Ransomware attacks are not a new phenomenon, but their effectiveness has increased causing far reaching consequences that are not fully understood. The ability to disrupt core services, the global reach, extended duration, and the repetition of these attacks has increased their ability to harm an organization.
One aspect that needs to be understood better is the effect on the consumer. The consumer in the current environment, is exposed to new technologies that they are considering to adopt, but they also have strong habits of using existing systems. Their habits have developed over time, with their trust increasing in the organization in contact directly, and the institutions supporting it. The consumer now shares a significant amount of personal information with the systems they have a habit of using. These repeated positive experiences create an inertia that is hard for the consumer to move out of. This research explores whether the global, extended, and repeated ransomware attacks reduce the trust and inertia sufficiently to change long held habits in using information systems. The model developed captures the cumulative effect of this form of attack and evaluates if it is sufficiently harmful to overcome the e-loyalty and inertia built over time.
Figure 1. The steps of a typical ransomware attack
This research combines studies on inertia and resistance to switching systems with a more comprehensive set of variables that cover the current e-commerce status quo. Personal information disclosure is included along with inertia and trust as it is now integral to e-commerce functioning effectively.
As you can see in the figure the model covers the 7 factors that influence the consumer’s decision to stop using an organization’s system because of a ransomware attack. The factors are in two groups. The first group is the ransomware attack that includes the (1) ransomware attack effect, (2) duration and (3) repetition. The second group is the E-commerce environment status quo which includes (4) inertia, (5) institutional trust, (6) organizational trust and (7) information privacy.
Figure 2. Research model: The impact of ransomware attacks on the consumer’s intentions
The implications of this research are both theoretic and practical. The theoretic contribution is highlighting the importance of this issue to Information Systems and business theory. This is not just a computer science and cybersecurity issue. We also linked the ransomware literature to user inertia in the model.
There are three practical implications: Firstly, by understanding the impact on the consumer better we can develop a better strategy to reduce the effectiveness of ransomware attacks. Secondly, processes can be created to manage such disasters as they are happening and maintain a positive relationship with the consumer. Lastly, the organizations can develop a buffer of goodwill and e-loyalty that would absorb the negative impact on the consumer from an attack and stop them reaching the point where they decide to switch system.
Zarifis A., Cheng X., Jayawickrama U. & Corsi S. (2022) ‘Can Global, Extended and Repeated Ransomware Attacks Overcome the User’s Status Quo Bias and Cause a Switch of System?’, International Journal of Information Systems in the Service Sector (IJISSS), vol.14, iss.1, pp.1-16. Available from (open access): https://doi.org/10.4018/IJISSS.289219
Zarifis A. & Cheng X. (2018) ‘The Impact of Extended Global Ransomware Attacks on Trust: How the Attacker’s Competence and Institutional Trust Influence the Decision to Pay’, Proceedings of the Americas Conference on Information Systems (AMCIS), pp.2-11. Available from: https://aisel.aisnet.org/amcis2018/Security/Presentations/31/
The capabilities of Artificial Intelligence are increasing dramatically, and it is disrupting insurance and healthcare. In insurance AI is used to detect fraudulent claims and natural language processing is used by chatbots to interact with the consumer. In healthcare it is used to make a diagnosis and plan what the treatment should be. The consumer is benefiting from customized health insurance offers and real-time adaptation of fees. Currently the interface between the consumer purchasing health insurance and AI raises some barriers such as insufficient trust and privacy concerns.
Consumers are not passive to the increasing role of AI. Many consumers have beliefs on what this technology should do. Furthermore, regulation is moving toward making it necessary for the use of AI to be explicitly revealed to the consumer (European Commission 2019). Therefore, the consumer is an important stakeholder and their perspective should be understood and incorporated into future AI solutions in health insurance.
Recent research at Loughborough University (Zarifis et al. 2020), identified two scenarios, one with limited AI that is not in the interface, whose presence is not explicitly revealed to the consumer and a second scenario where there is an AI interface and AI evaluation, and this is explicitly revealed to the consumer. The findings show that trust is lower when AI is used in the interactions and is visible to the consumer. Privacy concerns were also higher when the AI was visible, but the difference was smaller. The implications for practice are related to how the reduced trust and increased privacy concern with visible AI are mitigated.
