The stop-loss market is growing, fast. According to new data from the Employee Benefit Research Institute (EBRI), the share of employers using stop-loss coverage jumped from 65% to 74% in just one year. That's a major shift and for good reason. Catastrophic claims are no longer rare. They are becoming more common and more expensive.

While stop-loss coverage remains essential to protecting self-insured employers from financial shocks, it's not a silver bullet. As claim sizes increase and medical billing grows more complex, relying on stop-loss insurance alone can mean you're protecting the plan's ceiling but ignoring its floor, where real savings can happen.

For benefits brokers, this creates a new imperative: the need to pair stop-loss protection with smarter claim management strategies. That means aligning stop-loss with robust negotiation, review and pricing tactics that control spend before a claim ever hits the deductible and certainly before it triggers catastrophic thresholds.

Let's break down why that combination matters more now than ever.

Catastrophic Claims Are Becoming the Norm

High-cost claims are no longer anomalies. They are steadily rising across all segments, driven by new specialty drug therapies, hospital consolidations and more frequent out-of-network care. Conditions like cancer, cardiovascular events and end-stage renal disease continue to top the charts in terms of frequency and financial impact.

The introduction of expensive new drugs, such as GLP-1s for diabetes and obesity, has only intensified the cost curve. In fact, specialty drugs now account for more than half of all prescription drug spending, despite being a fraction of total prescriptions filled.

This reality puts immense pressure on self-funded plans and their stop-loss layers. A single claim can push an employer over their specific deductible. Worse, clusters of mid-size claims may fly under the stop-loss radar but still chip away at the plan's financial sustainability.

Can Stop-Loss Keep Up With Rising Costs?

The growing reliance on stop-loss insurance, particularly among larger employers, is understandable. It helps manage volatility and caps exposure. However, as adoption increases, so does the risk of false security. Just because a plan is protected at the top end doesn't mean it's managing waste, overbilling or pricing discrepancies at the claim level.

Stop-loss carriers are also under pressure. They face mounting loss ratios due to the increasing frequency and severity of claims. In response, many are adjusting premiums, tightening underwriting and reassessing risk layers. This means brokers must prepare clients for potentially higher costs, unless they can show real cost containment downstream.

That's where smarter claims management can shift the equation.

Three Strategic Levers to Reinforce Stop-Loss Protection

To move from reactive coverage to proactive protection, benefits brokers should encourage plan sponsors to focus on three key areas:

1. Claim Negotiation — Before and After the Bill Lands

Negotiation is no longer reserved for a narrow slice of out-of-network claims. Today, effective cost containment often starts with prospective negotiation, working with providers before treatment occurs to agree on fair rates for high-cost services. This is especially valuable for scheduled surgeries, specialty infusions and inpatient care.

Post-service negotiations continue to play an important role, especially for unexpected out-of-network claims. In practice, such negotiations often deliver double-digit percentage reductions and can meaningfully reduce financial exposure even when a claim is nearing stop-loss thresholds.

In-network negotiation, though less common, is also gaining ground, especially when large claims land in gray areas of existing network agreements. When permitted, strategic renegotiation can create space for savings without disrupting member access.

2. Claim Review and Auditing — Detecting Errors and Excess

Inaccurate billing remains a widespread issue. Duplicate charges, improper modifiers, unbundling and inflated line items all contribute to unnecessary spending. These errors often go unnoticed without a rigorous bill review process.

Comprehensive line-item audits, particularly for high-dollar claims, are essential for validating services rendered and charges applied. Some employers are also investing in prepayment review protocols, which catch issues before payment is made, eliminating the need for downstream corrections or claw backs.

In some cases, claims may also be subject to DRG (Diagnosis-Related Group) validation or claims editing, ensuring that billed services match clinical documentation and industry coding standards. These steps not only save money but reinforce defensible payments, a growing concern as billing disputes become more frequent.

3. Data-Driven Pricing Strategies

Traditional fee schedules or billed charges often don't reflect the true market value of services. That's where reference-based pricing (RBP) enters the conversation. By anchoring reimbursement to a transparent benchmark, such as a multiple of Medicare, RBP models introduce consistency and predictability into pricing.

RBP isn't the right fit for every plan but it's a compelling option for claims categories known for wide pricing variance, such as dialysis, infusion therapy and outpatient surgery. When used strategically, it complements stop-loss by preventing excessive charges before they accumulate into catastrophic territory.

In parallel, some organizations are using flat-rate repricing for recurring services, such as dialysis. These approaches help stabilize costs and reduce volatility over time, two outcomes every stop-loss carrier favors.

Smarter Claims Management Protects Everyone

It's not just about saving money. These strategies help protect the financial integrity of the plan, improve predictability for underwriters and reduce the administrative strain caused by claim disputes and appeals.

They also provide brokers with a stronger negotiating position when it comes time to market stop-loss coverage. Plans that show evidence of proactive cost containment are typically viewed more favorably by carriers, which can result in more competitive rates and terms.

Demonstrating turnaround times on complex claims or showing a low rate of reconsideration or appeals can signal operational excellence. That's valuable not just for stop-loss renewals but for maintaining employer trust.

The Broker's Role: Moving From Plan Designer to Risk Strategist

Benefits brokers are no longer just designing plans, they're helping clients manage volatility and protect long-term financial health. That means engaging in more strategic conversations around how claims are handled, priced and reviewed, not just covered.

When stop-loss is layered with smart negotiation, review, and pricing strategies, the result is a stronger, more resilient plan. It's not just about transferring risk, it's about controlling it.

In today's healthcare economy, that's not just smart, it's essential.

Culture is often cited to explain why innovation does not work in insurance. We start by defining what culture is before delving into how a culture is born, why it matters and finally how to create a culture of innovation.

Culture: A Definition

Alfred Kroeber, together with Clyde Kluckhohn, conducted a comprehensive review of the concept of culture in their influential 1952 work, Culture: A Critical Review of Concepts and Definitions (Exhibit 1). In this opus, they identified and analyzed 164 different definitions of culture from various academic sources up to that time.

Culture proves to be an elusive concept if it takes 164 definitions to delineate it.

My favorite, a 165th one: Culture is what is left once we have forgotten everything else. It is the way we are hardwired, our values, the way we behave, how we define right from wrong without even thinking about it.

In Japanese, Atarimae (obvious, evident) would be the closest to that notion of culture. Atarimae explains why we can see Japanese fans cleaning up after themselves (and helping others) in a sporting arena, without being invited, asked, provided incentives or coerced (Exhibit 2). It is just a habit, what they do.

Exhibit 1: 164 definitions of Culture

Exhibit 2: Atarimae in action

How a Culture is Born

Culture comes from the agency we have in deciding how we adapt to our environment.

For instance, the Inuit, living north of the Arctic Circle, adapted to polar living conditions by building igloos (ice houses), have multiple words to describe snow based on its different qualities, and hunt and eat food in a way suitable to surviving and thriving in subzero temperatures. In a word, they developed a culture. They could have chosen to move south and would have developed a different culture.

