Black Swan Events; Blessing or Curse?

COVID-19 has had an impact on businesses in every sector. For the insurance sector, this means that it can expect to see a dramatic increase in claims, be it health insurance, life insurance, or non-life insurance-related. The insurance industry needs to determine what strategies and technologies exist that can assist them in dealing with the consequences of the pandemic [1].

COVID-19 caught the sector off-guard however it was not the first black-swan event to hit the industry; another event similar in terms of its global impact was the 2008 financial crisis. When an event is said to be a black swan event (the term was coined by Nassim Taleb, statistician, risk analyst, and trader), it is a highly visible, rare event that has not been experienced before in a certain setting which has major implications on history [2]. During the financial crisis, banking and insurance businesses suffered greatly from such a phenomenon [3]. The severity of the situation was part of the reason that the 2008 crisis led to the re-design of payment systems and processes and set the stage for disruptive industry forces such as fintech firms. Now, 12 years later COVID-19 will likely lead to another redesign within the insurance industry. This redesign will force insurance to shift even further from physical to digital channels and products by using end-to-end automation and AI optimization of business processes [4]. However, a black swan event can also offer opportunities: the increase in uncertainty caused by a black-swan event might be turned into a benefit from an increase in demand for insurance against future black-swan events. Whether this is a feasible market opportunity will depend greatly on the risk appetite of individual insurers as well as their liquidity, which might be under stress because of an increase in COVID-19 related policy payouts to customers.

In this article, we will compare the pre-COVID-19 situation and post-COVID-19 situation from three perspectives: the division in power between high-level IT and high-level Business in the insurance firm, the effects on (digital) processes, and the effects on cybersecurity, but first, we will further examine the insurance sector.

COVID-19 the Insurance Sector

With the rapid spread of COVID-19 worldwide, one of the most pressing challenges facing the insurance business is how to achieve a large-scale transition to remote work [4]. According to Deloitte [5], the insurance industry is generally well prepared to deal with events that cause damage on a global scale including pandemics. However, in the case of the COVID-19 outbreak, it will take some time for the true extent of the damage to have fully materialized and understood. Zooming in on the Dutch insurance sector we can see that the COVID-19 has increased the sense of urgency experienced by insurance firms to increase spending in data analytics and IT that further enables the automation of business processes such as the handling of claims [6]. Automation will allow human capital to be allocated more towards customer relations, which means that despite not being able to physically interact with customers. Insurers will be able to offer a more personal approach to their customers which could lead to higher levels of customer satisfaction.

When the smoke has cleared it will be interesting to see to what extent the Dutch insurance industry landscape has changed. Before COVID-19 the top four insurance firms operating within the Dutch insurance industry in terms of market share were Achmea, VGZ, CZ, and Menzis [7]. This has already changed, although it is not yet clear to what extent COVID-19 can be held responsible for these changes in market share.

For both the Dutch insurance industry as well as the global insurance industry, the effects experienced by firms will vary and depend on how ‘pandemic proof’ their business was before the virus hit. While much is still unknown about the long-term impact of COVID-19 on the insurance industry some effects can already be identified. For example:

  • Interest rates may put pressure on the balance sheets of insurance firms and the profitability of life insurance products [5]. According to the European Insurance and Occupational Pensions Authority [8], with the current uncertainties (duration of lockdown and economic recovery), interest rates will remain low, this will lead to more uncertainty, and insurers will be less inclined to take risks.
  • Delay in reporting insurance claims to insurers, their assessment, and payment [5]. According to Bryan Cave Leighton Paisner [9], the Insurance Act of the U.S. states that the insurer must pay the amounts owed on the claim within a reasonable time. Insurance firms can be taken to court if they do not pay on time and can be held liable for damages that occur while the claim has not been paid. 
  • Insurance firms with a higher level of risk diversification will be better protected against losses resulting from COVID-19, it will also have lower economic and capital needs and can therefore offer lower prices to customers. By offering lower prices, new clients will be more likely to use its services [10].

