The third episode of the series sheds light on winning consumer trust by ensuring cybersecurity.
InsurTech is in its primary stages in Bangladesh. To make the concept of InsurTech familiar and to unravel the scopes for instilling its foundation in Bangladesh, Green Delta Insurance Company and ICE Business Times are organizing a signature webinar series of 4 episodes titled “Instituting InsurTech in Bangladesh” in association with Shurokkha (an online insurance portal) and with support of iDEA project of ICT division and BASIS (Bangladesh Association of Software & Information Services).
The third webinar on InsurTech, jointly organized by Green Delta Insurance Company Limited and ICE Business Times sheds light on the topic: Winning consumer trust by ensuring cybersecurity.
The Keynote of the session was presented by Bhishma Maheshwari, Executive Vice President and Cyber Insurance Practice Leader, Marsh India. MD. Shahadat Hossain, IT Specialist (Information/Cyber Security) BISD Project, IDRA, and FID, Ministry of Finance was present during the session. Along with them, there were three more panelists: Anisur Rahman, Head of IT, City Bank Limited, Arif Sikder, Managing Director, Ezy Fintech Ltd, and MD Moniruzzaman Khan, SEVP, Head of Digital Business & Brand Communication, GDIC. Enjoy the webinar on the FB pages of GDIC, IBT and Surokkha. The webinar was organised in association with Surokkha and with support of the iDEA project of the ICT division and BASIS.
The keynote presenter, Bhishma Maheshwari,started the session by divulging the current trends and challenges in ensuring cybersecurity and the way forward.
The Digital Transformation
The digital transformation has taken over our lives and made it more convenient. Technology is being added to every aspect of life. We have heard about FinTech,insurtech and food tech. Everywhere, it is a technology which is being integrated on our system. This whole pandemic situation has only accelerated that advancement. Now we all know that you say the world is going through this large health and economic crisis. Amid the bad news, we have some silver linings. Many companies have started focusing on near term survival. And then this quest of survival what they have done is they’re becoming more and more digital.
Most of the current risks are now interconnected in nature. When you talk about infectious diseases, which is this pandemic has created lots of risks and issues across the board. One of them is a food crisis, then there is critical infrastructure failure that is issues related to data fraud, unemployment, fiscal crisis, but two of the broad issues with standouts are and which are of more importance to us cyberattacks and data progress.
The pandemic has also ushered in increased cyberattacks including ransomware and phishing attacks. Today we are here to talk about cyber risks.
Increased Accessibility, Greater Risks
When we talk about digital touchpoints in Bangladesh, there were around 45 million smartphone users in 2017. This number is slated to touch at 130 8 million by 2025. mobile payments have increased to massive levels more than $2.35 billion of payments are being done to funds are being mobilized for mobile payment. Because also increased internet banking, card-based e-commerce transactions have gone up by 30%, electronic fund transfer is almost at 40% and Bangladesh has now become the fifth largest smartphone market in the Asia Pacific region. Now, what all this means is that there is a lot of investment when it comes to technology in families, the millennials are hooked to digital technology, but this whole advancement also creates some risk and what is at risk in our personally identifiable information is at risk. Now, everything is on mobile; we don’t use credit cards, we use mobile wallets. So, our personally identifiable information is right there out there on the dark web.
The Hard Questions
We use digital technology to ensure that the processes become better, it helps us in our overall life, but it also increases a lot of data privacy risks simultaneously. And one thing which definitely will help all the companies to ensure that their technological advancement is up is the task and trust in their customer’s mind. And when I trust I can talk about things which primarily forms of trust, transparency, and safety. How transparent are you when you are doing in your dealings? When you’re taking somebody’s personally identifiable information form as a form? Are you transparent enough to tell them which all areas their information will use, and how safe is your network when I’m handing you over my personally identifiable information or as a data custodian? These are two broad issues which every company has to take care of.
