyber Risk in Insurance, Anthony
WTW Hughes, - Pardeep Chair Bassi, & CEO, Global The Credit Hire
Proposition Organisation Leader (CHO) – Data Science,
WTW
MGAA
Insur.Tech.Talk
Editorial Board
MGAs Keep Pace With Rapid
Regulatory Change, Mike Keating, CEO,
Managing General Agents’ Association
(MGAA)
Experts from within the Insurtech
sector and beyond share their unique
insights. In this issue, we look at
35 FOIL
balancing The Use automation of AI in Insurance, with customer Fleur
satisfaction, Rochester, the President, concept London of ‘digital Forum of
transformation’, Insurance Lawyers and how (FOIL) new signals
point to technology as a solution to
address NBRA economic concerns.
Cyber Risk in the Automotive Sector,
Thomas Hudd, National Technical
INSUR.TECH.TALK
Manager, National
BOARD
Bodyshop Repair
Association (NBRA)
37 MASS
The Ineffective ‘Inflationary Buffer’, Sue
Brown, Chair, Motor Accident Solicitors
Society (MASS)
CII
Innovation in the Cyber Market, Dr
Matthew Connell, Director, Policy and
Public Affairs, Chartered Insurance
Institute (CII)
MODERN INSURANCE | 7

INSIGHT
Businesses
See No Relief
From Cyber-Attack
8 | MODERN INSURANCE

Risk sentiment
Hiscox Cyber Readiness Report
ent
ains the number
among businesses,
shoots of optimism
Fear factor in decline
Are businesses learning to live with the cyber threat?
Exposure to cyber attack still tops the list of business
g to appear.
worries among our respondents. But this year there
Eddie Lamb, Hiscox’s has been Group a perceptible Chief shift in risk Information
sentiment – the
better. The proportion of firms citing the threat
Security Officer, explores
as high risk has
the
dropped
latest
this year
cybercrime
from 45% to
trends for businesses 40% – though as attacks that has to be continue set against a general to rise.
improvement in confidence across all categories of
However, for organisations business risk. The cyber who threat take comes a out proactive
just ahead
of economic issues such as recession, inflation or
approach to address exchange the rates risk, (38%) there and emergence is steady of a new
cause for optimism.
competitor (36%).
While the cyber threat continues to be seen as the
number one danger in most business sectors, several
For businesses, the cyber industries landscape – business is services, not getting construction, any transport, easier
to navigate. According food to and the drink, Hiscox and travel Cyber and Readiness leisure – now consider Report
2023 1 , the frequency of economic cyber-attacks issues as more has important. increased for the
fourth consecutive year, Seven-of-eight with small countries businesses last year experiencing saw cyber as the the
top risk. The number has fallen five this year, though
fastest rate of growth. Moreover, out of the top ten risks named
cyber is still seen as one of the top three risks in all
by those surveyed, ‘cyber’ countries sat apart at the from top Belgium. once There, again risks - like ahead skills of
other risks such as economic shortages, issues economic (like loss and recession, competition inflation, take or
precedence. This is another pointer to suggest that
exchange rates) and the emergence of new competition.
Top ten business risks (%)
some businesses now feel there are other risks posing
an equal or greater threat than cyber.
2023 2022
1. Exposure to a cyber attack 40 45
2. Losses due to economical issues e.g. inflation 38 40
3. Emergence of new competitor 36 36
4. Skills shortage 35 40
5. Reputational damage e.g. negative press 35 37
6. Regulatory or legislative changes 34 37
7. Pandemic or infectious diseases 33 42
8. Geopolitical conflicts disrupting operations 33 –
9. Fraud and white-collar crime 32 38
10. Extreme weather and natural disasters 29 33
Given the fact that cyber is the most likely cause of any
business crisis in today’s modern world, it is critical for firms of
all sizes to stay current on the latest cyber trends. However, this
is particularly applicable to small or mid-sized organisations
who may not have the inhouse security resources to defend
themselves from an attack, or deal with the aftermath. Staying
atop of the latest cyber trends will help to build the necessary
resilience, something which can often be achieved through a
number of relatively lower cost measures.
‘While email compromise continues
to be the hackers’ preferred method of
entry into an organisation, traditional
encryption ransomware is being
superseded in favour of extortion
linked to data theft’
Businesses under attack
Cyber is, of course, a risk for every organisation. However,
Hiscox’s latest research reveals that small to medium-sized
businesses are firmly in the criminals’ cross hairs.
Over the last three years, for example, attacks against small
businesses rose from just under a quarter (23%) experiencing
one or more attacks in a year, to over a third (36%). One reason
for this accelerating trend is the high number of SMEs that
criminals can go after. The UK economy alone is made up of
more than 5.5 million 2 SMEs, providing a huge attack surface for
criminals to target. Moreover, most of these businesses do not
have the dedicated cybersecurity personnel that larger, better
resourced organisations can draw on in order to build their
defences.
Extortion on the rise
One key trend of note is that while email compromise
continues to be the hackers’ preferred method of entry into
an organisation, traditional encryption ransomware is being
superseded in favour of extortion linked to data theft. Criminals
are no longer committed to the time it takes to gain access to a
network and paralyse a business by encrypting its information
assets, certainly not when they can simply steal vital
information that might be related to a company’s intellectual
property, for example. This can then be used nefariously to
carry out a straightforward extortion.
It is also much easier to monetise this type of information, as
opposed to large volumes of payment card information (PCI)
or personally identifiable information (PII), which have been
seen as the more traditional data targets for hackers.
One feature of this focus on small to medium-sized
organisations means that criminals are adopting a ‘high
frequency, lower value’ approach to their attacks. They are
not spending as much time targeting larger businesses with
sophisticated attacks; instead, they are using automation to
scan smaller businesses, searching for system vulnerabilities
that they can exploit more easily.
Costs of an attack are down
From a financial loss perspective, however, the picture is not
as gloomy as the narrative might initially suggest. The Hiscox
Cyber Readiness Report found that the median cost to all of
the businesses it surveyed globally has fallen from US$17,000
in 2022 to US$16,000 in 2023. Interestingly, smaller firms are
doing better at controlling costs related to a cyber-attack
than larger businesses with more than 1,000 employees, who
have seen their cyber-attack costs rise by 125% in two years to
Page 06
Reality of cyber risk
Hiscox Cyber Readiness Report
around US$53,500 for each incident.
Median financial cost of a cyber attack ($000)
Number of employees
0–9
8
6.6
5.3
11.8
10–49
11.2
9.5
50–249
Financial impact steady
Despite this surge, the financial impact of cyber attacks
Of
has fallen
course
slightly year-on-year,
the financial
suggesting
fallout
firms are
is
–
just
manufacturing,
one matter,
transport and
and
distribution,
while
energy
getting better at spotting and disrupting attacks. There (which has featured among the top three targets for
unwelcome, was a small increase in monetary the number of companies costs that alone each may of the last not three years) prove and government terminal and for
successfully defended against an attack (8% versus non-profit. Both the transport and distribution and
larger 7% the previous businesses. year). On the other hand, government it’s and non-profit the accompanying
sectors saw significant cost
increases year-on-year (28% and 83% respectively).
Taking median figures, the cost of attacks has dropped
reputational damage, together with Manufacturers the reported stress the highest emotional
median loss for
from just under $17,000 to a little over $16,000 per
the single worst attack – at $7,161.
toll targeted of company. an attack, The median that for the largest has single the capacity to do the real harm.
attack also fell from $6,650 to $5,350. However, these The good news is that most industries managed to
In numbers fact, mask 20% a wide range of businesses of outcomes – from $2,140 that experienced contain or reduce the median a cyber cost of the incident
single largest
for firms with up to nine employees to $10,700 for attack suffered. For energy firms, the figure is down
said firms with it 1,000-plus was enough employees. to threaten the from more ongoing than $11,000 viability to just under $7,000 of their over two
years. For the food and drink industry it has more
organisation.
In our 2022 report, only four companies reported
than halved, to $4,500.
cyber attack costs of over $5 million. This year there
were eight companies in that bracket and three at the
$10 million-plus level. One in eight firms (12%) suffered
costs of $250,000 or more.
Small firms better at managing costs
There is some encouragement to be taken from this
year’s figures. Smaller firms are doing a good job
of containing the costs of cyber attacks. Firms in the
bottom two size categories have seen median costs fall
two years running. It is all the more remarkable given
the incidence of attacks has risen for small companies
over the last three years, just as it has for larger ones.
However, costs are still rising for firms in the top two
categories. For businesses with 1,000-plus employees,
cyber attack costs have risen 125% in two years,
to around $53,500.
10
13.6
10.7
17.2
250–999
22.6
INSIGHT
‘Interestingly, smaller firms are
doing better at controlling costs related
to a cyber-attack than larger businesses with
more than 1,000 employees,
who have seen their cyber-attack costs
rise by 125% in two years’
24.8
2021 2022 2023
23.7
1,000-plus
42.3
Costs vary widely by industry
Four sectors suffered median costs of $20,000 or more
53.5
MODERN INSURANCE | 9

Be a part of
something bigger
Helping people. Innovating an industry.
At Crawford, employees are empowered to grow, emboldened to act and inspired to innovate.
Our industry-leading team pioneers new solutions for the industries and customers we serve.
We’re looking for the next generation of leaders to take this journey with us.
You’ll be empowered to help people when they need it most, to work on things that you’re
passionate about and your ideas will matter.
To create the future you want, look at the careers available at Crawford:
www.crawco.co.uk/about/careers or contact recruitment@crawco.co.uk
www.crawco.co.uk
Crawford & Company is an equal opportunity employer.

Page 07
Impacts of a cyber attack (%)
Nothing has changed in past 12 months
Lost business partners
4 10 12 13 16 16
Fine that had significant impact on business
Greater difficulty attracting new customers
11 20 16 18
22 20
Solvency or viability of business was threatened
Lost customers
17 21 21 19
22
21
Reduction in business performance indicators
Negative impact on brand or reputation
16 21 24 23
27
25
Caused a breach for third-party partners
Costs associated with notifing customers
20 22 26 23
30
31
Vulnerabilities and impacts
The favourite entry point for hackers was once again Which countries were most vulnerable? In terms of
business
focus
email compromise,
on building
mentioned by
resilience
35% of number of firms attacked, Ireland stands out this year
So,
targeted
given
companies
the
(and
relentlessness
40% of government and
of cyber
with more
risk,
than seven-in-ten
how can
firms (71%)
businesses
targeted, a third
non-profit respondents). The corporate server, whether more than the average for the study group as a whole.
continue owned in-house (mentioned to build by 31%) their or in resilience?
the cloud Irish firms were also targeted almost three times as often
(mentioned by 29%) came second and third. In both
cases those percentages were way down on the previous
year, suggesting preventive work is having an effect. 20% on average across the study group). More than
It’s evident that those businesses
half
who
of respondents
perform
in Ireland
best
said the first
when
point of entry
The energy sector appears particularly prone to
was via the corporate owned server (57%) or a cloud
defending breaches of a corporate against owned server. attacks The construction have a number of things in common
server (50%).
sector tops the list of industries hit with a cloud server
- breach not alongside least travel a dedicated and leisure, as well as IT technology. security In financial function, terms, the which worst hit countries is a solution
were the
The most common outcome of a cyber attack was UK (with median costs per firm of $24,200), The
not open to most small and mid-sized organisations.
financial loss due to payment diversion fraud (mentioned
by 34% of attacked firms, up from 28% two years ago).
Loss of data and virus outbreaks dropped for the
There second year are running. however three highly effective controls, open to all,
There was a sharp jump in the number of German firms
including
Some of the knock-on
the
effects
use
of
of
cyber
endpoint
attacks were
detection
reporting attacks
response
– up from 46%
(EDR),
to 58% – with the
felt more widely this year than before. Nearly a third median number of attacks per firm rising from six to ten.
multi-factor (31%) of firms that were authentication attacked reported increased (MFA), By contrast, and two a countries more – Belgium prosaic and The (but Netherlands no
costs for notifying customers of an attack. The figure – saw a fall in the median average number of attacks
less is up for effective) the second year running. programme The same is true of employee experienced. It awareness.
may be relevant that The Netherlands was
of those reporting a breach for third parties, up over
two years from 20% to 26%.
EDR It is worth works noting that effectively the disaster scenario to is not monitor as end-user devices, looking for
remote as one might believe. One-in-five firms (21%)
cyber that were attacked threats said the like impact malware was enough to and ransomware. Meanwhile, MFA
threaten the viability of the business. That was also
requires
the case for a fifth
users
of the very
to
smallest
supply
firms.
two or more pieces of identification,
such as a password and PIN before they are able to gain
privileged access to IT systems or personally identifiable
information.
Effective as these tactics are, both approaches continue to
show some signs of stress, having been overcome in some
instances by committed hackers. Nonetheless, they are a good
start towards building a robust security system; one which can
also include measures like controlling communications between
networked devices as well as the all-important back-up of data,
which can secure a remote source and eliminate the potential
for unrecoverable data loss.
Employee awareness of the risk is also critical. After all, most
attacks can only be successful if they are enabled by someone
clicking an attachment on an email and allowing an attacker
entry into a company’s business systems. Improving awareness
can be a relatively low-cost measure in the fight against
cybercrime, but it’s one that is often overlooked by businesses.
Evidently, investment in cybersecurity through measures
like these pays dividends. Hiscox’s report reveals that nearly
half (45%) of the bigger firms surveyed say their exposure
to cyber-attack has reduced in line with increased spending
on cybersecurity – a rise from just over a third (36%) in
2022. Smaller businesses of up to 249 employees have also
upped their median spending. This link between investment
in cyber security and a reduction in the risk should be a clear
consideration as businesses consider their budgets for the next
Page 13
Building resilience
Hiscox Cyber Readiness Report
financial year.
Cyber security median spend ($)
Number of employees
Reality of cyber risk
Hiscox Cyber Readiness Report
Country by country: Ireland stands out
2021 2022 2023
as the average median and were significantly more likely
to be targeted with ransomware (30% compared with
Netherlands ($21,400) and the USA ($20,000). For
US and UK firms, business email compromise ranked
top, mentioned by 38% and 37% respectively.
the only country in our study to have upped its average
cyber readiness score in our maturity model this year.
The role of cyber insurance
Part of that investment should include the consideration of cyber
insurance. Many of those businesses with increased cyber risk
maturity (42%) had standalone cyber insurance cover, while
a further 36% had some element of cyber cover in another
insurance policy.
In contrast, smaller firms are behind their larger counterparts
in taking out cover. Insurance should not be perceived as the
preserve of bigger companies, particularly now that cyber has
become such a ubiquitous threat to businesses of every size.
The cost of a cyber insurance premium that can deliver benefits
- such as access to IT forensics, legal and crisis management
support - is especially good value, given how this type of care can
assist with threat mitigation and quickly return a business to the
position it was in before an attack.
‘Improving awareness can be
a relatively low-cost measure in the
fight against cybercrime, but it’s one
that is often overlooked
by businesses’
Sentiment improves, but no room for complacency
Most importantly, it is crucial for all businesses to build their
awareness of the latest threats and trends, developing their
tactics, techniques and procedures to combat the cyber threat
and build organisational resilience.
An improvement in business sentiment towards cyber risk, as
indicated by the Hiscox Cyber Readiness Report, implies that
as the threat becomes more mainstream, organisations are
becoming more comfortable and confident in dealing with
the likelihood of a cyber-attack - approaching this outcome
in the same way as they would some of their other business
risks. However, this sentiment also reflects a rising spend on
cybersecurity, alongside better implementation of security
measures and increased buy-in
from senior management figures.
Actions like these are to be
welcomed, especially given the
fact that for every business,
the likelihood of cyber-attack
is a case of when, not if.
Eddie Lamb,
Group Chief Information Security Officer, Hiscox
INSIGHT
The link with cyber budgets
Not surprisingly, money is also seen as important.
Bigger cyber risk budgets are prominent reasons for
feeling more cheerful about the cyber threat. Some
45% of bigger firms that say their exposure to cyber
attack has gone down cite bigger budgets and better
risk reduction solutions as a reason why. That is up from
36% the previous year. It begs the obvious question:
is there a link between the size of budgets and reduced
cyber risk? There are tentative reasons for thinking
so this year.
As mentioned earlier, smaller firms have managed to
reduce the median cost of cyber attacks despite their
greater intensity. At the same time, smaller companies
in the 1-9, 10-49 and 50 to 249 employee segments
have materially upped their median spending – by 77%,
36% and 145% respectively. Over two years, firms
with less than ten employees actually quadrupled their
median cyber security spending. By contrast, at the
top end – firms with 250 or more employees – median
spending has been trimmed this year. Here the financial
impact of attacks has continued to rise.
Looking at the country data, Belgian firms spent less
on cyber security than any other group – $69,000
as a median average, down from $144,000 the previous
year. Median losses from cyber attacks nearly doubled.
62% of respondents reported costs of $10,000 or
more – nearly twice the average for the study group.
By contrast, German firms were the biggest spenders,
at a median of $212,000, and saw a reduction in losses
from $21,000 to $16,000. Admittedly, German firms
have topped the cyber security spending averages for
the past three years. But they are the only group that
has seen a material reduction in attack costs over that
period. One thing is certain: the experts in our survey
tend to spend a larger proportion of their IT budgets
1-9 10–49 50–249 250–999 1,000-plus
2023 8,100 47,900 147,700 922,000 4,900,000
2022 4,600 35,300 60,200 938,800 5,500,000
2021 2,000 20,000 59,300 355,800 2,500,000
Money is only part of the resource equation
The number of people being deployed to counter
the cyber threat is also relevant. Belgian, Irish and US
companies lead in this area with an average 97, 95
and 84 people in the cyber team respectively. They are
way ahead of the rest. Yet behind those averages lies
an interesting statistic: 15% of US and UK firms are
without a managerial role dedicated to cyber security.
That compares with just 8% of German firms, for
instance. The USA and the UK happen to be two of
the three worst hit countries in this year’s survey.
Industry leaders in accident management
solutions and repair services.
The existence of a dedicated cyber security head is
one of the key differentiators between the experts and
the rest. Only 4% of the firms qualifying as experts this
year lacked a role dedicated to cyber. That contrasts
with more than a quarter (27%) of the novices. Many
of them are smaller companies for whom this is clearly
a resource issue. More than a third (34%) of firms with
fewer than ten employees said they had no defined role
for cyber security. This dropped to 9% for firms in the
ten to 49 employee bracket. However, and perhaps
more worryingly, smaller firms also lag in less money
sensitive areas such as putting in additional security
or employee training after an attack.
sandgresponse.co.uk
1
https://www.hiscoxgroup.com/cyber-readiness
2
https://www.gov.uk/government/statistics/business-population-estimates-2023/businesspopulation-estimates-for-the-uk-and-regions-2023-statistical-release
01625 417758
MODERN INSURANCE | 11

WITH KEN MUNRO
Modern Insurance Magazine recently sat down with Ken
Munro, Founder and Partner of Pen Test Partners,
in order to discuss cyber vulnerabilities in our
increasingly connected world. What susceptibilities
are most in need of addressing urgently, and how can
the security industry do more to protect its
end-users?
12 | MODERN INSURANCE

Q
Ken - what’s the appeal for hackers when it comes to planes,
trains, ships and cars? Surely banks and large corporations are
more lucrative?
They are and they aren’t! Banks and large corporations know
they’re more lucrative, so they’ve invested heavily in making sure
Athat they have the most suitable defences in place. Hackers will
always follow the money. We can’t think of them as kids in hoodies sat at a
PC in the basement anymore; many ransomware operators are organised
businesses, and operate as a serious threat. Some hacking groups have
even got HR departments.
Banks aren’t easy targets because they’ve spent so much money
on stringent cybersecurity measures to combat this. Therefore,
cybercriminals need to look at other resources further afield, and this
is where we see the maritime industry being affected. For example,
refuelling ships has been a really easy source of funds for cybercriminals
in the recent past. If you can redirect a refuelling payment through invoice
fraud and phishing emails, that’s potentially a huge lump sum being
intercepted.
The same goes for cars. Modern cars are increasingly connected, and
many have now got payment systems in place which can unlock access
to additional features. If money exchanges hands, it’s a potential source of
income for hackers and other cybercriminals. Ransomware has even been
developed for car systems, though fortunately it’s just proof of concept at
the moment, rather than an immediate and pressing threat.
Q
As a fan of electric vehicles (EVs), what cybersecurity
vulnerabilities do you feel are most in need of addressing as a
matter of urgency?
EVs themselves aren’t a concern so much as the charging
infrastructure that supports them. We’ve already seen hacks
A against EV chargers; there was a case in the Isle of Wight where
an EV charger was hacked to display pornography, and another case in
Russia where chargers were compromised and stopped from working
altogether.
Pen Test Partners completed a large project on domestic EV chargers
recently, finding major security flaws in most of them. Of course, if an EV
charger is compromised or out of use because it’s been hacked, that’s
a huge problem for drivers. In addition, this does nothing to reassure
prospective EV owners who are concerned about the range of an EV;
those who rightfully want to know that they could access an EV charger
without hassle whenever they need one. Broken charging infrastructure is
enough of a problem as it is, and a bunch of hackers further destabilising
EV uptake is the last thing we need when it comes to making that switch.
Q
A
Some insurance companies wish to fit trackers in vehicles in
order to lower premiums. Is this counterproductive given the
flaws that trackers can have, and the opportunity it provides
to hackers?
In a way, yes. Fortunately, since finding and reporting those flaws,
they have now been fixed. However, these vulnerabilities should
not have been there in the first place.
I really hope that affected manufacturers have taken some time to
reassess and up their game in this regard. Selling a security product
for a vehicle without first addressing a significant number of security
vulnerabilities is really unacceptable, and I’d like to see more evidence of
manufacturers taking their role as security providers more seriously.
I’d also like to see a more robust approach to security throughout the
industry in general. Insurers will often rely on certification bodies to be
certain that a product improves the security of a vehicle. Sadly, some
of these bodies have accredited products that made the security of the
vehicle worse! This cannot be allowed to continue.
Are we at a point where standard home and vehicle insurance
policies should be inclusive of cyber cover, given the rise of the
Q Internet of Things (IoT) and the hyperconnected world we now
live in?
A
As things stand right now, any underwriter would be crazy to do
this! There’s not enough data in place at the moment and not
enough research being done in this space for an underwriter to
accurately quantify the risk. Nothing could go wrong for years, and then
an entire brand or fleet of vehicles could fall victim to a cyber-attack. This
would leave one insurer on the hook for a very big cyber claim, so whilst
I’d love to see more cyber cover embedded into other lines of insurance, I
think that the risk would be way too high right now. Not enough research,
and not enough data!
“There are many competing interests, each
with different motivations, and then there
are a bunch of researchers in the middle
trying to shine a light on poor behaviour -
all in the hope that catastrophic hacks can
be evidenced fast enough before hackers catch
on and start exploiting it”
Do you think the number of successful catastrophic hacks will
increase in the coming months and years? Or is technology and
Q security managing to evolve at a fast enough rate to keep them
at bay?
A
Yes. It’s an arms race against the hackers. Organisations are trying
to improve their cybersecurity quickly, and manufacturers are
trying to improve their product security quickly in order to avoid
an eventuality where security vulnerabilities bring down an entire fleet of
vehicles, or an entire company’s data. There are many competing interests,
each with different motivations, and then there are a bunch of researchers
in the middle trying to shine a light on poor behaviour - all in the hope that
catastrophic hacks can be evidenced fast enough before hackers catch on
and start exploiting it.
As an ethical hacker, what is the biggest challenge for insurers
when it comes to providing cover for modern-day cyber risks?
Q
Many insurers and underwriters are really suffering from the
effects of ransomware right now. A lot of cyber insurance policies
A are priced based upon historic risk data, and the prevalence of
ransomware has accelerated so much that a lot of underwriters have been
left facing multiple sizeable claims.
As a result of these loss ratios, cyber insurance premiums are increasing
quickly, and insureds must do everything they can to demonstrate
stringent security measures when they’re looking to obtain this kind of
cover. Savvy underwriters really like to do business with companies that
are able to prove their cybersecurity strengths.
In terms of cars, the thing that worries me most is where a vulnerability
is found in a vehicle, escalating to a fleetwide hack because they’re
fundamentally all using the same systems. Hypothetically, the systemic
losses from a particular model or brand of connected vehicle all turning
left at the same time could be catastrophic. This was realised in the Jeep
hack of 2015, for instance; it can be done, and we’ve since demonstrated
similar outcomes with other brands throughout the course of
our commercial engagement work. Fortunately,
these brands continue to take security
seriously, ensuring that their vehicles are
well protected. From an underwriting
perspective in particular, however,
it’s a really difficult risk to price
against. These challenges are almost
certainly set to continue as the
cyber insurance market evolves.
Ken Munro,
Partner and Founder,
Pen Test Partners