Consequences for IT and Business 

Most, if not all, insurance firms operating in the Netherlands were already well on their way to becoming de facto digital entities [11]. The reasons for this were that the insurance industry recognized early on the potential digital technologies held and how these technologies could help create value and increase competitiveness [12]. However, insurers did not view themselves as digital firms yet, despite being confronted by a variety of disruptive forces ranging from changing customer needs and expectations to insurtech start-ups [13]. Before COVID-19, traditional insurance firms viewed themselves fundamentally different from insurtech firms [14].

As mentioned earlier, insurance firms face two major immediate challenges due to the pandemic. The first being a potential liquidity crisis due to COVID-19 related payouts to customers, the second being an increased demand for digital services on the business side. The dilemma faced by the average insurance firm is, therefore: “do they invest in IT or do they postpone IT-investments and create a financial buffer to mitigate the risks associated with a liquidity crisis?” [15] [16] [17].

We distinguish three scenarios: the first is a liquidity crisis that is so serious that it threatens the existence of the firm. The second scenario takes place when liquidity is in check and customer service is going to be overcharged and a focus is going to need to be on those processes. The last scenario is the most favorable: the firm does not need to worry about liquidity or the capacity of customer service, so it will be able to extend its competitive advantage. Below, we will elaborate on the division in strategic power between the Business (CEO/COO/CCO) and IT (CIO/CTO/CDO).

Consequences of scenario 1: liquidity

In case of a liquidity crisis, all focus needs to be on keeping the firm away from bankruptcy; therefore, the business management level will need to have all the power in a firm. There is likely more knowledge about the market at the side of the business, which ensures a better strategic positioning. Also, with one party in power, faster decision-making can be expected. This will reduce costs and increase agility.

Consequences of scenario 2: customer service

If there is no liquidity risk and the focus needs to be on the customer, insurance firms will need to divert resources in the business towards customer-oriented services. Because insurance firms are digitized to a large extent, IT will need to support the business in the IT Architecture, IT Infrastructure Strategies, and Business Applications. However, the Business needs to set the direction of the IT department in the form of IT Principles.

Consequences of scenario 3: extend competitive advantage

When an insurance firm does not foresee any liquidity issues and trusts its ability to respond to the increased demand due to the COVID-19 pandemic, the firm should leverage its relatively strong starting position to further increase its competitive advantage. This means that the business strategy and IT strategy will be used as input for the IT principles section of the governance matrix and that the IT leadership will be able to decide on IT architecture and IT infrastructure strategies. Of course, this is the most favorable scenario; where others are fighting to stay alive, your firm can expand its strategic capabilities.

Consequences on Digital Processes

As has been stated before, COVID-19 does not solely lead to threats; also, opportunities can be distinguished. Potential clients might wish to insure themselves not only against COVID-19 but also other unforeseen consequences. These opportunities and threats have an impact on the internal processes of insurance firms. Most changes will be related to a greater focus on IT capabilities that enable smooth business operations, such as working from home and a digital customer experience. Remoteness both for employees as well as customers will determine the change in processes necessary for the insurance firm to thrive in the ‘new normal’, next to end-to-end automation and optimization of processes [1].

In the pre-COVID-19 situation, the insurance application process was still extensively reliant on paper-based activities as well as face-to-face contact with their customers for handling claims and premiums [18]. Selling products was done by simple cross-selling and upsetting approaches [19] and these products were not standardized, meaning they were not catered to the needs of the individual customer [4]. Yet, post-COVID19, more intensive use of Data Analytics can enable insurers’ greater predictive capabilities which are aimed at matching products to customers based on geographic and demographic attributes. Secondly, analytics “listen” to customer input, recognize patterns that can be used to identify opportunities, and help calculate the correct premium based on more accurate risk profiles [4] [19]. Through Artificial Intelligence and Intelligent Automation with the use of Data Analytics and IoT, insurance firms can streamline and enhance their processes in areas such as pricing and underwriting. For pricing, a more dynamic and real-time behavioral model can be created to more accurately calculate premiums for specific customers. Moreover, underwriting accuracy is also scaled up due to speeding up the data collection and risk assessment through newly embedded technologies [1].

