Access the ICMIF Knowledge Hub homepage. Members are encouraged to bookmark this page for future reference.

Webinar

Univé Cyberhulp: A digital risk expansion on the mutual promise

Earlier this year, Univé (Netherlands) expanded all its non-life insurance policies across both personal and commercial lines to include cyber protection as standard. As a result, more than 1 million member/policyholders were provided with immediate access cyber insurance and cyber support services through its Cyberhulp solution, designed to help Univé members protect against, limit, and recover from the damage caused by cybercrime.

This webinar presents a case study of the launch of this modern cyber insurance proposition, including the partnership with Sontiq’s Cyberscout. It also covers how protecting their increasingly vulnerable customers from cyber risks aligns with Univé’s mutual values as a cooperative insurer.

Speakers:

  • Henk de Zwaan, Proposition Manager, Univé (Netherlands)
  • Matt Cullina, Head of Global Insurance Business, Sontiq (USA)

Matt Cullina: 

Thanks so much, Ben, and thanks for the opportunity and thanks for everybody joining. This is an exciting one for me. Normally, when we’re presenting to the ICMIF members, it’s often kind of a global view of cyber risk and what mutual insurers are doing around the globe with these programs, and really it’s kind of a 30,000 foot view. Today is the whole different landscape. But what we aim to do today is give you a granular understanding of one mutual company’s experience in the research development and launch of a really comprehensive program called cyber hole. It’s brought to you by Univé and so Hank is really the star of this show, really just kind of setting up the discussion, but honestly, it’s a bold move that Univé made that I thought was really an interesting case study to present to you all. 

So Henk’s going to really take you through the whole journey of what the experience has been so far. And I’m going to jump in towards the end and talk about some of the cases and incident response work that we’ve done for the Univé members, just to put some color on what’s really happening with cyber risk in the Netherlands and how the insurance program support them. What’s really interesting is just last night we found out that we won an award. We won a Globee award for the best international cyber insurance program of the year. It’s a gold award, so congrats to Univé and their whole community for such a big win. So there it is. So with that being said, I want to turn over to Henk and he’s going to kind of walk you through the innovative Cyberhulp story. 

Henk de Zwaan: 

Thank you, Matt and Ben, for the introduction and also for the invite and for the great news, of course, that we won the gold Globee, just came in today. So it’s really exciting news, very proud of it, and we couldn’t have done it without you. So thanks for that also. Well, I would like to start to let you meet Geert Reinders. Geert is really our founding father. For more than 200 years ago, he was the man who started one of the first mutuals in the Netherlands, in the north of the Netherlands. With 20 farmers, he started a mutual and they started with fire insurance for their own properties. And already then, awareness and controls were very important and helped them to get less fires. And that’s where it all started. And if we look at Univé today, we see that the 20 farmers who started more than 200 years ago, grew out to 1.6 million clients today with over 4 million policies. 

We are still a mutual company with 2,700 employees. And we have more than 100 stores in the Netherlands. Of course, we also have a website, an app, members have an account at Univé where they can handle their own affairs if they want to. We call ourselves a multichannel insurer. We want to become an omnichannel insurer, but we still have to make some steps to realize that. I think it’s good to know that Univé is a corporation of eight regional mutuals. They all have their own boards and they all are insurers themselves. They ensure property against fire and that sort of risks. And they together founded Univé Corporation with Univé Schade, and Univé Schade was founded to ensure mobility risks, liability risks, because the smaller regional mutuals were not able to do those risks themselves. So Univé today are really eight regional mutuals working together in Univé Schade. 

That about Univé today, then Univé Cyberhulp. Well, the text here is a description of what it is. I’m not going to read it all to you. What we did this year was in February, we launched Cyberhulp and Cyberhulp is a service combined with coverage for cybercrime incidents and Univé consequences of it. And the special thing that we did is that we embedded it in all our policies, all members of Univé got access to Cyberhulp, 24/7 help desk and coverage on certain products. And well, the intention of course, is to protect our members against cybercrime, limit consequences and recover from the damage they might suffer. 