In a corporate environment, culture is the agency we have in the way we choose to adapt to our environment. And our environment is the sum of processes, behaviors, rules, and values we see in action. It is not what we say. It is only what we do. And what we witness others doing. That makes the culture, the norm. Therefore, a culture is born from a structure and the way we choose and see others adapt to it.

Culture is not to be found in a mission statement, and the best proof of that is most mission statements of most corporations look alike and promise a wonderful world where we all respect each other, our customers and of course the planet. If so, why global warming? Why is insurance not more innovative despite all insurance companies professing they are?

Culture is what we do, not what we say.

Doing innovation therefore is not a matter of culture; it is only a matter of structure, until it becomes second nature, atarimae, then it becomes culture. To create a culture of innovation, we simply need to focus on the structure, on how we work and how we get things done.

Why Culture Matters

As inferred in our favorite definition of culture, it underpins what we do, how we do it, why we do it without thinking—in short, a habit. Culture is the single most powerful way to get a group of people to behave, pursue a common goal and succeed in the process. Exhibit 3 underlines how important culture is. It may not "eat" strategy as they both cohere. Technology is the enabler.

Then why does innovation matter?

Research demonstrated a correlation between the highest numbers of accepted ideas and profit and growth (Exhibit 4).

And looking at the percentage of revenue invested in innovation, insurance comes among the last compared to other industries. Of course, selling a product versus a service does not entail the same magnitude of budget. The point is some industries are built and judged by the market based on their future products and therefore their innovation as a sign for future earnings. Innovation makes tomorrow's profit.

To be noted, MAPFRE made a public commitment to dedicate 1 percent of its revenue to innovation in 2018.

Exhibit 3: Why culture matters

Exhibit 4: Profit & Growth is correlated with more accepted ideas

Exhibit 5: Insurance among the last industry in percent of revenue dedicated to innovation

How to Create a Culture/Structure of Innovation

First, innovation may be the job of a few (innovation team), but it is the work of every employee.

What good does it do to give an innovation team innovation objectives if everyone else in the company does not have the same objective? To be innovative, everyone in the company must be innovative.

It means everyone must be held accountable for innovation objectives. How is that usually done in a corporate environment? Through performance reviews, constant feedback, coaching enforced through rewards and correction, carrot and stick.

Absolutely everyone. Not just underwriters, sales, claims, operations. But also legal, compliance, governance. Gatekeepers must be held accountable for innovation; otherwise, every endeavor will end at their door. We would have only pushed the buck from innovation teams to business teams if we do not include governance. Now the job of governance is also to innovate, to balance profit and loss, risk and opportunity.

Balance is the key word in regulated industries. The more we sell, the more risk we take. It needs to be balanced. But it is not putting innovators against gatekeepers. Everyone is an innovator and a gatekeeper.

Start small. What have you done this year to be more efficient (transformation) and improve our relevance in the market (innovation)? Count initiatives first, then count their impact in dollars as innovative measures mature. Just that for everyone would promote innovation when rewarded and corrected. There are no rules without enforcing them.

Second, how to actually create something new or work better. This is where the innovation team would help connect goals and pain points with solutions from an ecosystem of innovative partners.

There is no build, partner or buy in open innovation. It is partner first, buy or build next. Only partnering ensures quick development, cheaper cost and provides a benchmark to emulate to build later on or buy.

Business teams are transactional in nature, whereas innovation would require total commitment from vision to execution, working in an agile fashion with a deadline. As a result, business teams have a hard time building and dedicating resources to innovating. But they can eventually take on a dynamic partner to help them achieve their goals, rather than accruing IT legacy debt. For instance, as a chief underwriting officer, I wanted to pilot my portfolio of business effectively across 50 countries. IT suggested launching a 250-page RFP. I opted instead to work with a nimbler company then, QlikView, to design the portfolio features I needed without having to change the IT infrastructure. In less than a year I could make portfolio decisions at the click of a button that would have otherwise required three days of manual work. Quick, cheap, no legacy debt to amortize and effective (one click vs. three days per request).

Partnering is still work, but instead of building from scratch what already exists, teams can focus on the personalization layer with a partner, truly making a solution their own.

Third, any initiative needs to be aligned with strategy and with a senior sponsor signing off on it. Commitment from the business is required. Therefore, an innovation budget shall never fully fund any initiatives, only 30 percent at the most. The rest comes from the business.

Fourth, innovation is unprecedented change. Change is hard. Unprecedented change is harder. Innovation is also iterative. Thomas Edison indicated that he found 10,000 ways that did not work to create the light bulb. So failure at launching an innovation is still learning if we keep going and learn from it.

The point is quick learning matters, and the lines between success and failure have to be redrawn for innovative endeavors. The assessment therefore is on the learning and next steps more than on the failure to launch. The failure is on not starting and on not finishing.

Fifth, people can be trained on innovation. Many tools exist to uncover ideas: job to get done, extreme user analysis, ethnography, persona, user journey, assumption checker, value proposition canvas, etc. Lack of skills can be remediated. Lack of will and commitment may not, unless innovation is enforced through the structure. Freedom to explore tends to be a challenge for business teams that innovation teams can answer.

Sixth, innovation is a portfolio to articulate between horizon one, two, three. If horizon one and two require a good connection between innovation and business teams, horizon three can be the prerogative of innovation teams, projecting future activity in new business models, distribution and new ways to define the corporation. In a life environment, I call that the "meaning of life" or how to be a life player rather than a mere life insurer. After all, Daiichi is called the Daiichi Life Group, not Life Insurance Group. And a life, as defined by policyholders, has multiple dimensions not addressed by a life insurance policy: caregiving to ascendants, descendants and pets, grief management including of pets, prevention, early detection, longevity as a service, wealth building as a service in a tax-efficient manner. It is also our digital lives—we all have one with its cyber risks, cyberbullying, disinformation and misinformation.

Horizon three is often connected to development in adjacent industries, notably biotech, digital health, cybersecurity, fintech, consumer services, climate and nature.

Seventh, a portfolio of innovation can be articulated two ways: through partnership and/or investment.

Eighth, champions. Any innovation requires a network of believers, champions. Individuals empowered to go above and beyond to think and execute on innovation. They are typically younger people, not yet disillusioned. They can be paired with a senior sponsor to get support and guidance.

Ninth, influence is the alternative to authority, to structure that makes the culture. It eventually leads to the same result. But it takes much, much, much longer as it relies on the goodwill of a few good people with no incentive.

Tenth, innovation is akin to a grieving process. Denial first. Innovators need to work the problem and do it in a quantified way since the second step of a grieving process is minimization (I may have a problem, but it is not that important). The third step of a grieving process is negotiation (if I had resources, I could). So that needs to be sorted through strategic alignment ahead of time. Fourth step, depression. Innovation is hard, as aforementioned. Made easier through partnership rather than in-house building. Fifth step, finally getting one thing done with acceptance/deployment, which gets us to define the level of readiness of an insurance company toward innovation through another five-step process (Exhibit 6).

