Driverless Cars Not a Concern, Allstate Says

Driverless car

Driverless cars are becoming more of a reality, with testing in full swing by Google and others, and software upgrades underway for existing models of Tesla cars. One industry that will be impacted by larger number of safe vehicles on the road is the auto insurance industry. One insurer, Allstate, is carefully following the progress being made, but emphasized safety over possible diminishing profits. In its annual report for 2015, Allstate wrote:

Consider what is happening with autonomous cars. Today, only modest levels of driver-assistance technology are available, and only on a limited set of vehicles. However, the technology for fully autonomous cars is advancing rapidly and the legal and regulatory framework will follow. At some point, the fleet of a quarter-billion vehicles could be smaller and will include technologically sophisticated vehicles that are safer, more effective and efficient. Fewer, safer cars would benefit consumers and the environment, but could affect demand for auto insurance.

The financial squeeze that autonomous cars could put on the insurance industry has been expected for years, The Chicago Tribune noted. In 2012, financial technology consulting firm Celent published “A Scenario: The End of Auto Insurance: What Happens When There Are (Almost) No Accidents?”

While Allstate states that demand for auto insurance could diminish, it points out that this is not a concern. “Some industry participants are waiting to see how this will play out. Allstate is not,” the insurer said, adding:

We are moving forward into uncertainty rather than wait. Throughout our history, Allstate has led from the front on auto safety—for example, as an early proponent of seat belts and air bags. We support the introduction of new driver-assistance technology that makes driving safer, because this is about saving lives and protecting the hopes and dreams of those who depend on us. We are confident Allstate will thrive in whatever new world emerges because of a differentiated strategy, strong brands, passionate agency partners and committed employees. Preparations for a new and different future are well under way.

Lance J. Ewing, hospitality and leisure industry practice group leader with AIG, previously told Risk Management magazine, “With more than five million vehicle accidents in the U.S. resulting in over 30,000 deaths, any enhancement is welcome, but there may be collateral results from the driverless highways.”

Galaxy Quest: Assessing Space Commercialization

Student-space
If a bunch of kids can launch a satellite into space, why can’t you?

As reported by the Washington Post, seventh-graders at St. Thomas More Cathedral School in Arlington, Texas are the first grade school students to send a satellite into orbit. The CubeSat – built by the children – was launched into space and will begin beaming photos from 200 miles above the Earth’s surface to an antenna on the school’s library.

This learning experience is remarkable for the kids, but what does it mean for the future of commercial industries in space? While commercialization of space tourism and satellite technology is already happening, is this emerging risk something that industries can afford to overlook?

The Space Foundation’s 2015 “The Space Report” found that commercial activities in space continue to increase and now make up 76% of the global space economy. The report adds that revenue from commercial space products and services was dominated by direct-to-home television services, making up more than three-quarters of the global commercial space products and services market.
Space budgets

Allianz published an article that outlines some of the challenges of space insurance and space risks, from the pre-launch phases to in orbit operations and satellite insurance.

“Losing a spacecraft is by far not the only risk,” the article points out. “Potential interruptions of a satellite’s service in our globalized work are just as problematic for spacecraft users, individual transponders users such as TV channels and Internet providers, but also for banks, car manufacturers and large industries that use telecommunications networks.”

According to the Federal Aviation Administration’s (FAA / AST) Annual Compendium of Commercial Space Transportation: 2016, “The size of the global space industry, which combines satellite services and ground equipment, government space budgets, and global navigation satellite services (GNSS) equipment, is estimated to be about $324 billion. At $95 billion in revenues, or about 29%, satellite television represents the largest segment of activity.”

The report highlights the progress China has made with its space program, noting the number of orbital launches conducted by the country has steadily increased each year since 2010, with a peak of 19 launches in 2012. The findings highlight China’s commitment to commercial space applications, specifically stating that the data “points to a robust future in Chinese spaceflight.”

For many industries, the idea of planning for the risks involved in a space expansion might seem too far off to devote resources. But, with commercial airliners, telecommunications companies, international markets like China and even a bunch of seventh-graders already investing in opportunities in space, it might be time to reconsider the possibilities and the risks.