Many issues with the upscaling of new technologies had to do with the sharing of information, which is a key process for many technologies, yet much reluctance in sharing information is found with customers. Since COVID-19 there are signs that this behavior has started to change [4]. For instance, consider Australia, where 2 million Australians signed up for the government’s tracking app, COVID Safe, within 48 hours after it was launched [20]. Important to note here, is that in general Australians are quite reluctant to share their personal information on such a type of application [20]. The Netherlands and Australia have a similar attitude towards sharing data, a survey done by GfK shows [21]. Taking this into account, COVID-19 can create great possibilities for more sharing of information in the insurance industry in the Netherlands.

Consequences for Cybersecurity

COVID-19 has been a catalyst for increased cybersecurity risk. The switch of customers increasingly using online services and employees working remotely created a greater attraction for hackers [22]. Also, insurance firms are a potential target for cyber attackers, as they possess a large amount of confidential information about policyholders [23]. Therefore, cybersecurity needs to be an important part of the digital transformation process undertaken by insurance firms.

In order to understand the importance of cybersecurity during digital transformation, we have summarized some cyber threats which insurance firms are increasingly dealing with due to COVID-19.

  • Risk 1: attacks via email. These attacks will typically direct the user to visit a website where they are asked to update personal information, such as password, credit card, social security, or bank account numbers, that the legitimate organization already has [8]. Also, there are email schemes that target recipients to conduct wire transfers, typically through the impersonation the CEO, CFO, or other senior managers of the organization. This type of attack has increased by 600% during COVID-19 [24].
  • Risk 2: malware infection. This is a type of malicious software that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid [8]. Ransomware is one of the most common cybersecurity threats. During COVID-19 the risk of a successful ransomware attack has increased significantly (150%) [25]. This is due to weaker controls on home IT and a higher likelihood of users clicking on such emails due to an increased level of anxiety [4].
  • Risk 3: data exfiltration. The loss of confidential data from firms to unauthorized people that breaches the privacy of their customers, employees, clients, or counterparties [8]. Now that a lot of business processes are becoming more digital including those of insurers [1], the increase in cybersecurity incidents and more specifically Data Exfiltration, has increased significantly due to COVID-19 [26].
  • Risk 4: DDOS – Distributed Denial of Services. Type of attack where multiple compromised systems, which are often infected with a Trojan, ‘any malware which misleads users of its true intent’, are used to target a single system causing a Denial of Services attack. [8]. In the last couple of years, the Russian cybersecurity vendor Kaspersky noted that there was a decline in DDOS attacks . However, since COVID-19, the amount of detected DDOS attacks has increased again by 30% from the first to the second quarter [27]. According to Kaspersky [27], they have detected and blocked 217% more in the third quarter of 2020 in comparison to the same period a year ago.

To conclude, this article firstly discussed the current landscape of the insurance industry. Then, the effects of COVID-19 on the business were explained. Through effective IT and Business Governance, three scenarios were hypothesized. Thirdly, potential benefits of black swan events, such as COVID-19, were distinguished. The increased use of data analytics can lead to better catering of products to answer to client demand more effectively. Through AI and Intelligent Automation, underwriting and pricing processes might be enhanced. Finally, cyber security was discussed. During COVID-19, the amount of attacks has increased; therefore, some cyber risks were documented.