And the Univé strategy, I will shortly tell something about it because, well of course, the strategy is where everything you do starts. So it’s good to know which strategy Univé has. And the most important part of it is also the preventing of risk and limit the consequences. That’s where we want to focus on. And if there is a damage cost, then of course, we will also ensure it, but only the part that’s really necessary and that’s different than it was in the past. In the past, we had more focus on the insurance and nowadays we focus more on preventing and limiting the consequences. 

Then how does Univé Cyberhulp fit into our strategy? Well, this part I would like to read out because it gives a good picture of what it is and why we do this. As a cooperative, we see it as our duty to help our members prevent and mitigate the risks of cybercrime and to provide them with a safety net if they do have to deal with it. We do this by supporting our members and working together on solutions to cybercrime incidents. For this, we have the Cyberhulpdesk, 24/7, help desk where customers can call if they have cybercrime incidents. And also we include cybercrime coverage as a standard in our products with a very small, extra premium. Through this standard integration, we create volume. And this is very important because volume is the key which we work with and which enables us to do this. 

And if we view it, our core values within Univé, one of those is together and the power of together, that’s what you get when you have volume. With this proposition, we are unique in the Netherlands. This distinguishes us as a cooperative insurer and as a result, we also load Univé as a cooperative brand and give more substance to our cooperative philosophy. And that’s also a very important thing for Univé. Our Chairman of the board has a personal mission. He joined us two years ago and his mission is to give more substance to the cooperative philosophy. So that’s where we are constantly working on. And it’s a perfect match with Univé Cyberhulp. 

Then what does our Cyberhulp proposition consist of? Well, I already mentioned the 24/7 assistance in preventing and limiting damage. That’s the most important part of the Cyberhulp proposition. Maybe… One thing I wanted to say is that the Cyberhulp proposition, I always call it a proposition and I heard Ben introduce it as a Cyberhulp product, but it’s not a product. It’s a proposition that we fully embedded in all our products. And that’s a real difference also in the way you implement it. And I’ll talk about it later on. So the helpdesk is the most important part and why? Because the experience of Cyberscout and also our experience the last seven months is that more than 90% of the cases are solved within the helpdesk. So Cyberscout takes care of those incidents and there’s no damage and there’s no claim handling left to do, so that makes it very important. 

And the five till 10% who does file claim, well there we have the safety net for cybercrime coverage. In a few of our products for the private members, it’s the household contents insurance and the private liability insurance. We give a coverage until a limit of €2000 without a deductible and for SME members, it’s in embedded in the commercial contents insurance and in the business liability insurance. And for the commercial clients, the limit is €10,000 and here a deductible of €1000 is applicable. So it’s a real basic coverage, but anyway, it is a safety net and that’s what it’s meant to be. Well, I already said it a few times. It’s fully embedded in all our products. So if you are a member of Univé, you always have this service and that’s really unique. And we do this together with external specialized partners, also very important. We couldn’t have done this on our own, and that’s why we partnered up with Cyberscout, but also with Munich Re, or Reinsure, who provide us with a lot of knowledge and thinking with us in the best solutions. So together we made this possible. 

And how we did it. Well, we had a certain approach. It relates also to volume. Volume is the key, but also keeping it simple, having principles within, you’ll find a solution. And well, I’m not going to read them all, but it’s all fixed. If you talk about limits, the elements, the modules of coverage, the premium is fixed. We have no questionnaire, so there’s really no underwriting in it because of the simple… Because we kept it simple, sorry. And no IT security irrelevant questions. We only have, in our wording, five IT relevant obligations which customer have to attend. It’s really quite simple. And also for the SME customers, we have no exclusions. So every customer, also SME customers, has access to this service. 