INTERVIEWS
CYBER PROTECTION
with Jim Steven,
CULTUREExperian UK
Modern Insurance Magazine
recently sat down with Jim
Steven, Head of Crisis and
Data Breach Response Services
at Experian UK, to discuss
adequate safeguards against
cyberthreat in business. How
should firms take logical steps
to mitigate cyber risk, and how
can they formulate or test their
data breach response plans in
the event of a serious attack?
Jim, why are ransomware attacks
Q increasing in frequency? And from your
experience, what general attitudes have you
seen towards this particular brand of
cyber-attack?
Ultimately, ransomware attacks are
A increasing because criminals have found
this to be a successful and lucrative commercial
venture. People pay, and because people pay
it becomes a very attractive model for criminal
gangs. If you actually look at what ransomware
does, it’s the deployment of one piece of
malware that generates an upfront payment in
a great deal of cases. Until people stop paying
out in the event of a ransomware attack, we’ll
see this activity continue to operate.
There’s got to be an understanding of the fact
that this type of activity isn’t going away.
There are a number of governments that say
business owners shouldn’t pay in the event
of a ransomware attack, but if you’re the
CEO of a £5million business and you suffer a
ransomware attack which promises to resolve
itself if you pay the ransom, you’re likely to
succumb to it. If you don’t pay, the alternative
could result in reputational damage, through
the press or through your share price. Your
investors might lose faith, your customers
might lose faith, you might lose revenue as a
consequence. If people are going to continue
to pay the ransom, and if CEOs and Boards of
Executives think that’s a viable choice and a
cost of doing business, there’s always going to
be a market.
We’re seeing this play out in cyber
insurance policies across the industry.
Bigger organisations are only insuring part
of their loss in the event of a ransomware
attack; there’s a lot of captives running at
the moment, and a lot of self-insurance.
There’s such a high deductible on so many
cyber policies, there’s already an attitude
within firms and organisations that alludes
to being prepared to pay out. Quite rightly,
organisations are looking at their own security
and data governance in order to mitigate
the risk of cyber-attacks. But there’s such
a breadth of low hanging fruit in terms of
how you can access a firm’s online systems,
particularly when there’s a third party
involved which might not have the same
levels of security. You can still fall foul to the
consequences of a ransomware attack even if
you’ve taken all of the necessary precautions,
and you may still be faced with the decision to
pay or not to pay.
As threats to data security grow in this
Q way, how can firms and organisations
take logical steps to mitigate the risk
further?
Whilst everyone focuses on better security,
A simple cultural changes can really reduce
the risk. Most organisations understand that
they’ve got to have some kind of security in
place, or at least some kind of layered approach
to protecting their data, but this doesn’t mean
“
In the last three or four years, firms have also
been offering cyber education to their workforce
en masse, mainly through introducing password
managers and simulated, fake phishing emails.
“
14 | MODERN INSURANCE

INTERVIEWS
that there aren’t some simple, basic approaches
that businesses can adopt for a larger return.
Firstly, if you don’t need to hold personal data,
don’t hold it. So many organisations store
data longer than they need to, and in doing
so, they’re increasing their attack surface and
exposure to nefarious cyber activity. Separating
strings of information also helps to mitigate
risk. Don’t keep full identity sets in one place
and/or corporate intellectual property in one
place.
In the last three or four years, firms have
also been offering cyber education to
their workforce en masse, mainly through
introducing password managers and simulated,
fake phishing emails. If staff don’t identify
the risks and open the email, they’re offered
more courses and more training to prevent the
same thing happening in the event of a real
phishing attack. Companies are also taking
this one step further through gamification,
where they’re incentivising staff to be more
online safety conscious by offering prizes to
individuals who can identify fake, or even real
phishing attempts. Developing a culture of
protecting each other through education is
really important. You have to look after your
staff if you expect the same in return.
Of course, preparation is key. How
Q can firms prepare for the worst when
it comes to cyber threat, and how can
consumer response plans be put to the test?
In the UK last year, I dealt with over 900
A breach recoveries. Globally, it was more like
6,000. I would say that of those firms, 90-95%
did not have a consumer response plan in place.
Many will have a Disaster Recovery (DR) plan
and/or an IT Recovery plan that is mature and
tested regularly, but in the event of a successful
data breach, the majority of firms don’t know
who has been affected or how those people will
be contacted and notified.
Many don’t know the intricacies of the contact
information they have on file, and they’ve no
plan in place for who should be prioritised
in terms of how this communication will be
staggered. They haven’t thought through the
wording of the notification, or whether this
needs to be translated into multiple languages.
Are there a number of brands in the firm’s
group and if so, how will this be tackled? Have
a consumer recovery plan, and an employee
recovery plan, and understand all of the
different cohort groups that make up the
personal information you hold. You might lose
your payroll, which affects former employees
as well as current. It’s all about understanding
what data you’ve got. Then and only then can
you put a consumer response plan together
against the information you hold, and look
at how you would communicate with these
customers effectively in the event of a data
breach.
Once you’ve got a plan together, of course you
need to test it. It may seem obvious, but very
few people do this - which always surprises
me given that a poorly executed plan has the
potential to create the biggest reputational
risk of all. This kind of strategy doesn’t need
to consist of clever stuff. For instance, if you’re
sending communications via post, do you have
enough branded envelopes in stock? Going
through a scenario in theory is all well and
good, but you need to put this into practice by
trying out a number of real-life simulations if
you’re really going to iron out the creases. Get
your teams together and ensure that everyone
understands where their responsibilities
lie. This increases the chances of a quicker,
smoother recovery.
In the event of a data breach, how can
Q organisations do more to scale up their
resources?
Well, first of all, you’ve got to understand
A what your tipping points are. What severity
of attack are you dealing with? How much of
the response can you manage in house without
having to arrange overflow resources? Maybe
you need to outsource them completely. You
might be able to handle 10 calls, but can you
handle 10,000? Experian are able to be quite
reactive in this situation; for example, we will
outsource support with suppliers that can
distribute 400,000 emails per day in three days,
or 2 million letters after five days. It’s all about
finding that bespoke solution in accordance
with business needs.
The real question actually lies in how many
people respond to the notification of data
breach with further queries. From a customer
perspective, there’s nothing worse than
receiving bad news and not being able to get
through to someone when you want to clarify
information and understand next steps. Make
a prediction as to what this return rate looks
like for your company. It’s often not as bad as
you might think; in these scenarios, we usually
see a 1-2% response rate following mass
notification of data breach. If you assess the
situation and realise that outsourcing support
would be the better option, you should select
the right partners with the correct capabilities
and factor this into your response plan from its
inception.
From your experience, what does the
Q future cyber threat landscape look like?
What can the industry do better?
The landscape never sits still, and whilst
A there have been some welcome wins for law
enforcement recently (with Lockbit and BlackCat
gangs being impacted), we’re still seeing a rise
in attacks year-on-year.
We believe that third-party data breaches will
continue to make headlines. With increased
data collection, storage and movement, there
are plenty of partners further down the supply
chain that could be targeted. Experian predicts
attacks on systems four, five or six degrees
away from the original source - especially
as vendors outsource data and technology
solutions, who outsource to other experts, and
so on.
Instead of making drastic moves and trying
to reap instant reward (such as that seen
with ransomware), bad actors may also start
to manipulate or alter minute aspects of data
in order to stay under the radar. This might
be seen through adjusting a currency rate,
for example, or even the coordinates for fleet
transportation. These small actions can have a
major impact in the grand scheme.
Finally, like drug cartels, cybergangs are also
forming sophisticated organisations around
the world. Joining like-minded actors can be
incredibly advantageous, with global networks
helping each other out in order to advance
common goals and interests. I think we’ll also
see more hackers for trade, crews looking to
expand their monopolies, and cyberwarfare
alliances. The underlying message is this:
companies must invest in sophisticated
prevention and response methods if they are
to adequately protect themselves from serious
threat.
Experian have recently released their 6 key
predictions for the cyber landscape in 2024.
To view the full report and find out more,
visit their website.
Jim Steven,
Head of Crisis & Data Breach
Response Services, Experian UK
Jim Steven is Head of Crisis & Data
Breach Response Services for Experian UK,
building on the knowledge, experience and
success of Experian’s global data breach
resolution offering.
The team work with businesses to
help them manage and resource mass
consumer crisis responses, including
customer notification, contact centre
and credit/identity monitoring services
for customers/employees affected by a
crisis event. They also support clients in
preparing and practicing readiness plans
for potential incidents, guaranteeing
resource availability to mitigate the
impact and speed of recovery.
Prior to joining Experian, Jim worked
for some of the world’s largest security
companies, providing expertise in security
risk management solutions, travel risk
management, aviation security and
corporate security.
MODERN INSURANCE | 15

YEARS OF EXCELLENCE
1994 ~ 2024
Market-Leading Outsourced Claims Services
Find out more:
www.carpentersgroup.co.uk

EDITORIAL BOARD
A Varied Approach
to Counter Fraud
You can never be complacent or rest on your heels
where security is concerned. We have a great bunch
of people working in our IT security team that take a
proactive approach to testing and raising awareness.
Whilst traditional methods such as phishing campaigns and whaling
simulations are great at keeping people on their toes and helping
them understand what bad looks like, you can always do more.
At Carpenters Group, we never settle on one thing. We try to come up
with different ways to keep people engaged, which is always difficult
in the age of information overload. That’s the tricky thing. How much
is enough, and more importantly, how much is too much?
We balance the quantity of information that we send out and consider
what will grab attention, and what helps drive the message. There
have been some really high impact news headlines over the last six
months that have really hit home; social engineering and deepfake
attacks that cost the associated businesses millions. These headlines
really help to highlight concerns that can translate to any business.
Tackling fraud requires a varied approach that combines proactive
measures to prevent fraud, robust security measures to detect and
respond to fraudulent activities, and ongoing education and training
for employees and customers. Every business is different; therefore,
it’s essential to tailor your approach to cybersecurity to fit your
specific needs and circumstances.
Utilising intelligence gathered from the wider business community
is also essential when it comes to understanding new and emerging
fraud techniques, and this is a pivotal part of our security strategy.
Finally, when you promote a culture of security awareness and
implement a robust cybersecurity initiative, you can significantly
strengthen your organisation’s defences against threats. Ultimately,
this minimises the impact of potential attacks such as fraud,
ransomware, and phishing.
Karen Campbell,
Chief Information Officer, Carpenters Group
Our internal communication platform and intranet dedicated cyber
/ security channels are used to keep the narrative at the forefront of
people’s minds. We also run a full training programme for everyone in
the business, alongside a national awareness campaign.
2024: A Year of Evolution
for the Insurance Industry
Entering 2024, the insurance industry is undergoing
profound transformations, driven by technological
advancements and shifting consumer expectations.
Let’s delve into the pivotal trends shaping this landscape, and how
industry stakeholders are adapting.
Digitalisation. A pervasive trend across insurers, brokers, and
managing general agents (MGAs) is the accelerated adoption of digital
processes. From policy issuance to claims management, there’s a
concerted effort to digitise workflows, aiming to enhance operational
efficiency and deliver seamless customer experiences amidst an
increasingly digital ecosystem.
Data Analytics. With data volumes skyrocketing, the ability to extract
actionable insights has become a strategic imperative. Insurers and
brokers are harnessing advanced analytics to refine underwriting
practices, predict market trends, and proactively manage risks.
Leveraging predictive analytics and machine learning algorithms
empowers industry players to gain a competitive edge by making
informed decisions based on data-driven insights.
Cybersecurity. The omnipresence of digital transactions has
elevated cybersecurity to a paramount concern. Insurance entities
are bolstering their digital defenses with robust measures such as
encryption protocols, multi-factor authentication and sophisticated
threat detection systems. Safeguarding sensitive data and ensuring the
integrity of digital interactions are paramount to maintaining trust and
security in an interconnected landscape.
Customer-Centricity. In an era defined by heightened competition,
personalised experiences are emerging as a cornerstone of customer
retention. Insurers and brokers are pivoting towards customer-centric
strategies, offering tailored policies and communication channels to
cater to individual preferences. By prioritising customer satisfaction
and engagement, industry players aim to forge stronger, more
enduring relationships with their clients.
Regulatory Compliance. The FCA Consumer Duty represents a
significant regulatory development aimed at addressing longstanding
issues of consumer detriment within the financial services industry. By
imposing clear obligations on firms to prioritise consumer interests
and promote fair treatment, the framework seeks to instil greater trust
and confidence in the financial sector.
In summary, 2024 heralds a period of profound evolution for the
insurance sector, characterised by digitalisation, data analytics,
cybersecurity, customer-centricity, and regulatory compliance.
Industry stakeholders are actively responding to these transformative
trends, leveraging innovative strategies and technologies to remain
agile and competitive in an ever-changing landscape. By embracing
these shifts and prioritising customer needs, the insurance industry is
poised to navigate the challenges and opportunities of the future with
resilience and foresight.
Will Prest,
Product Manager, ParaCode
MODERN INSURANCE | 17

This is not a
total loss
It’s my pride and joy and the most expensive
item I have ever bought.
It’s the family taxi that keeps the kids safe and
sound at night.
It’s my driving holiday in France.
It’s mine.
Behind every vehicle that an
insurer declares as a total
loss there is an owner,
perhaps a family, or a
vulnerable customer, or
maybe someone lucky just
to be alive. At e2e we never
‘write off’ your customers .
For all those total loss claims when the Customer
Experience and Consumer Duty really matter.
Contact us: mia.constable@e2etotalloss.com
www.e2etotalloss.com

Consumer Duty
Defines the Role
EDITORIAL BOARD
Contrary to popular thought, e2e is not a salvage
company.
Of course, our supporting network members are some of the best
salvage agents in the country. Bringing that array of talent and
capability together, working on behalf of our insurer and claims
manager clients, is a real privilege. Providing vehicle auction, a
reclaimed parts portal, and national initiatives such as our Sustain 360
ESG programme gives us and our supplier members the opportunity
to provide our clients and customers with real added value.
However, these platforms are merely a ‘means to an end’. It’s clear
to us that we form an integral part of the Consumer Duty chain, and
our fundamental role is to help our clients and consumers alike when
it comes to maximising returns from an otherwise wasted asset, and
minimising the massive inconvenience that a total loss causes for
everyone.
In that sense, it is the Consumer Duty that defines our real purpose.
It’s often easy to get lost in the technicalities of managing the
consequences of a total loss decision and, of course, we can never
forget that there are indeed a vast number of issues that need to be
managed - from the safe and environmentally compliant disposal
of vehicles, through to the best practices of our auction site and
automated matching of reclaimed parts supply with demand.
Customers Drive our Behaviours
But we must always see the end-user customer as being our ultimate
point of reference. Insurers, their claims managers (if they outsource)
and their suppliers are always working on behalf of policyholders. In
our case, every last pound of realised sales revenue from auctions
goes towards keeping premiums lower than they otherwise would
be. Maximising the use of reclaimed parts helps to keep repair costs
down, which, in turn, reduces upwards pressure on costs. Countering
fraudulent claims not only helps to catch criminals but also, once
again, provides protection for the end customer.
Thought of this way, the Consumer Duty is not a set of obligations,
regulations, or policies. Instead, it is the very definition of who we are
as a business – and it should define every business in the financial
services sector. We only exist to service the needs of our customers,
and if we get this right, then sustainable profits will naturally flow.
Of course, there are some who will put the pursuit of profit ahead of
almost every other consideration. There are those who will seek to
bend the rules. There are those who resent the Consumer Duty.
Here at e2e, we don’t work with those people.
Jim Loughran,
CEO, e2e Total Loss Vehicle Management
Reacting to 2024’s
Key Trends
This year, we’re seeing a heightened focus on
controlling claims costs, improving operational
efficiency, and tackling fraud. This is where data
enrichment - for both the individual and the vehicle
or property, through increasingly granular realtime
data - has the power to reduce loss costs
for insurance providers, and lower premiums as a
result.
In motor insurance, knowing to what extent the safety technology on
a car cuts accident risk is crucial, and it is becoming even more critical
as car technology evolves. It’s why we have already taken huge steps
to ensure the insurance sector understands this technology in order to
price effectively through our award-winning advanced driver assistance
system (ADAS) data enrichment solution – LexisNexis® Vehicle Build.
Furthermore, our strategic alliance with Thatcham Research means
insurance providers will have streamlined and automated access to
Thatcham Vehicle Risk Data (VRD) 1 for the first time, something which
is integral to insurance pricing and consistency over the matching
of vehicles to Thatcham VRD. The more intelligence that insurance
providers can access on the specific vehicles they are insuring, the
more accurate the premium will be. They will also be more likely to
deliver a swift claims experience.
From a fraud perspective, email address intelligence through
LexisNexis® Emailage® Rapid is being used to flag the risk of fraud for
insurance providers in a seamless and frictionless way at the point
of quote. Highly granular cross-market claims data coming from
LexisNexis® Precision Claims later this Spring will add further detail to
the picture, helping insurance providers identify fraudulent behaviours
at quote through to claim.
Fraud prevention also extends to quote manipulation. Responding to
this challenge, it is now possible to uncover changes between quotes in
key fields prone to manipulation. This helps protect insurance providers
from inaccurate pricing and potential fraud, while consumers avoid
their policies being rendered null and void if deliberate misstatements
are uncovered at claim.
Finally, in a recent report from data consultancy firm Sagacity titled
‘Missing Billions: The Impact of Revenue Leakage on UK Business’, 95%
of the insurance providers surveyed said revenue loss comes from the
wrong policy for the customer or charging the wrong amount. This
is likely to be down to the vast volumes of customer data insurance
providers typically manage, increasing the chances of the same
individual appearing multiple times across different databases within
an insurance group without the dots being joined up. This can lead
to inaccurate pricing at renewal, the risk of fraud, wasted marketing
budgets and increased operational costs, as well as lost cross-sell and
upsell opportunities.
Insurance providers can gain a comprehensive real-time view of the
customer at each stage of the journey - but most importantly, at the
point of quote - using linking and matching technology to create a
single customer view. This can help guarantee that the right product is
being offered for the risk presented, and at the right price.
Tom Lawrie-Fussey,
senior director of product management, UK and Ireland,
LexisNexis Risk Solutions, Insurance
1
Thatcham Research Vehicle Risk Data is a live and extensive, industry-standard dataset that
contains key information about insurable cars, LCVs and motorcycles. Thatcham Research
is solely responsible for maintaining this dataset with each vehicle containing more than 100
individual data points.
Using data exclusively supplied by vehicle manufacturers and checked by Thatcham
Research’s expert data team, each vehicle is assigned a unique eight-digit ABI identification
code. This translates into a standardised description of the vehicle that is used by the entire
insurance industry.
Directly sourced data is also used to generate a Group Rating score for every vehicle. Ranging
between 1 and 50 for cars and 21 to 50 for LCVs, scores indicate the level of insurance risk
associated with the vehicle.
MODERN INSURANCE | 19

The Power of Data
At LexisNexis ® Risk
Solutions, we are
constantly transforming
the way we harness
data and analytics
to deliver essential
insights. Helping you
meet the challenges
that the ever-changing
market place brings.
Combining cutting-edge technology, unique data and advanced analytics, LexisNexis ®
Risk Solutions provides products and services that address evolving client needs, while
upholding the highest standards of security and privacy.
For more information, call 0800 130 3002 or visit
risk.lexisnexis.co.uk
LexisNexis and the Knowledge Burst logo are registered trademarks of RELX Inc. Other products and services may be trademarks or registered
trademarks of their respective companies. Copyright © 2024 LexisNexis. All rights reserved.