Exhibit 6: Corporate innovation journey

Artificial intelligence (AI) has quickly become the productivity tool employees can't live without. From drafting emails to analyzing documents to using AI coding assistants, workers are bringing AI into their daily workflows.

There is a growing problem, however. Most companies struggle to understand and address the associated security risks of an expanding ecosystem of AI tools, so they outright ban most (if not all) tools and only approve use of a few (if any) that they deem secure and compliant. Unfortunately, not all employees adhere to their company's policies, with many opting to use tools that are unapproved and unsanctioned – referred to as "shadow AI."

Similar to shadow IT, shadow AI is when employees use external AI tools – generative AI, coding assistants, or analytics tools, for example – of which the IT team has no knowledge or oversight. Shadow AI is far riskier than shadow IT, because tools like ChatGPT and Claude, and open-source large language models (LLMs) like Llama, are easily accessible, easy to use, and not easily visible. This creates an unseen, rapidly expanding risk surface that only expands as unapproved AI usage grows.

Recent research underscores the dangers of shadow AI: 84% of AI tools have already experienced data breaches, and over half (51%) of tools have been the victims of credential theft. Additionally, a late 2024 survey of 7,000 employed workers by CybSafe and the National Cybersecurity Alliance (NCA) shows that about 38% of employees share confidential data with AI platforms without approval.

Imagine that each unsanctioned query or prompt gives rise to the potential to leak sensitive corporate data to malicious or unauthorized users, and you can understand how severe the risks of shadow AI are.

The Dangers Posed by Shadow AI

As companies put the brakes on use of AI tools – unless they have built-in security mechanisms and are proven to adhere to data protection laws and regulations like HIPAA and GDPR – there is a broad ecosystem of unsanctioned tools available in the wild, the use of which can introduce risks and consequences:

• Data leakage → confidential queries and context sent to insecure AI tools.
• Intellectual property loss → sensitive product or strategy details exposed.
• Compliance failures → regulated data (health, financial, personal) used in unapproved tools.
• Credential theft → as half of AI tools have shown, even access controls aren't guaranteed.

Simply put: Shadow AI is not just a nuisance – it's an open door for attackers and a compliance nightmare waiting to happen.

Despite the risks, many employees use AI for a few reasons:

• Productivity pressure is real → workers want faster, smarter ways to get tasks done. AI feels like the only way to keep up.
• Corporate tools often lag behind → slow approvals or outdated platforms drive workers to "bring their own AI."
• They're unaware of the risks → employees may know they're using unsanctioned tools, but they may not understand the level of risk this introduces.
• AI feels intuitive and indispensable → once employees experience the value, they rarely go back.

Out of the Shadows

The way to mitigate shadow AI is not to ban use of AI tools. Not only is banning AI ineffective, it can actually introduce more risks because employees' use hides in the shadows, beyond the scope of IT. And the truth is, employees won't stop using AI. But enterprises can do more to provide secure, sanctioned channels and safe AI tools that actually meet employee needs.

Doing so requires a few elements:

• Confidentiality built in → continuous encryption so neither the model nor the data ever appears in plaintext
• Enterprise-grade controls → visibility into how AI is used without stifling innovation
• Performance at scale → tools that are as fast and intuitive as the consumer alternatives employees are drawn to

The CISO's Opportunity: Safe, Compliant AI Adoption

Shadow AI may cause headaches and sleepless nights for CISOs, but there are tools they can leverage to allow their companies to embrace the power of AI by ensuring end-to-end protection of data and LLMs.

Organizations need safe, secure AI adoption for securing both sides of the story:

• Models are encrypted → protecting IP, weights, and parameters from theft or tampering.
• Data is encrypted → ensuring training sets, queries, and outputs are never leaked in plaintext.

If an AI model is stolen, it will be useless, as it can only function within the trusted execution environment (TEE). The encryption key, which only exists within the TEE, protects data by ensuring that only users with the key can view the results generated by each query.

A dual-layer approach (Fully Homomorphic Encryption (FHE) and TEE), ensures AI providers cannot reconstruct raw user inputs/outputs, even during sensitive transformations. The TEE briefly manages plaintext operations within its secure memory space and then immediately re-encrypts the results, while FHE guarantees data remains encrypted during all operations.

FHE can be deployed to protect any number of AI tools, enabling companies to embrace AI tools with confidence that data leakage will not occur and regulatory compliance will not be jeopardized.

The result: enterprises regain control. Employees gain productivity. AI adoption is embraced with confidence and peace of mind.

Confidential AI Makes Shadow Usage a Thing of the Past

Shadow AI exists because employees are desperate for better tools. The only sustainable way to combat it is to offer safe, powerful alternatives that protect both corporate data and AI models.

Despite decades of progress in the construction industry, falls, electrocutions, struck-by incidents, and equipment accidents remain persistent threats.

Recent rule changes and proposed revisions by the Occupational Safety and Health Administration (OSHA) signal a new chapter in how construction risk is managed, with important implications for insurers, project owners, and risk managers.

A Changing Regulatory Landscape

In 2025, OSHA rolled out several important changes while also proposing revisions that could reshape construction safety oversight. Some updates expand employer responsibilities, while others reflect a deregulatory push that may limit the agency's scope.

One key update is OSHA's clarification that personal protective equipment (PPE) must properly fit each worker in construction. While this requirement already applied to general industry, extending it to construction closes a gap. For risk managers, this elevates the importance of properly sized and regularly inspected PPE, along with training programs to ensure correct use. A poorly fitted harness or gloves that compromise grip are not just inconveniences—they can contribute to serious accidents.

At the same time, OSHA has floated proposals to narrow the agency's ability to cite employers under the general duty clause for hazards considered "inherent and inseparable" from the work. If finalized, this proposal could reduce citation exposure while leaving liability questions to civil litigation and insurers.

Compliance vs. Liability

For construction firms, OSHA standards provide the compliance baseline. But the combination of stricter requirements in some areas and deregulation in others complicates how that baseline is applied.

The PPE rule requires more effort—auditing fit, keeping records, and replacing gear as needed. Yet rollbacks in other areas may reduce citation risks without lessening exposure to lawsuits, reputational harm, or higher insurance costs. Simply meeting OSHA minimums is no longer enough.

This is especially true when negotiating with project owners or lenders. Many financing agreements now include provisions requiring strict adherence to safety best practices, regardless of federal minimums. A contractor that cannot demonstrate robust safety protocols may find it harder to secure financing, bonding, or competitive insurance premiums. Insurers in particular are becoming more data-driven, reviewing near-miss logs, audit frequency, and worker participation rates in training before underwriting coverage.

Documentation as Defense

In this environment, documentation becomes a critical defense. Showing that hazards were assessed, PPE was fitted and issued, and workers were trained can be decisive during inspections, audits, or litigation.