So it’s sort of one size fits all for private and one size fits all for commercial clients, but it makes it possible to do it at a low rate and without anyone having a cybercrime incident, and come comes to the conclusion at that moment, I don’t have any of coverage, and who is going to help me. And I don’t have an IT man in my business who can handle this for me. Well, what you see are the modules that we selected for the private members. It’s the data restoration. Now we are in decontamination, the hardware replacement and extortion. In red, you see that we exclude ransom payments. Well, that’s a really important point and it has some ethical aspects in it. It’s still a discussion in the Dutch market anyway, if insurers should pay ransom and well, Univé has not done this from the start because we think you shouldn’t help criminals to realize their business model. So we keep away from it. 

We understand that our customers may have other interests and that their company may be at stake and that they will pay ransom. But we think it’s not ethical as an insurance company to pay ransom. So that’s the reason that we don’t. These three modules are embedded in the contents insurance and the liability modules. You see the network security liability, the privacy and data breach liability and the social media and media liability. Those three modules are embedded in the private liability insurance for the private members. For the SME members, we have in the commercial content insurance, the data restoration costs, the incident and breach response and cyber extortion. So cyber extortion means we will help our customers, although we won’t pay any ransom, but we will help them in restoring and negotiating that sort of thing. 

And also for the SME, we have some liability aspects, certainly for the SME members it’s very important. The privacy liability is really a issue nowadays. They’re all kinds of regulation on this. So it’s very good to have coverage for this to get help. Then the route to the best solution, well, we didn’t find the right way at once. We had several attempts. More than four years ago, we started with a cyber product, a separate product for the private market, and well, it was not successful. And we redrew it from the market after two years. And the reasons that it was not successful was lack of awareness with our customers, lack of willingness to pay, but also they had to install a device to secure their wifi network. It was too much trouble, too difficult, and we sold about 200 policies and it wasn’t successful so we stopped it. And two years later, we did a new attempt and this time for the SME market. And we refocus on the real small businesses, maximum of 20 employees, that’s our focus with our targets group. 

So we did some research, market research, but also under our customers. And the conclusion was that the products that were offered in the market didn’t fit with the needs of small companies. It fits perfectly for big companies, but the small companies mostly don’t have an IT man or an IT department who takes care of these issues. And, well, that’s also a reason that the awareness is low with the small businesses and entrepreneurs are really comparable with private customers as we speak about awareness. It’s a very low and also the willingness to buy and pay for additional cyber coverage is low. So that makes it really hard for this target group to have a proposition that they will buy. And that’s also a sort of… How do I say it? Paradox between, at one side, you know, effect based, that your members are facing risks, big risks in the field of cybercrime. And on the other hand, you know that they don’t see it, or they see it, but they don’t act like that to do something about it. 

So if you do nothing, they realize at the moment they are hit by a cybercrime incident, that it would’ve been better, that they had done something. So that’s something that’s very important in this route to the best solution also. Because for us, it was the driver to choose for an option that it’s standard in all our products, fully embedded. And well, of course we didn’t do it by ourselves. We had conversations with reinsurer companies, several reinsurer companies, service providers, such as Cyberscout, but also our colleagues of LF in Sweden, we had a few meetings with them and they also provided us with a lot of input and well, all this input together made that we made the choices that we did. So at the end, we really find the problem area is from the market research and the customer surveys but also the input we got from our partners, the low awareness, I already said it a few times in relation to cyber risk as well with the private members as the commercial members. 

Knowing versus acting. That’s the part of knowing that cybercrime is around and that it’s still getting worse, and that the chance that you are infected by cyber viruses and that sort of thing is increasing, but still most people are not acting like it, so they don’t take care of their systems well enough, don’t do upgrades, have simple passwords, although they know they should do something else. So it’s affected. You have to deal with private members as well as SME members. And well, it’s also a point of responsibility as an insurer, certainly as a cooperative insurer, you have to take responsibility for your members. That’s a point of view. And if your members do not see the risk of don’t act like it, you have to look for a solution so that they won’t be a victim of their own lack of prevention measures. 

So we think it’s also a responsibility of the insurer and also of the advisor. Well, and of course, the willingness to pay within our target group is very low. These are all components that we took with us in the rest of the project. I have a few sheets in which I mentioned the challenges and the risks that we faced. And first we will look at a few internal challenges and the risks. At first, it’s not a standalone product and I already said it at the starts. It’s a proposition, it’s not a separate product and it’s fully embedded in all our products. And that make it very big, also as a project to implement within the organization and within the market. 

