The subject matter disclosed herein relates to computer systems and data communication systems. More particularly, the subject matter disclosed herein related to the electronic storage, communication, processing, and display of data related to business insurance and other insurance products.
With the increasing necessity to share information among multiple users in multiple locations the increase in formats in which the information can be distributed, organizations storing confidential data are subject to increasing threats placing the data at risk. When creating a corporate infrastructure to store confidential data, a company must consider threats ranging from internal hacks, external hacks, inadvertent disclosure, software malfunction, as well as potential risks from storing information on a third party network.
There are currently a number of federal and state regulations requiring a minimum level of protection for confidential user data. For example, the Health Insurance Portability and Accountability Act (HIPAA) establishes rules and regulations concerning individual's health information. Other regulations exist for an individual's credit information, school records etc.
An insurance underwriter must evaluate the risk associated with the storage of confidential personal data and determine whether to offer coverage to a potential client and to then determine the premium for such coverage. Current models for underwriting a breach of confidential personal data records are almost exclusively based on a company's revenue. However, this does not accurately assess the risks involved. Accordingly, methods and apparatus are required for analyzing privacy breach risk.
A system for the processing and display of information related to analyzing privacy breach data risk. The system may include a memory device configured to store a determined risk associated with the storage of confidential personal data, wherein the risk is based on at least the number of records stored by a business. The system may include a processor, operably coupled to the memory device, configured to generate a plurality of underwriting questions, the questions including information concerning total revenue of the business. The system may include a receiver configured to receive a response to the plurality of underwriting questions from the user device and to store the response to the plurality of underwriting questions in the memory device. The processor may further be configured to determine an estimated exposure based at least in part on the determined risk and the response to the plurality of underwriting questions. The processor may further be configured to determine, based on the estimated exposure and the response to the at least one underwriting question, at least one insurance product and at least one coverage option applicable to the business. And the system may include a transmitter configured to transmit information associated with the at least one insurance product to the user device.
A more detailed understanding may be had from the following description, given by way of example in conjunction with the accompanying drawings wherein:
The web site system 120 may include a HyperText Transfer Protocol (HTTP) server module 123, a Content Management System (CMS) 126, a product quoting/binding module 122, a web site database 128, a results module 124, and a risk analysis module 125. The HTTP server module 123 may implement the HTTP protocol, and may communicate HyperText Markup Language (HTML) pages and related data from the web site to/from the client device 110 using HTTP. The HTTP server module 123 may be, for example, an Apache HTTP server, a Sun-ONE Web Server, a Microsoft Internet Information Services (IIS) server, and/or may be based on any other appropriate HTTP server technology.
The web site database 128 may store information that describes and provides the content of the web site. The web site database 128 may be a relational database, a hierarchical database, an object-oriented database, one or more flat files, one or more spreadsheets, and/or one or more structured files. The web site database 128 may be managed by a database management system (not depicted) in the web site system 120, which may be based on a technology such as Microsoft SQL Server, MySQL, PostgreSQL, Oracle Relational Database Management System (RDBMS), a NoSQL database technology, and/or any other appropriate technology. In addition to the page that includes one or more questions that solicit information regarding the user's business, the web site may include one or more Electronic Books (E-Books) that provide information related to the business insurance products offered by the insurance company. Information describing the web pages and the E-Books that constitute the web site may be stored in the web site database 128.
The CMS 126 may be used by administrators of the web site to manage the content of the web site stored in the web site database 128. The CMS 126 may change the content of the web site by adding, deleting, or modifying data in the web site database 128 via the database management system. The CMS 126 may be, for example, a Fatwire system, a Drupal system, a Joomla system, an IBM Lotus Web Content Management system, and/or may be based on any other appropriate CMS technology.
The quoting/binding module 122 may be or include one or more web applications that, in conjunction with the HTTP server module 123, the CMS 126, and/or the policy management system 104, may be used to provide one or more web pages to the client device 110 that provide risk analysis estimates and a price quote for an insurance product offered by the insurance company. Alternatively or additionally, the one or more web applications, in conjunction with the HTTP server module 123, the CMS 126, the risk analysis module 125, and/or the policy management system 104, may be used to enter the user of the client device 110 into a binding agreement for the purchase of an insurance product via the web site.