Mitigate the lower trust with explicit AI
The causes are the reduced transparency and explainability. A statement at the start of the consumer journey about the role AI will play and how it works will increase transparency and reinforce trust. Secondly, the importance of trust increases as the perceived risk increases. Therefore, the risks should be reduced. Thirdly, it should be illustrated that the increased use of AI does not reduce the inherent humanness. For example, it can be shown how humans train AI and how AI adopts human values.
Mitigate the higher privacy concerns with explicit AI
The consumer is concerned about how AI will utilize their financial, health and other personal information. Health insurance providers offer privacy assurances and privacy seals, but these do not explicitly refer to the role of AI. Assurances can be provided about how AI will use, share and securely store the information. These assurances can include some explanation of the role of AI and cover confidentiality, secrecy and anonymity. For example, while the consumer’s information may be used to train machine learning it can be made clear that it will be anonymized first. The consumer’s perceived privacy risk can be mitigated by making the regulation that protects them clear.
European-Commission (2019). ‘Ethics Guidelines for Trustworthy AI.’ Available from: https://ec.europa.eu/digital
Zarifis A., Kawalek P. & Azadegan A. (2020). ‘Evaluating if Trust and Personal Information Privacy Concerns are Barriers to Using Health Insurance that Explicitly Utilizes AI’, Journal of Internet Commerce, pp.1-19, Available from (open access): https://doi.org/10.1080/15332861.2020.1832817
This article was first published on TrustUpdate.com: https://www.trustupdate.com/news/are-trust-and-privacy-concerns-barriers-to-using-health-insurance-that-explicitly-utilizes-ai/
Trust is necessary whenever there is risk. This means it is more important in some contexts than others. While trust has been researched for many decades, it became a more prominent concern with the introduction and expansion of the Internet. The loss of face to face interaction raised the perceived risk and the importance of trust. Once solutions were found, to reduce the risk and build trust, this became a smaller challenge.
Insurtech is another phenomenon where concern about trust is increasingly important so trust must be explored. Indeed, trust emerges as a problem whenever there is a new widely-adopted technology, like blockchain, 5G or AI. For example, chatbots or virtual assistants that utilize AI are widely used to interact with the person purchasing insurance or making a claim (Zarifis et al. 2020). From the consumer’s perspective there are some concerns. It is unclear if they are trusted and how many interactions with the consumer they can replace.
In this blog I outline the possible constituent factors to support trust in Insurtech. I start with the psychology and sociology of trust, then discuss trust in other areas and trust in AI and data technologies. I then draw these issues together to propose a model of trust in Insurtech.
2) The psychology and sociology of trust
There is literature on trust in many different areas such as business, collaboration and education, but the foundations are usually psychology and sociology. Each specific context such as business or more specifically Insurtech bring with them some idiosyncratic twists on the common themes from psychology and sociology.
Each person has a different physiology and experiences that shape their psychological disposition. Therefore, many models of trust start with this variable (McKnight et al. 2002). In most cases, creating a general model of trust that ignores the different individual disposition is hard to support with the data. Having personally tried to explore and validate models of trust I can confirm that it is usually hard to take this variable out and still have a model that is supported by the data. To put it simply, on the one extreme some people’s default approach is to trust while on the other extreme some people’s default is to mistrust. Most of us are somewhere in the middle. Across various contexts, the psychology of trust is similar as it does not come from the context but from the individual. In other words, someone inclined to trust is this way across several contexts.
The sociological factors influencing trust are not as consistent as the psychological ones because they are influenced by the context to some degree. They are however often similar across similar contexts. These factors can come from the broader society or more specific subsets of society more closely related to the specific context. While we are distinguishing between the psychology and sociology of trust, it is important to clarify that these two shape each other over time and this interaction depends on the specific instance of an interaction.
3) Trust in other areas
One prominent model of trust in e-commerce, widely considered to be the seminal paper bringing trust theory into e-commerce and information systems, showed how dispositions to trust combined with contextual factors created trust (McKnight et al. 2002). Once trust was brought into e-commerce and information systems it has been adapted to several contexts, so that it captures the consumer’s perspective accurately. My more recent research on trust has identified that in a multichannel retail environment including physical stores, 2D websites and 3D websites, trust can be built and transferred between channels (Zarifis 2019). Trust in blockchain based transactions like Bitcoin were found to combine those from e-commerce with some specific characteristics of this technology such as the digital currency, the intermediary and the level of regulation and self-regulation (Zarifis et al. 2014).