Is outside-in the “Next Gen” of Continuous Monitoring?

In late 2002, the U.S. Government enacted a new law that was designed to hold each federal agency accountable to develop, document, and implement an agency-wide information security program, including for its contractors. The Federal Information Security Management Act (FISMA), was one of the first information security laws to require agencies to perform continuous assessments and develop procedures for detecting, reporting, and responding to security incidents.

With limited technological resources available for monitoring and assessing performance over time, however, agencies struggled to adhere to the law’s goals and intent. Ironically, although FISMA’s goal was to improve oversight of security performance, early implementation resulted in annual reviews of document based practices and policies. Large amounts of money were spent bringing in external audit firms to perform these assessments, producing more paper-based reports that, although useful for examining a wide set of criteria, failed to verify the effectiveness of security controls, focusing instead on their existence.

John Streufert, a leading advocate of performance monitoring at the State Department and later at DHS, estimated that by 2009, more than $440 million dollars per year was being spent on these paper-based assessments, with findings and recommendations becoming out of date before they could be implemented. Clearly, this risk assessment methodology was not yielding the outcomes the authors had in mind and in time, agencies began to look for solutions that could actually monitor their networks and provide real-time results.

Thanks to efforts by Streufert and others, it wasn’t long before “continuous monitoring” solutions existed. But, just as with all breakthrough technologies, early attempts at continuous monitoring were limited by high costs, difficult implementations and a lack of staffing resources. As continuous monitoring solutions made it into IT security budgets, organizations and agencies were challenged to make optimal use of tools that required tuning and constant maintenance to show value. False positives and missed signals led many IT teams to feel like they were drinking from a fire hose of data and the value of continuous monitoring in many cases was lost.

However, solutions today offer a number of benefits including easy operationalization, lower costs and reduced resource requirements. Many options, such as outside-in performance rating solutions, require no hardware or software installation and have been shown to produce immediate results. These tools continuously analyze vast amounts of external data on security behaviors and generate daily ratings for the network being monitored, with alerts and detailed analytics available to identify and remediate security issues. The ratings are objective measures of security performance, with higher ratings equaling a stronger security posture.

Used in conjunction with other assessment methods, organizations can use ratings to get a more comprehensive view of security posture, especially as they provide ongoing visibility over time instead of being based on a point in time result. The fidelity of “outside-in” assessments is very good when compared to the results of manual questionnaires and assessments because outside-in solutions eliminate some of the bias and confusion that may be seen in personnel responses. Additionally, outside-in performance monitoring can be used to quickly and easily verify effectiveness of controls, not just the existence of policies and procedures that may or may not be properly implemented.

These changes have made continuous performance monitoring and security ratings more appealing to organizations across the commercial and government space.  Organizations have learned that real-time, continuous performance monitoring can allow them to immediately identify and respond to issues and possibly avoid truly catastrophic events, as research has shown a strong correlation between performance ratings and significant breach events. Furthermore, as it becomes easier to monitor internal networks, organizations are beginning to realize the security benefits that can be gained through monitoring vendors and other third parties that are part of the business ecosystem. Being able to monitor and address third party risk puts us squarely in the realm of next generation continuous monitoring, something many regulators are pushing to see addressed in current risk management strategies.

FAA Announces Drone Testing Partnerships Beyond Current Regulations

Drone regulations FAA

Yesterday, the Federal Aviation Administration announced three partnerships with companies to expand the operation of unmanned aerial vehicles (UAVs) in an initiative the agency is calling the Pathfinder program.

U.S.-based drone maker PrecisionHawk will be exploring the possibilities of flights over agriculture while testing tracking and a system for drones and planes to remain aware of each other in flight to avoid collisions. CNN will be testing the use of drones for newsgathering in urban areas where drones will remain in the line of sight of operators. BNSF Railroad, owned by Warren Buffet’s Berkshire Hathaway, received permission to test drone operations outside of the operator’s visual line of sight. The company will “explore command-and-control challenges of using UAS to inspect rail system infrastructure,” the FAA reported.