Firms should adopt systems that track:

• Equipment inspections and replacements
• Worker training attendance
• Near-miss reporting and corrective actions
• Site-specific hazard assessments

These measures reduce incidents and provide evidence of due diligence when an accident occurs. In disputes, the ability to produce consistent, timestamped records often makes the difference between a manageable claim and a costly judgment.

Contracts and Insurance Implications

As OSHA standards shift, construction contracts and insurance terms will need updating. Prime contractors may strengthen indemnification clauses, requiring subcontractors to assume more responsibility for compliance. General liability and workers' compensation carriers may also revise underwriting criteria, placing more emphasis on leading safety indicators than on lagging ones such as past injury rates.

Risk managers should also prepare for state-level variation. While federal rules may loosen, states can add stricter requirements of their own. For multi-state contractors, this patchwork creates added complexity, making tailored strategies essential.

The Human and Legal Costs

While rule changes shift compliance obligations, the risks on construction sites remain the same. Beyond OSHA fines or project delays, a serious accident can devastate workers and families. A fatal incident may also lead to wrongful death claims, which carry enormous financial and reputational costs. Even in a deregulated environment, courts remain unforgiving when safety failures cause preventable loss of life.

For risk managers, this reality underscores why safety investments are not just about regulatory compliance but about protecting human lives and organizational sustainability.

Strategic Takeaways for Risk Managers

1. Don't Rely Solely on OSHA Minimums. With some standards loosening, firms should adopt best practices that go further to protect construction workers and reduce liability.
2. Prioritize PPE Programs. Review procurement policies, inventory, and training to ensure every worker has properly fitted equipment.
3. Invest in Safety Culture. Toolbox talks, safety meetings, and open reporting systems help identify risks before they escalate.
4. Revisit Contracts and Insurance. Make sure indemnity provisions, audit rights, and bonding requirements reflect today's regulatory landscape.
5. Plan for the Worst-Case Scenario. Every firm should have a fatality response protocol, including rapid OSHA reporting, communication strategies, and legal coordination.

Conclusion

The construction industry is entering a period of regulatory flux, with OSHA tightening requirements in some areas while easing them in others. For risk managers, this makes it essential to look beyond compliance thresholds and focus on building resilient safety systems. Proper PPE fit, robust documentation, contractual safeguards, and a strong safety culture will define effective risk management strategies in the years ahead.

Ultimately, the cost of non-compliance—or worse, a fatal accident—is far greater than any penalty. Firms that treat OSHA updates as opportunities to strengthen safety practices will not only reduce liability but also protect their most valuable asset: their workforce.

Private market investments in retirement plans are the talk of the retirement planning community, especially now that President Trump has signed an executive order that eases the path for private assets in 401(k) plans. 

Traditionally, private markets have been leveraged and offered only to institutions and ultra-high net-worth individuals, but that is now evolving, and retirement savers are enthusiastic about the concept of reaping the benefits of this investment class. According to recent research, "more than seven in 10 American workers want access to private assets in their retirement plans." With the market volatility stocks have experienced and the lack of IPOs, private markets offer a new investment vehicle outside of public markets. For retail investors, it is about accessing investments that have otherwise been limited to a group or sector and finding new ways to build wealth. This is echoed in the recent research, with 72% of respondents "agreeing that having professionally managed private investments in retirement plans helps level the playing field for everyday investors."

While private equity (PE) investments in 401(k)s can bring benefits and a new wealth stream for retail investors, they come with risks due to their illiquid nature, higher fees, and lack of regulations and reporting requirements. The risks do not only pertain to retirement savers; the danger also falls heavily on the shoulders of employers offering and managing retirement plans.

Planning is a must

Employers that manage 401(k) and other retirement plans, often referred to as plan sponsors, have a significant responsibility to assist participants in managing their investments in 401(k) plans. Under Employee Retirement Income Security Act (ERISA), plan sponsors are obligated to act in the best interests of plan participants. To safeguard plan assets, the U.S. Department of Labor requires an ERISA fidelity bond, which only protects the plan against losses due to theft or fraud. Now, with the complexity of private assets, the ERISA bond is not enough. The inherent lack of transparency in private markets can pose challenges for plan sponsors.

Additionally, PE investments add a layer of administrative burden – from record keeping, educating plan participants effectively and communicating, navigating and monitoring investments that often lack transparency, to ensuring investment options fit with plan needs. Private market investments can further complicate an already complicated role. To add pressure, plan sponsors and employers have to toe the line of their work, as there has been a recent boom in ERISA-based litigations. Records indicate that in 2024, there were 136 cases of ERISA-related lawsuits.

For employers looking to ensure they are equipped with the best processes and operations as private markets interest persists, risk management mitigation should be a top priority. Oftentimes, this only looks at internal processes from education and communication efforts to educating participants to streamlining administrative tasks. Still, to truly have a robust plan in place, fiduciary liability insurance should be considered.

What fiduciary liability brings to the table

With plan sponsors responsible for monitoring and managing investment options, controlling costs, and ensuring participants have the education needed to make informed decisions, their role carries significant complexity and responsibility. One small oversight or error can snowball and have a substantial impact on participant plans and consequently put the organization in danger of a fiduciary breach. Fiduciary liability insurance protects plan sponsors and their companies in the event of an actual or alleged breach of duty. It covers the legal defense costs and a plan sponsors personal liability for actual or alleged breaches of fiduciary duties in connection with employee benefit plans. With the prevalence of ERISA lawsuits and with staggering defense costs required to defend those suits, fiduciary liability insurance is necessary because while the ERISA bond covers the plan for any loss by theft, it does not cover fiduciaries for lawsuits brought by third parties.

Looking at the needs of today to plan for the changes of tomorrow

As market turmoil continues, retail investors are seeking new avenues for longer-term financial growth. The impact? Retirement plans will continue to change. Plan sponsors that revisit the structure of their plans to support plan participants better and implement enhanced processes to mitigate risks will be in a better position to be agile with the incoming retirement changes. It is essential for plan sponsors to have a solid protection plan in place, which should include two insurance products, fiduciary liability insurance and ERISA fidelity insurance. Without these protections in place, the consequence can be grave - from personal exposure, damage to organizational finances, and beyond.

I'll be quick this week because I'm headed to the airport to fly to InsureTech Connect in Las Vegas (where I hope to see many of you). But I wanted to share a major report on AI that, to my mind, should erase any sense of complacency about the need to quickly figure out the possibilities of AI for your organization.

The report says researchers found that generative AI is already better than humans at half of a host of real-world business tasks assigned to it, including many related to insurance. 

As baseball legend Satchel Paige once said, "Don't look back. Something may be gaining on you."

The recent MIT study that found that 95% of AI projects haven't delivered a return on investment, as well as a report about the "workslop" supposedly produced by gen AI, have led to a sense that the bloom may be off the rose. I think both used flawed methodologies. In any case, they are both thoroughly rebutted by a recent research paper from OpenAI.

A thorough article in Fortune says of the paper:

"Many AI benchmarks do not reflect real world use cases. Which is why a new gauge published by OpenAI... is so important. Called GDPval, the benchmark evaluates leading AI models on real-world tasks, curated by experts from across 44 different professions, representing nine different sectors of the economy. The experts had an average of 14 years experience in their fields, which ranged from law and finance to retail and manufacturing, as well as government and healthcare. 

