I’ve been thinking over the last few years about how insurance and cyber-security are going to intersect. A lot of these ideas turn into conversations with Jeremiah Grossman, since he is fascinated by the topic as well.
What I’ve been thinking about recently is how long the insurance cycles are, with massive changes of risk occurring between renewal and reassessment periods.
How many times does your risk profile change throughout the course of an average insurance policy, whether that’s car insurance, home insurance, or—say—cyber insurance?
The answer is that it changes a lot more often than the lifespan of the policy. And that’s imprecision and waste.
The move to realtime
What I believe is going to happen is that Universal Daemonization, along with a number of other technologies, are going to slowly (but with big jumps) move us towards realtime adjustments of risk.
Did you just have a crazy breakup? Did you just get divorced at 45? Are you going for a drive with your new girlfriend after hitting the bar earlier?
Maybe these events warrant an adjustment to the policy.
Or maybe engaging in an activity itself is enough to change the policy. Maybe skydiving changes things. Or getting on a motorcycle that can reach 200 MPH.
The more we know about ourselves, and choose to share with those who give us policies, the more that information can (and will) be used to determine how much we’re paying for insurance at any given moment.
If I decide to rent a new BMW Dreadnaught for a weekend, one of the things that will happen is an instant risk rating calculation and new agreement. It might also include mini-events within the policy, such as exceeding 300 miles per hour in manual mode.
The point is that there will be data about what we’re doing, and data about how dangerous those activities are, and these factors will be used to auto-renegotiate insurance premiums at tighter and tighter intervals.
It’ll start with major events and halved then 1/4 length intervals, etc. And maybe simply shorter policy lengths. Then it’ll evolve to being full re-evaluations in periods of just weeks or days. And the final form will be a constant monitoring for risk factors with re-negotiation taking place mostly automatically, with requirements for opt-in under certain conditions.
Realtime data about the world means the ability to make realtime decisions about risk, and this is where IoT and insurance intersect.