[1] KPMG: COVID-19: customer and digitization in insurance. (2020). Retrieved 1 October 2020, from 

[2] Nafday, A., (2020). Strategies for Managing the Consequences of Black Swan Events. Leadership and Management in Engineering. Retrieved 9 October 2020, from

[3] Schich, S. (2009). Insurance Companies and the Financial Crisis. OECD Journal: Financial Market Trends. Vol 2009-2. Issue 2. Retrieved 5 October 2020, from  

[4] KPMG: COVID-19 puts insurers on the fast-track to technology adoption. (2020). Retrieved 1 October 2020, from 

[5] Deloitte. Insurance – Cyber Executive Briefing | Deloitte | Analysis. (2020). Retrieved 2 October 2020, from 

[6] Accenture: Digital capabilities for insurance customers. (2020). Retrieved 2 October 2020, from 

[7] Vektis (2019). Zorgthermometer: verzekerden in beeld 2019. (2019). Retrieved 20 September 2020, from

[8] European Insurance and Occupational Pensions Authority (2019). Cyber Risk for Insurers – Challenges and Opportunities. | EIOPA. Retrieved 2 October 2020, from 

[9] Bryan Cave Leighton Paisner – Does “late payment” of Covid-19 BI claims create additional exposure for insurers and reinsurers?. (2020). Retrieved 8 October 2020, from

[10] OECD (2020) Responding to the COVID-19 and pandemic protection gap in insurance. (2020).  | Organisation for Economic Co-operation and Development | Retrieved 8 October 2020, from 

[11] Boston Consulting Group, perspectives in insurance. (2015). Retrieved 22 September 2020, from

[12] Eling, Martin & Lehmann, Martin. (2018). The Impact of Digitalization on the Insurance Value Chain and the Insurability of Risks. Geneva Papers on Risk and Insurance – Issues and Practice. 43. 359-396.

[13] Deloitte, Sam Friedman: insurtechs are disrupting the insurance industry. (2017). retrieved 26 September 2020, from 

[14] McKinsey, Catlin, Tanguy & Lorenz, Johannes-Tobias. (2017). Insurtech the threat that inspires. Retrieved 28 September 2020, from 

[15] Bainbridge, R. (2020). China records increase in demand for insurance among women during Covid-19. Retrieved 8 October 2020, from

[16] Chakrabarty, A. (2020). Insurance Trends During Covid-19: Health in high demand, Motor lags. Retrieved 10 October 2020,  from

[17] Hay, L. (2020). COVID-19: could liquidity challenges be on the way for insurers? Retrieved 11 October 2020, from

[18] Information Age (2020). Digitization accelerated by Covid-19 will change the insurance industry. Retrieved 1 October 2020, from 

[19] EY insurance (2017). Digital transformation in insurance. Retrieved 1 October 2020, from 

[20] Regan, H. (2020). 2 million Australians have downloaded a coronavirus contact tracing app. Retrieved 1 October 2020, from 

[21] GfK (2017). Global GfK survey; willingness to share personal data in exchange for benefits or rewards. | GfK. Retrieved on 9 October 2020, from 

[22] Mitic, I. (2020). Everything You Need to Know about Online Banking: Statistics & Facts | Fortunly. Retrieved 7 October 2020, from 

[23] Jones, T. (2016). Digital transformation exposes insurers to greater cyber-security risks – Accenture Insurance Blog. Retrieved 2 October 2020, from

[24] Enisa (2020) Understanding and dealing with phishing during the covid-19 pandemic. Retrieved 7 October 2020, from 

[25] Bradshaw, S. (2020). Data breaches during COVID-19: Insights and best practice tips from the OAIC | Clayton Utz. Retrieved 7 October 2020, from

[26] PwC, (2020). Why has there been an increase in Cyber Security Incidents during COVID-19. | PWC UK Cyber Threat Intelligence. Retrieved on 9 October 2020, from 

[27] Kaspersky, (2020) “DDoS attacks in Q2 2020”. Retrieved 7 October 2020, from 

Artikel door Tim van den Berg; Georgette Doekes; Des Spreeuwenberg; Hugo Bolcini; Roza Amin