"Whereas a traditional AI benchmark might test a model’s capability to answer a multiple choice bar exam question about contract law, for example, the GDPval assessment asks the AI model to craft an entire 3,500 word legal memo assessing the standard of review under Delaware law that a public company founder and CEO, with majority control, would face if he wanted this public company to acquire a private company that he also owned."

Results varied based on task and on which AI model was being used but often were startlingly better. As the Fortune article says, while researchers have talked about artificial general intelligence (AGI) as the Holy Grail, it may be better to think in terms of AJI (artificial jagged intelligence)--in other words, for some tasks, the AI is incredible; for others, not so much. 

Plenty of caveats still apply. I always wonder about the rigor of a report produced by a vendor (even though this seems plenty sound). I also continue to believe that the relevant test isn't humans vs. AI. I believe that AI will take over tasks, not full jobs, so the real test needs to be humans using AI vs. whatever the process is now--a la the "centaur" teams of humans and AI that compete against other teams of humans and AI in chess.

But I still think the OpenAI research paper is important and commend it to your attention.

Cheers,

Paul

P.S. If you're looking for arguments in favor of AI use in your organization, you might also check out a recent report from Air Street Press. It says that capability per dollar spent by a user on AI "is doubling every few months. Google’s rate: 3.4 months. OpenAI’s: 5.8 months." The report also cites a study that found that "44% of U.S. businesses now pay for AI, up from 5% in 2023." There are loads of other interesting tidbits in there, too. 

When most people talk about AI, they focus on cost savings or speed. But there's a more human story unfolding.

Insurers that invest in smarter systems—platforms that automate submission intake, triage, or data rekeying—aren't simply buying efficiency. They're improving the daily experience of their employees. Less time wrestling with spreadsheets and duplicate entry means more time for real analysis, strategy, and client relationships.

It's not hard to imagine AI becoming part of the "total compensation package." In the same way a 401(k) or flexible work policy attracts talent, better tech now keeps people in their roles longer. When employees feel their time is respected, they stick around. The thought of leaving for a competitor is even more daunting as great systems in insurance are hard to come by!

Redefining Productivity

Productivity in underwriting is about to look very different.

Traditionally, carriers measured success by volume: how many submissions an underwriter reviewed, how many policies were quoted, how fast a claim was closed. With automation in play, those measures don't tell the whole story any more. Submission to Quote & Quote to Bind ratios are going to be looked at differently.

As tools like Feathery and other workflow automation platforms take on repetitive, low-value work, underwriters are free to focus on higher-impact decisions—evaluating complex risks, managing relationships, and shaping portfolios.

The result? A future where output expectations rise, but so does job satisfaction. "High performance" will soon mean something different: a blend of human judgment, data fluency, and the ability to guide AI tools effectively. AI is not going to replace underwriters themselves, yet an underwriter using AI will have a clear advantage over one who is not.

The Changing Face of Entry-Level Roles

Every generation of insurance professionals has seen their "first job" evolve. Decades ago, it was filing cabinets and fax machines. Then came Excel. Now, it's maintaining and improving AI systems.

Tomorrow's entry-level employees may spend less time on clerical tasks and more time curating data—keeping AI models accurate and aligned with shifting loss trends, regulations, and coverage language. Tasks could include uploading current guidelines and claims data into an internal GPT tool.

It's a subtle but profound shift: the next wave of underwriting assistants or analysts will act as trainers of digital teammates, not just administrators of manual work. That's a skill set both technical and strategic—a rare and valuable combination.

The Bigger Picture

AI is not replacing insurance professionals; it's redefining the playing field. The insurers that embrace automation as a people strategy, not just an operational one, will be the ones that win the next decade.

Happier employees, smarter workflows, faster decisions—these are all connected. And as the technology improves, the firms that treat it as a tool for empowerment rather than elimination will see the highest returns on both productivity and culture. AI automation in insurance is here to stay and is just getting started.

--Infrastructure is not just a technical issue—it's a moral one. It determines who gets access to opportunity and who is left behind. --Esther Duflo, Nobel laureate, MIT economist

Public infrastructure encompasses a wide range of essential assets (see Figure 1)—including transport networks, water systems, energy infrastructure, public buildings, and digital infrastructure—that underpin the societal and economic functioning of any country.

Figure 1 Public Infrastructure Assets

In the developed world, every nation has experienced a phase of infrastructure boom—driven by post-war reconstruction, industrial expansion, and rapid urbanization—that transformed them from agrarian-based societies into industrialized economies. In many of these countries, a significant portion of the existing infrastructure was built or rebuilt during the post–World War II era, particularly between 1950 and 1970. As a result, these assets are now 50–70 years old. Designed with a finite lifespan of 40 to 100 years, much of this infrastructure is either approaching the end of its intended service life or has already exceeded it.

These assets were designed and constructed using the technological standards, materials, and construction methods available at the time, based on the then-current and projected trends in population growth, demand, usage patterns, capacity requirements, and weather conditions. However, evolving usage patterns, rising demand, rapid urbanization, and increasing exposure to adverse climate and weather conditions are placing significant stress on these assets, leading to deterioration in quality and increased fragility. Although deterioration is typically gradual, aging infrastructure becomes vulnerable to sudden failure when a critical tolerance threshold is breached or when exposed to high-intensity stressors such as extreme weather events. While digital infrastructure is relatively newer compared with other asset classes, it is still susceptible to cascading impacts resulting from failures in interconnected systems.

Catalyzing the Collapse

While any infrastructure asset is naturally prone to wear and tear from years of continuous use, the risk of breaching its critical tolerance threshold is often amplified by a confluence of additional factors (see Figure 2)—including design deficits, maintenance neglect, chronic underfunding, urbanization, changing usage patterns, and climate change with extreme weather events.

Figure 2 Factors Impacting Infrastructure Aging

Design Deficit

Infrastructure systems were originally designed to meet the conditions and demands of their respective eras. At the time of their conception and construction, many of today's developments—such as rapid urbanization, shifting usage patterns, and increasing climate volatility—could not have been reasonably anticipated. Consequently, these assets are now under strain from factors that far exceed their original design capacity. This has resulted in a "design life deficit," where even well-maintained legacy infrastructure is inherently vulnerable to contemporary challenges. Addressing this deficit requires more than routine maintenance; it necessitates fundamental redesigns, capacity upgrades, and substantial improvements in resilience.

Maintenance Neglect

Effective infrastructure maintenance—including protective, preventive, corrective, and rehabilitative measures—minimize service disruptions, improve operational efficiency, extend asset lifespan, reduce long-term costs, and enhance safety and reliability. Conversely, the absence of regular maintenance, particularly deferred maintenance, accelerates asset deterioration. Deferred maintenance refers to the postponement of necessary upkeep until an asset fails or a major issue disrupts normal operations. While routine maintenance may not fully resolve challenges arising from evolving demands and usage patterns, well-maintained infrastructure is significantly less prone to major failures and more resilient to otherwise manageable events. Without consistent maintenance, overlooked or neglected issues can escalate into major problems, making the cost of repair or modernization far exceed that of timely intervention.