The coverage components in property and liability products, well, within Univé, I already mentioned it before. We have eight different risk areas. So we had to align them all to get this new proposition alive and well, you can imagine that’s not a small thing. It takes a lot of time and lots of meetings and convincing them that this really is a good thing to do. And of course the impact on the systems, IT systems, would be huge if you do it an old fashioned way. And so we had to think of a way to keep the impact limited. And the embedded coverage in wordings was also new because the cyber help desk, Cyberhulp consists of a health and coverage elements, the health desk element is something which we had to embed in all wordings of every product. And so we had to find a good clear text to do this. 

And we had four products with coverage elements, which had additional wordings. And the challenge in this was that all the wordings that Munich Re helped us with were in English, with legal aspects because European legal of laws are not the same in all countries, so you have to translate it to your own legal system. So that was a real challenge to do and to stay in line with the coverage the reinsurer intended to give and the coverage that we need to cover the risks, according to Dutch laws, according to Dutch laws. Pricing, pricing is a very important element, because it’s a different way we do it. You have to take into account that it’s on a client level impact. So you add it to all your products, but what does it do at the level of the client, if a client has two products with coverage and it gets the help desk, then you have to see what the total extra premium is he’s going to pay, and if that’s still acceptable for the client. 

So we had to see what is the client willing to pay, and also what can we offer for that price and still make sure that it’s relevant enough for this acceptable price. So that really was a challenge also. Well, we had a model that works with value perception of price. You can measure this. What we did was we took a survey among our members and we asked them about a proposition. Of course, first we explained, what is our new proposition? What does it consist of? What do you get? And then we ask them, what are you willing to pay for this new proposition? And the graph you see here and the lines, they stand for… The blue line says the customer finds the price too expensive. The red line says the customer finds the price expensive. And the gray line, green line, is cheap. And the yellow line is too cheap. 

And the intersections of these lines, at the points, you see the red points, the green point, the yellow point and the blue point, they gave a good picture of the range within the client is willing to pay extra premium. And the left graph shows the private members. Well, the conclusion is that a prize between about €2 and €3.50 a month, that’s the acceptable range. So we had to stay within that range to prevent customers running away because we asked them too much premium. And well, we did the same thing with the commercial members and the range, the price range, that they find acceptable is between the €2.50 and €5, €5.50. So it helped us enormously to get a good price and to mitigate risk of customer satisfaction. Very important part of the whole project. 

Well, other risks in the field of cumulation was very important. And of course, we have no experience with cybercrime rates, but Munich Re has. That’s, of course, one of the reasons we partnered with them. So we talked a lot about this with them, and they have data and models to calculate this risk and also to mitigate it. So we took some measures and reinsuring contracts with Munich Re to mitigate this risk. We also looked at cybercrime terrorism. That’s something that we didn’t see at this moment, but could be something that, well, that it could happen in the future. So you already have to think about it. If it happens, can you handle it? What are your risks and what measures can you take? That’s what we did. Underwriting and claim handling skills. Well, lack of knowledge about cybercrime was really one of the reasons not doing this ourselves but partner up with experts in this field. 

And claim handling skills. Well, we hire them through Munich Re and, of course, Cyberscout does intake of cases. And that helps us, well, to handle these claims in a good way. The 24/7 cyber help desk service is in Dutch. Is that a problem in Dutch? Well, it’s a problem because, of course, we have call centers in the Netherlands and we help our clients daily, but they don’t have the skills to help customers with cybercrime. So we don’t have skilled call centers in the field of cybercrimes and in the Netherlands, there is not much offering of these services. And of course, because we have an enormous number of clients that we provide with this, more than 1 million clients, you need a big company with good skills to handle this. And that was not easy to find. 

