Is There a Need to Redesign Cyber Insurance?
When FBI Director James Comey said, “There are two kinds of big companies in the United States. There are those who’ve been hacked … and those who don’t know they’ve been hacked…,” he was reinforcing the fact that hacking is increasingly becoming a mainstream activity.
Tools such as Crackz, hackz, scriptz and others enable a user to gain additional access to computer systems and information or to run a program they have not legally purchased. Ask your search engine “how to hack” and not only will you get a long list of advice, but you will even find a video which has had more than four million visits.
The problem has moved beyond individual opportunists. It is an issue which increasingly involves premediated crime, often with a financial or disruptive motive. It also has its own language such as “Trojan” — a malicious program that perform actions not authorized by the computer user.
Will the vision of insurance marketers to have insurance based on connected cars, homes and people ultimately prove to be the Achilles’ Heel of their companies?
Increasingly hackers see themselves as guns for hire, selling both services and data on the dark web. Sometimes known as “Butterfly Hackers,” they focus on corporations and use sophisticated tools, often with inside knowledge of the organization.
This inside knowledge often comes from disgruntled employees. It’s even said that the most dangerous person in an organization is the IT manager, as they are best placed to know the system. They are paid through the very same technology that insurers and banks are contemplating for their own future, that of bitcoins operating in a blockchain environment.
Typical hacks may simply demand money from the personal user, using ransomware, which even provides call-back software for ease of payment. In a corporate environment, the hacks may extend to distributed denial of service (DDoS) attacks, effectively putting an online company out of business as it is bombarded with multiple anonymous inquiries.
But it isn’t always negative. A new profession of ethical hackers known as “white hats” has emerged. Their job is to assess the security of computer systems using penetration testing techniques. There’s even a professional qualification in the subject.
As this era of Big Data continues, 2.5 gigabytes of data are created daily by 6.4 billion connected things. In 2016, 5.5 million new things will get connected every day.
Technology research firm Gartner believes we will reach 20.8 billion connected things by 2020.
Some experts are already suggesting that the way into corporate systems will not be through a direct approach but rather through the multitude of less secure external devices. Will the vision of insurance marketers to have insurance based on connected cars, homes and people ultimately prove to be the Achilles’ Heel of their companies?
The recent news that cyber hackers stole $950 million in what is thought to be the world’s biggest bank raid should be enough to raise the alarm bells. JPMorgan’s 2014 hack is said to have affected 100 million customers. The recent hack of the Panamanian law firm Mossack Fonseca is said to involve 11.5 million documents. With the recent ‘Dieselgate’ affair at Volkswagen said to be likely to cost up to $35 billion, what might be the financial impact of a hacked connected car system for a major manufacturer?
As insurers increasingly focus on operational risk — that is, failure due to systems, processes, people and external events — as a key element of managing their capital adequacy and solvency, how will the regulators and insurance commissioners view the potential increase in the risk of someone infiltrating an insurer’s own site through some form of remote device?
Overall, there seems to be agreement that prevention is better than cure, but where cyber crime happens, it is critical that companies carry appropriate insurance cover. Cyber insurance cover has been around for a decade or so, but as cyber crime has developed, then doesn’t insurance cover also need to mature? With policies provided by some major insurers giving cover to $100m, isn’t it time to think about whether this is enough?
Hungry for Collaboration
Fresh from another great RIMS in San Diego, I want to report on some of the great work that the RIMS Enterprise Risk Management Committee did in the past year and is planning for the future.
Also, I want to encourage readers to volunteer for RIMS or other professional groups. Though my time is stretched to the max, I find that the reward of working with others towards a common goal without any compensation or promise of reward is a pretty cool and liberating environment to work in.
Risk knowledge with an actionable outcome is powerful.
You don’t have the restrictions that can come with your job or work environment and you can really stretch your thinking and be innovative.
Take the RIMS ERM committee’s recent work on risk appetite and tolerance statements and actions: The Steps to Successful Risk Taking: Developing Effective Risk Appetite and Tolerance Statements
We were feeling pretty hungry … hungry for a risk appetite and tolerance framework that could provide a holistic view and process to manage a company’s willingness and ability to take risk, and encourage better corporate governance, and help management make better strategic decisions.
We put together examples of how different organizations are using risk appetite and tolerance as well as a Risk Appetite Tolerance & Action Index that we intend to keep adding to and revising.
The added element of actions tied to risk appetite and tolerance provide the accountability that is needed to make the effort of enterprise risk management really valuable. Risk knowledge with an actionable outcome is powerful.
So if you’re hungry too….and if you are a member of RIMS, you can contribute to the Index on OPIS.
Both the ERM Committee and Strategic Risk Management Committee met at the conference and while there were a number of items for discussion, the subject of the consideration of risk and engagement of the risk manager in mergers and acquisitions (M&A) got some great energy going.
Risk managers are often brought in late to the M&A game and once engaged the focus is often on insurance, which — while important — may not be the critical pain point. So is the “problem” we should solve getting the risk managers engaged earlier? And if so, what work would the ERM and SRM members need to do to influence that?