Chronic Underfunding

The simultaneously deteriorating infrastructure assets impose compounding maintenance costs, yet budgetary allocations often fail to keep pace with the growing need for upkeep and structural rehabilitation. A key reason for this funding gap is a strategic shift from a "maintain and repair" approach to one focused on "redesign and rebuild." This shift is frequently influenced by political considerations, as governments tend to prioritize greenfield projects that offer greater visibility and political mileage. In contrast, maintenance of existing infrastructure—though critical—typically yields lower political returns. Infrastructure budget allocations are also closely tied to a country's prevailing economic and geopolitical conditions. Nations facing prolonged economic crises or heightened geopolitical tensions often reduce capital expenditure, affecting both the maintenance of existing infrastructure and investment in new projects. These reductions contribute to substantial backlogs, rendering existing funding mechanisms inadequate and unsustainable.

Urbanization

In the developed world, industrialization triggered mechanization, infrastructure expansion, the rise of factory-based employment, and a shift in economic focus from agriculture to manufacturing and services. These transformations led to significant improvements in living standards and accelerated urbanization—defined as the migration of populations from rural areas to urban centers in pursuit of industrial employment. The resulting increase in population density places immense, and often unforeseen, stress on infrastructure systems that were never designed to accommodate today's high-volume demands. Many legacy assets are already under severe strain. However, upgrading or retrofitting these assets presents a complex challenge, particularly in densely populated urban areas. Consequently, infrastructure management is frequently deferred until a disruption forces reactive intervention.

Changing usage patterns and demands

While rising population and urbanization have increased usage loads on infrastructure, the advent of new technologies has introduced both enhanced capabilities and new demands. These developments place considerable stress on legacy systems that were never designed to accommodate such requirements. On a positive note, emerging technologies, advanced materials, and modern construction techniques offer significant potential to improve resilience, durability, structural integrity, and the service life of infrastructure assets. To illustrate the broader context, some indicative changes that have affected infrastructure systems are outlined below.

• Roads and Bridges: Many bridges and roads were designed decades ago for traffic volumes, vehicle weights, and travel speeds that no longer reflect current usage. Over the past five decades, the number of personal motor vehicles and commercial trucks—as well as the speeds at which they travel and the loads they carry—has increased dramatically. With millions of trips made daily on aging and structurally deficient transport networks, these systems are under excessive and sustained stress.

• Dams: Many dams were constructed using engineering standards that were appropriate at the time but are now outdated and no longer compliant with modern safety and design codes. Critically, most of these dams were not designed to withstand the frequency and intensity of extreme weather events observed in recent years. Additionally, rising demand for hydropower imposes fluctuating operational loads on aging structures, further compromising their structural integrity.

• Water Infrastructure: Urban water systems were originally designed to support residential use, but many now serve mixed-use zones that include both residential and commercial areas with vastly different consumption patterns. Legacy pipelines—often made of iron or steel—are prone to corrosion. While modern systems incorporate corrosion-resistant materials, digital leak detection, and smart metering technologies, retrofitting older infrastructure is highly complex. Much of it is buried deep underground, making replacement both difficult and costly. Similarly, legacy stormwater systems were designed for predictable rainfall and lower levels of impermeable surfaces. However, changing weather patterns and increased urban impermeability now frequently overwhelm drainage systems, leading to flooding and system failures.

• Power Generation, Transmission, and Distribution: Many power plants, substations, and transmission lines were constructed decades ago and are not equipped to handle today's elevated demand levels or the increasing frequency of extreme weather events. These systems were not originally designed with the foresight of modern electrical loads, such as widespread electric vehicle (EV) charging infrastructure, energy-intensive data center operations, and cryptocurrency mining.

 • Railway Assets: Many railway corridors operate beyond their designed capacity and at full usage, leading to severe congestion on tracks and at stations. Overloaded infrastructure also reduces the time available for routine safety inspections and maintenance, increasing the risk of accidents such as derailments and collisions. Rising freight and passenger volumes accelerate track wear, shorten asset lifespans, and drive-up maintenance costs.

• Ports: The surge in global trade and the advent of mega-ships have pushed many aging ports beyond their original design capacity. Modern container vessels are more than 15 times larger than those available 50 years ago. Accommodating these vessels requires deeper channels, larger cranes, reinforced berths, and expanded yard space—features that many older ports lack. Additionally, limited rail and road connectivity to ports further compounds bottlenecks, affecting supply chain reliability.

Climate change and extreme weather events

Climate change is not just another risk factor but a powerful force multiplier that amplifies the impact of all other risks and can directly trigger the collapse of infrastructure assets. Most aging infrastructure was designed based on historical climate data and weather patterns. The benchmark parameters considered in infrastructure designs such as temperature, storm frequency, and precipitation levels—are now outdated and no longer reflect current climate realities.

Climate change introduces new stressors—such as rising sea levels, increased temperatures, and more frequent and intense storms—all of which accelerate infrastructure failure. The frequent occurrence of previously rare extreme weather events—such as flash floods from atmospheric rivers, cloudbursts, rapid cyclone intensification, heat domes, and megafires/firestorms—places immense stress on aging infrastructure. While retrofitting infrastructure for climate resilience is essential, it requires substantial funding. Moreover, implementing upgrades without disrupting daily operations poses significant engineering and logistical challenges. An indicative list of climate change and extreme weather impacts on infrastructure is provided below.

• Extreme Heat and Rising Temperatures: Rising temperatures and heatwaves can significantly affect infrastructure performance and integrity. Asphalt on roads may soften, leading to buckling and rutting. Steel components in bridges expand under heat, potentially causing structural stress and misalignment. Thermal expansion can crack concrete and damage expansion joints, which are critical for structural integrity. Extreme temperature variability causes repeated expansion and contraction of metal structures, accelerating material fatigue and joint failure in railway tracks. Heatwaves also strain power infrastructure, causing transmission lines to swell and sag, which reduces efficiency and increases the risk of outages.

• Increased Precipitation and Flooding: Extreme weather events—such as 100-year floods, once considered rare, are now occurring with increasing frequency due to climate change. Heavy rainfall and flooding can damage road surfaces, wash out foundations, accelerate erosion, and lead to complete road closures. Sewage and stormwater systems are frequently overwhelmed, resulting in untreated sewage discharge and damage to water treatment facilities. Dams face heightened risks as increased reservoir inflows and shifting hydrological patterns raise the likelihood of overtopping and structural failure, potentially causing catastrophic downstream flooding.

• Increased Storm Intensity: Frequent and intense storms pose serious risks to infrastructure. High-wind events can cause structural damage, scatter debris, and lead to road closures. Storm surges and wind-driven debris threaten the integrity of dams, particularly older ones not designed to withstand such pressures. Drinking water and wastewater systems are vulnerable to physical damage and service disruptions caused by flooding and debris impact. Power transmission lines are susceptible to wind damage, while substations may be inundated, resulting in prolonged outages and grid instability.