So it’s something to invest time in to make sure that that is in place, because it’s the most important part of this proposition. The help your customers get, that’s most important of the whole cyber risk solution. Well, make it or buy it, it was an issue, but all these points helped us in making this decision. And we decided to buy it. Then in the field of compliance, we also had some risks to handle, well, the way we introduced this new proposition, non-optional addition to all products and no opt-out possibility. That, well, it has legal consequences in the Netherlands. It has anyway. Some insurance companies did this in the past and they got some… How do we say it? Well, there were customers who didn’t agree and went to the church to get it to… Or maybe Matt, you can help me. I don’t get to the words. They make a law case out of it. 

We looked at the Euro experience in these cases to find a way that was completely legal and we had no risk in well, making bad press, because that’s the last thing you want. So it’s very important to see if it’s all in place legally also. The product approval process is something we have to do in Europe. It’s also legally… We are legally obliged to do this. Every new proposition of adjustment to an existing proposition, you have to go to through a specific process. 

The challenge here was if you do this process for 26 products in such a short period of time, it’s almost impossible. So we had to find a way to do it more simple. And well, we found that way because we have a general part of the Cyberhulp, the help desk, and that part we could handle in one product approval process. And we only had to do the process for the products that we added coverage to, the contents insurance and the liability products. So we add four products and one general product approval. And so it meant that we had to do five product approval process actions instead of 26. 

Well, we had tax issues in the Netherlands. If you offer a service, you have to pay taxes. We call it BTW and VAT, is it, in English I think? Well, it’s every product you sell, you have to pay tax. And on insurance products, there’s a special kind of tax, insurance tax, you have to pay. And in this case, we have to pay both. Because we have the service of Cyberhulp, the service Cyberscout delivers to us, and we have to pay taxes on that part. And we have to let the customers pay the insurance tax. So it’s different from the usual tax payments customers have to do. So that was really an issue to sort out. Outsourcing the help desk to a foreign company was something really new to us. So we also had to do research on this and well, we had to make sure that legally everything was in place, contracts in English. Well, it always takes more time and more meetings to make sure that things are in place. Then communication, well, I think communication is the key if you want to bring a proposition as this to market, not only communications to the customers but also internal communications. 

I mentioned it earlier because it’s a non-optional addition to all products and there’s no opt-out possibility. There is a risk to customer satisfaction, and we want to present that it would have a big impact on customer satisfaction. So what we did was test all means of communication with customers. We have customer panels in which we tested the communication. What we did, we showed them letters that we made wherein we explained what we were going to do, what the impact would be, what the exit premium would be about. And we asked them if they understood what we communicated and how they would react on it. And based on the input we got, we adjusted the letters and the other communication means. So it was a process in which we went back to the panels three or four times before we had the feeling, okay, this is good. 

And so that was step one. And the communication to the customers, or members, we are doing in three steps. We started in February this year with a big bang scenario in which all 1.1 million customers were informed by mail or by letter that we are going to add this proposition, Cyberhulp, to their products. And also that the first year was for free and of course, that’s very important to make sure that the implementation had a soft landing because now they’re a time, a year, to get used to it, to experience it. And after a year, well, it’s a… You know what it is that you get and you are better capable of judging it and accept it or not. 

And of course, we also, in our surveys, we ask customers how they would react and, well, already then three quarters of 75% of the members said, this is a good idea and within the price range we mentioned, they would accept it. There were also a part of the customers who said, well, we are not happy with this because we have no choice, but finally we would accept it. And really a small part of the customers said, well, if you continue with this, we will leave your company. 

Step two and three are at a renewal date in 2021. We adjust conditions and at renewal date in 2022, the premium will be adjusted. So that is the moment next year that our members will really pay for this extra service. The internal communication, I have to make some speed and I’m getting out of time. But the internal communication is all about, you have to get everybody in line and every colleague has to be an ambassador of this proposition and believe in it, because if you don’t believe in this company, how can you expect the customer to believe it? So we invested very much time in informing our colleagues, make them enthusiastic about this proposition, explain them why it’s a really good thing to do, well, it’s really crucial to crucial success factor. 