“Government has some of the best and brightest minds in aviation, but we can’t operate in a vacuum,” said U.S. Transportation Secretary Anthony Foxx. “This is a big job, and we’ll get to our goal of safe, widespread UAS integration more quickly by leveraging the resources and expertise of the industry.”

To that end, Pathfinder will allow these corporate entities to research operations that push the boundaries of the recent draft rules released regarding small unmanned aircraft, namely by operating both within and without the visual line of sight requirements currently mandated by the FAA.

“Even as we pursue our current rulemaking effort for small unmanned aircraft, we must continue to actively look for future ways to expand non-recreational UAS uses,” said FAA Administrator Michael Huerta, who announced the initiative at a conference held Wednesday by the Association for Unmanned Vehicle Systems International. “This new initiative involving three leading U.S. companies will help us anticipate and address the needs of the evolving UAS industry.”

This effort is also the first step in realizing some companies’ grander aspirations for drone use, such as the package delivery applications being pursued by Amazon. That being said, the information gathered by these companies will merely provide data to inform future FAA regulations, which are still pending and may only approve broader operations in a few years. Other companies looking into similar applications that are beyond the scope of current draft regulations would still need to apply for and receive a Section 333 exemption from the FAA. While about 300 of these requests have been granted, the agency has received repeated criticism for an exceptionally slow and sometimes mystifying review process.

“The impact of the Pathfinder Program could be profound for several reasons — perhaps most importantly, it shows the FAA is serious about moving quickly to safely and practically integrate commercial drone use in the U.S.,” said Anthony Mormino, senior legal counsel at Swiss Re. “Allowing drone flights beyond the sight of a drone operator is considered the key to unlocking the true potential of commercial drone use.  This collaboration could impact the future rules promulgated by the FAA regarding the line of sight requirement for commercial drones.”

Such developments could also significantly impact insurers. As discussed in “Drones Take Flight,” the April cover story of Risk Management magazine, one of the most promising near-future applications for UAVs could be in the insurance industry in the wake of natural catastrophes or other major claim events. “Reducing or eliminating the visual line of sight limitation on commercial drone use will allow insurance companies to employ UAVs to their fullest extent in insurance underwriting and claims management,” Mormino said. “Consider that the FAA has already granted a number of insurance companies permission to test and use UAVs for insurance inspection purposes. These companies include AIG, State Farm, Erie Insurance Group, and USAA. They plan to use UAVs, for example, to more quickly process insurance claims after natural disasters by allowing them to inspect damage —especially in remote locations—in real time. Insurers also plan to use UAVs to obtain imagery and data for use in underwriting, such as roof inspections. Until the FAA mitigates the visual line of sight limitation, however, the foregoing insurance uses for UAVs will remain drastically limited. Success for the FAA’s new Pathfinder program would open the door to potentially even larger scale use of UAVs by insurance companies.”

The implications for insurers also extend to the products and pricing offered. “First, the current dearth of UAS loss data makes it difficult for insurance companies to properly price insurance policies covering drone use,” said Carol Kreiling, senior claim manager at Swiss Re. “It is therefore no surprise that only a handful of insurers actually issue stand alone drone insurance coverage, such as Zurich Insurance in Canada, and Tokio Marine in the Lloyd’s of London market. An increase in commercial use of drones in the US could provide a steady flow of data that would allow more insurers to price and issue coverage for use of UAS. On the other hand, if the Pathfinder program’s goals are fulfilled—to find ways to safely use UAVs outside a pilot’s visual line of sight—increased remote use of drones could raise risk profiles for insurance coverage.”

At the conference, Huerta also announced a new smartphone app called B4UFLY, designed to help model aircraft and UAS users know if it is safe and legal to fly in their current or planned location by pairing geolocations with the relevant restrictions and requirements.

For more about drones, UAV regulations, and the potential impact these machines may have on the insurance industry, check out “Drones Take Flight,” the April cover story of Risk Management magazine.