• Sea Level Rise and Coastal Flooding: Rising sea levels significantly affect port infrastructure and coastal assets. Many ports will require elevation of existing structures or the construction of higher seawalls to remain operational. Container yards, warehouses, and terminal buildings face increased flooding risks, while even modest rises in base water levels can cause groundwater intrusion—resulting in foundation instability, basement flooding, and damage to underground utilities and electrical systems.

Managing the Risk

The growing crisis of aging infrastructure is a complex interplay of functional obsolescence, governance deficits, fiscal short-sightedness, evolving usage demands, and the intensifying stressors of climate change. The most straightforward solution to manage the risk is to proactively repair, replace, or retrofit aging assets. However, the scale of funding required, and the operational challenges involved make this a formidable task.

As a primary risk bearer, the re/insurance industry has both a vested interest and a unique capability in recognizing, assessing, and mitigating these complex and evolving risks. Insuring infrastructure assets is not new for insurers, and aging infrastructure represents a low-predictability, high-magnitude risk. While low-impact scenarios may lead to service interruptions, high-impact failures can cause personal injury, loss of life, significant property damage, and substantial disruptions. Catastrophic events—such as dam or bridge collapses or power grid failures—can affect the risk experience across multiple lines of business, including life, health, motor, property, casualty, business interruption, and liability, triggering multi-billion-dollar claims that may even threaten the solvency of insurers.

However, the challenge for insurers now is to assess the worsening nature of risk due to the interplay of several stress factors. Traditional risk models are increasingly challenged and upended by the unprecedented, dynamic, and unpredictable nature of climate change and its compounding impacts across the risk landscape. Moreover, infrastructure deterioration does not follow a linear or uniform timeline across different asset types. Each class of infrastructure experiences non-linear degradation, with deterioration rates varying based on asset type, usage intensity, maintenance history, and environmental exposure. The concurrent aging of these assets elevates overall risk.

Furthermore, infrastructure systems are highly connected and interdependent. Failures rarely remain isolated; a disruption in one system can trigger cascading effects across others. Given this predicament, all responsible stakeholders must adopt a system-of-systems perspective instead of focusing on isolated sectoral issues. Effective use of current-age technologies could tremendously transform how infrastructure is managed by shifting maintenance from reactive fixes to data-driven prevention.

Deploying a network of IoT sensors can continuously monitor stress, vibration, temperature, and corrosion, enabling early detection of structural issues. artificial intelligence and predictive maintenance models can analyze historical and real-time data to forecast potential failures, allowing for timely interventions before breakdowns occur. digital twins can create virtual replicas of infrastructure assets to simulate wear and tear, test scenarios, and optimize maintenance schedules. Drones and robots can inspect hard-to-reach areas, capturing high-resolution images and thermal data to identify cracks, rust, or material fatigue. Geospatial and satellite imaging can detect land shifts, water seepage, or vegetation changes around infrastructure, indicating potential foundational issues. Using cloud-based asset management platforms and big data to aggregate information from multiple sources helps stakeholders collaborate, access real-time data, and make informed decisions on prioritizing which assets need urgent attention based on risk and usage.

As more assets approach the critical point of breaching their failure thresholds, the threats posed by aging infrastructure become increasingly probable and imminent. Insurers must adapt by leveraging technology and real-time data to revise their risk models, underwriting procedures, pricing strategies, and capital reserves to ensure continued resilience. Nevertheless, this recalibration will be a challenging task, as it requires insurers to anticipate the effects of extreme climate and weather events on all types of assets, consider how a single failure may create a domino effect or reverberate across interconnected systems, and measure the complex web of risks that may emerge.

Conclusion

Aging infrastructure is central not only to public safety and economic prosperity but also to the resilience and insurability of modern society. Many of these assets have supported communities for decades and are so deeply woven into daily life that their presence often goes unnoticed—until a failure occurs. Upgrading or retrofitting them is particularly challenging in crowded urban environments, where such projects demand significant funding, may require displacing residents, and present complex engineering obstacles.

Addressing these challenges demands cross-sector partnerships that bring together governments, private-sector asset owners, re/insurance companies, and the public to mobilize resources, align incentives, share risk, and commit to robust investment and transparent maintenance. Only through this collective approach can we hope to modernize the vital infrastructure for a safer, more reliable, and insurable future.

Reference

American Society of Civil Engineers. (2025). A Comprehensive Assessment of America's Infrastructure. https://infrastructurereportcard.org/wp-content/uploads/2025/03/Full-Report-2025-Natl-IRC-WEB.pdf

Homeland Security. (2010). Aging Infrastructure: Issues, Research, and Technology. https://www.dhs.gov/xlibrary/assets/st-aging-infrastructure-issues-research-technology.pdf

Little, R., & Fellow, S. (2012). Managing the Risk of Aging Infrastructure. https://irgc.org/wp-content/uploads/2018/09/R.-Little_Risk-of-Aging-Infrastructure_revision-Nov2012.pdf

Willis Towers Watson. (2020). Ageing Infrastructure - More than a bump in the road. https://www.wtwco.com/-/media/wtw/insights/2020/02/ageing-infrastructure-jan-2020.pdf

The cyber risk and insurance landscape in 2025 reveals a complex and evolving threat environment. Large insured companies are becoming increasingly resilient against cyber-attacks as strengthened cyber security and preparedness and response capabilities help mitigate the impact of some of the large cyber losses in 2025 to date. However, the reliance on digital supply chains, impact of expanding privacy regulation, and more sophisticated social engineering attacks targeting employees are also broadening the scope of potential losses for all companies, according to the latest Cyber Security Resilience Outlook from Allianz Commercial.

During the first half of 2025, analysis of Allianz Commercial cyber claims shows the overall frequency of notifications was in line with activity a year earlier, with around 300 claims. Despite the increasing sophistication and volume of attacks companies face, claim severity has declined by more than 50%, while the frequency of large-loss claims is down by around 30%, driven by larger companies' cumulative investments in cyber security, detection and response.

However, the expanding risk landscape means there is no room for complacency. Ransomware attacks remain the top driver of cyber incidents while the focus of attackers is also shifting to smaller or mid-sized companies, which are less resilient against cyber-attacks and data breaches. Overall, the total number of cyber claims in 2025 is expected to remain stable (around 700), with a seasonal uptick in activity expected around Black Friday at the end of November to year-end.

Several ransomware events have hit the headlines this year, but overall, we see that insured losses from these attacks have decreased in 2025 to date. Insured companies' increased detection and response capabilities are helping to stop some attacks at an early stage. Every step an attacker progresses, and every minute that they are in the system, the impact goes up exponentially. The cost of a ransomware attack that progresses to data theft and encryption can be 1,000 times higher than an incident that is detected and contained early.