As described above, the web site system 120 may transmit web pages to the client device 110 that may include one or more questions that solicit information regarding the user's business. This may be performed by, for example, the HTTP server module 123 in conjunction with the CMS 126 and/or the web site database 128. Also as described above, the user may provide information that is responsive to the questions, which may then be transmitted to the web site system 120 by the client device 110. The information may be received via the HTTP server module 123, which may then provide the information to the results module 124 and/or the risk analysis module 125. The results module 124 may determine results information to send back to the client device 110, based on the information that is responsive to the questions. This may include, for example, determining which products are applicable to the user's business, and/or how information related to the applicable products should be displayed. The results module 124, in conjunction with the HTTP server module 123 and/or the CMS 126, may then transmit information back to the client device 110 related to the products that have been determined by the results module 124 as applicable to the user's business. The risk analysis module 125 may determine exposure/liability related to a data breach and send it back to the client device 110, based on the information that is responsive to the questions. This may include, for example, determining, recommended actions under federal regulatory requirements, under trade organization requirements, under state regulatory requirements, under custom contractual requirements. The risk analysis module 125 may also estimate costs for total liability, costs that are insurable, and fines that may be assessed.
The web site system 120 may also include one or more additional components or modules (not depicted), such as one or more load balancers, firewall devices, routers, switches, and devices that handle power backup and data redundancy.
The client device 110 may include a web browser module 112, which may communicate data related to the web site to/from the HTTP server module 123 in the web site system 120 via the one or more communication networks 102. The web browser module 112 may include and/or communicate with one or more sub-modules that perform functionality such as rendering HTML (including but not limited to HTML5), rendering raster and/or vector graphics, executing JavaScript, and/or rendering multimedia content. Alternatively or additionally, the web browser module 112 may implement Rich Internet Application (RIA) and/or multimedia technologies such as Adobe Flash, Microsoft Silverlight, and/or other technologies. The web browser module 112 may implement RIA and/or multimedia technologies using one or web browser plug-in modules (such as, for example, an Adobe Flash or Microsoft Silverlight plugin), and/or using one or more sub-modules within the web browser module 112 itself. The web browser module 112 may display data on one or more display devices (not depicted) that are included in or connected to the client device 110, such as a liquid crystal display (LCD) display or monitor. The client device 110 may receive input from the user of the client device 110 from input devices (not depicted) that are included in or connected to the client device 110, such as a keyboard, a mouse, or a touch screen, and provide data that indicates the input to the web browser module 112. The client device 110 may be, for example, a cellular phone, a laptop computer, a tablet computer, or any other appropriate computing device.
The policy management system 104 may perform functionality such as managing information related to one or more insurance products held by the insurance company. The policy management system 104 may include a product management database 106, which may store information that describe clients of the insurance company and the policies products provided to the clients by the insurance company. The website system 120 may also include the product management database 106. The product management database 106 may be a relational database, a hierarchical database, an object-oriented database, one or more flat files, one or more spreadsheets, and/or one or more structured files. The product management database 106 may be managed by a database management system (not depicted). When a client enters into an agreement for the purchase of a product with the insurance company, information related to the agreement may be added to the product management database 106. Alternatively or additionally, when a user of the client device 110 enters into an agreement for the purchase of a product via the quoting/binding module 122 in the web site system 120, the quoting/binding module 122 may communicate with the policy management system 104, and the product management database 106 may be updated accordingly.
The one or more communication networks 102 in the example architecture 100 may include one or more private Local Area Networks (LANs), and/or one or more public communication networks such as the Internet. The one or more communication networks 102 may be based on wired and/or wireless networking technologies.
The architecture 100 of
The user may access the database by communicating with the website system 120. The website system 120 transmits questions to the user, which are presented to the user via the web browser module 112, the questions relating to assessing a risk to a business to be insured for data breaches 202. The user may be an agent, accessing the website 120 via an agent device 111. Alternatively, the user may be a potential client, accessing the website 120 directly via a client device 110. Or the user may use a client device 110 to access an agent device 111 which is operably connected to the web site system 120.
The user inputs data, via the web browser module 112, that is responsive to questions related to risks associated with the electronic storage of confidential personal data. The input data from the responses are received by the website system 120 and stored at step 203.
Based on the received input data, the website system 120 then estimates liabilities for one or more data breaches based on the number or confidential personal data records stored 204. The potential liability for data breaches being determined by the system may further be based on at least two or more of: state regulations, fine assessments, historical breach data, and type of business.