EDITORIAL BOARD
The Vizion Standard
Nobody is immune to cyber risk, with endless
headlines about how cyber-attacks, ransomware and
hacking continue to compromise personal data and
bring companies to the brink of collapse.
Significant awareness of how we learn as an industry is now
needed more than ever - especially against a backdrop of global
unrest. Artificial Intelligence, connected cars, continued digitisation
of systems and processes, new technologies, standards and
infrastructure all inevitably need to emerge to address this increased
risk of cyber threat.
Vizion understands and appreciates the importance of security for
our clients, customers and partners through active collaboration,
which is reflected in how we design, develop, build and distribute our
digital solutions and services. It’s also seen in how we strive to protect
our staff and customer confidential data, alongside our network and
infrastructures.
With the support of an industry consortium of representatives
consisting of leading insurers, manufacturers, cyber experts and
specialists from the Vizion team, a ‘Vizion Standard’ was created in
2018 to support repairers, provide consistency, increase accuracy
and reduce effort in providing education, support and resilience
across the network, delivered via our cloud auditing solution Opus
platform.
The ‘Vizion Standard’ is part of Vizion’s commitment to the customer;
assurance that we, our clients, and our repairer partners consider their
privacy and protection of personal data to be a critical element of the
customer journey.
In 2024, the ‘Vizion Standard’ continues to evolve. There’s a set
of specific sections to address areas in cyber security and GDPR,
expanding to other areas such as environmental, social and
governance (ESG). To be part of the Vizion Network, a repairer must
comply with the professional values set out in the ‘Vizion Standard’,
all of which are outlined by Vizion and supported by the UK’s largest
insurers.
To further increase our resilience, Vizion continues its commitment
to constant improvement through industry leading ISO27001 and
ISO22301 security and business continuity accreditations. This further
demonstrates our ongoing dedication to security, risk management
and best practices for data management across the organisation, and
for the betterment of our partners and customers.
For more information on the Vizion Standard,
email hello@vizionnetwork.co.uk.
Chris McKie,
Chief Executive Officer, Vizion Network
Standing Firm
When Floods Surge
The UK’s extraordinarily wet and stormy
winter has provided a rigorous, real-world test
of Crawford’s ability to perform in extreme
circumstances. An unprecedented 10 storms
in a three-month period led to a surge of
flooding across the country and one of the
busiest winters on record, as claims volumes
rose to triple the norm.
Planning, flexibility and coordination were the hallmarks of our
response as our operational model, committed employees and
technology rose to the challenge. Through huge spikes in demand
for our services, we responded digitally or through field visits to over
95% of claims within service level agreement standards.
In exceptional circumstances, this was truly an impressive
achievement. A succession of storms and heavy rainfall overwhelmed
the drain and river network and caused flooding losses on a vast
scale. Storm Babet alone, which struck in October last year, caused
insured losses of £467 million in the UK, according to an estimate
compiled by loss aggregator, ‘PERILS’.
Behind these heavy loss numbers were scores of policyholders
needing their claims addressed urgently and simultaneously. We
never forget that our job is to show up for our clients and insureds in
these difficult times, to listen to their needs and find solutions.
Key to our management of the UK storm and flood claims were:
• Planning and coordination: Our property teams used forecasts from
weather-risk experts to inform pre-surge plans, making continency
for additional ‘boots on the ground’ in worst affected areas. First
notification of loss (FNOL) teams were fully briefed to maximise
efficiency, using Crawford’s full suite of services and organising optimal
adjuster field visit routes. Furthermore, our managed repair team
put all contractors in its network on notice, secured capacity based
on demand predictions, and informed adjusting teams of available
contractor resources.
• Resource deployment efficiency: Our adjusting teams used virtual
assessment technology to improve efficiency, freeing other adjusters
to go out into the field to oversee more complex claims. Crawford
Contractor Connection teams also routed claims in batches to
dedicated regional contractors to improve efficiency and customer
outcomes.
• Scale: We diverted employees from around the UK to where they
were needed most. For instance, the Major and Complex Loss team
flew more than 20 adjusters out to the Channel Islands to help deal
with a claims spike. We also ensured sufficient non-field employees
were in place to support adjusters.
Lisa Bartlett,
Chief Operating Officer, International Operations,
Crawford & Company
MODERN INSURANCE | 21

The colourful way to be green.
The all new Glasurit 100 Line paint system is here. Keeping the environment beautiful.
With a VOC content of less than 250 g/L, lower emissions
with less material consumption and one of the best flash-off
behaviours there is, the new Glasurit 100 Line has the most
colourful array of environmental benefits.
Soar with 100 Line. Upgrade today: glasurit.com.

EDITORIAL BOARD
Embedding Consumer
Duty Excellence Across
the Supply Chain
Almost a year since its inception, Consumer Duty has
pushed insurers and brokers to reevaluate how they
deliver fair and consistent outcomes for policyholders.
Yet, delivering excellent customer value isn’t a solitary endeavour—it’s
a collaborative process that extends beyond the individual business.
To succeed, insurers must engage with non-regulated suppliers to
make sure their commitment to the customer extends across the full
claim cycle. Collaboration across the industry is the key to ensuring
that Consumer Duty regulations achieve their purpose. With that in
mind, we’ve produced a short guide delving into the intricacies of
embedding Consumer Duty regulations across the supply chain.
In this guide, we suggest a collaborative six step process.
1. Map out processes and identify responsibilities.
The first step is to map out the current claims process
comprehensively, pinpointing key supplier responsibilities along the
way. By understanding the roles of each stakeholder in the customer
journey, insurers gain valuable insight into how suppliers contribute to
the overall experience.
2. Identify how customer touchpoints are delivered.
Who’s communicating with policyholders, and how are they doing it?
Assess high-volume interactions and gain a detailed understanding of
the help and support available throughout the customer journey.
3. Engage with suppliers to establish your approach and
commitments.
Collaboration lies at the heart of Consumer Duty compliance. Not
all suppliers are regulated, so it’s important to engage proactively to
ensure they know their obligations, and work together to establish
practical steps for consistent fulfilment.
4. Highlight specific KPIs to monitor customer outcomes.
Monitor supplier performance and assess Consumer Duty compliance
through clear and actionable KPIs across key customer touchpoints.
These metrics serve as benchmarks for evaluating supplier
performance and ensuring accountability.
5. Consider third-party suppliers and how they’re managed.
Consider third-party suppliers used by your primary suppliers, such as
independent repairers or software providers. What steps could your
supplier take to ensure Consumer Duty regulations are being met?
6. Set clear long-term goals and timescales.
Achieving Consumer Duty compliance is an ongoing journey that
requires clear, long-term objectives and timelines. By working
collaboratively with suppliers to establish these goals, insurers can
track progress, identify areas for improvement, and drive continuous
enhancements to the customer experience.
The great news is that many of these steps fall in line with best
practice supply chain management.
For more information, and suggestions on how to collaborate with
suppliers to drive improved customer outcomes, download the guide
on our website.
Adrian Furness,
Managing Director, Motor Repair Network
Data Security at the
Heart of Business
At RTW Plus, we are driven by a commitment
to continuously improve our services. We hold
the Cyber Essentials accreditation, and have
a number of measures in place to address
cyber security risk, including robust firewall
protection, accredited software, regular
security audits, employee training programs,
and encryption protocols.
Additionally, we ensure compliance with the ISO27001 standard,
which validates our rigorous identification and assessment of
potential risks, alongside the implementation of systemised controls
to ensure data security.
We are entrusted with masses of personal, often sensitive category
data as part of the services we offer, from case management to pain
management programs and treatment services. Therefore, it is vital
to us that this trust is upheld. There is an overarching management
process in place to ensure that the information security controls we
have in effect continue to meet the regulatory requirements. Our data
processing safeguards include encryption of sensitive data both at
rest and in transit, access controls, regular security assessments, and
adherence to data protection policies.
If you’re looking to partner with a company that puts data security at
the heart of its business, get in touch with us today via email.
You can reach us at info@rtwplus.com.
Deborah Edwards,
Chief Executive Officer, RTW Plus
MODERN INSURANCE | 23

THE VELLA GROUP
FORWARD THINKING.
While vehicles are becoming increasingly complex to repair,
customer expectations are evolving rapidly too.
To meet these challenges, we’re making sure we’re
ready to repair all types of damage by delivering
consistently outstanding, digital customer service,
minimising claim cycle times, and controlling costs.
The Vella Group is one of the largest accident repair
groups in the UK. Our highly skilled, electric/hybrid
trained technicians and experienced support teams
are committed to delivering a consistently outstanding
claims experience to your customers, getting them
back on the road quickly and safely.
Future-focused, we’re investing in the latest repair and
calibration equipment, alongside in-house training and
apprenticeship programmes which, coupled with our
digital customer platforms, ensure that we’ll be there
to support owners of the current and next generation
of vehicles.
For more information, get in touch today and see how The Vella Group can support your customers’ needs.
Tom Hadfield M: 07867 332696 E: thadfield@thevellagroup.co.uk
www.thevellagroup.co.uk

EDITORIAL BOARD
Data Security
at EDAM Group
At EDAM Group, we’re always thinking about our team and
customers. In order for our team to deliver a first-class
accident management service, we need to do everything we
can to support them.
With this in mind, we’ve looked at multiple areas of our business
and have considered the impacts we may face from the epidemic of
remote working. By implementing the following steps, we’ve ensured
our data security remains strong.
Strong Authentication. By implementing multi-factor authentication
(MFA) for accessing company networks and sensitive data, it has
allowed us to remove any additional employee concerns when it
comes to protecting our clients and their data.
End-to-end encryption. The use of Virtual Private Networks (VPNs)
or remote desktop solutions helps us to ensure encryption via
internet connections, protecting data transmitted between home
networks and our corporate systems, all whilst enforcing the use of
newer protocols such as TLS1.2 / 1.3 and secure cipher suites.
Endpoint Security. We strengthened endpoint security with robust
antivirus software and firewalls. We’ve also moved from regular
update schedules to the hot patching of vulnerabilities, allowing us to
continuously put our customers’ needs first.
Secure Communication. We implemented the use of secure
communication tools for messaging and video conferencing, such as
those with end-to-end encryption, to ensure that conversations are
always undertaken with the highest level of security.
Employee Training. We provided comprehensive cybersecurity
training to all employees, which helped us to raise awareness about
phishing scams, social engineering attacks, and safe online practices.
We’ve also worked with our insurers to simulate phishing attacks,
allowing them to recognise when one may occur and how to respond
accordingly.
Data Encryption. We reviewed our encryption of sensitive data, both
in transit and at rest, to protect it from unauthorised access.
Regular Audits and Assessments. Historically, we’ve conducted
regular security audits and assessments to identify vulnerabilities,
ensuring compliance with security policies through annual
penetration testing. In this instance, we decided to move towards
a more continuous monitoring approach, allowing us to have a
deeper understanding of our business and where it may require
improvements.
Secure File Sharing. We reviewed our secure file sharing solutions
to ensure encryption and access controls were in place to prevent
unauthorised sharing of sensitive information.
Incident Response Plan. We reviewed and enhanced our incident
response plan to effectively respond to security breaches or incidents
promptly.
Secure Wi-Fi. This continues to be one of the hardest challenges that
we face. We will work with our employees over the coming months
to help them to secure their home Wi-Fi networks. We will do this by
recommending and assisting in the utilisation of strong encryption
(WPA3), changing default passwords, and hiding network names
(SSIDs) from their home equipment.
All of the above considerations allow us to exist as a customer-centric
business with absolute security of data.
Phil Wood,
Group IT & Facilities Director, EDAM Group
Robust Defences
at The Vella Group
Cyber threats are constantly evolving as networks
become increasingly complex. Businesses and
cyber defence systems must mirror this evolution
to successfully mitigate cyber-attacks.
In addressing cyber security risks, we’ve implemented a multifaceted
approach focusing on eliminating manual processes, enhancing
data access logging, and introducing sophisticated tools to combat
phishing and scam emails. By automating operations, we minimize
human error, one of the most significant vulnerabilities in cyber
security infrastructure. This automation extends to real-time
monitoring and management of data access, ensuring that any
unauthorised attempts are detected and addressed swiftly.
Recognising the evolving sophistication of phishing and scam tactics,
we’ve invested in advanced email security tools. These tools leverage
artificial intelligence and machine learning algorithms to detect
and quarantine suspicious emails before they reach our employees,
significantly reducing the likelihood of successful attacks. Together,
these measures create a robust defence mechanism against cyber
threats, securing our digital assets and safeguarding our business
operations.
In the realm of cybersecurity within our industry, several key
innovations and technological advancements have been pivotal. The
transition to cloud services stands out, offering enhanced security
measures through centralised data storage and management, along
with scalable resources to combat threats in real-time. Additionally,
the implementation of advanced virus and malware protection
technologies has significantly strengthened our defences. These
solutions not only identify and neutralise known threats but also use
heuristic analysis to predict and mitigate potential new vectors of
attack. The integration of Machine Learning and Artificial Intelligence
has transformed our approach to cybersecurity. These technologies
provide predictive analytics, automate threat detection, and facilitate
rapid response to incidents. By leveraging these tools, we’re able
to stay ahead of cybercriminals through proactive monitoring and
adaptive security strategies. Together, these innovations offer a
comprehensive and dynamic defence system against an ever-evolving
cyber threat landscape.
To bolster our team’s defence against risks like fraud, ransomware, and
phishing emails, we’ve implemented a comprehensive education and
awareness strategy. This strategy hinges on rigorous process training
that covers the latest threats and best practices. Through regular
audits of these processes, we identify gaps in knowledge or protocol
adherence, promptly addressing them with corrective actions to
mitigate any vulnerabilities.
Reinforcement of these practices and lessons learned is achieved
through our Learning Management System and accessible knowledgebased
tools. These platforms provide continuous, on-demand learning
resources, enabling employees to stay updated on evolving cyber
threats and security measures. By integrating interactive modules,
quizzes, and real-life scenario analyses, we ensure that our team
can also apply this knowledge practically. This holistic approach to
education cultivates a vigilant and informed workforce, capable of
identifying and responding to potential threats effectively.
Dave Jones,
Technology and Change Director, The Vella Group
MODERN INSURANCE | 25

EDITORIAL BOARD
Steering Sustainability
Criteria for a Global Collision
Repair Industry
At BASF, sustainability lies at the core of what we
do. We create surface solutions with a clear value to
our customers, the environment, and society. On the
journey toward climate neutrality, BASF is striving
worldwide to achieve net zero CO2 emissions by
2050, and to reduce its greenhouse gas emissions by
25 percent worldwide by 2030 compared with 2018 –
all while growing its production volumes.
BASF’s Coatings division is engaging in discussions with industry
partners, including industry associations, insurers, work providers,
fleet and leasing operators and bodyshops in order to establish a
global certification standard in the automotive refinish industry.
This will go some way towards managing the growing demand for
sustainable accident repairs and the need to create one uniform
standard based on tested criteria. The criteria will provide guidance
to bodyshops on how to become more sustainable.
“We observe that the importance of sustainability is increasingly
recognised in our industry, yet the industry is lacking a set of uniform
tools to empower them to do so holistically. At BASF, we continue to
actively promote sustainability with our products and digital solutions
so our customers can make better informed and accountable
decisions,” explains Dr. Rahel Reichmann, Head of Sustainability,
BASF Global Automotive Refinish Coatings Solutions.
First dialogues around the criteria for an industry-wide independent
sustainability standard took place with relevant industry stakeholders
in 2023. The standard draws upon a catalogue of quantitative and
qualitative criteria from the fields of ecology, economy, and social
affairs. Based on these criteria, the bodyshop’s level of sustainability
will be assessed. Aspects such as the reduction of CO2 emissions,
the efficient and profitable handling of waste and resources, and the
creation of economic and social value are all considered to ensure
that bodyshops can position themselves successfully in the long term.
BASF has already started to test these criteria with pilot bodyshops in
Germany.
At BASF, we understand climate change is one of the most urgent
challenges facing today’s society and the generations of the future.
At our production sites, and along the entire value chain with our
partners, we work continuously to reduce greenhouse emissions from
our business activities.
BASF – we create chemistry for a sustainable future.
Dr. Natalie Wong,
Marketing & Portfolio Management Lead, BASF Automotive
Refinish UK & Ireland
FMG: Bringing
Careers to Life
If ever there’s been an ideal time to perfect your ‘right
first time’ approach, it’s now. The likes of Amazon
and Uber have crafted a new baseline expectation for
customer service with their personalised interfaces,
instant gratification and frictionless transaction. The
insurance world is also busy levelling up.
Yet whilst investments in AI, automation, and digital analytics tools
provide a faster, smoother, more engaging customer experience, they
also contribute to a fresh new challenge for insurers in the form of
shifting skills and retaining the right talent. This is one of the biggest
challenges insurers currently face, and it is keenly felt by customers.
To optimise the value of these digital investments, insurers need
a perfect blend of technical skills complemented by a focus on
customer engagement, empathy and empowerment.
Here in the motor claims arena, FMG have restructured operational
teams with both customer and colleague at the centre, developing
expertise from within and delivering a sustainable, robust best-inclass
claims management solution, one that simultaneously delights
our customers and releases the potential of our colleagues.
Bringing careers to life
As technology automates repetitive administrative tasks within
our claims management system, our dedicated skills development
team engage and prepare our colleagues to optimise their capacity
for satisfying roles that add greater customer value. It’s all about
fostering key agile skills – the ability to empathise, advise, negotiate,
support and proactively recognise customers’ needs – that help us
get it right first time.
New starter training
Training new starters to take the driving seat isn’t just about building
outstanding customer service skills. It’s also about fostering employee
retention from the start, setting inspiring goals and providing
the right training and tools, alongside employee recognition in a
supportive environment that allows their confidence to soar. Our new
recruits take part in a robust 10-week training programme involving
a mix of classroom-based learning and ‘Grad Bay’ training, where
dedicated coaches and mentors provide constant support.
Quality training
Every quarter, our Downtime Management Team takes part in a
half-day of quality auditing, training and coaching. This is a great
opportunity to discuss skills and capabilities, positively identifying
areas for improvement alongside an open discussion around
aspirations and opportunities. Our key focus is quality, consistency
and embedding knowledge, which directly links to our ‘right first
time’ approach.
Reskilling, upskilling and succession planning
Reskilling and upskilling is critical to developing our own talent
pipeline for the future. Our skills development team ensure we have
a robust and consistent approach to colleague development at every
level, supporting employees from every angle as they strive for new
positions that align with their career and life goals.
Here at FMG, we’ve investing heavily in training, restructuring, skills
development and employee engagement to provide a more fulfilling
employee experience and delight customers, boosting colleague
retention in a place that Millennials would actively choose to work.
Luke Macrae,
Head of Downtime Management, FMG
MODERN INSURANCE | 27

BOOKED IT.
PACKED IT.
WE’RE OFF.
HOPE TO SEE YOU THERE!
INSUR.
TECH.
TALK
INSURTECH INSIGHTS | NEW YORK | 5-6 JUNE 2024 | www.insurtechinsights.com

ASSOCIATIONS ASSEMBLE
ASSOCIATIONS
ASSEMBLE
Welcome to Associations Assemble!
Modern Insurance Magazine is delighted to be joined by some of the leading
names from our industry associations, organisations and institutes!
This issue voices the thoughts of:
Alastair Blundell FCII
Head of General Insurance,
British Insurance Brokers’
Association (BIBA)
Gordon Dalyell
Committee Member and
Treasurer, Association of
Personal Injury Lawyers (APIL)
Anthony Hughes
Chair & CEO, The Credit Hire
Organisation (CHO)
Mike Keating
CEO, Managing General Agents’
Association (MGAA)
Fleur Rochester
President, London Forum of
Insurance Lawyers (FOIL)
Thomas Hudd
National Technical Manager,
Nationwide Bodyshop Repair
Association (NBRA)
Sue Brown
Chair, Motor Accident
Solicitors Society (MASS)
Dr Matthew Connell
Director, Policy and Public Affairs,
Chartered Insurance Institute (CII)
MODERN INSURANCE | 29

EMPOWERING THE
FUTURE OF REPAIR
Technology evolves and sometimes dramatically, the need to find
alternatives to fossil fuels, marks one of the biggest needs for changes the
automotive sector has ever seen.
Understanding these emergent technologies
and the associated repair, pricing, processes,
and expectations are critical. Equally critical is
the capability to remain agile to the ongoing
change within the EV market, but also for
everything else yet to come.
Combining our complete Vizion group
services, working together on EV strategies
as part of the alternative fuel revolution, we
remain a force for positive change, providing
solutions, supply chains and systems
enabling an expert network of suppliers
and skilled specialist repairers, to embrace
and collaborate on these important new
initiatives.
If you would like more information about
EVizion and what we can do to work with you,
get in touch with Vizion, today.
Quality Matters
01482 428200 hello@vizionnetwork.co.uk
www.vizionnetwork.co.uk

ASSOCIATIONS ASSEMBLE
Alastair Blundell FCII
Title: Head of General Insurance
Association: British Insurance Brokers’
Association (BIBA)
Helping Leaseholders:
The New Fire Safety
Reinsurance Facility
Following the Grenfell tragedy, insurers
became increasingly concerned about the
presence of combustible cladding on high-rise
residential buildings. The event sadly illustrated
how an entire building could be lost in the
event of fire, not to mention the increased risk
to life. As a result, insurers began to reduce the
capacity that they were prepared to deploy
on such risks, withdrawing cover altogether in
some cases.
At BIBA, we began to see a steady flow of risks that
needed extensive facultative excess of loss reinsurance
to complete the placement, which came at a significant
cost. Leaseholders were faced with sharply increased
bills for their contribution towards the premium at a
time when they were already burdened with significant
costs to remediate the building.
Two years ago, we engaged with the ABI and specialist
reinsurance broker McGill & Partners to find a more
cost-effective approach. We designed a standalone
treaty reinsurance facility that insurers could access
in order to deploy more capacity against risks that
have material fire safety issues, pending remediation.
We were delighted that after an incredible amount of
hard work by McGill, the facility became operational
on 1st April, with AXA, Allianz, Aviva, Zurich and RSA
all committed to using it. These insurers are market
leaders in the insurance of high-rise residential
buildings, and the hope is that more insurers will take
up the facility in the coming months.
The facility has two key intentions - to expand capacity
for insurers already writing business for affected
buildings, and to encourage competition across the
market so that more firms will provide cover. In turn,
we hope that this will lessen the financial burden
for leaseholders affected by the cladding crisis. Of
course, the long-term solution is to remediate buildings
and make them safe. I will write about the issues
surrounding this (and propose some solutions) in a
future article.
Gordon Dalyell
Title: Committee Member and Treasurer
Association: Association of Personal Injury
Lawyers (APIL)
The Automated
Vehicles Bill
Cars, vans, and lorries which are capable
of driving themselves could become a
prominent feature on our roads in the
next few years. The Automated Vehicles
Bill is making its way through Parliament
in readiness to set the framework for how
they will be regulated.
In 2018, the Government introduced new rules to make it
easier for people injured by automated vehicles to claim
compensation, but the rules do not actually achieve
that aim. APIL has used the Automated Vehicles Bill to
campaign for an important change.
As it stands, an injured person will be able to make a
claim against the driver’s insurance, rather than going
through the lengthy and costly process of pursuing a
product liability claim against the vehicle’s manufacturer.
However, in order to benefit from this, an injured person
would have to prove that the car was driving itself. This
is far from easy.
The Government says that injured people can rely on
insurers’ investigations, which will determine whether the
claim is covered by conventional third-party insurance
or self-driving vehicle insurance. This overlooks the fact
that in a claim for compensation, the burden of proof
sits with the claimant. Also, an insurance company has a
distinct financial incentive not to pay compensation.
Insurers could simply deny that the vehicle was driving
itself (or refuse to confirm either way), forcing the
injured person to prove that the driver’s negligence
caused the incident.
In response to an APIL briefing, Shadow Transport
Minister Bill Esterson tabled an amendment to the new
Bill requesting to omit the phrase ‘when driving itself’
from the rules. However, this was not accepted. At
the time of writing, the Bill is heading towards report
stage, where APIL will seek new opportunities to make
amendments in support of injured claimants.
MODERN INSURANCE | 31

Straightforward insurance
technology from straight
talking insurance
professionals.
ParaCode is a cloud-based
policy administration and claims
management software platform
0333 444 3131
enquiries@paracode.net
paracode.net