Managing the Risks
When there is a risk, there is also a risk management process which every company implements. Classical risk processes start with avoiding or terminating the risk. So, if there is a risk associated with specific processes or technology, it starts with avoiding the risks which are always not possible. The next step to mitigate the risk is employing the best of the class infrastructure and trained people and ensuring that there is enough transparency and safety when you are running your processes. But even after doing everything possible, nothing can guarantee a hundred percent safety. In fact, in the cybersecurity parlance, they say you can never avoid it. It might happen if a hacker is determined to help you even find a way to have assistance. It is where the transfer of risk comes into hand comes into play. How can you transfer the risk? There are some settings available to transfer the risk, and one of them is cyber insurance.
Staying Ahead of the Curve
Bangladesh may come up with their data protection acts or guidelines, including the regulatory fines and penalties. Similarly, there are data breach costs which means that any first-party expenses of forensics, which a firm does expand immediately after a cyber attack, gets covered under the policy.
In the end, I would like to say that type of risk is real, it’s there, and every firm is exposed to the same type of risk. Still, the firm which is more prepared in both in terms of mitigation, mitigating the risk, and also in terms of transferring the risk to a right solution will cope much better in the event of a cyber attack. And this is where the whole trust issue comes in. If a firm has better preparation, has better processes, an equal technology place will win more trust from its customers.
The panelists shared their initial thoughts on the topic: Excerpts are given below.
The presentation was wonderfully insightful; however, I believe a few things also need to be focused on. Firstly, the management needs to be aware of the fact that investment is crucial in strengthening cybersecurity. Secondly, a skilled team is essential to execute a strategy efficiently. Finally, it can be summarised that increased usage due to easier access may lead to greater security risk. Therefore, customers will always lean towards a more secure cybersecurity system. Realistically, no system can guarantee a hundred percent security, but we can reduce service significantly with modern technology.
Md. Moniruzzaman Khan
There has been no better time to talk about cybersecurity. The pandemic has taught us many things; as it was rightly pointed out in the presentation, the pandemic has been the catalyst behind the mass digitalisation of companies across the world. Even though there were minimal preparations, businesses across sectors are beginning to incorporate technology in their operations successfully.
However, this transformation has brought a new set of risks, and cybersecurity is one of them. Concurrently, we now have to take measures to safeguard customer information. Therefore,stakeholders of different sectors have to work together to create a robust cybersecurity system across industries.
I believe the pandemic has been a driving force in technological adaptation and implementation across businesses in Bangladesh. Subsequently, the issue of cybersecurity has become the focal point of discussions as we advance. It is a decisive issue for Bangladesh, which highlights the absence of a skilled workforce in the sector. Moreover, we must also address the lack of willingness to invest in cybersecurity from some of the stakeholders. Therefore, it is a burning issue that needs to be solved through discussions and today’s discussion is the step in the right direction.
Md. Shahadat Hossain
The insurance industry deals with personal data medical data. The primary data of the intrusions industry are financial help and PIA.
The insurance industry primarily deals with financial data, health data and PII (Personally Identifiable Information), as opposed to banks which only contain currency data. Ensuring data privacy is crucial for insurance companies; therefore, the attacks on integrity and privacy of data can render an insurance company obsolete. Insurance companies must have loved robust IT infrastructure with proper awareness of the risks.
In most cases, security breach originates from the lack of awareness. We are also to ensure that the customers don’t fall prey to social engineering tactics. Our presenter rightly pointed out that people have been adapting to the work from home culture since the pandemic began. It has made our work life more technology-intensive. Therefore we have to be aware of the existing risks and collaborate towards reducing them.
The panelists also answered key questions asked by the viewers on the topic:
From your experience as a veteran banker, can you please shed light on the existing cybersecurity threats that might undermine customer trust in the banking sector?
In the banking sector, we view this cybersecurity as a multi-layer topic. To ensure a robust cybersecurity system we engage in five layers of defiance. A breach in one of the layers can cause problems for any financial institution be it a bank or an NBFI.
To ensure infrastructure security, we regularly carry out penetration testing and vulnerability assessment using some tools available in the market. Banks are bound to run the tests as a compliance regulation from the central bank. I think the insurance industry should also be operated under similar regulations and security protocols to ensure contemporary security standards.Other technologies such as Network Traffic Monitoring, Next generation firewall, SDN, Secured DNS, Wireless prevention systems and privileged access management should be implemented to strengthen infrastructure security.