Ransomware remains biggest driver

Ransomware attacks accounted for around 60% of the value of large claims during the first half of 2025. High-profile incidents across many industries underscore continuing threats, although there are signs of international co-ordination by law enforcement agencies and the strengthening of cyber security by large corporates is having a positive impact. Attackers are also shifting focus to smaller firms, which are typically less resilient than multinationals, as well as firms in other territories, such as Asia. Ransomware was involved in 88% of data breaches at small and medium firms compared with 39% at large firms, according to Verizon.

As large companies have improved their response capabilities, recent years have seen a shift from purely extortion-based ransomware attacks to double extortion, including data exfiltration – 40% of the value of large cyber claims during the first half of 2025 included data theft, up from 25% in all of 2024. Losses involving data exfiltration were more than double the value of those without. The average global data breach cost hit a record high at almost $5 million in 2024, according to IBM, driven by factors such as the impact of stricter data privacy regulation.

The retail sector has been particularly vulnerable to cyber incidents, entering the top three of most affected industries, according to analysis of large cyber claims over the past five years, accounting for 9% of claims by value, after manufacturing (33%) and professional services firms (18%). Retailers often have high revenues, handle large volumes of personal data, and are vulnerable to business interruption, which all provide leverage when making extortion demands. Large numbers of staff, suppliers and IT systems create a wide attack surface.

Meanwhile, an expanding risk landscape is also broadening the potential scope of losses for companies, with non-attack incidents, such as wrongful collection and processing of data, as well as technical failure, accounting for a record 28% of large claims by value during 2024. At the same time, organizations continue to face new challenges and threats from their growing reliance on digital supply chains, the impact of expanding privacy regulation, and the increasing number of social engineering attacks involving sophisticated impersonations of company staff to gain access to company systems.

Resilience gap between uninsured and insured continues to widen

In Germany, insurance industry figures show that the loss impact of cyber insureds increased by around 70% over four years, compared with a 250% increase in the economic impact of cybercrime. This resilience gap of more than 3:1 reflects cyber insurance policyholders' heightened awareness of risk and their actions to mitigate it, many of which are a condition of obtaining insurance. It also reflects the effectiveness of risk prevention services and incident response assistance provided by insurers. Minimizing business interruption, which accounts for over 50% of cyber claim values, remains a key objective, as business continuity planning will significantly reduce costs for companies and insurers.

To read the full report, please visit: Cyber security resilience 2025 | Allianz Commercial.

Insurance carriers are navigating one of the most complex operating environments in recent memory. Economic pressures, rising claim costs, and evolving policyholder expectations are all converging, creating new demands on claims organizations.

The question is no longer whether volatility will disrupt claim severity, expenses, and growth. The more important question is how carriers can adapt with consistency, protect profitability, and preserve the trust of their customers when uncertainty becomes the norm.

Resilience is not about eliminating volatility. It is about building the agility to withstand it, protect profitability, and maintain trust with policyholders.

Three qualities—speed, transparency, and technology—stand out as defining what resilience looks like for carriers today.

Why Speed Matters

Timing is critical in claims management. Carriers that can evaluate a claim within 48 hours gain an immediate advantage: early clarity on exposure, settlement potential, and cost containment. That window can be a critical factor in whether a claim is resolved efficiently or spirals into prolonged disputes and mounting losses.

When claims drag out, risks can multiply. Medical conditions can worsen, attorneys can enter the picture, and cases can escalate into multimillion-dollar nuclear verdicts -- a trend that has become more common in recent years. By contrast, prompt action contains costs, reduces uncertainty, and demonstrates competence to policyholders.

Speed is not just an operational advantage; it is a strategic imperative. In periods of economic strain, when claim volumes often spike, the carriers that respond quickly are the ones that preserve financial stability.

Transparency Builds Trust and Loyalty

Speed alone rarely delivers its full value without visibility. A fast, transparent process signals to policyholders that their needs are being prioritized. This builds trust at precisely the moment customers are most vulnerable.

For example, a claimant who receives acknowledgment within 24 hours and benefits within a month is far more likely to remain loyal. That loyalty matters: Retaining existing customers costs significantly less than acquiring new ones, especially in today's competitive markets.

Transparency also minimizes disputes. By keeping communication open and expectations clear, carriers reduce the likelihood of misunderstandings that can escalate into costly litigation. In this sense, transparency is both a customer-experience priority and a financial safeguard.

Operational Risks Carriers Can't Ignore

While speed and transparency define resilience, many carriers face structural barriers that prevent them from executing consistently.

Amid many challenges, talent shortages, rising workloads, and compliance risks stand out as the most pressing.

Many seasoned adjusters are retiring, taking with them decades of institutional knowledge — instincts, judgment, and client rapport that cannot be replicated overnight. Newer hires, while eager, often lack the experience to navigate complex claims or identify early warning signs.

At the same time, workloads are intensifying. It is not uncommon for adjusters to manage hundreds of simultaneous cases. Without modern systems and well-integrated vendor support, that volume becomes increasingly difficult to manage. Errors multiply, documentation is missed, and compliance risks escalate.

Complex regulatory requirements also demand accurate, timely reporting. Gaps in documentation or oversight can quickly escalate into penalties and reputational harm.

These challenges underline a simple truth: Resilience requires investment in infrastructure that equips adjusters to manage high volumes without sacrificing accuracy or service quality.

Technology as the Enabler

Technology is quickly becoming the foundation of modern resilience. Advances in artificial intelligence (AI), predictive modeling, and digital record exchanges are transforming how carriers approach claims and shifting the process from reactive to proactive.

AI and advanced analytics are evolving the claims process by automating routine tasks such as data entry, document review, and analysis. These capabilities reduce human error, accelerate processing times, and provide fairer, more consistent outcomes for policyholders.

Predictive modeling allows insurers to analyze historical data and spot risks early. Fraudulent patterns, high-cost medical providers, or claims likely to escalate can be flagged before they cause significant losses. This proactive approach protects financial resources and strengthens customer confidence.

Digital record exchanges eliminate the inefficiencies of manual documentation, enabling faster and more secure sharing of critical information. Integrated into claims systems, these platforms also support real-time fraud detection, ensuring that no key details are overlooked.

Together, these tools allow carriers to scale operations up or down without compromising accuracy, compliance, or customer service. They also empower adjusters to focus on high-value decision-making rather than repetitive tasks, multiplying both efficiency and employee satisfaction.

Lessons From History With Strategies for the Future

Market volatility is not new. History shows that surges in commodity prices, catastrophic natural events, and regulatory shifts have long reshaped insurance economics. What has changed is the speed and complexity of today's environment.

Tariffs can increase claim costs almost overnight, and customer expectations for transparency and speed have never been higher.

Resilience is not built on size or history alone. It is defined by how quickly carriers act, how clearly they communicate, and how effectively they use technology to manage risk.

The challenge is shifting from whether to modernize to how to implement it responsibly and effectively. Those who act decisively will be better positioned to mitigate risks, contain costs, and differentiate themselves in a crowded market.