In this sheet, you see the time part that we had that we took in the first half year, we started February 2021. We needed a half year to work out the business case. And well, I’m not going to read all the things we did, but we had about six work groups working on the several parts and to prepare everything for the decision makers to make a decision on it. That decision, the goal, we got it in August and from August on, we really started the implementation, and the implementation took us about six, seven months. And in February 2021, we had the big launch. We did it not silently, but really big with the marketing campaign on radio, on TV. We had an online campaign, press moments, so it was really highlighted in the press. So we had a really good start, but the point is that we did this all with our partners within a year. And well, we are really proud of it. Then I think Matt is going to take over for the customer journey. 

Matt Cullina: 

Thanks Henk, and Henk touched on a lot of these points, so I’ll be very brief on this slide. Really, the service element, the 24/7 help desk is really the paramount component of this offering. And so we had to build a customer journey with the Univé team to make it feel as natural as possible and easy to access as possible. And so this Cyberhulp icon you see on the right hand side is really, it’s everywhere in Univé’s marketing material, websites, content, apps. And so there’s multiple places where the member can find out how to access the services. 90 plus percent of all the cases come in, all the calls that come in, are handled without a claim being opened. So really that journey is all about getting a dedicated expert to help you real time, hopefully alleviate the problem. 

If you do have expenses or other complications, then it’s referred and opened as a claim. So this is just a rough sketch of that journey, and it really has been effective since launch. The other thing I would say is that the volumes that we’ve seen on this have been really importantly high. And so I wanted to show you, we probably have more case activity with the Univé launch, especially in the first quarter of the launch, than any other client we’ve seen, any other mutual we work with in other jurisdictions. These are just categorically the cases by rank of what we’re seeing. 

And so, from my perspective, it really shows that the communications, especially early on are working to help people understand how to use the service because the first two categories are really asking questions, calling in with questions. What is this help program? How do I use it? And then the proactive inquiries are all about trying to get better at protecting either the family or the business against cyber risk. And so the more activity we see with people just calling in with questions the better, because it shows that they’re really trying to improve their cyber risk profile. 

And then from there, as we see across Europe, unauthorized account takeover, so taking over an existing account, and online retail fraud, are usually the two top types of fraud we see for consumers, for households, in the EU. And then you start to see system compromise and ID theft, ransomwares, these are more of the technical attacks that happen, whether they be scams or malware, or what have you, that attack people and systems to try to get access to information, try to monetize the scam and really make hay with other people’s credentials. 

I want to quickly give you, these are just really snapshots, actual cases that we handled for the Univé members. This is on the private line side of the proposal, over a million customers, members, have access to these solutions. And here’s really what we’re seeing is WhatsApp fraud is probably the top type of consumer fraud case that we’re handling. And that’s, if you’ve ever experienced it, someone gets access to your contact list on WhatsApp and they blast out to friends, family, what have you, some sort of crisis communication, “I’m stuck. I need help, please wire X money to me,” the range of requests tend to be from €150 euros to €2000. So it’s a pretty broad swath. So this is a very common type of case we see for the Univé members. 

Facebook account takeovers, so people impersonating you on Facebook. There’s a specific process that you follow to work with Facebook, to get that taken down, to reset those sites. And then you have to communicate with all of your contacts to make sure that they knew that whatever happened when the impersonation was going on, wasn’t you, it was an imposter. We’ve seen some really strange… The Sri Lankan telco company, just different types of scams where you’ll receive a phone call. And just for you push pressing, accepting that phone call, you start receiving bills. In this case, it was from a Sri Lankan telco and this member was just inundated with all these bills. And they didn’t even know what had happened in the first place, let alone how to work with the telco to get those bills stricken. 

The bank professional one is interesting, and that literally… The scammer impersonated a real person at this member’s bank. And so they called in and said, “Hey, we’re in a crisis, we’re having a cyber crisis. You have to give us your credentials and we’re going to have to reset your online account.” And it was actually a fraudster asking for that information, but the member actually went online, found the woman’s name, found her picture. She was a real person. So they just agreed, accepted that this must be a real issue. Unfortunately, they stole over €25,000 from this person’s account. So we worked with them to get that money put back in the account, to prove that it was fraud, that it wasn’t them that that took the money out but the scammer. 