The website system 120 then transmits industry and network security questions to the user 205. These questions may request information concerning the type of firewall, antivirus, encryption and other security measures implemented at the business. Additionally, the questions may include other security based questions. This information is used to generate actuarial data.
The website system 120 implements a software-based algorithm to determine whether to underwrite the business. And, to determine product options to present to the customer along with pricing 206.
The website system 120 then presents the product options and associated pricing to the user 207.
The user may enter additional input data after which the system may receive the additional input data that binds the user to one or more of the selected data breach related insurance coverages.
The web browser window 200 may include a control area 262 that includes a back button 260, forward button 262, address field 264, home button 266, and refresh button 268. The control area 262 may also include one or more additional control elements (not depicted). The user of the client device 110 may select the control elements 260, 262, 264, 266, 268 in the control area 262. The selection may be performed, for example, by the user clicking a mouse or providing input via keyboard, touch screen, and/or other type of input device. When one of the elements 260, 262, 264, 266, 268 is selected, the web browser module 112 may perform an action that corresponds to the selected element. For example, when the refresh button 268 is selected, the web browser module 112 may refresh the page currently viewed in the web browser window 200.
As shown in
As the user provides input into the input field 230, the web browser module 112 may store one or more data structures (“response data”) that reflect the selections made in the input fields 230 and 238. Further, as the selections are updated, the web browser module 112 may update the industries area 230 to indicate additional or more specific industry designations that may be associated match the selections. As an example, only twenty five (25) industries are listed, a business owner may select the radio button corresponding to “Other” which may generate a list of miscellaneous industries to be shown in the industries area 230. For example, the business owner may select a radio button associated with the communications industry in the industries area 230; the web browser module 112 may then update webpage 202 to request further information about the selected industry with additional radio buttons specific to the communications industry (e.g. cellular communications, landline communications, computer network communications etc.).
At any time, while viewing the webpage 202 of
Alternatively or additionally, if the user arrives at the web site managed by the web site system 120 via a search engine, the profiles displayed in the industry area 230 may be determined based on the search terms that were used to arrive at the web site. For example, if the user had used a search term that relates to a given industry, the industry area 230 may include a preselected radio button or a highlighted industry that relate to clients whose businesses are in the given industry.
At any time, while viewing the webpage 402 of
Referring now to
As shown in
At any time, while viewing the webpage 502 of
Referring now to
As shown in
While the embodiments above describe the determination of the estimated per-record liability as being performed by the risk analysis module 125, it may also be produced by a third party system and transmitted to the web site system 120.
At any time, while viewing the webpage 702 of
Referring now to
Based on the exposure information and the underwriting information, the risk analysis module 125 may then generate risk and liability data for the insurance company. The results module 124, in conjunction with the HTTP server module 123 and/or the CMS 126, may then generate information that describe a results web page, and send the information to web browser module 112 in the client device 110 using an HTTP response that is responsive to the receive HTTP GET or POST described above.
In addition to the question response data, the web browser module 112 may obtain data obtained directly from other modules (not depicted) in the client device 110, without input from the user of the client device 110. This may include, for example, location information that may be obtained from a Global Positioning System (GPS) module (not depicted) in the client device 110, and/or other data. This additional information may be transmitted by the web browser module 112 along with the question response data that is sent to the results module 124. The results module 124 may use this additional data in determining whether a product is available to a user, determining product relevance, and/or determining how the results web page that includes the information related to the products should appear.
When either of the radio buttons associated with the options in the options field 906 are selected, the web browser module 112 may generate one or more data structures that reflect the values indicated. The web browser module 112 may then transmit the data to the web site system 120. The results module 124 may then receive the data, and process the data in the same way that the results module 124 processes question response data, as described above. The web site system 120 may then transmit a new results page to the web browser module 112. The new results page may have a similar or identical format to the results web page 902 shown in
The user may calculate the premium using button 932. Alternatively the user may request an indication letter using button 934. The user may request a full application using button 936. Or, the user may request a binding quote using button 938. After receiving the binding quote, the user may submit a bid accepting the costs. If the user submits a bid accepting the costs, the web browser module 112 may interact with the quoting/binding module 122 and/or the policy management system 104, and enter into a binding agreement to purchase an insurance product from the insurance company. Information related to the user's business may be communicated to the quoting/binding module 122 and/or the policy management system 104, to facilitate obtaining the quote or the purchase of the insurance product. Alternatively or additionally, in response to a user input in one of the previous web pages, the web browser module 112 may navigate to a web page that has contact information (such as a phone number and/or email address) for an employee or agent of the insurance company. The user may then contact the employee/agent via phone and/or email, and initiate the purchase of a product from the insurance company. Alternative or additionally, in response to a user input, the web browser module 112 may navigate to a web page within the web site of the insurance company that provides more information related to the product that corresponds to the recommended products 706.