ASSOCIATIONS ASSEMBLE
Anthony Thomas Hudd Hughes
Title: Chair & CEO
Title: National Technical Manager
Association: The Credit Hire Organisation
Association:
(CHO)
Nationwide Bodyshop Repair
Association (NBRA)
Cyber Risk in
Insurance
Cyber risk has now established itself firmly in
the lexicon of insurance risks that companies
need to account for. It underscores how
vulnerable we have become to technology
glitches, whether deliberate or accidental.
A cyber policy covers the risk of financial loss,
disruption or damage to the reputation of an
organisation from failure in its information technology,
and there are numerous examples of businesses –
including some high profile ones - which have been laid
low by technology outages.
Credit hire companies are no different. We have a heavy
reliance on technology; from our call centre operations
and IT that protects customer data to the technology
that runs our operations, accounting, HR and
marketing. Our members have to protect themselves
against data breaches and ransomware attacks like
everyone else.
No amount of cyber protection can prevent data
breaches caused by humans. There is no hard
information available from insurers, but there
are instances of employees in insurance claims
departments appearing in court after printing
off customer data on the QT and selling it on to
unscrupulous individuals.
There’s a larger point here. These days, national
intelligence agencies place an increasing emphasis on
technology-enabled data gathering to monitor events
and capture threats against the state, but critics say
this makes them blind to risks that would be spotted by
old-fashioned spy craft, such as agents on the ground.
Technology companies would have us believe that IT
is the key to everything. Yet wholesale adoption of
technology risks giving us a false sense of security -
either by blinding us to criminal activity that doesn’t
use tech, or by exposing us to the catastrophic
possibility of the entire company falling over after a
systems meltdown. Fortunately, that’s where your cyber
insurance policy kicks in.
Mike Keating
Title: CEO
Association: Managing General Agents’
Association (MGAA)
MGAs Keep
Pace With Rapid
Regulatory Change
The Financial Conduct Authority’s
continued focus on customer service levels
across the insurance industry needs no
introduction. Its activity has resulted in
mounting pressure on firms to meet the
regulator’s Consumer Duty standards,
demonstrating that their products and
services offer fair value to customers.
Whilst the FCA’s aims are highly commendable - after
all, who could disagree that the industry should be
focused on providing a first-class service to customers?
- these regulatory demands are creating significant work
for MGAs, who are already having to operate against
the backdrop of an uncertain economic and political
environment.
In spite of this, the regulatory burden continues to grow,
with the FCA now having confirmed that it will also be
conducting a review into the ways in which claims are
being handled across the market later this year.
As an industry association, we recognise the need for
the regulator’s consumer focus. But we also recognise
just how complicated it can be for firms to keep up
with what is, without doubt, an increasingly complex
regulatory environment.
This is why, at our recent Annual General Meeting and
following feedback from our 2023 Member Survey,
we announced that we are upgrading our regulatory
support for members. This will ensure that we are
providing best-in-class, proactive advice to help our
members meet the FCA’s guidelines and stay ahead of
any future changes.
Our initiative includes the revamping of our memberdriven
programme of Learning & Insights, Member
Forums and Compliance Insights sessions, giving the
MGAA’s members access to the very latest expert
analysis and guidance.
To find out more about the regulatory support on offer,
visit our website or follow us on LinkedIn.
MODERN INSURANCE | 33

ASSOCIATIONS ASSEMBLE
Fleur Thomas Rochester Hudd
Title: President
Title: National Technical Manager
Association: London Forum of Insurance
Association:
Lawyers
Nationwide
(FOIL)
Bodyshop Repair
Association (NBRA)
The Use of AI in
Insurance
As the use of AI in the insurance industry
rises, its benefits are becoming increasingly
clear. Insurers are now more productive and
efficient than ever before, with innovative
technologies enabling the sector to meet
changing customer expectations and provide
new solutions to emerging risks.
New ways of collating and analysing customer data
have been particularly impactful. Underwriting is more
precise, risks can be measured and priced more easily,
and claims handling is streamlined.
But the digitisation of the insurance industry doesn’t
come without legal risks. There will always be questions
about how data is being used, and how well-protected
it is against a security breach. The use of data is
something customers worry about and naturally, this
creates additional scrutiny, something that can lead
to distrust if insurers aren’t careful. Therefore, it is
important to ensure that data is being handled in the
right way. Customers will also require reassurance
through consistent communication, transparent data
policies, and adherence to regulatory requirements.
Having said that, the regulation of AI in insurance is
an issue of its own. Technology is evolving rapidly, and
it is very difficult for regulators to stay up to speed
with the changes. They’re essentially always on the
backfoot; by the time one issue has been addressed
through regulatory measures, another product appears.
These grey areas have implications from a compliance
perspective, and create additional regulatory risks for
insurers.
In response, insurers are implementing strong AI
frameworks to ensure data is being cleaned and used
in an appropriate, ethical way. Doing this will help foster
trusting relationships with consumers, and will allow
insurers to mitigate the manifest risks of AI whilst also
harnessing its full potential.
Thomas Hudd
Title: National Technical Manager
Association: National Bodyshop Repair
Association (NBRA)
Cyber Risk in the
Automotive Sector
Cyber risk in the automotive sector refers to the
vulnerabilities and potential threats associated
with the increasing integration of digital
technologies and connectivity in vehicles. As
cars become more sophisticated and connected,
they become vulnerable to cyber-attacks which
can compromise the safety, security and privacy
of drivers and passengers alike.
Some of the key aspects of cyber risk in automotive
include:
Connected Car Systems. Modern vehicles often
feature sophisticated onboard computer systems that
control various functions, such as engine management,
braking, steering, and infotainment. These systems are
increasingly connected to the internet and other external
networks, making them susceptible to hacking and
unauthorised access.
Remote Exploitation. Hackers can potentially gain
unauthorised access to a vehicle’s systems remotely,
exploiting vulnerabilities in software or through
wireless connections such as Bluetooth, Wi-Fi, or
cellular networks. Once access is gained, attackers can
manipulate various vehicle functions, potentially leading
to accidents or other dangerous situations which can
affect public trust in the safety of connected vehicles.
Data Privacy. Connected vehicles collect vast amounts
of data about their occupants, including location,
driving habits, and personal preferences. This data is
often transmitted and stored in various systems, raising
concerns about privacy and the potential for misuse if it
falls into the wrong hands.
Over-the-air (OTA) updates. While OTA updates
can provide a convenient way to patch software
vulnerabilities and add new features, they also
introduce potential risks if not implemented securely. A
compromised update mechanism could allow attackers
to install malicious software on vehicles.
To mitigate these risks, automotive manufacturers and
suppliers must adopt robust cybersecurity measures
throughout the design, development, manufacturing,
and operational phases of a vehicle’s lifecycle. This
includes implementing secure software development
practices, conducting thorough risk assessments,
implementing intrusion detection systems,
and regularly updating software to
address known vulnerabilities.
MODERN INSURANCE | 35

Helping businesses
make better decisions
“The Digilog Solution is a key tool for us as it
enables us to ‘fast track’ many truthful
customers whilst we can have more detailed
discussions with those where the technology
detects high risk.”
Machine Learning Artificial Intelligence to analyse and
validate risk in a Telephone or Video conversation.
Right Choice Insurance Brokers
Our unique software enables the fast & accurate validation of
genuine customers whilst identifying key risk issues associated
with a claim, application or dispute, irrespective of the
customers past, profile or geographic location.
Find out more:
Email: enquiries@digiloguk.com / Call: +44 208 087 2724
www.digiloguk.com / https://www.linkedin.com/company/digilog-uk-ltd

ASSOCIATIONS ASSEMBLE
Sue Brown
Title: Chair
Association: Motor Accident Solicitors Society
(MASS)
The Ineffective
‘Inflationary Buffer’
In effect, the current MoJ three-year review
of the tariff of damages for RTA claims was
constructed solely to consider an inflation-only
increase.
Rejecting this approach, we have long believed that the
tariff of damages is fundamentally and deeply flawed
from its conception to implementation, and cannot be
extricated from the impacts of the wider reforms.
Since we have to work within the Civil Liability Act,
the tariff is far too low and detrimentally impacts a
potential claimant’s ability to engage legal advice. The
tariff should be uplifted beyond a CPI increase to better
reflect equivalent judicial awards for the same injuries
suffered outside of a motor accident. Rather than using
CPI, RPI is a more representative measurement of the
impact of price increases on consumers, as it reflects
a wider range of real-life price increases. Of course,
no public expenditure is involved. The compensation
is paid entirely through the insurance system, covered
by compulsory motor insurance premiums paid by
consumers.
The three-year ‘inflationary buffer’ has proven to be
ineffective, highly damaging, and no longer viable as
a process in an uncertain world. Insurers can increase
their premiums to account for economic factors and
other circumstances, yet injured consumers cannot.
The fundamental principles of access to justice and
equality of arms have been damaged by the tariff and
wider reforms. Whether by design, the current tariff
levels make deductions from client damages difficult
or unworkable, ensuring that fewer lawyers are able to
support litigants. Whilst we shall continue to call for a
fundamental review of the operation and impacts of
the reforms, the Act should be amended at the earliest
opportunity with the introduction of an annual review,
one which better reflects inflationary increases.
Dr Matthew Connell
Title: Director, Policy and Public Affairs
Association: Chartered Insurance Institute (CII)
Innovation in the
Cyber Market
Cyber is a risk that the insurance market
cannot cover completely, but this doesn’t
mean that it can’t still be ambitious and
innovative.
Businesses and brokers often state that organisations
are wary of cyber insurance because they are worried
that a policy will exclude the most important risks. Of
course, we know that some exclusions are necessary:
insurers cannot write a blank cheque to cover a future
cyber war fought by nation states. However, insurance
professionals can still make progress on several fronts.
For example, brokers do not have to restrict their advice
to insurance products. Some brokers are taking time to
talk about uninsurable risks with their clients – including
ways in which they can mitigate those risks – before
they talk about anything else. By doing this, they can
show the value of holistic advice beyond recommending
a product. They can also demonstrate what is covered
and not covered by traditional insurance policies without
having to recite a long list of exclusions.
Equally, insurers can talk about the uninsurable risks of
cyber with policymakers. As we saw with the COVID-19
pandemic, governments are on the hook for systemic
risks that affect the whole economy. Even if they haven’t
signed a contract that is enforceable in the courts,
governments have a duty of care to society that can be
enforced through the court of public opinion.
Insurers can work with policymakers to quantify the
risks that they are likely to be on the hook for. If the
Government is willing to take on those extreme tail risks
formally (as it has done with terrorism), a market for
insurance cyber risks can thrive.
Innovation is possible for the cyber market, provided the
issues are framed by insurance professionals in the right
way, at the right time, to the right people.
MODERN INSURANCE | 37

THE
FRAUD
BOARD
In this issue of The Fraud Board, you’ll read about a myriad of
issues ranging from tackling the threat posed by insiders and
cyber criminals to frauds committed across borders.
I was fortunate to be invited to attend the ‘industry’ day of the recent
inaugural Global Fraud Summit, hosted by the Home Secretary. The Summit
is part of the UK’s drive to develop strong relationships with international
partners and make every country see that it has a vital role to play in creating
a comprehensive and sustainable approach to tackling the transnational fraud
threat.
The UK is an attractive target for fraudsters. City of London Police estimates
that over 70% of fraud either originates abroad or has an international
element, with £3bn lost to overseas accounts last year.
I’ve previously highlighted the online insurance fraud threat, including ghost
broking and investment scams, much of which emanate from overseas. But
the transnational threat is broader; for example, many claims farming
investigations have a cross-border impact. Combating international fraud
presents many challenges involving different cultures, priorities, legal systems,
and legislative requirements.
The Global Fraud Summit did not attract the stellar cast or media attention
of the AI Safety Summit, and there were some notable absentees -
including India and China. But the Home Secretary secured a new landmark
agreement with world leaders, one that pledges to enhance law enforcement
cooperation, improve victim support, and bolster intelligence sharing.
These are all areas that resonate with the insurance sector, where we are
increasingly looking at the global dimension. The ABI shares learnings
and best practice with counterpart overseas organisations; the Insurance
Fraud Bureau (IFB) is looking to accommodate international operations;
and the Insurance Fraud Enforcement Department (IFED) is developing its
international reputation and influence.
There remains much to do on the international stage, but the foundations
are beginning to take shape. A conducive regulatory environment is crucial,
including for the rapidly evolving AI landscape. Whilst the EU is taking a
prescriptive stance, I’m supportive of the UK approach which balances
safety with innovation. I look forward to seeing this reflected in the Financial
Conduct Authority’s AI strategy, due to be published in Spring 2024.
Mark
Mark Allen,
Assistant Director, Head of Fraud and Financial Crime, ABI
38 | MODERN INSURANCE

COUNTER FRAUD
ACTIVITY: UK VS. US
There’s a lot of counter fraud rhetoric coming out of the UK
insurance market at the moment, and there’s no disputing
the fact that the industry has upped its game in this area
over the past decade.
But if we really want to boost the effectiveness of our counter fraud
activity, now is the time to double down and implement a consistent
framework of regulated, minimum standards to which the industry
must adhere.
Thankfully, the US offers an excellent example that the UK insurance
market can lean on in order to accelerate the pace of change.
Counter fraud in the US
Counter fraud activity in the US insurance market is between five
and ten years ahead of the UK. The big difference is that each US
state has its own Department of Insurance that enforces regulated,
minimum standards of counter fraud activity for insurers and their
supply chain partners.
Carriers have to produce and submit a counter fraud plan annually,
and they’re audited against this. The plan must meet regulated
standards; failure to comply results in fines or restrictions on writing
new business.
The regulated and audited nature of counter fraud operations as
a business activity (as well as strict sanctions for non-compliance)
makes this a non-negotiable, C-suite concern in the US.
Opportunities for the UK
In the UK, the progress made in counter fraud activity has been
welcome. However, there’s no consistency to the approach taken
across different lines of business, nor is there consistency in the way
that individual carriers prioritise their counter fraud measures.
There’s an opportunity for the UK market to engage with industry
professionals and regulators in the US, and to learn more about their
journey towards regulated, minimum standards.
The UK already has regulators whose remit could be extended
to cover insurers’ counter fraud proficiency. Minimum, auditable
standards and meaningful financial and/or operational sanctions
for non-compliance would go a long way towards accelerating the
market’s counter fraud performance.
The Insurance Fraud Bureau’s operations could also be expanded to
make it a central hub for counter fraud intelligence and collaboration
across the entire industry. To date, its focus on staged accidents
in the motor market is very narrow and prevents it from realising
anything like its full potential. Of course, this will require further
industry investment; the same could be said of law enforcement,
not to mention the need for greater political influence around our
judiciary.
Imagine if every carrier in the market had to meet minimum standards
for vetting customers, and identifying, investigating and notifying
fraud. Similarly, there could be defined benchmarks for educating and
training employees about counter fraud, as well as detailed metrics to
measure performance. Ensuring these standards were applied to all
third-party suppliers would tighten the net even further.
Currently, fraud is almost accepted in some quarters of the UK market
as a cost of doing business. But it’s the honest policyholder who pays.
Should we continue to accept this? If not, surely it’s time to introduce
regulated, minimum counter fraud standards, backed by stiff
sanctions for non-compliance?
Bobby Gracey,
Global Head of Counter Fraud, Charles Taylor
GLOBAL FRAUD SURVEY:
THE RESULTS ARE IN
At FRISS, we conduct a biennial global fraud survey, which
affords us the opportunity to aggregate a global view of the
impact of fraud. It also offers the capability to compare and
contrast different markets, sometimes with surprising results!
To highlight this, we have looked at the outputs of our most recent
survey conducted in Q4 of 2023, looking at the outputs from US and
UK respondents.
Before we do that, we should look at the official figures to
understand the context and background of each market. In 2022, the
Coalition Against Insurance Fraud (CAIF) estimated that in the US,
the impact of fraud to carriers was $308bn. In the same year, the ABI
reported that £1.1bn of insurance fraud had been detected in the UK
and, including undetected, the true figure was double this. Turning to
fraud rates in the US, the CAIF estimated that fraud is present in 10%
of claims; in the UK, the figure is estimated at between 5% and 10%,
dependent on the source.
In the global insurance fraud survey, respondents in the UK estimated
that 7.5% of claims contained an element of fraud. The figure for
US respondents was a whopping 29%! From an application fraud
perspective, the respondents estimated 5% for the UK vs. 35% in
the US. Further examination of the data allows us to see additional
differences. In terms of challenges when responding to fraud, top
responses from UK insurers include; internal data quality, budgetary
limitations and departmental silos, each cited by 100% of responders.
Digging deeper, in terms of fraud platforms deployed, UK
respondents suggest that 50% of deployed solutions were
homegrown, vs. 70% procured from an external vendor for the US.
66% of UK insurers also suggested that outdated fraud platforms
were a factor in hindering response to fraud, compared to only 9% of
respondents for the same issue in the US.
At face value, it suggests that US insurers are further ahead in
resolving their data issues and removing silos, embracing third party
solutions to their fraud challenges more readily. Perhaps there is
something for UK insurers emulate here.
For more insights from the global fraud report, please reach out to
martyn.griffiths@friss.com, or check out the report on our website.
Martyn Griffiths,
Sales Manager UKISA, FRISS
MODERN INSURANCE | 39

Digital Media Forensics
Detecting image and document fraud early and
accelerating claim processing.
• Exposes pixel manipulation
• Finds metadata inconsistencies
• Identify images reused or copied from online
• Early fraud detection
• Efficient claims process
Get in touch to arrange
your demonstration
ClaimsUK@verisk.com

THE DISTINCT
LANDSCAPES
OF INSURANCE
FRAUD
The US and UK confront insurance fraud with differing strategies,
each presenting its own blend of advantages and hurdles.
Firstly, the UK operates under a centralised regulatory framework
overseen by entities like the Financial Conduct Authority (FCA),
ensuring uniformity in enforcement and compliance standards. In
contrast, the US adopts a decentralised approach, with regulatory
responsibilities fragmented across state insurance departments,
leading to disparities in enforcement practices.
The US also exhibits a more litigious culture, resulting in a higher
prevalence of legal actions and settlements related to insurance
fraud. This culture drives insurers to allocate significant resources
towards legal defence strategies, contributing to elevated operational
costs and premiums.
While both nations prioritise fraud awareness, the UK places greater
emphasis on public campaigns and outreach initiatives. These efforts
aim to empower individuals with the knowledge to recognise and
report fraudulent activities, fostering a culture of vigilance and
accountability.
However, both countries boast robust legal frameworks to target
insurance fraud. Legislation such as the False Claims Act (FCA)
in the US and the Fraud Act 2006 in the UK serve as pivotal
deterrents against fraudulent activities, enabling legal repercussions
for offenders. Advanced data analytics also play a central role in
the fraud detection efforts of both nations. Utilising sophisticated
algorithms, insurers scrutinise vast datasets to identify irregularities
and suspicious patterns, bolstering their ability to combat fraud and
minimise financial losses.
Both countries also experience unique benefits and challenges in
their response to insurance fraud. For example, the decentralised
regulatory structure in the US promotes innovation and competition
within the insurance market, fostering diverse approaches to fraud
prevention. However, varying state regulations pose challenges
for insurers operating across multiple jurisdictions, necessitating
adaptability and resource allocation.
In the UK, centralised regulatory oversight streamlines compliance
efforts and fosters a cohesive approach to fraud prevention.
Additionally, robust public awareness initiatives cultivate a culture of
transparency and integrity within the insurance industry. However, the
centralised regulatory framework may face challenges in responding
to evolving fraud tactics, necessitating agility and responsiveness.
Moreover, resource constraints and competing regulatory priorities
may impede the effectiveness of enforcement measures.
In essence, while the US and UK share common goals to combat
insurance fraud, their divergent approaches reflect distinct regulatory,
cultural, and operational landscapes. By understanding these
differences and leveraging their respective strengths, insurers can
navigate the complexities of the fraud landscape more effectively,
safeguarding stakeholders’ interests and upholding industry integrity.
NAVIGATING
THE INSURANCE
FRAUD LANDSCAPE:
A TRANSATLANTIC
PERSPECTIVE
The United States and the United Kingdom share a common
challenge and opportunity in safeguarding their insurance markets
from fraudulent activities. However, their strategies, regulatory
frameworks, and societal perceptions towards insurance fraud create
a unique set of benefits and challenges for each nation.
A fundamental difference lies in the distribution channels for
insurance policies. The US relies predominantly on traditional
brokers, fostering a diverse yet fragmented market. Conversely, the
UK has witnessed a surge in aggregator sites over the past decade,
streamlining the purchasing process but potentially exposing the
market to new vulnerabilities, such as policy fraud and ghost brokers.
Collaboration among stakeholders is another area where the
two nations diverge. The intricate web of state-specific rules and
regulations in the US generally complicates cooperative efforts, while
the UK’s more centralised regulatory structure facilitates smoother
collaboration among insurers, law enforcement agencies, and
regulatory bodies.
In the US, organisations like the National Insurance Crime Bureau
(NICB) spearhead the fight against insurance fraud through three key
pillars:
Intelligence, Analytics & Operations. With a robust team of 400
professionals, including field investigators, the NICB utilises datadriven
approaches to detect and investigate fraud.
Education and Crime Prevention. Outreach and awareness
campaigns play a crucial role in combating insurance fraud, as
evidenced by the surprising statistic that only 75% of Americans
under 45 years old view insurance fraud as a crime.
Strategy, Policy & Advocacy. The NICB actively engages in policy
advocacy, collaborating with stakeholders to shape the regulatory
landscape and implement effective strategies.
In the UK, organisations like the Insurance Fraud Bureau (IFB) - who
also manage the Cheatline - and the Insurance Fraud Investigators
Group (IFIG) work in tandem, aiming to combat fraud through
investigation, collaboration, and public outreach.
When examining the types of insurance fraud prevalent in each
country, distinct patterns emerge. Motor insurance fraud is the most
common form in the US, while the UK has seen a shift from motor to
other lines (such as property insurance) following the introduction of
the MoJ Portal and OIC.
Despite their differences, insurance fraud in both countries results in
the common outcome of increased premiums for policyholders. In
the US, fraud is estimated to cost £308 billion annually, while in the
UK it’s estimated to cost more than £1 billion per year. However, the
strategies employed to mitigate this outcome and protect consumers
vary significantly, reflecting the unique landscape and challenges
faced by each nation. One thing is clear; greater collaboration may
very well be the key to fighting fraud.
Sarah Glenn,
Commercial Director, RGI Solutions
Kaye Sydenham,
Product Manager, Anti-Fraud, Verisk
MODERN INSURANCE | 41

Combat Fraud:
Uncover the Real Identities
Strengthen your identify verification processes
with Profile Finder+. Match applicants’ contact
details with their online footprint.
Don’t be a victim of fraud
- spot the fakes with confidence.
www.netwatchglobal.com/profile-finder/