Some social scams happening too and cyber bullying is a common thing that’s starting to occur more and more. In this case, it was a 12 year old, a boy in the family who folks set up an Instagram page and started posting all his Photoshopped images of him in compromising situations. And so this was a real tragic event for the family. And we stepped in and really helped get that information taken down, worked with Facebook and Instagram to get that information taken down. And again, communicate that this was not the actual child who did that. 

And then as, as I said, proactive inquiries is really the life blood of these programs. It’s what makes everything tick and knows that people are understanding how to use the service and hopefully how to avoid big problems by asking good questions early on. On the business side, these are just two discreet examples, and it continues with what Henk said around the entrepreneurs, the small businesses, that are offered this are really close to a private lines customer from a risk standpoint for cyber. So we do see hacking events, ransomware events, but they’re generally small scale compared to enterprise risk companies. 

In this case, a pool installer had a breach. It was only one computer out of many computers that they had in the business. So we were able to localize the issue on that one computer and then help them notify all of their customers to tell them that some of their private information may have been exposed. In the second case, it was a ransomware attack. And so just to clarify one point from what Henk said, although Univé doesn’t cover the ransomware payment, they do cover the investigation, the research, the assistance in helping somebody figure out what’s going on. 

In this case, it was an accountancy firm that got hacked and a ransomware attack ensued. And it looked like the data may have been exfiltrated, which means may have escaped the computer system. So in that case, most often, you have to notify your customers even if it may be a false alarm, but you still have to notify. This customer, this member, wanted to pay their ransom themselves. And so we helped negotiate that on their behalf and pay the Bitcoin of €1300 to get their systems freed up. So just some common cases that we see, these were actual Univé cases. So I want to turn it back to Henk. 

Henk de Zwaan: 

In this sheet, I mention a few learnings. In the middle, you see the learnings that we got from LF. So those learnings we took in account when we started the project and they were very useful. So I thought I mention them here also. Well, I won’t read it all to you, but the headlines… The fully embedded solution requires a different way of thinking. Well, we are not used thinking. We are used of thinking in products. What does it mean for this product or that product? And this embedded solution in all products, more on a member level, requires another way of thinking and all organization has to get used to it. It’s really new. So it takes time and you have to realize it’s very important. And another thing is that what we notes is that most colleagues and the regional mutuals were very anxious in the beginning about the idea, but going on the project, they tended to see the risks and, well, they really had to get out of their comfort zone. 

And that’s also something you can take into account when you start a project like this. And show entrepreneurship, well, that’s also having the courage to do something out of the ordinary. And well, entrepreneurship is also taking risks and insurance are mostly not very willing to take risks. So that’s also a challenge. And the time to market first is quality. Well, you want it faster. You want the first move advantage in the market, but it never should go in cost of the quality. So quality goes before time to market. That’s the lesson we learned from it. Oh, that in… With too much speed, maybe, but if you have any questions, you can always contact me through LinkedIn and I will be happy to answer all your questions. 

Then next steps. Why next steps? Because this is not the end. It’s only the beginning. We have a basis, but we are not ready. We only just started. So we have several things we are going to do. Coming here, we will expand the coverage. The financial fraud is one of the things that is not fully covered by what we offer at this moment. So we want to expand there. And we also want to offer services in preventing cybercrime to our customers, so that’s where we are working on right now. And as I said earlier, cyber always on means that cyber is always on. So next year and the years after that cyber will be always on. It’s not going away. It’s getting more and more so. A lot of work to be done in the future also. Well, that is the end of our presentation, I think. 

Ben Telfer: 

Thank you very much, Henk and Matt. Henk, thank you for taking us through that journey. And you’re quite right. It’s definitely a proposition and fully embedded. So thank you for explaining the difference because it was a great analysis of what you’ve been doing, what you’ve done on this journey and what you’ve got coming forward. I especially like the links to your cooperative values as well, and how you are really focused on protecting members from these new and increasing and emerging risks. So I think that speaks to your overall strategy. So thank you for sharing that. 