The memory device 1020 may be or include a device such as a Dynamic Random Access Memory (D-RAM), Static RAM (S-RAM), or other RAM or a flash memory. The storage device 716 may be or include a hard disk, a magneto-optical medium, an optical medium such as a CD-ROM, a digital versatile disk (DVDs), or Blu-Ray disc (BD), or other type of device for electronic data storage.
The communication interface 1022 may be, for example, a communications port, a wired transceiver, a wireless transceiver, and/or a network card. The communication interface 1022 may be capable of communicating using technologies such as Ethernet, fiber optics, microwave, xDSL (Digital Subscriber Line), Wireless Local Area Network (WLAN) technology, wireless cellular technology, and/or any other appropriate technology.
The input device interface 1012 may be an interface configured to receive input from an input device such as a keyboard, a mouse, a trackball, a touch screen, a touch pad, a stylus pad, and/or other device. The input device interface 1012 may operate using a technology such as Universal Serial Bus (USB), PS/2, Bluetooth, infrared, and/or other appropriate technology.
The display device interface 1014 may be an interface configured to communicate data to display device 1024. The display device 1024 may be, for example, a monitor or television display, a plasma display, a liquid crystal display (LCD), and/or a display based on a technology such as front or rear projection, light emitting diodes (LEDs), organic light-emitting diodes (OLEDs), or Digital Light Processing (DLP). The display device interface 1014 may operate using technology such as Video Graphics Array (VGA), Super VGA (S-VGA), Digital Visual Interface (DVI), High-Definition Multimedia Interface (HDMI), or other appropriate technology. The display device interface 1014 may communicate display data from the processor 1018 to the display device 1024 for display by the display device 1024. As shown in
An instance of the computing device 1010 of
Alternatively or additionally, an instance of the computing device 1010 may be configured to perform any feature or any combination of features described above as performed by the quoting/binding module 122, HTTP service module 124, CMS 126, and/or results module 124. In such an instance, the memory device 1020 and/or the storage device 1016 may store instructions which, when executed by the processor 1018, cause the processor 1018 to perform any feature or any combination of features described above as performed by the quoting/binding module 122, HTTP server module 123, CMS 126, results module 124, and/or the risk analysis module 125. In such an instance, the computing device 1010 may be a server computer or any other appropriate computing device.
Further, an instance of the computing device 1010 may be configured to perform any features or combination of features described above as performed by the policy management system 104. In such an instance, the memory device 1020 and/or the storage device 1016 may store instructions which, when executed by the processor 1018, cause the processor 1018 to perform any feature or any combination of features described above as performed by the policy management system 104. In such an instance, the computing device 1010 may be a server computer or any other appropriate computing device.
The touch screen 1124, as shown in
Although examples are provided above with reference to
Although the examples provided above with reference to
Although examples are provided above with respect to businesses, business owners, and business insurance product, the features describe above with reference to
When referred to herein, the term “computer-readable medium” broadly refers to and is not limited to a register, a cache memory, a ROM, a semiconductor memory device (such as a D-RAM, S-RAM, or other RAM), a magnetic medium such as a flash memory, a hard disk, a magneto-optical medium, an optical medium such as a CD-ROM, a DVDs, or BD, or other device for electronic data storage.
As used herein, the term “processor” broadly refers to and is not limited to a single- or multi-core general purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, one or more Application Specific Integrated Circuits (ASICs), one or more Field Programmable Gate Array (FPGA) circuits, any other type of integrated circuit (IC), a system-on-a-chip (SOC), and/or a state machine.
Although features and elements are described above in particular combinations, each feature or element can be used alone or in any combination with the other features and elements. For example, each feature or element described above with reference to any one or any combination of