Jonathan Drake
IMPROVING AGILITY,
MAINTAINING INTEGRITY
Technology continues to improve our lives in many ways.
It makes many tasks infinitely easier; we have access
to exponentially more data than ever before, and the
demarcation between reality and virtual reality seems to
be ever decreasing.
Consumer expectation has changed; our customers rightfully expect
greater transparency, and a high standard of service delivered to
them quickly. Exciting new tools help us to build capabilities that
deliver what the customer expects, but is fraud getting worse, or
are we just getting better at stopping it? I am frequently asked
this question, often followed by queries asking how we are using
technology to stop fraudsters in their tracks.
For me, there is some truth in the quote ‘the more things change,
the more things stay the same’. At a basic level, all fraudsters
take a genuine process and exploit that for their own gain. Whilst
the methods and tools they use have clearly become far more
sophisticated, the basic premise remains unchanged. And while
it may be convenient to think of fraud as a problem that can be
solved, given the earliest reported frauds occurred circa 300B.C.,
the likelihood of even the best technology stopping the problem
altogether is very low.
We see cyber-enabled fraud and risks increasing, but volume isn’t
the only indicator. With methods changing, we are also finding
and reporting on more cases than ever before. Complexity is also a
measurement, and cyber enablement arguably makes it easier for the
would-be fraudster to do many things, such as creating a fake alias,
altering an image, or even stealing data.
However, it’s not all bad news, and we need to remember the
fact that most people are still genuine. Whilst technology creates
opportunities for fraudsters, it also enables the industry to build
multiple layers and controls. This not only helps to identify fraud,
but more importantly, it helps the business to achieve its goals and
protect its honest customers. The ever-increasing blend of human
expertise and machine intelligence means that trends and issues can
be identified in record time.
Our key areas of focus lie around…
Agility. The world of fraud is changing faster than ever before. We
must monitor and respond to those trends very quickly, whether
that means re-training machine learning models, or introducing new
controls.
Integrity. Whilst fraudsters are not bound by law and regulations, we
are. It is therefore essential to maintain expected standards, whether
that relates to the tools we use, the way we process data, or the
outcomes we deliver to customers.
People. Our people are one of our greatest strengths in fighting
fraud, and we are always introducing new technology to support
them. Automating basic tasks frees their time for complex issues,
improving our agility whilst maintaining our integrity.
Ben Fletcher,
Head of Financial Crime, LV= General Insurance
FIGHTING MALICIOUS
INSIDER THREATS
Today’s digital world presents businesses with an
ever-evolving list of threats to navigate, but ‘Insider Risk’
is one that has been with us since the start, and it will never
go away.
But what is it? Well, if you need to ask, then you’re probably not
doing enough to guard yourself against it! Insider risk is a threat
to a firm that comes from its people. These can be employees,
former employees, contractors or business associates – essentially
anyone who has insider information. We all want to think the best of
the people we work with, but it’s important to remain vigilant and
protect yourself, your brand and your customers. Today, I’ll focus on
what I consider the most pertinent form of insider risk; ‘malicious
insider’ threats.
A malicious insider is an individual who intentionally seeks to
harm their organisation by stealing data or sabotaging systems, as
opposed to an individual who makes an error or becomes a victim
through naivety. An effective mitigation strategy combines technical
controls, organisational policies, and behavioural monitoring.
Outside of this, it is obviously preferable for businesses to mitigate
against insider threats at source, by conducting thorough background
checks during the hiring process to identify any red flags that may
indicate potential for malicious behaviour. There are now several
online tools, including our own Profile Finder+, which can link
contact information to social media accounts, leaked datasets and
hidden profiles. By vetting employees in this way, and conducting
appropriate and thorough due diligence, your firm can better avoid
the bad actors who pose the biggest threat.
Of course, screening and background checks won’t mitigate against
any unforeseen issues that arise in an employee’s personal and
professional lives. Employee Assistance Programmes and regular staff
surveys can go a long way towards addressing underlying issues with
an individual before they consider resorting to malicious actions.
Josh Bonser,
Analyst Team Lead, NetWatch Global
MODERN INSURANCE | 43

VEHICLE RECOVERY ASSISTANCE
The most
overlooked part of
the claims process
A most unwelcome experience
Finding yourself stranded at the roadside following a
road traffic accident is one of life’s most unwelcome
experiences. The only thing that maers right there
and then is your safe and speedy rescue and recovery,
yet vehicle RTA recovery remains an overlooked part of
many motor claims processes.
It’s true our cars are safer than ever before, with
enhanced vehicle safety technology keeping us in
lane, monitoring our blind spots and pung an
extra foot on the brake to reduce the risk of RTAs.
Yet RTA’s remain a regular occurrence despite having
the most advanced safety features on our side.
This means effecve vehicle recovery assistance
remains vitally important to protect the safety of
the policyholder, control the overall cost of the claim
and keep the insurer fully in the loop throughout the
process with real-me access to updates, images,
whereabouts and me stamps.
The overlooked heads of claim
At FMG we bring simplicity, total visibility and ght
cost control to the oen overlooked heads of claim.
Designed and configured for our insurer and broker
partners, FMG Vehicle Recovery Assistance brings
together a seamless rapid response to each
policyholder’s independent scenario whilst expertly
managing the vehicle recovery, storage and straight to
salvage processes.
We’ve been managing high volume recoveries, storage
and total losses involving cars, vans and commercial
vehicles for over thirty years, in hours, out of hours,
and in any UK locaon. We complete 310k roadside
recoveries a year, on behalf of major insurance
underwriters, blue-chip corporate fleets, 11 Police
Forces and Naonal Highways.
Collecting the right information
We thoroughly understand the wealth, depth and
quality of informaon required by insurers to progress
a motor claim swily and smoothly whilst controlling
the indemnity and cost of claim.
When recovering a vehicle aer an RTA, our recovery
agents photograph the scene and upload real-me
images to our insurer portal – upon arrival at the scene,
throughout the recovery process, once the vehicle is
loaded on to the recovery truck and more images when
it arrives at it’s desnaon, whether that is a storage
facility or the chosen repairer. All images are date and
me stamped, which supports insurers in accurately
visualising the scene and validang the type of recovery,
equipment deployed, vehicle damage and all associated
charges.
Minimising storage
Our inhouse image engineers remotely inspect these
vehicle images to triage the vehicle for repair or total
loss, with a key focus on reducing storage, and the
associated costs. Whether the vehicle is suitable for
repair or straight to salvage, FMG manage the process
and update the portal at every stage unl the final piece
of the process is complete.
Transparency
& imagery at
every stage
markeng1@fmg.co.uk
0344 243 8888

Keeping insurers fully in the loop
Our portal provides a complete picture of the
enre operaon, with every detail and decision,
task and mescale updated in real me, from the
Recovery Operator’s contact details, to their
on-scene arrival and scene clearance mes, to
storage locaons, summaries of repairer liaisons
and instrucons for the salvage agent.
Jim Dawson, Head of Rapid Response at FMG says,
“We’re proud to work in partnership with some of
the best Vehicle Recovery Operators in the industry,
through solid working relationships that span the
decades. These strong bonds are crucial to our
reputation as the trusted and respected partner in
our field. Every RTA requires a speedy, right-first-time
response that is highly specialised, with expertly
trained and qualified technicians arriving at the
scene, specialist heavy equipment, skilled
decision-making on the spot and an
uncompromising level of safety compliance.
We take all the pressure off the stranded motorist’s
shoulders and keep the insurer fully in the loop
throughout.”
The answer is yes. What’s your question?
Together we have every vehicle type covered, from
motorbikes to the largest HGV to a severely damaged
EV with baery consideraons, from ambient loads to
livestock and every complex incident type too, from
rural rescue to major motorway closures. We work
closely with fire, ambulance, police and mountain
rescue emergency services and rise to any challenge to
provide a total soluon to the most complex of
recoveries – the vegetable oil spill on the M6, the
burn-out construcon vehicle welded onto the M74,
the windy weekend that overturned 12 HGV’s on our
motorways. We’re always prepared for the
unexpected.
We’re responsive, reliable and robust
Jim says, “RTA’s occur at any time, anywhere, yet
our response is the same, night or day. So even if
it’s 3am, torrential rain, and you’re miles from the
nearest streetlamp, you can count on FMG to take
control and put things right, quickly. Our 86-strong
long-serving support team is available round the
clock at our secure service centre, ready to provide
reassurance and support with access to everything
we need to get a fast and efficient recovery
underway.”
Take a closer look at your RTA recovery, storage and
salvage heads of claim. If there’s room for greater
efficiency, full transparency, beer cost control and an
out of hours service which perfectly represents your
best in-hours soluon, give Jim a call.
Jim Dawson,
Head of Operaons,
Rapid Response
www.fmg.co.uk

THE HOLISTIC
APPROACH TO
INSIDER RISK
‘Insider Risk’ refers to the potential threat posed by individuals
within an organisation, such as employees, contractors or trusted
third parties who may intentionally or unintentionally cause harm to
the company’s assets, data, or reputation. This risk can manifest in
various forms, including theft of intellectual property, data breaches,
sabotage, or fraud.
Several factors can affect the level of insider risk within an organisation,
whether they are intentional or unintentional.
Cultural factors. A toxic work environment, lack of ethics and integrity,
or a poor organisational culture can increase the likelihood of insider
threats.
Personal motivations. Financial difficulties, disgruntled employees,
ideological beliefs, or a sense of entitlement can drive individuals to
commit insider crimes.
Access privileges. Employees with elevated access to sensitive
information or systems pose a higher risk if their actions are not
properly monitored and controlled.
Lack of security awareness. Inadequate training and education on
cybersecurity best practices can lead to unintentional insider threats.
To remain vigilant against insider threats and prevent attack vectors,
firms should implement a multi-layered approach that includes the
following measures:
Employee vetting and background checks. Conducting thorough
pre-employment screenings and ongoing monitoring of employees
can help to identify potential risks. This can be easily carried out using
innovative technology that checks against syndicated databases, using
advanced data reading tools to ingest hard copy materials and detect
fraud at the pre-employment vetting process.
Access control and monitoring. Implementing robust access controls
(such as the principle of least privilege) and monitoring user activities
can help detect and mitigate insider threats.
Data protection and encryption. Encrypting sensitive data and
implementing data loss prevention (DLP) solutions can reduce the
risk of data exfiltration by insiders. Following relevant data protection
regulations can help to safeguard against leaks or data loss.
Security awareness training. Regularly educating employees on
security best practices, identifying potential threats and reporting
mechanisms can foster a culture of security awareness.
Incident response and investigation. Having a well-defined incident
response plan alongside the capability to conduct thorough
investigations can aid in mitigating and addressing insider threats
effectively.
By combining the power of data, advanced analytics and
comprehensive security measures, organisations can strengthen their
defences against insider threats and maintain a proactive stance in
protecting their assets and reputation.
LUCKY
ALL THE TIME
The convergence of fraud and digital threat is inevitable, and being
lucky has everything to do with keeping secure.
A night of dibbing and dobbing
The clock nudged past 1am, and the machine in the silver metal case
purred contentedly, its thick black cable snaking to the parallel port
of the PC. The machine had been whirring away for just over two
hours, and at least the same amount of time was left until the job was
completed.
There was little risk. The client had given authority to access the office
outside of typical working hours so I could copy the suspect’s hard
drive. The only real danger was intervention by an over-zealous night
guard who hadn’t received the message to stand down, or the target of
the investigation turning up by chance.
The year was 1995. As a fledgling corporate fraud investigator, I’d
quickly found my vocation was for all things data. I’d been trained
in using the (then state-of-the-art forensic tool) Disk Image Backup
System (DIBS), a favourite instrument of mine for covertly obtaining
computer evidence.
Yes, I’d been inducted into the ranks of those affectionately known as
the ‘Dibbers and Dobbers’. The kit was now copying the hard drive bit
by bit onto a solid-state disk. I didn’t know it then, but this was an early
portent of the inextricable nature of tackling fraud and all things digital.
The worlds of digital and fraud have converged
Fast forward 30 years, and sadly, we’re now accustomed to a wide
spectrum of cyber-enabled fraud threats.
This is a world of malware designed to search out claims documents
and exfiltrate files to far-flung IP addresses. It’s a world with digitally
manipulated images, and automated high-volume attacks intended to
circumvent access controls to online portals, targeting customer data
and payment processes. We’ve got ghost brokers abusing social media,
and websites trying to dupe confused policyholders into notifying
middlemen of their need to claim instead of their insurance provider.
Let’s not forget cyber-enabled insider threats, including the targeting,
approach and coercion of staff, and fraudsters’ use of online
intelligence gathering to enable the impersonation of colleagues – an
attack on customer data and internal processes.
We have to accept it’s an unfair battle. We have to be vigilant and
‘lucky’ all the time in order to prevent loss. The bad actors only need to
be ‘lucky’ once in order to profit.
Being lucky all the time
Perhaps we must stop and consider if our Fraud and Infosec (or Cyber)
teams are truly connected. Are they combined in a composite Security
and Fraud line of defence, or at least inseparable in collaboration across
different reporting lines? Or, do they remain steadfastly independent,
siloed in thinking and practice, leaving vulnerabilities unaddressed and
opportunities unexplored?
We can’t ignore that our foes combine digital and cyber-enabled fraud
capability with an ease that is ‘business as usual’. We might just have to
think and act the same to remain ‘lucky’ all the time.
It is however crucial to remember that
insider threats can come from various
sources and can manifest in different
forms. Therefore, firms must adopt a
holistic approach that covers all attack
vectors, one that leverages advanced
technologies and promotes a culture of
security awareness and accountability
throughout the organisation as a whole.
Thomas Whitaker,
Account Development Director,
Synectics Solutions
Matt Gilham,
Director, Whitelk
MODERN INSURANCE | 47

Friction Is the Key
to Customer Success
Friction is something that we strive to avoid in life. “Let’s hope
it goes smoothly!” “We need to grease the wheels, iron out the
kinks”, and so on. However, friction is sometimes unavoidable.
In the world of eCommerce, for example, this is especially
true during checkout. When it comes to insurance, we
are constantly reminded: “Every extra question in an
underwriting journey increases drop-off, so cut, cut, cut”.
In commoditised industries like insurance, client loyalty
is always crucial due to fierce competition. That means
creating seamless experiences is paramount.
But actually, friction – when managed strategically – can
be highly advantageous for insurers. In fact, it may just
be one key to unlocking hidden value and forging lasting
relationships with policyholders. This shift in perspective is
about challenging traditional norms of an age-old industry
with new ideas and innovative alternatives. With the right
approach, friction can be leveraged as a springboard to
greater success.
From Friction to Harmony
Friction can be a strategic asset that enhances relationships
and fosters deeper customer engagement. It's not about
poor service or fixing something when things go wrong;
rather, it's about finding a greater purpose from deliberately
making customers do something they may initially find
unnecessary.
Think of making a customer go through a slightly drawn-out
process that gathers essential information for personalized
services. While this may introduce a level of friction, it
ultimately enhances their experience and satisfaction.
Friction isn’t kryptonite; if played right, it can be a gateway
to deeper customer engagement, meaningful interactions,
and valuable insights. Frictionless experiences may sound
good on paper, but they can go wrong.
Encountering challenging customers provides ample
opportunity for exceptional customer service, turning sticky
situations into strong and lasting relationships. We should
be far more worried about the quiet customers. After all,
zero complaints doesn’t necessarily mean there is nothing to
complain about…
A Boon for Customer Success
Strategic friction is vital for customers and customer success
teams. For example, during enrolment, setting the process
around a welcome call instead of (or prior to) self-serve can
be a really effective strategy.
This friction results in two key benefits. Firstly, it reduces
friction later on by guiding customers throughout their
journey, ensuring a smoother experience. Secondly, it
provides an opportunity to ask and answer questions, which
is crucial for understanding what success looks like for a
customer, and helping them achieve it.
However, strategic friction doesn't end at the start. It should
be used continuously, albeit sparingly and strategically,
throughout the relationship. This allows a customer success
organization to demonstrate their ongoing value, turning
grumpy customers into champions and pivoting where
necessary based on evolving customer needs.
Stranger than Friction
Though friction is never the goal, it’s still a part of doing
business. For insurers, viewing friction as an asset just might
set them apart.
By actively reshaping pain points into meaningful outcomes,
insurers can augment trust, foster lasting client relationships,
and set a whole new standard for customer success.
Reducing friction unquestionably increases speed and ease
of use, but it can also lead to an ‘easy come, easy go’ feeling
of superficiality. Insurers who only prioritise seamlessness
tend to miss out on the benefits which can arise from
touchpoint interactions that genuinely resonate with
policyholders.
The key lies in empowering customers to voice their genuine
concerns. By actively listening and responding to feedback,
insurers can gain a deeper understanding of customer
needs, preferences, and pain points, enabling them to tailor
solutions and offerings with greater precision.
No matter how simple or intuitive a product or process
is, things go wrong, and edge cases happen. If there is a
weak spot, it is 100% guaranteed that customers will find
it and get grumpy. Though they may be challenging, these
‘grumpy’ customers are actually blessings in disguise. They
help us to improve, and they give us an opportunity to turn
their frustration into delight. Such customers can be turned
from detractors into champions.
Jonathan Roomer,
Co-Founder and Head of Customer Success,
YuLife
MODERN INSURANCE | 49

Specialist
Investigation
Services
Innovative solutions
to help validate claims &
combat insurance fraud
Charles Taylor Specialist Investigation Services (CTSIS) works
collaboratively with the insurance industry to provide market
leading global claims validation and counter fraud services.
AD
Our full suite of claims validation solutions includes
Fraud Keeper, our proprietary Automated Fraud
Detection software, our multi award winning social
media and open source intelligence tool, Discovery by
Charles Taylor, both of which are supported by internal
and external counter fraud professionals.
GET IN TOUCH
Bobby Gracey
Group Head of Fraud
Find out more
+44 7557 774 577
bobby.gracey@charlestaylor.com
Simon Cook
Director of Investigation Services – UK
+44 7834 098 648
simon.cook@charlestaylor.com

Put the
Sugarin First
FEATURES
As I contemplate the first coffee of the morning,
I am too often faced with a truly horrendous
situation. A set of circumstances so bad that I
immediately start to panic and hyperventilate.
Blood rushes to my brain, causing an explosion
of nerve endings that leave me feeling faint and
slightly nauseous. Grasping the countertop,
I begin to sway and stagger.
It would be an exaggeration to suggest that I am actually dying,
but believe me when I say that I am wondering if I will make it
through the day in the light of such an assault on my senses.
It is with a heavy heart that I must report to you what I
sometimes find.
Yes – there are grains of coffee in my otherwise pristine white
sugar, as stored and displayed in my perfectly designed and
functional sugar bowl.
Someone has introduced renegade brown elements into my
sugar that were never intended to be there. I’m pretty sure I
know who it is, given that my dogs do not have thumbs and
only one other person lives in my house. This was undoubtedly
well intentioned, as it was probably a precursor to the provision
of a cup of steaming hot coffee - but let’s be clear about this.
There is an order and an elegance to the act of said coffee, and
introducing an alien species to the previously beautiful rolling
hills and undulating valleys of my sugar storage system is not
part of the plan.
I think I understand how this heinous crime has been
committed. There is at least one teaspoon that must accept
part of the responsibility. However, after suitable admonition
and a few tears of sorrow, I am hopeful that I can also persuade
the culprit to beg forgiveness.
But on this cold and wintry morning (in the middle of spring), I
ask myself a more fundamental question. Why?
What on earth possessed anyone to interfere and create such
mayhem and disruption in a perfect arrangement? How can it
not have been noticed that a few grains of instant coffee (and
I have counted 6 of the malicious interlopers) would ruin an
otherwise splendidly pristine picture of peace and calm?
I think the answer lies in several errors. Firstly, of course,
did the evil perpetrator actually understand what the sugar
arrangement was designed to achieve? Had there been
sufficient communication of my sugar-related goals? Were they
a part of the original working group to consider these matters,
or had I mistakenly assumed that we were all on the same
page? Perhaps in their desire to improve the coffee-making
situation, they had ignored the agreed rules?
As I think more about what has happened, it seems that at
least some of the fault lies with me and my failure to explain,
check understanding, and agree preferred outputs.
I think I know the rules, but maybe not?
Put the sugar in the cup first
before adding coffee from a
different container. Or, perhaps
using different spoons for different
ingredients might work best.
Maybe I need to identify the scope
for error, and purchase a brandnew
machine that avoids all such
problems. A coffee pod that needs
no teaspoons - how good would
that be?
Or, I could just stop taking sugar.
Eddie Longworth,
Director, JEL Consulting
MODERN INSURANCE | 51

INVESTIGATION WITH
REAL INSIGHT
It’s not by chance that RGI Solutions
has grown to become one of the UK’s
leading independent insurance
investigation specialists. When we set
out in business back in 1990, our
mantra was simple: ‘to provide
integrity, reliability, insight, value
and quality in everything we do’.
TAILORED SOLUTIONS
AT YOUR SERVICE
About Us
Today, with leading insurance
companies, solicitors, self-insurers
and claims handling companies
among our clients, our founding
principles remain just as important to
us as they did all those years ago.
Proud of our heritage, clear fixedprice
services and outstanding fraud
savings rate, we deliver exceptional
value.
Believing that being ‘good’ really
isn’t good enough, we view the
service level agreement we establish
with each client as the absolute
minimum standard we must achieve.
0161 486 0100
Our portfolio of services is regularly
reviewed to ensure we provide
comprehensive, up-to-date and
effective investigation solutions. Most
importantly, each service is tailored to
clients’ specific needs and fully
compliant with the jurisdiction in
which we operate.
THE INTELLIGENT CHOICE
With highly experienced, qualified and
licensed investigators, sophisticated
information databases and a
management team made up of leading
counter-fraud specialists, we offer
true insight, capability and expertise.
Understanding that speed is always of
the essence, we offer a rapid
response.
The Intelligent Choice
Integrity, reliability, insight, value and quality
Address : The Chambers, 44 Station Road,
Cheadle Hulme, SK8 7AB
Mailbox : sales@rgisolutions.co.uk

A Total Loss Could
Be An Electric Gain
James Roberts, Head of Insurance Sales for Europcar, explains how a collaborative partnership between insurers
and replacement vehicle supply can go a long way towards supporting the Government’s zero emissions goals.
A recent government inquiry by the House
of Lords Environment and Climate Change
Committee highlighted that ‘surface transport is
the UK’s highest emitting sector for CO2, with
passenger cars responsible for over half those
emissions.’ The report released by the Committee
stated that ‘progress is not happening fast enough,
and major barriers remain,’ including charging
anxiety and the cost and availability of vehicles.
A pervading culture of misinformation was also
identified as a key issue in deterring motorists from
making the switch.
Europcar is monitoring driver sentiment about
switching to EV, and early signs suggest that
there’s still a long way to go to persuade ICE
motorists that now is the time to make the move.
At the start of the year, our ‘Barriers to EV’
barometer found that 62% of motorists cited cost
(purchase, maintenance and finance options) as
the biggest barrier. 46% cited the lack of charging
infrastructure. Yet the reality is that the availability
of electric vehicles is getting better all the time,
and the charging infrastructure has grown
significantly in the last 12 months.
Real-world experience
The job that needs to be done across the motoring
landscape – from the Government and charging
companies, through to the OEMs and insurers
– is to overcome the FUD (fear, uncertainty and
doubt). Motorists need to experience electric
motoring first-hand – and in real-world conditions
(not just a short test drive) – to see just how easy
it is.
Clearly there are still some big hurdles to
overcome. However, we have identified that
the less-than positive experience of a Total Loss
could be the ideal entry route for drivers to find
out about electric motoring. We are working with
several insurance providers to get more drivers
behind the wheel of an EV.
Turning a Total Loss into an Electric Gain
As everyone knows, a customer whose vehicle
is deemed a Total Loss needs an alternative
for as much as a month. For many insurers, this
means leaving the replacement vehicle provider
to offer whatever is available from their local
branch without any reference to the policyholder’s
needs. However, we believe there should be an
alternative that will not only enhance the customer’s
claims experience; it will also bring electric driving
to a wider motoring public.
By offering the option of an electric replacement
vehicle as part of the Total Loss claim, the
policyholder gets a ‘try before you buy’ EV
experience without having to think about any of the
barriers. Delivered through our dedicated insurance
contact centre, which has a team of EV champions
who can access our entire fleet of electric vehicles,
this solution is playing a fundamental role in shifting
perceptions and encouraging more ICE motorists
to try an EV in the real world. More than 60% of
the Europcar network is electrified, giving us full
UK EV coverage. EV champions at the majority of
locations also provide a further level of confidence
for new electric drivers.
We work with the insurer to agree when to offer
policyholders an EV instead of a like-for-like ICE
vehicle. The agents then contact the policyholder to
discuss the options in detail. Once the customer has
selected a vehicle, we can deliver it to their home or
work address for ultimate convenience. Currently,
we are seeing 1 in 3 suitable policyholders stating
that they are happy to try out electric motoring.
Winning EV customer loyalty
For insurers stepping into the EV marketplace,
the other big conundrum lies around how to
handle customer expectations when it comes to
replacement vehicles. Sales of fully electric cars hit
the 1 million mark 1 at the start of 2024, putting new
pressure on insurers to provide EV replacements.
In addition, with Consumer Duty now a big focus
for insurers, it is critical that the replacement vehicle
supply chain is fit for purpose.
Relying on a sole supply partnership brings
vulnerability to regulatory scrutiny if a
policyholder’s choice is limited. It also puts the
customer relationship at risk. Replacement vehicles
form a fundamental component of a motor
insurance claim, and a lack of suitable options
can be catastrophic for customer satisfaction. In
contrast, if the service goes above and beyond
expectations, it leaves a lasting positive impression.
To find out more about Europcar Insurance
Solutions, visit europcar.co.uk/business
James Roberts,
Head of Insurance Sales,
Europcar Mobility Group UK
1 https://www.smmt.co.uk/2024/02/uk-reaches-million-evmilestone-as-new-car-market-grows/
MODERN INSURANCE | 53