We do have a couple of questions that I will be able to post to you. First one here, Matt, this is probably one for you. And you touched on it again afterwards, about ransomware and that exclusion for the ransom payment, for the obvious reasons, because it supports criminal activities. What do you see in other cyber products around the world? Is this a common exclusion, or do the majority of them offer some form of ransom payment in their policies? 

Matt Cullina: 

In the large market kind of enterprise cyber, it’s most often covered, but there’s more and more, especially with markets like Lloyds and large market insurers like Chubb and Zurich, more and more they’re scrutinizing who the threat actor is to make sure that they’re not on a watch list, that they’re not kind of a criminal band that’s tied to terrorism, what have you. And so it’s becoming more and more scrutinized, more and more kind of controversial, but it is generally covered for large market. When it comes to small market, it varies. Some insurers cover it, some don’t and it really comes down to what Henk said. It’s just appetite for the risk and appetite for the kind of moral component of kind of supporting criminal activity. 

Henk de Zwaan: 

Maybe I can add to it that in the Netherlands, the government is also discussing this. They are making regulation on this point. So maybe we are obliged to not cover it in future. 

Matt Cullina: 

Even in the White House, they had a big summit with cyber insurers two months ago and ransomware was the discussion, what can the government do to collectively help kind of private sector and the insurance community around this phenomenon? 

Ben Telfer: 

Thank you. I think we have time for one more, one more quick question. How common is the fully embedded and non-optional cyber solution in the cyber market generally? Matt, that’s probably one for you to sort of speak about at a global level and Henk, perhaps you know any comments in the rest of Europe, but Matt, I’ll come to you first for that. 

Matt Cullina: 

I used the word bold and I meant it at the beginning of this. I have not seen an insurer take the step to provide to all customers, both private and commercial. And to me, that’s really stepping up from an insurer standpoint and in the market, you see companies going either route and it really either embedding or selling it as an option. On commercial lines, that’s often easier to embed or use an opt-out strategy than on private lines, but those that really want to drive retention and member support and offer a common program to everybody, tend to embed those that are looking maybe for retention, but also to get additional earn premium, may charge as an option. I think what Univé has done is kind of the best of both worlds in that they’ll start charging for it as a nominal sum starting next year. 

Henk de Zwaan: 

Yes, I agree. I think it’s really unique. I know that LF, the Swedish insurance company, did something like it, but only for the commercial market, about 100,000 customers. And we are talking about 1.1 million customers, also commercial and private, and in the Netherlands, we have Aon. Aon is worldwide operating company who implemented it in their household content insurance, but they don’t have liability aspect and, well, they had some legal issues on the way they implemented it also. So I think nobody has done this before. 

Matt Cullina: 

I agree.  

Ben Telfer: 

Great. I know you said it before, it is a unique proposition. And again, thank you Henk for going through it in detail and Matt for your input as well. I just want just echo a point that Henk said about getting in touch with him. Henk, you shared the value that you got from connecting with LF, which is obviously a Swedish mutual company and a fellow ICMIF member. So please do reach out to either Henk directly or come through myself or anybody at ICMIF if you would like to know more, and I’m sure Henk, his colleagues at Univé and also Matt at Cyberscout would be able to help share their story in more detail, and also hopefully provide solutions that will help you. 

Matt Cullina: 

Thank you, bye-bye now. 

 

The above text has been produced by machine transcription from the webinar recording. ICMIF has made every effort to ensure that transcriptions are as accurate as possible, however, in some cases some text may be incomplete or inaccurate due to inaudible passages or transcription errors. Listening to or watching the webinar recording will allow you to hear the full text as delivered during the webinar but this is available in English only. Our transcriptions are provided to enable members to select the language of their choosing using the dropdown menu above.

 

 

More information

If you would like more information on the topic or case studies presented above, please contact us. We are here to make tailored introductions to your fellow ICMIF members and we can also share other member-only resources with you based on your specific challenges and interests.

Scroll to Top