Maybe decision-making on growing and increasing shareholder value should be the chief area of concern, not the timing of the engagement of the risk manager.
But growth does not always have to come from acquisition. There needs to be adequate consideration of risk versus opportunity in the development of the growth strategy.
Maybe the problem is that the risk managers are not part of developing the due diligence framework in the M&A process. Trying to figure out what problem we are trying to solve is a great place to start a dialogue, versus thinking there is a ready-made solution.
I’m very lucky to get to volunteer with these very smart people, and I can’t wait to see what we develop on improving the consideration of risk, this time with the focus on M&A.
Compounding: Is it Coming of Age?
The WC managed care market has generally viewed the treatment method of Rx compounding through the lens of its negative impact to cost for treating chronic pain without examining fully the opportunity to utilize “best practice” prescription compounds to help combat the opioid epidemic this nation faces. IPS stands on the front lines of this opioid battle every day making a difference for its clients.
After a shaky start cost-wise, prescription drug compounding is turning the corner in managing chronic pain without the risk of opioid addiction. A push from forward-thinking states and workers’ compensation PBMs who have the networks and resources to manage it is helping, too.
Prescription drug compounding has been around for more than a decade, but after a rocky start (primarily in terms of cost), compounding is finally coming into its own as an effective chronic pain management strategy – and a worthy alternative for costly and dangerous opioids – in workers’ compensation.
According to Greg Todd, CEO and founder of Integrated Prescription Solutions Inc. (IPS), a Costa Mesa, Calif.-based pharmacy benefit manager (PBM) for the workers’ compensation and disability market, one reason compounding is beginning to hit its stride is because some states have enacted laws to manage it more effectively. Another is PBMs like IPS have stepped up and are now managing compound drugs in a much more proactive manner from an oversight perspective.
By definition, compounding is a practice through which a licensed pharmacist or physician (or, in the case of an outsourcing facility, a person under the supervision of a licensed pharmacist) combines, mixes, or alters ingredients of a drug to create a medication tailored to the needs of an individual patient.
During that decade, Todd explains, opioids have filled the chronic pain management needs gap, bringing with them an enormous amount of problems as the ensuing addiction epidemic sweeping the nation resulted in the proliferation and over-consumption of opioids – at a staggering cost to both the bottom line and society at large.
As an alternative, compounded topical cream formulations also offer strong chronic pain management but have limited side effects and require much reduced dosage amounts to achieve effective tissue level penetration. In fact, they have a very low systemic absorption rate.
Bottom line, compounding provides prescribers with an excellent alternative treatment modality for chronic pain patients, both early and late stage, Todd says.
Time for Compounding Consideration
That scenario sets up the perfect argument for compounding, because for one thing, doctors are seeking a new solution, with all the pressure and scrutiny they’re receiving when trying to solve people’s chronic pain problems using opioids.
Todd explains the best news about neuropathic pain treatment using compounded topical analgesic creams is the results are outstanding, both in terms of patient satisfaction in VAS pain reduction but also in reduction potentially dangerous side effects of opioids.
The main issue with some of the early topical creams created via compounding was their high costs. In the early years, compounding, which does not require FDA approval, had little oversight or controls in place. But in the past few years, the workers compensation industry began to take notice of the solid science. At the same time, medical providers also were seeing the same science and began writing more prescriptions for compounding – which also offers them a revenue stream.
This is where oversight and rigor on the part of a PBM can make a difference, Todd says.
“You don’t let that compounded drug get dispensed when you’re going to pay for it without having a chance to approve it,” Todd says.
Education is Critical
At the same time, there is the growing, and genuine, need to start educating the doctors, helping them understand how they can really deliver quality pain management to a patient without gouging the system. A good compounding specialty pharmacy network offering tight, strict rules is fundamental, Todd says. And that means one that really reaches out to work with the doctors that are writing the prescriptions. The idea is to ensure that the active ingredients being chosen aren’t the most expensive sub-components because that unnecessarily will drive the cost of overall compound “through the ceiling.”
IPS has been able to mitigate costs in the last couple years just by having good common sense approach and a lot of physician outreach. Working with DermaTran Health Solutions and its national network of compounding pharmacies, IPS has been successfully impacting the cost while not reducing the effectiveness of a compounded prescription.
In Colorado, which has cracked down on compounding profiteering, Legislative change demanded no compound could be more than $350.00 period. What is notable, in an 18-month window for one client in Colorado, IPS had 38 compound prescriptions come through the door and each had between 4 and 7 active ingredients. Through its physician education efforts, IPS brought all 38 prescriptions down 3 active ingredients or less. IPS also helped patients achieve therapeutic success (and with medical community acceptance). In that case, the cost of compound prescriptions was down to an average of $350, versus the industry average of $788. Nationwide IPS has reduced the average cost of a compound prescription to $478.00.
Todd says. “We’ve still got a way to go, but we’ve made amazing progress in just the past couple of years on the cost and effective use of compound prescriptions.”
For more information on how you can better manage your costs for compound prescriptions, please call IPS at 866-846-9279.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with IPS. The editorial staff of Risk & Insurance had no role in its preparation.