The examples we have seen so far involve a payment which puts a monetary value at risk. Trust is also necessary in other contexts however where there is no monetary value involved. For example in online collaboration it evolves over several stages and the interaction can be shaped with specific activities to reinforce it (Cheng et al. 2013). Another example where trust is important despite no monetary value being exchange is education. For example in virtual and semi-virtual teams, non-homogenous groups need to be supported more so that they can build and sustain a stable trust (Cheng et al. 2016).
4) Trust in AI and data technologies
Figure 1. The 3 levels of visibility of technologies from the consumer’s perspective
The introduction outlined why trust in Insurtech is important and how trust evolves. However, the consumer engaging in Insurtech already has some experience and beliefs in its constituent technologies. As we have seen in the second section the consumer’s trust evolves depending on what technologies they interact with. For example, while purchasing insurance online with a chatbot may be a new experience, they may have interacted with chatbots before. Someone who uses a virtual assistant in their home and experiences the interaction, and how their data is used, will have some beliefs on this issue. While AI dominates the headlines other data technologies are also important. Each technology raises different issues. For example, blockchain technologies were designed to build trust but there are people that distrust them more than the existing alternatives. For some, blockchain technologies and a decentralized ledger reduce risk, while for others a traditional database controlled by one organisation is less risky.
Therefore, we must understand the consumer’s perspective on the constituent technologies of Insurtech. Unfortunately, this is made harder by the different visibility of each of these technologies. Some are fully visible, like a chatbot, others are not visible, but consumers know they are there, and others are mostly unknown to the consumer. The three levels of visibility are illustrated in figure 1. The technologies that are visible to the consumer and understood by them, can be seen as the ‘tip of the iceberg’ of what is actually used in the process of purchasing insurance or making a claim.
5) Trust in Insurtech
Figure 2. A model of trust in Insurtech
The role of technology in insurance is increasing and this is reflected in the increasing popularity of the term Insurtech. This term only emerged recently but it is now widely used in the insurance and technology sectors. AI driven automation, utilizing additional technologies such as big data, Internet of Things (IoT), blockchain and 5G is making the role of technology even more central than it was before. What is trust in Insurtech and is it different to other forms of trust? The first step to answering this question is to attempt to identify its constituent parts. My starting point is that Insurtech is formed by (1) Individuals psychological disposition to trust, (2) Sociological factors influencing trust, (3) Trust in the insurer and (4) Trust in the related technologies (e.g. AI). This relationship is illustrated in figure 2. Further research is needed to empirically test and validate this model. It must also be explored if additional factors like law and regulation act like separate variables or moderate these relationships. The long journey of insurers, their consumers and AI has just started and trust in each other is needed for it to be harmonious.
Cheng X, Fu S, Sun J, et al (2016) Investigating individual trust in semi-virtual collaboration of multicultural and unicultural teams. Comput Human Behav 62:267–276. doi: 10.1016/j.chb.2016.03.093
Cheng X, Macaulay L, Zarifis A (2013) Modeling individual trust development in computer mediated collaboration: A comparison of approaches. Comput Human Behav 29:1733–1741.
McKnight H, Choudhury V, Kacmar C (2002) Developing and Validating Trust Measures for e-Commerce: An Integrative Typology. Inf Syst Res 13:334–359.
Zarifis A (2019) The Six Relative Advantages in Multichannel Retail for Three-Dimensional Virtual Worlds and Two-Dimensional Websites. In: Proceedings of the 11th ACM Conference on Web Science, WebSci 2019. Boston, MA, pp 363–372
Zarifis A, Efthymiou L, Cheng X, Demetriou S (2014) Consumer trust in digital currency enabled transactions. Lect Notes Bus Inf Process 183:241–254. doi: 10.1007/978-3-319-11460-6_21
Zarifis A, Kawalek P, Azadegan A (2020) Evaluating If Trust and Personal Information Privacy Concerns Are Barriers to Using Health Insurance That Explicitly Utilizes AI. J Internet Commer. doi: 10.1080/15332861.2020.1832817