In the case of applications, financial institutions must have an inventory of the number of applications they operate, and they should be regularly tested. The source codes must be regularly scanned for vulnerability and phishing attacks.
The customer-facing applications are riskier, and they should be assessed in compliance with global practice. I believe such infrastructural and security compliance should be implemented in the insurance sector.
Thirdly, the security of the endpoint device used by the employees must be ensured with the help of antivirus and encryption mechanisms. The employees will also have to be educated on detecting malicious malware on the internet and taking adequate countermeasures. The fourth layer deals with data security. To ensure data security and prevent data loss, database activity monitoring tools may be implemented.
As a whole, these four layers of defence combine with cybersecurity which includes Incident response team, Securities information event management and user educational awareness. The layers must be regularly assessed and improved to ensure a robust cybersecurity system. Finally, I want to restate that any breach in any layer of security of the security system can compromise user data which wipe out the revenues of a company in a matter of seconds.Therefore the entire security system should work on collectively and coherently.
The insurance sector has long been stigmatised among the general population in Bangladesh. Why do you think the negative perception of the industry has prevailed?
Md. Moniruzzaman Khan
The insurance industry in Bangladesh is more than 45 years old. There are 79 insurance companies in the country. Thousands of people, directly and indirectly, work in this ecosystem and there are around 8000 branches, so geographically the distribution is quite good. But the market penetration in terms of product and policies is very low. The rate is actually around 1% in a market of 170 million people. One of the primary reasons for the lack of penetration is the trust issue. The lack of trust and awareness causes people to view insurance as a social taboo and people are incredibly adamant about getting any insurance. The scenario did not just happen overnight; it is the result of years of accumulated incompetence.
Most of the companies that are operating in the market are doing very well and operating ethically. Unfortunately, a handful of companies are guilty of malpractice and are responsible for creating mistrust among the customers, which has continued over time.
Green Delta is the market leader in non-life insurance in Bangladesh, and we have been working diligently for the years to regain consumer confidence in the insurance sector. However, it will take a collaborative effort from all the players in the sector to make this a reality. Our regulatory commission IDRA is working relentlessly to restore trust and facilitate a healthy competition among the competing companies in the sector. Concurrently, the insurance companies are tirelessly working towards the same goals as per the directive from the regulatory commission.
Interestingly, the trust between the customers and insurance companies can easily and quickly be restored with the help of technology. For example, the introduction of MFS facilitated the mass penetration of the banking industry in Bangladesh. It played a pivotal role in increasing financial inclusion in the country.
Therefore, technology is facilitating the trust that was necessary to improve financial inclusion in the country. The introduction of various fintech companies has taken financial inclusion on a different level in Bangladesh. However, being a part of financial inclusion, the insurance sector is yet to make a substantial impact on the Bangladesh economy. However, I firmly believe insurtech, cyber tech and strong cybersecurity can win the consumer’s hearts overcoming the trust issue.
As an IT consultant, what kind of IT infrastructure can encourage the general population about the industry?
MD. Shahadat Hossain
We are at an advantage in this regard as most of the current policyholders are tech-savvy. We can introduce a range of technologies to increase transparency and efficiency in the sector, including AI, Blockchain and Big Data. Numerous companies have been successful in increasing the accessibility of insurance using IoT. When customers witness the implementation of these technologies, they will start to lean towards the sector.
Additionally, we have to shift toward a pure agile approach when implementing front end approach. In the case of core insurance, we should focus on business accountability. If we can successfully incorporate innovative technology in our operations, we can ensure more adaptation of the products from the insurance companies.
Fintech in Bangladesh has managed to gain a strong foothold in Bangladesh as opposed to insurtech. How can we make a new product like insurance more appealing to the consumers while ensuring robust cybersecurity?
You are currently working with Surokkha, what was the inspiration behind your contribution towards the program?
In 2018, I was part of a group of entrepreneurs to work with digital financial service. We prioritised on working toward solving an existing socio-economic problem. Consequently, we decided to work with vehicle insurance. We noticed that people are spending time and money while ensuring their vehicle with insurance companies. We wanted to provide the opportunity to access insurance without incurring those costs quickly. Concurrently, subsequent market research revealed that very little progress had been made in the sector. It encouraged us to work towards making breakthroughs in the sector. Also, the government is working relentlessly to restore consumer trust in the sector, and the current growth rate of 11% of the insurance companies enticed us to invest ourselves in the sector.