NEW
ILC
Summer
Networking Event
12 September 2024 Fulham Beach Cub
ILC
AD
The Summer Networking Event
will bring together insurance
claims professionals, industry
leaders, and key stakeholders
in a relaxed, fun and engaging
atmosphere.
Scan here to
find out more...
The Summer Networking Event
will support ILC’s chosen charity
partner – Rainbow Trust – with
10% of the event contribution
donated to the children’s
charity.
CONTACT:
Liane Price
Sales & Account Manager
liane@iloveclaims.com
07850 220714
Visit: iloveclaims.com
Photo credit: neverlandlondon.com

FEATURES
THE EVOLVING RISK OF
CYBERCRI E
M
For years, insurers and cyber criminals
have been in a technological arms race.
Criminals use new tech to commit new
crimes, while insurers rush to close
loopholes before they are exploited.
The digital battle became even more fierce during the
pandemic, when the reliance on remote solutions increased
exponentially. However, the greater the digital implementation,
the greater a company’s vulnerability.
Recognising this, businesses made haste towards the relatively
new sector of cyber insurance. Global gross premium for cyber
insurance grew annually by more than 20% between 2019 and
2021, with premiums doubling in both 2021 and 2022. Volumes
continued to grow throughout 2023, and according to Munich
Re, this pattern will continue by as much as 25% per year over
the course of the next decade.
Certainly, cyber insurance is a sector on a rapid upwards
trajectory, with 53% of business managers questioned in the
inaugural EY/Institute of International Finance (IIF) Global
Insurance Risk Management survey now citing cybersecurity
as their greatest risk.
PROFIT
However, what do businesses expect from cyber insurance?
And with so little historical evidence, how can insurers ensure
profitability?
Bharat Raj, Head of London Markets at OAC, said: “Cyber
insurance remains an attractive market for incumbents and
new capital, and there is good opportunity for growth and
underwriting profit. Engagement with your policyholders is
key to ensuring strong underwriting performance.”
“Policyholders increasingly look to their insurance partners for
expertise and advice for mitigating cyber risk in the first place.
Working collaboratively generally pays dividends; it can help
drive improvements in the claims experience and premium
rates as policyholders appreciate the value-added services on
offer.”
AI
However, a new technology seems to come along every few
years with greater potential and greater risk than the last. Most
now agree that Artificial Intelligence (AI) could present the
greatest cyber challenge of all.
A new report published by Lloyd’s entitled ‘Generative AI:
Transforming the Cyber Landscape’ describes cyber as one
of the most complex and critical risks threatening businesses
today, with the emergence of unrestricted advanced GenAI
models set to reshape the cyber landscape.
The report says that AI will enable more people to target
businesses while also providing them with more entry points.
It predicts that while there may only be a modest increase in
significant cyber catastrophe, smaller scale attacks are likely
to increase at a much quicker rate, particularly when the
technology enables ‘threat actors to more effectively design
targeted and lower profile campaigns’.
The National Cyber Security Centre has reached a similar
conclusion, saying:
“AI will almost certainly increase the volume and heighten the
impact of cyber-attacks over the next two years.”
“AI lowers the barrier for novice cyber criminals,
hackers-for-hire and hacktivists to carry out effective access
and information gathering operations. This enhanced access
will likely contribute to the global ransomware threat over the
next two years… commoditisation of AI-enabled capability
in criminal and commercial markets will almost certainly
make improved capability available to cybercrime actors.”
The era of GenAI is just beginning, and according to research
carried out by McKinsey, it could add £3.5tn to the global
economy. However, the GenAI arms race is also just starting,
and insurers continue to remain firmly on the frontline for this
new development.
Understanding the risks is the first step, and that isn’t easy in
such a rapidly shifting environment. The most common threat,
and the one that has historically cost insurers the most in this
area, is ransomware, a form of cyber-attack that encrypts files.
MODERN INSURANCE | 55

mins with...
Erez Barak
Title: Chief Technology Officer, Earnix
What has been your most memorable career
achievement?
Q
From a technology perspective, memorable moments
happen for me whenever people get to use the products
AI’ve built! There’s been a few areas of pride in this sense,
particularly from my time working in leadership roles at some
of the big tech giants like Microsoft and HP, and when I’ve been
developing new technologies and product experiences for
the likes of Optify. Cloud infrastructure, big data systems and
Artificial Intelligence (AI) are all hugely exciting technological
developments to work with, and it’s great to see people find a
practical use in what you’ve built.
Throughout your career so far, what has been the most
valuable piece of advice you’ve received?
Q
That’s a really interesting question. I’ve received a lot of
advice throughout my career. Ultimately, I like to stay
A mindful of the fact that every day should be treated as a
fresh start, and a ‘jump off point’ from which new possibilities
can form. It’s easy to forget that every day is a starting point
when you’re living your day-to-day; you can easily become blind
to the opportunities around you and focus solely on what you
lack. Acknowledging the opportunity in each new day has the
power to adjust your outlook and overall approach. I really think
that mindset has the power to change your life.
What has been the key positive or negative aspect of
change in your area of the market?
Q
I have to mention AI here. From one perspective, when
people use AI too soon – without any real direction in
A terms of business implication, for example – this can
create quite a negative impression in the insurance industry,
ultimately deflecting from what this technology can really
achieve. Until industries really gain their footing with AI, it has
the potential to pose a number of challenges.
On the other hand, increased compliance, policy and standards
around the use of this technology will continue to create real and
positive change for many industries, as well as the people within
them. Users become more confident with AI, especially when
it comes to experimenting and trying things out, knowing that
someone has their back while doing so.
If you were not in your current position, what would you
like to be doing?
Q
The technology industry has a huge reach, all with
massive social implications. I meet a lot of people in this
A line of work who are making such a positive impact with
their products, embracing an overall mission to improve the
communities we live in. So, if I wasn’t doing what I’m doing right
now, I’d start by looking at what I could do that would make a
real social impact. I’d want to continue focusing on work that
changes people’s lives for the better, something that creates new
opportunities within society and helps to drive innovation and
potential.
Q
A
What three items would you put on display in a
museum of your life, and why?
My first computer would have to be included. I was young
at the time, and it was monumental for me in the way
that I taught myself how to use it, how to code and play
games. This opened many opportunities and ideas for me in both
a personal and professional sense.
I’d also include a photo collage of all the teams I’ve worked with
in the past. These people have shaped my career, and I link this
to my first computer because without the knowledge I gained
from that, I wouldn’t have had the privilege of working alongside
so many great colleagues.
Finally, I’d hang a scratch map of world, where I can document
all the places I’ve visited and travelled to. I’m really lucky that the
industry I’m in has enabled me to see so many wonderful parts of
the world.
What three guests would you invite to a dinner party?
Q
A
I’m going to invite three Steve’s: Steve Jobs, Steve Nash,
and Steve Carell. I think they’re all leaders in their area
of specialism and world class players at what they do.
Steve Jobs brought so much to the world through technology
innovation. Steve Nash was a talented NBA basketball player, and
Steve Carell is a great inspiration in comedy and acting. All three
were great team players and have positively influenced their
teams in incredible ways.
MODERN INSURANCE | 57

A new approach to
repair management
Repair capacity when
and where you need it.
Find out how our on-demand repair solutions can
help solve your repair capacity challenges today.
Visit www.activate-group.com/repair-as-a-service
to learn more.
Extending our repair footprint into London!
AAR HAMPTON
OPENING
MARCH 2024

HEADLINE SPONSOR
Modern Insurance Magazine returned to The Rum
Warehouse, Liverpool on Thursday 18th April 2024 in honour
of celebrating the very best talent in the world of claims.
MODERN INSURANCE | 59

Modern Insurance Magazine’s notorious Modern Claims Awards recently
landed in Liverpool for the second year running, playing host to a
night of celebration for the industry’s most valued and talented claims
professionals.
Upon arrival at the venue, guests were warmly welcomed with a
set from Bloxed Beats, a premier beatbox group renowned for their
energetic and animated live performances. Sponsored by QuestGates
in celebration of their 20th anniversary as a business, the music and
atmosphere of the Champagne Reception perfectly set the tone for the
rest of the evening’s festivities.
After a call for guests to be seated, our very own Rachael Pearson took
to the stage to introduce both Andy Whatmough – Managing Director
of headline sponsor, S&G Response – and David Williams, Chair Judge.
Welcome speeches from Andy and David were both warmly received by
the room, prior to a three-course meal being served from the culinary
heart of the Rum Warehouse kitchens.
With guests fed, the ceremony began with a bang as Keith Farnan –
Irish comedian and Modern Claims Awards’ host – arrived on stage to
present the awards. Formerly a solicitor, Keith’s endearing humour and
charming stage presence made the room erupt, carrying a buzz through
ten minutes of stand-up comedy and into the presentation as he took
charge of announcing the shortlisted firms, award winners, and highly
commended results.
Winners were invited to the stage to collect their trophies, each
presented by the respective sponsor of that particular award category.
From Napo Pet Insurance winning ‘Insurer of the Year’, through to
John Muir’s receipt of the Lifetime Achievement Award in absentia,
the full scope of the industry’s talent was realised yet again at another
incredible event. The party continued long into the night, with flowing
drinks, pizza, music and arcade games all coming together to give
guests a well-deserved night of fun and entertainment!
Please join us in congratulating all of the 2024 winners, highly
commended, and everyone who made this year’s Modern Claims
Awards such a fantastic success.
See you next year!
60 | MODERN INSURANCE

MODERN INSURANCE | 61

Results
INSURER OF THE YEAR
WINNER - NAPO PET INSURANCE
HIGHLY COMMENDED - COVERDRONE
BROKER OF THE YEAR
WINNER - ASCEND BROKING GROUP
HIGHLY COMMENDED - QUALITY CARE GROUP
​BODYSHOP OF THE YEAR
WINNER - THE VELLA GROUP
JOINT HIGHLY COMMENDED - AUTOCRAFT ACCIDENT
REPAIR CENTRE TELFORD AND GEMINI ACCIDENT
REPAIR CENTRE
​LAW FIRM OF THE YEAR
WINNER - EXPRESS SOLICITORS
HIGHLY COMMENDED - PAUL CROWLEY
& CO SOLICITORS
BEST WORKPLACE
WINNER - KINGSBRIDGE GROUP
HIGHLY COMMENDED - FMG
​INSURTECH OF THE YEAR
WINNER - MCKENZIE INTELLIGENCE SERVICES
HIGHLY COMMENDED - CLEARSPEED
​MANAGING GENERAL AGENT
OF THE YEAR
WINNER - BATTLEFACE
HIGHLY COMMENDED - INSTANT UNDERWRITING
OUTSTANDING COMMITMENT TO
TRAINING AND APPRENTICESHIPS
WINNER - THE VELLA GROUP
HIGHLY COMMENDED - AUTOGLASS
​BEST GREEN INITIATIVE
WINNER - LV= GENERAL INSURANCE GROUP
JOINT HIGHLY COMMENDED - AUTOGLASS AND
NATIONAL WINDSCREENS
​SUPPORTING THE INDUSTRY
(1-25 EMPLOYEES)
WINNER - QLAIMS LTD
HIGHLY COMMENDED - GT MOTIVE
SUPPORTING THE INDUSTRY
(26+ EMPLOYEES)
WINNER - BELFOR UK
HIGHLY COMMENDED - MCKENZIE
INTELLIGENCE SERVICES
62 | MODERN INSURANCE

Results
INNOVATION OF THE YEAR
WINNER - MCKENZIE INTELLIGENCE SERVICES
HIGHLY COMMENDED - AVIVA CLAIMS
TECH INITIATIVE OF THE YEAR
WINNER - CLEARSPEED
JOINT HIGHLY COMMENDED - FLOODFLASH
AND DIGILOG UK
MAJOR LOSS AWARD
WINNER - AVIVA CALIMS
HIGHLY COMMENDED - DESCARTES
UNDERWRITING
FIGHT AGAINST FRAUD
WINNER - AVIVA CALIMS
HIGHLY COMMENDED - CHARLES TAYLOR
RISING STAR OF THE YEAR
WINNER - SAMANTHA NEWTON, KINDERTONS
HIGHLY COMMENDED - AMY WEI, NAPO PET
INSURANCE
DIVERSITY AWARD
WINNER - DASA LTD
HIGHLY COMMENDED - QBE EUROPEAN
OPERATIONS
BEST ESG CAMPAIGN
WINNER - ROMERO GROUP
HIGHLY COMMENDED - QUESTGATES
ACCIDENT MANAGEMENT
COMPANY OF THE YEAR
WINNER - MOTOR ASSIST FROM AX
HIGHLY COMMENDED - FMG
OUTSTANDING ACHIEVEMENT
OF THE YEAR
WINNER - CAROLINE WAGSTAFF
LIFETIME ACHIEVEMENT
WINNER - JOHN MUIR
MODERN INSURANCE | 63

“The team at Modern Insurance Magazine
surpassed themselves with another superb event
celebrating the best that the claims sector has
to offer. We were privileged to be the Headline
Sponsor for the 2024 Modern Claims Awards, and
would like to extend our congratulations to all
those shortlisted, especially to the winners. We are
also really grateful to the judges, who gave up their
time so generously in assessing the high quality of
entrants.”
Andy Whatmough, Managing Director, S&G
Response
“Absolutely fantastic evening - thoroughly
enjoyable and we are proud to be a sponsor
partner. It was great to catch up with so many
industry friends. Congratulations to all the
winners!”
Simon Downing, Group Business Development and
Accounts Manager, GRM Bodycraft Group
“The highlight of my night was being sandwiched
between David Williams and Huw Evans… and
being thoroughly entertained (and educated) by
both!”
Sue McCall ACII, Senior Consultant
“A great event that showcased just how
competitive the sector is. The diversity of new
names and businesses shortlisted demonstrates
that there is now so much more choice for buyers
beyond the usual ‘go to’ big suppliers.”
James Roberts, Head of Insurance Sales, Europcar
“Celebrating innovation and excellence in claims
at the 2024 Modern Claims Awards really brought
industry leaders together for a night of recognition
and inspiration. As sponsors, we were privileged
to witness the dedication and talent of individuals
shaping the future of insurance. Our highlight
of the night was seeing the passion and drive
displayed by all award recipients, reaffirming a
joint commitment to advancing the standards of
our industry.”
Sarah Glenn, Commercial Director, RGI Solutions
Thank you to all our sponsors...
“‘It was such a great event. The highlight for us
was winning and getting recognised for two of
our categories! Award ceremonies always give us
a great chance to see old friends and meet new
people in our industry.’
Jenny FitzHugh, Field and Event Marketing
Manager, Clearspeed
“It was a highlight of the night to hand over
the Insurtech of the Year Award to McKenzie
Intelligence Services. All contenders in this
category were exceptional this year, deploying
technology to better serve their customers
and employees. At AllThingsCX, we are always
fascinated with what companies are doing to
evolve and enhance their offerings, and this year’s
contenders continue to show the industry how
you can innovate and adapt. Congratulations to
all the nominees and winners, we look forward to
hearing about more exceptional experiences at
next year’s awards.”
Daryn Robinson, Founder & CEO, AllThingsCX
“It was an honour to present the ‘Fight Against
Fraud’ Award to the Aviva team. A great night
was had by all – we hope to see you all again next
year!!”
Paul Nichols, Senior Sales Manager, CAPS
“From the champagne reception right through to
the waifs and strays leaving in the early hours, the
2024 Modern Claims Awards was a brilliant event.
I’m delighted to have been involved with the
sponsorship; it was lovely to see old friends and
meet new people alike. Roll on next year!”
Nik Ellis, Managing Director, Laird
“I thoroughly enjoyed the whole evening! As I’ve
said before, I think the location makes it special,
as does the focus on claims, which I also think
produces a better set of attendees! If I had to pick
one particular highlight, for me it would be when
all the winners came back up on stage for a photo.
I went to take a picture and was taken aback
by just how happy everyone seemed to be; no
rivalry, just the absolute joy of being a collective
of successful claims professionals. It was a great
moment.”
David Williams, Chair Judge, Modern Claims
Awards 2024
64 | MODERN INSURANCE

“The calibre of entries was top-notch, and the
energy in the room was truly electric. It was
awesome to see upcoming industry trailblazers
being recognised for doing amazing things,
along with some familiar faces. The dinner (and
Guinness) was also excellent... it offered the
perfect fuel for a night of celebration and a
marathon PB on the Sunday! Here’s to another
year of claims innovation, great networking and,
of course, delicious dark beer!”
Rory Pyke, Senior Global Partnerships Manager,
Insurtech Insights
“I was extremely honoured to be a judge at this
year’s Modern Claims Awards, and it was great to
catch-up with so many industry leaders. However, I
had not expected three things to be true. One, that
I would hear about so many incredible businesses
in insurance claims. I thought I knew most, but
the event taught me there’s still a lot more to
learn. Two, that an awards based in Liverpool
is essential; insurance needs this event and the
opportunity to celebrate outside of London in
particular. And three, that this industry continues
to surprise and inspire me. The people and
businesses we celebrated bring so much to our
industry, from supporting fresh talent coming in
through to driving our purpose and ensuring the
wider ecosystem remains fit and healthy. Claims is
the moment of truth, and this event was proof of
that. My congratulations again to all involved, and
I hope to see even more new faces same time next
year!”
Rory Yates, Head of Strategy EMEA, EIS
”My highlight of the night was having the pleasure
of sitting next to the lovely Amelia Barlow!”
Charles Layfield, Owner, Charles Layfield Limited
“Well, Modern Claims Awards 2024 did not
disappoint! A fantastic night full of great people in
a fantastic venue. Great to catch up with everyone,
to see the joy on the winners’ faces… and what a
brilliant Chair Judge David Williams was. I don’t
get the chance to dance nearly enough these
days, so I relish these events to remember what
fun it is! Shoutout to my talented dance partners,
Adele & Pam!! Just deadly.”
Donna Scully, Joint Owner/Director, Carpenters
Group
“I have to say that the Modern Claims Awards was
simply outstanding from start to finish. They really
know how to put the ‘modern’ into claims! The
attendees were of an excellent standard, which
created the perfect opportunity for networking in
fun surroundings.”
Bobby Gracey, Group Head of Counter Fraud,
Charles Taylor
“Parametric insurance is proving to be an
invaluable part of our insurance ecosystem,
celebrated alongside indemnity. It was a highlight
to be recognised as one of the best in class for
claims management, because what we are doing is
really helping to transform the image of insurance.
The WWF describes parametric insurance as
one of the critical tools to protect our planet and
promote resilience.”
Ola Jacob, UK & Ireland Business Development
Director, Descartes Underwriting
CELEBRATING
20 YEARS
IN BUSINESS
Media Partners
MODERN INSURANCE | 65

INSUR.
TECH.
TALK

INSURTECH
WELCOME
Greetings, and welcome
to Insur.Tech.Talk!
Welcome, dear readers, to this critical cybersecurity edition of Insur.Tech.Talk.
While threats are on the rise across the board - be it data breaches,
ransomware attacks, identity theft or phishing – there’s new technologies,
best practices, regulations and C-suite mobilization armed and ready to create
further resilience against these threats.
In this issue, Monica Shokrai from Google Cloud speaks to the evolving roles
and relationships between the Chief Information Security Officer (CISO)
and Chief Financial Officer (CFO) at board level to mitigate cyber risk. Lisa
Pollina offers insights into cybersecurity threats in the current geopolitical
environment, and considers what could be done to counter them. Caitlin
Alpern from AXA XL also expands on the evolving regulatory environment,
alongside recent privacy laws and the mandate for public companies to
disclose breaches swiftly, considering how this affects the response of others.
Furthermore, Dikla Wagner from Munich Re shares her thoughts on
social engineering, and discusses how cybercriminals can exploit human
vulnerabilities to create personalized phishing campaigns at scale, particularly
by leveraging Artificial Intelligence (AI). Finally, Laurissa Berk from UConn
shares her vision for the Cyber Defense Connect Conference, which stems
from the escalating importance of cyber security across various industry
sectors.
All agree that AI can be dangerous in the hands of a cybercriminal. However,
my panelists were very optimistic about the promise of this technology in the
right hands, particularly when it comes to detecting a breach and increasing
response times in order to mitigate the risk of cyber-attack.
Happy reading,
Megan
Megan Kuczynski,
President,
Insurtech Insights
MODERN INSURANCE | 67

