How Autonomy Changes Everything
Vehicle telemetry data promises underwriters the ability to better quantify risk and use real-time alerts and feedback to promote safe driving. However, Usage Based Insurance (UBI) systems are still in their infancy, typically relying on a few simple inputs such as deceleration as a proxy for safe driving while largely ignoring context. Perhaps the driver braked aggressively to avoid an unsecured box that took flight from the bed of a pickup truck, or a child that ran into the road from behind a parked car. Obviously in these cases the driver should be rewarded rather than penalized. As more data are available (weather, road conditions, traffic density, vehicle position in lane, proximity of objects to the vehicle…) better models will be deployed and more accurate risk assessments made. Most of this data is already available on the vehicle data bus, but accessing it requires working with OEMs to create compelling value propositions for all parties.
Meanwhile the industry has moved beyond passive safety systems (airbags, impact protection beams and seatbelt pretensioners) by fitting active systems designed to avoid rather than survive collisions. These Advanced Driver Assistance Systems (ADAS) include adaptive cruise control, lane keeping assist and active braking, the have begun to transition vehicle control from drivers to algorithms. Moving to full autonomy is expected to eliminate about ninety percent of collisions, saving over thirty thousand lives a year in the US alone. Autonomy also renders existing collision insurance obsolete, presenting something of a problem for the $200B auto insurance industry. Autonomy also accelerates the transition to Mobility as a Service (MaaS), where passengers pay for point-to-point transportation rather than acquiring and insuring an underutilized depreciating asset. By bundling depreciation, insurance, maintenance, registration and fuel into a single fee, MaaS creates a compelling opportunity for fleet owners to either self-insure or use the wholesale re-insurance market to manage risk. The net result is that there will not be much left of the retail auto insurance market two decades from now.
Now here’s the fun part: the need for auto insurance will actually grow as the retail market evaporates. To understand why we need to look at how liability will be apportioned in the age of autonomy. This is a complex issue involving many parties: vehicle occupants, owner, OEM, component software and hardware suppliers, intelligent infrastructure suppliers, public sector operators, and even cloud service providers. The lack of a rational, let alone standardized, legal liability framework is as big an impediment to the widespread deployment of autonomous vehicles as any technical hurdle. The risk averse automotive industry has little desire to subject itself to ill-defined and potentially open-ended liability. If that were not enough the risk profile of every vehicle changes over time, sometimes radically overnight years after its manufacture.
To understand how this happens, consider that new vehicles have upwards of 100 million lines of code spread across a hundred, or more, heterogeneous embedded processors. No organization can afford the time or expense to write this code from scratch. So, the software is an amalgam of open source libraries, commercial frameworks, customization and new functions implemented by multiple organizations along the supply chain. Software controls the sensors that provide situational awareness and the ECUs that determine and implement braking, throttle and steering actions. At the industry average of about 15 errors per 1,000 lines of delivered code, this equates to 1.5 million bugs per vehicle. The majority of these bugs may never be discovered, or may come to light years after widespread deployment.
Bugs run the gamut from mildly annoying, such as an occasional false alerts, to the life threatening failure to avoid an obstacle. They also create security vulnerabilities that can be exploited at scale thanks to always-on broadband connectivity. Potential cyber-attacks range from retrieval and resale of personal information or immobilization for ransom to the truly catastrophic. One frightening scenario would be spoofing exhaust manifold temperature readings to cause a fire. Unfortunate if it is one vehicle, but an attractive terrorist target if it is say the majority of vehicles gridlocked over the Brooklyn Bridge during rush hour. Similarly, criminals set on financial gain might instigate a series of attacks against a single brand causing high-speed collisions every few days while demanding ever an increasing ransom to stop. Public reaction to the inevitable media frenzy would likely decimate profitability for the OEM.
The average light vehicle is 11.6 years old, an eternity in software terms. Thanks to Moore’s law, systems thought secure when originally developed become increasingly vulnerable to faster hacking tools and known exploits in shared libraries. Microsoft faced the same issue a decade ago with Windows. Its’ solution was to push patches to every PC every month, with zero-day exploits and other critical bugs patched immediately. This same push update approach is essential for each ECU in every connected vehicle for the operating life of the vehicle. To understand why this is so important, consider that historically nearly all vehicle collisions were caused by driver error – relatively high frequency, uncorrelated low impact events. Future risks will impact thousands or potentially millions of vehicles –low frequency, highly correlated with very high impact.
This new threat profile points to the future of auto insurance: OEMs and their supply chain partners will insure against extremely unlikely, but potentially catastrophic events. As with commercial cybersecurity insurance, organizations (and their supply chain) will need to demonstrate sound security practices and be subject to recurring security audits. By necessity, the currently in vogue approach of security-by-obscurity will be replaced by rapid iterations of testing, hardening and Over The Air (OTA) patching. Without this many vehicles will simply be too dangerous to be operated on public roads. Insurance underwriters, and eventually legal regulation, will determine vehicle end-of-life rather than mechanical failure.
Microsoft commits to ten years of support for each new version of Windows. Vehicles might require a fifteen or twenty year support commitment, during which sustaining engineering teams are funded. Customer perceptions need to change from the appliance model to the cellphone model, where an expensive product is useless without recurring network service payments. MaaS and all-inclusive lease programs (such as BOOK by Cadillac) are making it easier to fund long term software support. Perhaps the outright purchase of a vehicle will soon be a thing of the past. One thing is for sure, this will not be your father’s auto insurance market.