As a seasoned brand marketing professional, what kind of brand marketing initiatives enabled by technology can help people gain better trust in the system? Can digital claiming settlement process be an essential element to win the client’s trust?
Md. Moniruzzaman Khan
Two issues are responsible for the low penetration of insurance in Bangladesh. On is a trust issue, and another is an awareness issue. Most people are not aware of how insurance policies can safeguard an individual and their community from unforeseen events. In today’s world, people are more inclined to purchase experience. The same product can be availed from multiple businesses, but customers will always lean towards a better experience. From a brand marketing perspective, the more I will be able to make the customers aware about my offerings, the better the chances of customers opting for my products. It has to be done with the help of technology as most of the potential customers are very receptive of what they hear and see in the digital sphere.
From our perspective, Green Delta is the number one non-life insurance company in the private sector. We are number one in terms of the consumer base, revenue and brand perception and have been so for decades. We have been spending a considerable amount of time and resources to improve digital insurance and increase its accessibility. The implementation of technology and the collective effort of ensuring efficiency, transparency and accessibility can provide the sector with the momentum it needs to go forward. I am happy to inform you that GDIC is one of the companies in Bangladesh that is working on this combination on the quest of building consumer trust. As a market leader, we want to set the precedence for our peers to learn and follow. We believe it’s a collective effort, and if we lead the way, others will be able to follow the route.
How can we change the negative attitude of the insurance companies towards assessing the claims?
Md. Moniruzzaman Khan
One of the primary reasons for the negative perception of the insurance industry is the claim settlement issue. Usually, the discontent stems from the status of the timing of claim settlement. Although it is dependent on technical and legal constraints, the sector has to address this issue in order to ensure customer satisfaction. Thankfully, with the roll-out of insurtech, the claim process will be completely digitalised. Currently, this process is manually conducted through human interaction which is very time-intensive. But insurtech, with the incorporation of latest technologies such as AI, Big data and blockchain will make the process efficient and more transparent than ever thought possible. On average, insurtech will reduce average claim settlement time from twenty-one to 3-4 days.
Considering the entire ecosystem, how can other companies win customer confidence with the help of technology?
The entire insurance business depends on trust. And the immense potential of the sector has not been yet utilised because of the lack of trust. If trust can be restored, the possibilities are immense. Our business is heavily reliant on an agent-based network. There have been few incidents where the agent swiped money from the customers by producing fake receipts. As a result, the customer will not get the stipulated payout during claim settlement. Such incidents have created an atmosphere of mistrust in the sector. Stakeholders of the industry should consider this issue a priority and work towards eliminating such incidents. Concurrently, some companies have to relinquish the mindset of depriving or delaying settlement amount, which is prevalent among a handful of companies. The above goals can be achieved through the digitalisation of the sector as it will help to establish consumer trust and confidence.
What measures can we expect to see from IDRA towards increasing cybersecurity awareness among the companies?
Md. Shahadat Hossain
We have already received directives for campaigns towards increasing insurance awareness. This initiative is aimed toward increasing customer acquisition in the industry. From a cybersecurity perspective, as I already mentioned, the current policyholders are tech-savvy, which is an advantage for the sector. Therefore, if we can establish a robust ICT infrastructure with adequate security, the trust-building process will slowly develop, which will eventually result in the robust growth of the sector.
We repeatedly hear that different social media platforms store customer information without consent. Do you think insurtech can ensure better data privacy for the customers?
I am a big proponent of data privacy and believe data protecting begins at home. As individuals, we are not very careful about our data, and that’s where the problem originates. Firstly, the entire attitude needs to change from an individual point of view. It also has something to do with the regulatory aspect, for example, we are at the brink of witnessing the: Personal Data Protection Bill ” in India and I am sure Bangladesh will have its version very soon. I believe regulatory constraints will keep companies from misusing user data. These legislations are very robust and compel the companies to prioritise data protection from the very first day. Therefore, I believe a change of habits, regulations and firms becoming more careful in data handling will undoubtedly result in a more secure environment, and I believe that’s the way forward.