INSURTECH
Google
Cloud
QMonica, more and more corporations are securing
cyber insurance policies in the event of an attack or
data breach. While insurance does not eliminate the
need for proactive and resilient cyber controls, it does offer
a ‘safety net’ for potential financial loss, according to a new
report from Google Cloud’s Office of the Chief Information
Security Officer (CISO).
How is the role of the CISO evolving to address the growing
volume of cyberattacks? And what sort of collaboration
needs to happen with the Chief Financial Officer in order to
mitigate cyber risk?
A
Cyber-related risk is one of the top concerns
facing organizations today, now with frequent
board-level engagement on the topic. This
rapid shift in awareness around cyber-related risk
has encouraged the CISO to evolve from a technical
security expert to more of an enterprise risk manager,
one that’s responsible for translating cybersecurity
threats and vulnerabilities into business-relevant terms
for the benefit of executive leadership and the Board of
Directors.
Historically, the Board are used to understanding risk
in terms of dollars, largely due to the role of the Chief
Financial Officer (CFO) in relation to how they quantify
risk for the organization. While the CISO is primarily
responsible for actually mitigating the risks and securing
an organization’s environment, a CISO and CFO can
collaborate in order to tell a better story together.
Leveraging the skills of an actuary or financial analyst
can develop a cyber model which can translate risk
into dollars, something which is easier for leadership
to digest and track over time. Further quantified cyber
risk allows organizations to think about their return on
investment in security, and translate their risk into risk
transfer or insurance discussions.
QWhat about Artificial Intelligence? Is it a friend, foe, or
both?
AI is at an inflection point for digital security,
and if leveraged correctly, it can be an incredible
A tool to help organizations improve their security
posture and reduce toil. That being said, a lot of how
AI plays out – with regards to whether it’ll be a friend
or foe – depends on how we collectively work together.
Security professionals and policymakers must boldly
take action to shape the direction of the technology in a
way where it tilts the odds in favor of cyber defenders.
At Google, we often talk about the Defender’s Dilemma
– a challenge in cybersecurity where attackers need just
one successful attack to break through the best defenses.
Meanwhile, for defenders, there’s no margin for error.
Based on Google’s experience deploying AI at scale, we
believe that AI can actually reverse this dynamic. This
would eventually enable both security professionals and
defenders to scale their work in threat detection, malware
analysis, vulnerability detection, vulnerability fixes, and
incident response.
AI can, and is, being leveraged to detect malware in
real time. For example, Gmail blocks more than 100
million phishing attempts every day, and a lot of that has
been powered by AI for decades. Google Play Protect
also scans over 100 billion apps for malware and other
issues. We have a number of tools across our product
suite, particularly within Google Cloud, that leverages
AI to predict where an attacker could strike, what cloud
resources would be exposed, and the possible blast radius
of a successful attack. This means that cloud customers
can better secure weaknesses in their environment.
QWhat were some of the top trends to emerge from
Google’s recent Cyber Day?
We hosted Cyber Day as a way for us to share
our cybersecurity investments with the insurance
A market. A few key themes emerged that we hope to
see as general trends within the technology and insurance
space.
1. Secure by Design
First, we strive to develop infrastructure and products that
are secure by design. Google Cloud puts significant effort
into shipping products with secure default configurations
out of the box, so customers don’t have to spend as much
time reconfiguring for security. We also provide security
tools and define blueprints for customers, so that their
cloud implementations are secure from the start.
This is important to the insurance industry as cyber
insurers are often on the hook for a loss, regardless of
where the breach occurred. We’re at a time where insurers
are starting to look at the investment that technology
providers put into security, as they consider whether
to differentiate pricing for their policyholders based on
which technology provider or software a company is
using.
68 | MODERN INSURANCE

INSURTECH
2. Shared Fate
We also touched on this idea of Shared Fate, where
Google Cloud is going beyond the shared responsibility
model which most cloud providers focus on. In the Shared
Responsibility Model, a cloud provider is responsible for
the security of the infrastructure, while the customer is
responsible for maintaining a secure configuration on top
of that.
While the setup might be technically correct, this can
create an ‘Us vs. Them’ model. Alternatively, Google
instead wants to partner more deeply with customers,
providing more default guidance and ensuring that
security is built into our products and not ‘bolted on’.
This will help us to tackle the broader cyber risk landscape
together, partnering with the insurance industry to provide
access to cyber insurance via a program that I oversee
called the Risk Protection Program. Shared Fate is now
really built into our ethos as a company, and you’ll see it
in many things we do.
3. Mandiant Expertise
We also had our Mandiant Threat Intelligence and
Mandiant Consulting teams speak at Cyber Day, and it’s
truly incredible to hear firsthand from leaders on the front
line. Mandiant talked through the latest trends in what
they’re seeing by way of threat actor activity, and how
organizations should best respond.
As a Risk Manager, it’s important to work with incident
response providers that are experienced in what they
do. In insurance terms, this can reduce the frequency of
an event by applying their threat intel and suggestions
to harden an environment; however, it can also greatly
reduce the severity of an event if you work with the right
incident response provider from the start. The integration
that Mandiant has with the insurance industry, and the
impact they have when given the chance to remediate
incidents quickly, was truly incredible to see.
Q
In this era of ‘work from anywhere’, how are providers
like Google positioned to stave off cyberattacks that
occur in the Cloud?
We’ve put some Cloud Security Megatrends
principles together, which will form the best general
A reference material when it comes to discussing
how cloud providers can help drive security. There’s lots
of good content in there that speaks to how the divide
between security in a cloud environment vs. an on-premise
environment will widen over time, simply because these
trends will compound.
Monica leads business risk and insurance
for Google Cloud, including managing
insurance product development and
partnerships for Google Cloud’s Risk
Protection Program. Monica is also the
Head of Actuarial, Analytics & Systems for
Alphabet’s Business Risk & Insurance team.
She is passionate about driving innovation
in the industry through combining her
experience in both tech and insurance. Prior
to her current role at Google, she focused
on managing new and emerging risks
through working closely with Alphabet’s
Other Bets.
Responding to your question more specifically, there
are layers to this. Google focus on developing what
security practitioners call a ‘Zero Trust’ approach, which
means that from a technical perspective, every network,
device, person and service is untrusted until it proves
itself. Access decisions consider multiple factors like
user identity, device health, and context, making it more
difficult for attackers who breach a single device to
move with a network. You never trust and always verify,
which enhances security and reduces the likelihood that
attackers will get in. This is particularly important when
your workforce is distributed and there’s no physical
boundary to where employees are logging in from.
Additionally, we often talk in depth about the importance
of defense, which focuses on multiple layers of
controls and capabilities to protect against the impact
of configuration errors and attacks. This helps with
cyberattacks in the sense that it stops them happening
in the first place, and prevents attackers from moving
laterally.
Monica Shokrai,
FCAS, MAAA, Head of Business Risk and
Insurance, Google Cloud
MODERN INSURANCE | 69

INSURTECH
Capgemini
AXA XL
QCaitlin, it was so great to catch up recently and
hear your perspectives on the current state of
cybersecurity. How have things changed in recent
years from an underwriting perspective?
A
Hi Megan! Likewise, it was great speaking with
you, and I’m excited to be here to chat with you
today.
Things have changed dramatically in cyber insurance
over the last few years. The hard cyber insurance
marketplace started after an influx of ransomware
attacks in 2019. This hard market lasted through 2022,
driven by the frequency and severity of these claims.
Significant losses forced cyber insurers to increase rates,
as well as analyzing the cybersecurity posture of each
insured under scrutiny.
Now we are back in a soft market, where there’s a lot
of insurer competition driven by lofty new business
goals. Rates have significantly dropped year after
year; meanwhile, claims are trending upward. It will be
interesting to see what happens over the next 12 months!
QWhat are some emerging cybersecurity trends that
we should be aware of, and prepare for?
A
A trend seemed to take off at the beginning
of 2023 around some of the state-level
comprehensive privacy laws that are being
passed. At the start of 2024, 15 US states enacted
stricter privacy laws - Connecticut (where I live) being
one of them. It is a significant legal undertaking for
companies to ensure that they are staying ahead and
remaining compliant. On the underwriting side, we like
to understand the different committees and the extent
of legal involvement that companies utilize in order
to remain in compliance. We also saw the SEC cyber
disclosure rules passed last year, which requires public
companies to disclose incidents within 4 business days.
There is a lot going on in the privacy space!
Another trend we have seen is SIM swapping, where
threat actors trick a cellular device company or telecom
carrier into switching the SIM card of an executive
(or an employee with elevated privileges and access,
like an administrator) onto the threat actor’s device.
The attacker collects info on the victim, whether it’s
through social media or phishing, then calls up the cell
phone provider and pretends to be the said individual.
The provider is then duped into switching the victim’s
mobile number to the threat actor’s phone, which
means that the attacker can receive incoming calls and
texts - including authentication codes for multi-factor
authentication (MFA) – in order to gain access to the
network. In general, MFA bypass schemes are on the rise,
particularly given the world of remote working that we
are now living in post-pandemic.
Lastly, I would say Artificial Intelligence (AI) is a very
hot topic. Every company is looking at how they can
incorporate AI into their business, and there are a lot of
unknowns to the potential threats in doing so. We are
seeing threat actors create sophisticated and believable
phishing schemes within large language models, and
copyright can be a very complicated element of AI.
Ultimately, we look for companies to be approaching AI
cautiously, closely tracking any employee usage.
QWhat challenges are companies facing when it comes
to cybersecurity issues?
Vendor management comes to mind immediately
as a continuous challenge within cybersecurity and
A cyber underwriting. We ask questions around how
an insured is vetting third parties prior to working with
them, if questionnaires are completed, how often vendors
are reassessed, and what contract provisions they might
have in place to protect themselves. The supply chain
issue is not something that is going away, and the risk is
still there even when companies have best practices and
procedures in place.
Vulnerabilities with VPN products is also an issue. In
a world where many companies now have a hybrid
workforce, we saw a real increase in VPN vulnerabilities
and related exploitations in 2023. In a similar vein, we’re
seeing an uptick in Cloud-based attacks, with Cloud
environments not being properly configured and secured.
I think there is a misconception that the Cloud is safer
or more secure, but it’s important for companies to have
Cloud security experts on staff, or at least a third-party
Cloud expert to assist in ensuring a safe and proper
management of that environment. While major Cloud
providers do offer many enhanced security features, these
are not enabled by default. Therefore, it’s important for
companies to check that they have a proper handle on
how their Cloud environment is configured, ensuring that
the proper features are turned on.
The cyber workforce shortage is the final issue to mention
here. Companies are struggling in their search for qualified
cybersecurity IT professionals. There’s so much demand
for expertise and experience in this area, and yet there is
a huge talent gap and shortage of trained cybersecurity
professionals. The war on talent can also result in
significant turnover.
70 | MODERN INSURANCE

INSURTECH
QIs AI a friend, foe, or both? Can AI help detect and react
to a breach in real time? Conversely, what is the threat
of AI in the hands of a cybercriminal?
A
Definitely both! AI is here to stay, and if companies
are not considering how to use AI within their
business, they are going to fall behind. I think AI
can really help to manage cybersecurity, particularly with
the amount of large data that cybersecurity professionals
have to continuously comb through. There’s a lot of risk
with these large language models given the amount of
potential for storage of personal data. We have seen
threat actors use AI for social engineering or phishing
attacks already, as well as building and embedding
malware. We have also seen ‘deep fakes’, where criminals
use AI to produce extremely believable fake images or
replicate voices to trick employees into transferring funds.
There is so much more to come with AI.
QWhat advice do you have for the C-suite and Boards
of Executives when it comes to working together and
collaborating against mounting cybersecurity risk?
I think within your question, mention of the word
‘collaboration’ is key. The C-suite, as well as various
A business committees and Boards, should be working
closely together as they manage their organization’s
cybersecurity risk. I would also recommend utilizing a
third party for threat intelligence if companies do not
have an internal threat intel team on staff. Lastly, I would
recommend joining an industry peer group to discuss
how similar companies are handling certain exposures.
Another company may offer a perspective that they did
not consider before.
QIn 2022, you were promoted to Senior Cyber
Underwriter at AXA XL - congratulations! Do you have
any advice for women who are just starting out in their
cyber career?
A
My advice is to be yourself and be confident in
your abilities. Ask questions and continue to be
a student, especially in cyber where change is
constant! Understand your strengths and lead with
them, while also challenging yourself to work on your
weaknesses. Lastly, be patient with yourself. Growth
and success will come if you continue to show up and
consistently perform.
Q
What’s next for Caitlin?
A
I’m excited to be taking on several new challenges
in 2024. I will be participating on my first panel
discussion at Cyber Defense Summit, a
pre-conference event for InsurTech Hartford. I’m also
on the committee for the ‘Women in Cyber Insurance’
group, spearheaded by Willis Towers Watson, and I will
be attending the conference in May. I conducted my first
webinar training for PLUS University earlier this year, and
have another Cyber 101 webinar scheduled for later in
2024. Lastly, I will have my first direct report soon, with
our summer intern joining us in June. I’m excited to try
new things and get out of my comfort zone with some
of these new experiences in order to further my personal
growth. I will also continue to be a leader within our
underwriting team, and I look forward to helping some
of our more junior underwriters starting out in cyber
insurance!
Caitlin Alpern is a Senior Cyber and
Technology E&O underwriter on the
Northeast team of AXA XL. She has close to
8 years of experience underwriting cyber and
technology risks. Caitlin manages a book of
around $20M in premium, working on both
new business and renewals. Ms. Alpern has
her Cyber COPE Insurance Certification from
the Heinz College Information Systems and
Public Policy from Carnegie Mellon University.
Caitlin is also a Registered Professional
Liability Underwriter. She has 12 years of
underwriting experience, and was also a
broker at Marsh for two years, working as a
client advisor on public director’s & officers’
liability. Caitlin recently joined the ‘Women in
Cyber Insurance’ Group committee that was
recently launched by Willis Towers Watson.
Caitlin lives outside Hartford, in the US state
of Connecticut.
Caitlin Alpern,
Senior Cyber Underwriter, AXA XL
MODERN INSURANCE | 71

INSURTECH
Munich Re
Dikla, what are some of 2024’s most exciting emerging
cybersecurity technologies?
Q
In my opinion, 2024’s key trends in cybersecurity are:
A Generative AI, adopted on both sides of the battle.
Generative AI is utilized by both attackers and defenders in
cybersecurity. It fuels an endless race between attackers, who
develop sophisticated cyber security solutions. Attackers use
it to create personalized attacks, such as phishing emails and
deepfake videos, as well as to automate the development of
malware to evade detection. On the other hand, defenders
leverage generative AI for anomaly detection, smart
authentication, automated response, and more.
Social Engineering. There is an expected increase in AIbased
predictive social engineering tactics, combining
AI capabilities with social manipulation techniques.
Cybercriminals exploit human vulnerabilities or nature to
create personalized phishing campaigns at scale, facilitated
by AI.
The Human Touch. Human activities can often serve as
the entry point for a cyber-attack. There is a shift towards
Security Behavior and Culture Programs to address human
risks effectively. Rather than solely focusing on raising
awareness, organizations are now prioritizing behavioral
change to minimize cybersecurity vulnerabilities. By
integrating human-centric security design practices, these
programs aim to reduce friction while maximizing control
adoption.
Third-Party Cybersecurity Risk Management. AI enhances
third-party risk management solutions by analyzing large
datasets to identify potential risks, automating vendor
evaluation processes, and improving incident detection
and response capabilities. By leveraging AI algorithms,
organizations can efficiently assess the cybersecurity posture
of third-party vendors and proactively address vulnerabilities
in their supply chain.
Q
I was intrigued by your recent LinkedIn post regarding the
Hartford Steam Boiler (HSB) by Munich Re’s cyber-in-auto
product announcement. The product provides coverage
for cyber threats related to personal vehicles. Why is this so
important?
As vehicles become more connected through IoT
(Internet of Things) technologies and autonomous
A driving features, the need for robust cyber security
measures has become paramount. Since the car is connected,
we need to secure private information that is stored in
personal vehicles and connected to cloud-based and wireless
communication networks. To an extent, the innovation of
modern cars has increased safety - as seen with information
technology in autonomous vehicles and telematics. Still, they
possess the danger of becoming compromised by attackers.
The pure cyber security technology in place to protect
automotives from cyber-attacks began developing 10 years
ago, and can be leveraged to insurance products.
Q
A
Can you expand on some key takeaways from the recent
cybersecurity panel you took part in at our very own
Insurtech Insights Europe conference, particularly as it
relates to cyber security and personal lines of business?
I was honored to be among the speakers for the topic
‘From Risk to Resilience: Strengthening Cyber Defense
Through User Security’. The focus was on personal
cybersecurity, particularly considering the challenges and
opportunities for personal cyber products.
Many individuals unknowingly share personal data,
highlighting the need for enhanced personal cybersecurity
and awareness. It may sound surprising, but according to
research, the average American provides personal data
to over 1,500 websites a year. Globally however, there’s
limited awareness about individual cyber insurance and its
advantages. It’s a topic that requires the insurance industry
to leverage technology and be very creative. Meaningful
products and solutions can be created to enhance personal
cybersecurity and safeguard online activities and data.
Q
Is AI a friend, foe, or both? Can AI help detect and react to
a breach in real time? Conversely, what is the threat of AI in
the hands of a cybercriminal?
The intersection of cybersecurity and artificial
intelligence is evolving rapidly, with several key areas
A of focus emerging. Firstly, there’s a requirement for
Security for AI developers to shield organizations creating
AI from potential security threats. Simultaneously, ensuring
Security for AI consumers is vital to guarantee the safety of
systems employing AI (organizations are also consumers).
Additionally, tackling Security for AI-driven attacks is
imperative as cybercriminals exploit AI capabilities more
frequently. It is a very dangerous tool in the hands of
criminals. Finally, AI to enhance security presents promising
prospects for fortifying defense mechanisms through the
utilization of AI technologies. Collectively, these domains
delineate a dynamic terrain where the amalgamation of
cybersecurity and AI continually molds digital security.
You’ve had an extraordinary career! Do you have any advice
for young women who may be just starting out in insurance?
Q
This may sound funny, but I would say that when
you are invited to a meeting, always sit at the table,
A both physically and mentally. The first step is to be
physically present, part of the discussion, not in the second
row, not near the table. Sit at the table. The second step,
when you’re ready, is to always speak out and share your
opinion, even if you are not asked to do so. Ask questions,
and be involved. I learned this from a woman I met in my past,
and I 100% believe in it.
Dikla Wagner,
Head of Tech Scouting in Israel,
Munich Re
MODERN INSURANCE | 73

INSURTECH
UConn
School of Business
QLaurissa, it was so great to see you on the
conference circuit this spring! I see that the
University of Connecticut School of Business
is launching its own Cyber Security Connect
Conference. What was the inspiration behind this
initiative? What sort of takeaways can the audience
expect?
A
It’s always great to see you as well, Megan! The
inspiration behind our Cyber Defense Connect
conference, launched on April 16th, stems from
the escalating importance of cyber risk and security
across various business sectors. These issues aren’t
just confined to IT experts; they affect everyone.
Our aim is to equip both cyber and non-cyber
professionals with essential knowledge on identifying
risks, protecting themselves and their businesses,
and effectively responding to cyber threats.
At Cyber Defense Connect, attendees engaged in
an interactive cyber-attack simulation, followed by
a comprehensive review covering the Readiness,
Resiliency, Response and Recovery aspects of cyber
defense. We were honored to host some of the
leading experts in the field, who generously shared
their insights and expertise.
QHow is cybersecurity becoming a focus for the
students at UConn - not just now, but also once
they are out in the workforce?
A
Cyber is everyone’s business. Just look at the
headlines for the week, and no doubt you will
see a news story about a widescale breach.
With that in mind, we’ve integrated cyber awareness
across the curriculum for our UConn School of
Business STEM programs. We’re actively fostering
partnerships, such as the recent Memorandum of
Understanding (MOU) between our MS FinTech
program and UConn’s Computer Science department.
This collaboration provides cybersecurity electives
for FinTech students, ensuring our students are wellequipped
for the cybersecurity challenges they’ll
face in the workforce. As we know, it is also one of
the main emerging risks, and relates directly to our
newly revamped MS in Financial & Enterprise Risk
Management program curriculum.
QWhat are some emerging cybersecurity trends that
we should be aware of, and prepared for?
A
At UConn, the biggest one we hear about
relates to the convergence of AI, particularly
Gen AI and Cyber. As you are well aware, that
evolution is a dynamic one, and we are paying close
attention to ensuring that our curriculum and
out-of-classroom experiential opportunities are as
up to date as possible.
In addition, we have started to partner with some
industry experts in Quantum Computing. While I feel
we are a few years away from everyday applications
of QC, it’s clear that its capabilities will introduce a
whole additional level of complexity and need for
awareness as it relates to Cyber.
QWhat are some of the most pressing cybersecurity
issues facing the insurance industry in particular?
How often should insurance companies conduct
security assessments and vulnerability testing?
A
There are really two issues, but one is more of
an opportunity than an issue. The first is the
threat of attack itself. Just like every other
enterprise, insurance companies have the threat of
cyber-attacks, ranging from direct system breaches
to attacks on IoT devices utilized for risk mitigation.
These threats demand proactive defense measures.
Secondly, the emergence of new players in the cyber
insurance market presents both challenges and
opportunities. Those entrants, in order to mitigate
risk for all, will need to continue to invest in Cyber
Defense. That approach will provide benefits for
everyone.
To mitigate these risks effectively, insurance
companies should conduct regular security
assessments and vulnerability testing. The frequency
of these assessments should align with industry
standards and evolving cyber threats, ensuring timely
detection and mitigation of vulnerabilities.
74 | MODERN INSURANCE

INSURTECH
Q
Is AI a friend, foe, or both? Can AI help detect and react
to a breach in real time? Conversely, what is the threat
of AI in the hands of a cybercriminal?
A
As I mentioned earlier, AI and Cyber have already
converged and are now evolving. Any new
technology is a threat in the wrong hands. As is
typical with good guys and bad guys, there will be a give
and take, and a constant state of evolution where each
party seeks to get ahead of the other.
The threats are definitely real, but seemingly, there’s an
increased focus and awareness on defending that threat.
With this Cyber Defense event, we are trying to do our
part to continue that awareness and bring our most
powerful tool to bear. That tool is education!
However, the benefits of AI are many. We see many
deployments of AI that are making workers and students
more efficient. As an educator, I am also excited to
see majors like linguistics, psychology and sociology
come into play, as tech companies build out language
processing models and try to anticipate how their
technology will actually be used once in market. I think
this could be a great moment for cross-disciplinary
education.
Q
Any updates to share on the UConn MS-Fintech
program?
A
Absolutely!
I have been working closely with John
Wilson, the MS in FinTech academic director, to
ensure that our experiential opportunities are
aligned with our curriculum. As you mentioned earlier,
we have embraced a conference strategy that allows us
to maintain close corporate relationships, vital in the
provision of experiential opportunities for our students.
John has his finger on the pulse of the industry, and
he continues to ensure alignment between FinTech
curriculum and industry demands. As the program
continues to evolve, cybersecurity remains a focal
point, reflecting its growing importance in the fintech
landscape. However, other tracks within the FinTech
program have recently been created - including an
evolving insurtech track - and discussions have begun
on the development of a regtech track. Stay tuned for
further announcements as and when additional tracks are
considered and developed!
QWhat’s next for Laurissa Berk?
A
This role is new and evolving, and it has been
really exciting so far. For me, the focus is now on
translating great partnerships with the corporate
community and the academic directors into innovative
experiential opportunities for our students. I am really
excited to see what the future holds, and look forward
to the challenge of making our UConn STEM programs
among the most elite in the world.
Laurissa Berk,
Director, Global and Experiential Education,
UConn School of Business
Laurissa Berk has over a decade of managerial expertise in
program and project management in the higher education
sector. Her main areas of expertise include launching new
programs, increasing program visibility and revenue, and
creating transformative educational experiences that
empower students to navigate the challenges of the realworld.
As the Director of Global & Experiential Education for
UConn’s three STEM designated master’s programs
within the School of Business, Laurissa bridges the gap
between academia and industry. She provides exceptional
and varied applied learning opportunities for students
through industry conferences, international courses, tech
demonstrations, leadership and management seminars,
company visits and industry panels. Laurissa is a frequent
speaker at industry conferences worldwide, focusing
on innovation in higher education, talent development/
pipelines, and the evolution of corporate/academic
partnerships.
Through various roles within UConn’s Finance department,
Laurissa oversaw the implementation of risk management
programs, including the MS in Financial Risk Management
Program and its Accelerated Track. With a keen focus on
program management, recruitment strategy, and budget
oversight, Laurissa led a team to significantly increase
the growth of these programs, leading to a substantial
increase in annual revenue and a notable rise in student
enrollment.
Laurissa holds an M.S. in Management in Higher Education
from the University of Pennsylvania and a B.A. in Human
Development/Organizational Effectiveness from Boston
College.
MODERN INSURANCE | 75

INSURTECH
Lisa
Pollina
QLisa, you recently wrote in Forbes about geopolitical
risks for businesses worldwide. What do you see as
increased cybersecurity risk in this time of geopolitical
instability?
A
Firstly, there’s what we intuitively know. Greater
geopolitical friction results in more attempts by
bad actors to infiltrate companies, based upon
everything from boldness and business distraction to
fostering a nation-State’s interest.
The well-documented attacks on US government
systems are aimed hourly at the private sector as
well. Viewing (and taking control) of key elements
of a business and its data can aid governments and
military of certain nations in the immediate term, and
allow visibility into forward movements by companies,
partners and alliances aiding in deployment of strategies
that flow against those of the corporations hacked.
The Forbes article was related to how both Board and
Management team members should navigate duty of
care for their organizations, by protecting employees but
also by maintaining the organization’s wellbeing while
safeguarding the bottom line. Robust cybersecurity
controls relate to all of these items.
QWhat are some emerging cybersecurity trends that we
should be aware of and prepare for?
A
Recently, a gang called Star Fraud perpetrated a
hack on MGM in Las Vegas, demanding $30 Million
in ransom. This group emerged from an online
community called ‘the Com’, which, unlike traditional
archetypes of hackers, are predominantly Englishspeaking
teenagers who are motivated by status and
money, as opposed to the more traditional approach of
showing off their technology skills to execute the hack.
Expect more from this cohort, alongside some additional
trends such as:
Zero Trust Architecture. This assumes that threats could
be both external and internal. Requires strict identity
verification for every person and device trying to access
resources on a network, regardless of whether they are
inside or outside the network perimeter.
Artificial Intelligence (AI) and Machine Learning (ML)
are increasingly being used for threat detection, anomaly
detection, and behavior analysis, which will allow us to
better identify and respond to potential security breaches.
Cloud Security. Ensuring the security of Cloud
environments has become crucial since the increased
adoption of Cloud services. Diligent Corporation
estimated that 94% of US enterprises use Cloud services,
67% of enterprise infrastructure is now cloud based, and
92% of businesses have a multi-cloud strategy in place (or
in the works).
QIs AI a friend, foe, or both? Can AI help detect and react
to a breach in real time? Conversely, what is the threat
of AI in the wrong hands of a cybercriminal?
Artificial Intelligence can be a friend in the
cybersecurity sense due to the following:
ARisk Assessment and Underwriting. AI can help insurers
better assess risk by analyzing vast amounts of historical
claims data, customer demographics, and even social
media activity, leading to more accurate underwriting
decisions and pricing models.
Claims Processing. AI can streamline claims processing
by automatically reviewing and approving straightforward
claims, reducing the need for manual intervention and
speeding up the process for customers.
Fraud Detection. AI can analyze patterns and anomalies
in claims data, helping insurers to save millions of dollars
annually.
Regarding cybersecurity, AI is a tool for cybersecurity
defense, and it can also help to detect and react to
cybersecurity breaches by continuously monitoring
networks and systems for unusual activity, identifying
potential threats and taking proactive measures to
mitigate risks.
In terms of AI as ‘foe’ – yes, it could pose significant
threats in the wrong hands. Examples include automated
attacks - including reconnaissance, phishing, and malware
deployment, allowing cybercriminals to launch attacks at
scale with little human intervention – and sophisticated
attacks, where attackers are enabled to adapt their tactics
in real time, exploiting vulnerabilities in specific systems
or organizations.
76 | MODERN INSURANCE

INSURTECH
QWhat are some of the most pressing cybersecurity
issues facing the insurance industry in particular? How
often should insurance companies conduct security
assessments and vulnerability testing?
For insurance incumbents and insurtechs alike,
there is no ‘one size fits all’ answer, as it depends
A on various factors such as the size of the company,
the complexity of its IT infrastructure, regulatory
requirements, and the evolving threat landscape. Security
assessments and vulnerability testing should be done on
a defined regular basis, and augmented whenever there
are emerging threats, or significant changes to the IT
environment.
Some of the most omnipresent issues include ransomware
attacks, which have become increasingly common in
recent years. Cybercriminals have been known to target
organizations of all sizes, including insurance companies.
The FBI advises companies not to pay ransoms. Nearly
30% of victims did so last year, which is down 72% from
four years earlier. According to The Wall Street Journal,
the average ransom is $569,000 USD.
Insurance companies are also subject to various
regulations regarding data protection and privacy, such as
GDPR, CCPA, and HIPAA in the United States. All of these
can be compromised.
Finally, third party risk via third-party vendors and
partners increases the risk of a supply chain attack.
KPMG completed a study where 75% of the respondents
experienced a major business disruption because of a
third party in the last three years.
Lisa Pollina is a business executive who has
negotiated over $50 Billion in corporate development
deals throughout her career. She provides private
equity investment advisory for alternative asset
manager Ares Management (NYSE: ARES) on
both Growth and Special Opportunities portfolio
investments worldwide. She also serves on the
Board of Directors for Munich RE (FRA: MUNV2),
representing the Americas.
Pollina has had global Profit & Loss responsibility for
over 20 years. She is the past
Vice Chairman for RBC Capital Markets, an $8 Billion
division of the Royal Bank of Canada (NYSE: RY),
where she grew revenues by 27% during her tenure,
and the Global Financial Institutions (FIG) Executive
for Bank of America Securities (NYSE: BAC). Under
her leadership there, profitable revenues grew over
18%.
Named one of the ‘Top 25 Most Powerful Women
in Finance’ by American Banker magazine, she has
been a seven-year appointee to the Federal Reserve
Bank of the United States’ Working Group on Global
Markets, providing perspectives on macro trends
worldwide.
Ms. Pollina is an MBA graduate from the Yale School
of Management. She has taught strategy at Yale
University and corporate finance at the University
of Chicago. She has been published via such media
outlets as Forbes, Bloomberg and Morningstar
magazines.
In 2021, during the tenure of Pope Francis, Pollina was
made a Dame in the Sovereign Military Order of St.
John of Jerusalem, of Rhodes, and of Malta.
QWhat advice do you have for the C-suite and Boards
of Directors when it comes to working together and
collaborating against mounting cybersecurity risk?
A
Establish a Cybersecurity Governance Structure that
clearly delineates how the duty of care in this area
will be deployed by implementing clear roles and
responsibilities for the C-suite and the Board regarding
cybersecurity oversight.
Facilitate open and transparent communication
channels between the C-suite and the Board regarding
cybersecurity matters. Provide regular updates on
cybersecurity incidents through audits to the Board and
Audit Committee.
Insurance is in the business of risk. Ensure that
cybersecurity initiatives are aligned with your firm’s risk
appetite, goals, and priorities. Collaborate on identifying
and prioritizing cybersecurity risks based on their
potential impact on the business.
Invest in cybersecurity resilience by allocating adequate
resources and budget to cybersecurity initiatives,
including technology investments, training, and third-party
experts in emerging cybersecurity areas.
Lisa Pollina
MODERN INSURANCE | 77

INSURTECH
EDITORIAL
BOARD
WELCOME to the Insur.Tech.Talk
Editorial Board.
Modern Insurance Magazine’s board of insurtech experts come together once again in this
latest issue, showcasing the very best thought leadership insights from the heart of the
insurtech marketplace.
This issue voices the thoughts of...
Rich Tomlinson,
Managing Director,
Percayso Inform
Ron Rock,
Managing Director –
Financial Services, JobsOhio
Denise Garth,
Chief Strategy Officer,
Majesco
Ed Halsey,
VP Marketing,
Genasys Technologies
Tim Hardcastle,
CEO and Co-Founder,
INSTANDA
MODERN INSURANCE | 79

INSURTECH
Welcoming…
Percayso Inform
Q
A
Rich, tell me about Percayso Inform, the work
you do and the projects (or partnerships) you’ve
got in the pipeline at the moment.
Our proposition goes beyond traditional data
enrichment, providing unique real-time solutions
at all stages of the insurance lifecycle and
delivering unrivalled insight into insurance risk. We’re all
about transforming data into intelligence and outcomes
in order to write better business.
We have a wide range of data partners who feed
millions of data points into our hub, fuelling solutions
such as our Quote Intelligence Suite and Percayso’s
Vehicle Intelligence offering. We’ve also partnered
with Close Brothers Premium Finance, which enables
our broker customers to benefit from a unique model
called Foresight - a system which is able to predict
a customer’s propensity to cancel their insurance
policy early or mid-term. It’s been a highly productive
partnership to date, and we’re currently exploring how
we can create further models together.
We’re thrilled with the progress we’ve made in just a
few years, working with 90 insurers and brokers now,
with more being added every month.
How do Percayso’s unique solutions encompass
all stages of the insurance lifecycle?
Q
A
Our Quote Intelligence Suite helps insurance
providers to optimise their pricing strategies
by offering the data and tools necessary to
ensure their quotes accurately reflect the true risk of
each customer, writing more profitable business as a
consequence.
Companion, our unique vehicle intelligence claims tool,
delivers access to real-time, far-reaching and evidencebased
vehicle values, enabling an immediate, accurate
and fair valuation. This results in reduced complaints
and a significant uplift in first-time acceptance rates
of an initial offer, positively impacting an insurance
provider’s operational costs and customer retention.
Q
A
Define what you mean by ‘Next Generation
Insurance Intelligence’. How are Percayso poised
to disrupt the data enrichment sector?
We’ve already harnessed the latest techniques
in data science and machine learning, allied
with powerful new datasets. Now we’re also
empowering insurance providers to dynamically and
intuitively build, adapt and optimise their own data
enrichment, rating and intelligence strategies. They
no longer have to rely on a third party to update
programmes; often having to wait weeks, if not months,
for changes to be made. Engaging with our proposition
enables them to adapt to fast-changing market
conditions, implementing change when they need it in
order to gain true competitive advantage.
Q
Rich Tomlinson,
Managing Director, Percayso Inform
What trends are you seeing at the moment in
relation to consumer manipulation behaviour? What
are your key findings?
Through our Quote Intelligence Suite, we have the
unique capability to access and analyse hundreds of
Amillions of distinct quotes in a multitude of ways in
order to tailor insights to individual customers.
We recently analysed over 360 million distinct quotes from
the past couple of years, and found that over two thirds
of consumers changed the details provided to positively
influence the quote. It’s important to note that our analysis
shows that there is a spectrum of manipulative behaviour,
with roughly a sixth of those representing low risk (having
only changed one piece of data). The more disturbing
finding is that roughly half of all manipulators change more
than five pieces of data, resulting in a significant loss of
premium for insurance providers.
This really highlights the need for employing the latest data
interrogation techniques to price risk accurately and write
better business.
Percayso became ISO 27001 certified towards the
end of 2023. Why is this important for data security?
Q
ISO 27001 is widely recognised as the best practice
for information security, providing a framework for
A
organisations to implement robust controls around
protecting confidential data and ensuring the availability of
critical systems. Information is the lifeblood of our business,
and so we decided that meeting its standards would only
help us to continually improve our own practices and
showcase our ongoing commitment to information security.
It will also give our customers confidence in the security of
their data and transactions.
What lies in store for Percayso over the next
12 - 18 months?
Q
A
We’ve learned a lot about vehicle intelligence since
the creation of Percayso Vehicle Intelligence last
year, and that’s resulted in a long roadmap of areas
to develop. We’re also developing new Quote Intelligence
solutions when it comes to policy and claims intelligence,
particularly exploring the interaction between key data
sets, such as the quote manipulation overlap with consumer
financial stress.
Ultimately, we want to be able to present a complete
picture to insurance providers and deliver the data they
need in order to make better business decisions.
80 | MODERN INSURANCE

INSURTECH
Welcoming… JobsOhio
As a leader in the financial services sector
at JobsOhio - a business focusing on
strengthening Ohio’s ecosystem - my role is to
create and oversee the strategy for growing
existing Ohio businesses, and attracting new
businesses to the State.
JobsOhio is Ohio’s economic development organization
with a mission to create a place where companies thrive,
and where individuals can enjoy a higher standard of living.
We serve as a catalyst to accelerate growth by investing in
communities, helping businesses expand within Ohio whilst
attracting businesses to Ohio.
Ohio is the fourth largest financial services economy in the
United States. How incredible is that, knowing that Ohio is
home to only approximately 12 million people? The insurance
industry is going through exciting changes, and witnessing
the adoption of tech-driven solutions to innovate is certainly
energizing. With a strong incumbent presence, availability of
venture capital funds and robust tech talent, Ohio is the place
to be. These factors create a solid foundation on which to
strengthen a financial services ecosystem that rivals any large
metropolitan area.
Ron Rock,
Managing Director – Financial Services, JobsOhio
My role at JobsOhio is to sell a product, and that product
happens to be a state in the United States of America. And
what better way to highlight Ohio than in Modern Insurance
Magazine? It is my honor to be part of the Insurtech Editorial
Board, and I look forward to many further opportunities to
discuss how Ohio can support companies, from start-up
to mature, to become the future of the insurance industry.
An ecosystem is built by incorporating large incumbents,
educators, investors and start-ups – Ohio has it all, and it is
ready to support the greater good.
I am extremely ambitious, but my goal of growing Ohio
to be the largest financial services economy in the United
States cannot be pursued alone. I believe that a strategic
partnership with Modern Insurance Magazine will help me to
expand my global reach, revealing to the world how Ohio can
support your company’s growth and success. I look forward
to our partnership, and providing further thoughtful content
for readers worldwide.
It’s great to be introduced through Modern Insurance
Magazine, and I can’t wait to meet many more innovative and
intelligent leaders in this industry.
Until next time!
MODERN INSURANCE | 81

INSURTECH
Strategic Priority:
Operational Optimization and Efficiency
with AI and GenAI
AI and GenAI are the hot topics in the industry. It’s a subject
on everyone’s mind in most discussions, and it will be on many
agendas at the conference circuit. AI is not new. It is used today to
enhance insurer’s business processes from underwriting to claims,
but the emergence of GenAI has elevated the discussion, turning
data and analytics from a long-term strategy and incremental
investment into a near-term reality and must-have investment.
Denise Garth,
Chief Strategy Officer, Majesco
Insurers are facing headwinds, driven by heightened volatility
for economics, losses, profitability, talent, and risk. They face
increasing pressure to be relevant. Investors and boards are
asking executives what their strategies and plans are for AI
and GenAI.
The thing is, most don’t have one, nor do they have a nextgen
technology foundation that would be necessary to
execute it. One needs to catch up to the other. Then, both
the AI strategy and the technology foundation must be
integrated into the larger enterprise strategy of reshaping the
business model beyond the legacy and traditional mindset of
‘this is just how insurance is done’.
To fully take advantage of AI and GenAI, insurers must
leverage next-gen architectures for their platform solutions.
These provide native-cloud, robust APIs, microservices,
headless and embedded analytics in real-time, turning data
into a strategic asset. Next-gen architectures, when paired
with AI and Gen AI, can create intelligence and amplify
insights across the entire value chain, providing immediate
value by reducing costs and expense ratios.
A next-gen data and analytics foundation includes a data
lakehouse of all data from systems with real-time updates,
embedded business intelligence within the workflows with
personalized dashboards, embedded AI/ML models and
GenAI. This holistic foundation avoids a fragmented and
incremental approach that limits real potential for business
value.
This is the approach we’re taking at Majesco – combining
the power of a next-gen technology and data foundation to
enable the acceleration of AI and GenAI use across all our
solutions. This offers a whole new way of working for our
customers with intelligent data and copilot guidance at their
fingertips.
For example:
• GenAI/Copilot is directly embedded on all solution
screens for easy access and use.
• A Copilot insurance assistant offers ‘How to’ guidance
using solution documentation, a lifeline for new
employees.
Data is available at the user’s fingertips to view, assess and
act on within their workflow and functions.
Copilot performs functions like copy quote, close claim, send
email, add a note, and more.
Now is the time to optimize the business and bend the cost
curve to drive productivity, profitability, and competitive
differentiation. As the insurance industry faces the
retirement of up to 50% of employees by 2030, there’s a
real opportunity for operational effectiveness with new and
existing employees.
GenAI and AI are awesome tools that have the power to
revolutionize insurance — offering a tailwind for cloud-native
market leaders who embrace AI and GenAI as a competitive
advantage — putting distance between them and those with
legacy, on-premise solutions that cannot embrace it.
The risk adverse ‘wait-and-see’ approach is not an option.
Insurers must find partners like Majesco who can accelerate
their access and use of data and analytics to success,
including AI and GenAI. In the future of insurance, data is the
fuel for optimization and innovation.
MODERN INSURANCE | 83

INSURTECH
Innovation to Outpace Cyber Threat
in our Interconnected Landscape
In a data-dependent, heavily-regulated sector,
failure to take proactive, preventive steps
against cybercrime is flirting with disaster. The
importance of a robust and secure technology
infrastructure that protects data across every
link within your supply chain is more vital than
ever.
Tech innovation to enable the safeguarding of exposure to
cybercrime is evolving at pace for insurance businesses.
Smart firms are paying attention to this developing
cybersecurity landscape and the products available, while
adopting a systemic and cultural approach to proactively
safeguard their organisational exposure to cybercrime.
The statistics are frightening. Ramsac reports cybercrime
costs hitting £27 billion annually, with figures projected
to soar to £8 trillion by 2025. With 72.2% of organisations
globally experiencing ransomware attacks in 2023, and only
8% recovering all data post-payment, the stakes are high.
Innovation holds hope
There are plenty of new technologies, both current and
on the horizon, to assist insurance businesses in their fight
against cyber threat. Technologies focused on ensuring
that innovation outpaces cyber threat and develops cyber
resilience include:
• Artificial Intelligence and Machine Learning, which
leads the way in threat detection by analysing data for
suspicious patterns.
• Zero Trust Architecture, which demands strict identity
checks, marking a significant advancement in combating
threats.
These developments highlight a proactive stance in digital
asset security, critical in today’s interconnected landscape.
Systemic and cultural resilience
From a standards perspective, adherence to ISO 27001
is a critical component of a cyber security strategy. This
global standard can serve as a cornerstone, guiding the
establishment of a comprehensive information security
management system (ISMS). While embracing innovative
technologies is crucial, pairing them with a structured
framework like ISO 27001 ensures systematic management
and protection of sensitive data against emerging threats. It’s
more than mere compliance; it’s also about creating a resilient
and proactive defence mechanism.
But as with most things in business, the greatest threat is not
so much the technology but the people themselves. Humans
nearly always prove to be the most fallible link in the chain.
Whether it’s regular training sessions, simulated phishing
exercises or incentivised secure behaviour, there are lots of
proven ways to reduce that risk.
However, the most effective way remains a robust and
uncompromising security program that encrypts hard drives,
blocks outside connections and monitors everything. If it
doesn’t feel like overkill, you’re probably not pushing hard
enough.
A unified approach
As we navigate through an era where data is both currency
and liability, it’s clear that the responsibility to safeguard
such precious assets cannot be understated. The alarming
statistics and the relentless surge of cyber threats serve
as a clarion call for a unified, rigorous approach to cyber
resilience. Now is the time to act.
• Blockchain - its tamper-proof technology upholds data
integrity and secure transactions.
• Quantum Cryptography, which is set to overhaul data
security and offer immunity to traditional hacks.
• Edge Computing Security, which tackles the challenges
at the network’s edge and remains vital for the Internet
of Things (IoT).
• Security Automation, Orchestration, and Extended
Detection and Response (XDR), which enhances threat
responses and ensures wide-ranging organisational
protection.
Ed Halsey,
VP Marketing, Genasys
MODERN INSURANCE | 85

INSURTECH
The Fastest Fish
in the Ocean
Fresh from Insurtech Insights’ 2024 Europe
conference, one thing is clear. Even in the space
of just 12 months, there has been a marked shift
in the insurance industry’s appetite for digital
transformation at scale.
To use a phrase from a panel discussion that I was part of at
the conference, ‘the industry is in the midst of a tidal shift’. It’s
no longer about being the biggest fish in the ocean; you also
need to be the fastest.
The speed of technological change is unlike anything the
world has seen before. The momentum in machine learning,
and particularly Generative AI, is rapidly changing the way
that insurance companies manage risk, not to mention the
way they think about, or interact with, customers. Insurers
recognise that they must digitise to defend their position,
and then take another step if they want to gain market share!
That said, most of the insurers I know also see immense
opportunity in this challenge. This is why core modernisation,
which involves taking a layered approach to rearchitecting
core systems with cloud-based solutions (like INSTANDA),
is rapidly rising in importance. From a governance and
regulatory perspective, it’s very difficult for large insurance
carriers to change their operating models at pace. That’s
where INSTANDA’s solution is a particularly attractive one.
INSTANDA enables insurers to take a slice of their operating
model and make it much more agile in terms of change. Over
the next few years, larger insurers will see their cost base
reduce as a result of modern technology solutions.
From the conversations we are having with new and
prospective clients, there’s a palpable focus on making
interactions with the customer more meaningful and
frictionless across the value chain. Insurers have always
wanted to do good for their customers (and they’ve done
a pretty decent job over the last 300+ years), but there’s a
pivot happening. Progressive insurers are looking at their
business through the customer lens to meet the customer
where they are with products and experiences that they
want and need, and all at a far quicker pace than what the
insurance industry is accustomed to.
This is not to say that the legacy challenge has disappeared.
Far from it. Operating models are holding insurers back.
Beholden to complex and deeply engrained legacy
technology, many do not have the middle and back-office
functions to consistently reiterate their product offering and
pricing. As a result, they run the risk of being outpaced by
the competition.
Tim Hardcastle,
CEO and Co-Founder, INSTANDA
86 | MODERN INSURANCE

40 insurance technology experts from
across the world share their insights.
Delve into the conversation to:
Explore the profound impact technology is having on the insurance landscape.
Uncover customer demand for greater personalisation, choice and
transparency, and learn how insurers are responding with customer-centric
products and experiences.
Understand how AI and connected technologies are positively impacting the
insurance value chain, and how progressive insurers see the opportunity ahead
of the risk.
Discover why core modernisation is rising in importance as insurers seek to
navigate aging technology and complex systems.
Visualise predictions for a future where insurers actively participate in their
customers’ lives, serving them with embedded, preventative products.
Ready for a thought-provoking read?
Download your free copy of INSTANDA’s
Global Report here.
instanda.com

Any me, any place, anywhere...
FMG Vehicle Recovery Assistance brings a
refreshing simplicity, visibility and cost control to
vehicle recovery and storage.
VEHICLE RECOVERY ASSISTANCE
Managed network comprising
250+ independent operators
across 450+ depot locaons
Capability in recovering all
vehicle classes – passenger car
through to HGV
Onward mobility for
single passengers through
to mulple vehicle
occupants
>310,000 p/a
roadside recoveries
Average aendance
me of 72 minutes
Close management of
vehicle storage and
associated costs
markeng1@fmg.co.uk
0344 243 8888