Why make the same mistakes that others have been making for years? Why not learn from those mistakes and avoid them? 

That may seem like an obvious point, but the vast majority of business literature focuses on success stories. It seems people like reading about successes more than they like reading about failures. People certainly like talking about their successes more than they like focusing on their failures.

But, being a contrary sort, I've focused on lessons to be learned from failures for going on 20 years now, in conjunction with Chunka Mui. He and I have written one book, "Billion Dollar Lessons," based on voluminous research into corporate failures and have published two others that build on those lessons. 

Drawing from those books and his consulting work, Chunka recently wrote a piece on seven key lessons to be learned from others' failures on innovation efforts. I'll share those here, along with some commentary from me to tailor those lessons to what's happening in insurance. 

What's happening in insurance is real progress, as far as I can see -- and I'm seeing a lot through the application process for the Global Innovation Awards, which ITL and the International Insurance Society hand out annually. (Yes, that's a plug for you to consider applying for an award, which you can do here.)

But mistakes still get made, of course, and generative AI creates loads of opportunities for companies to either succeed big or to let those same old, same old mistakes creep in. 

Let's have a look at how Chunka phrases the key mistakes to avoid. 

Chunka's essay on LinkedIn lists these seven admonitions:

--Don't think like a venture capitalist.

--Don't aim low.

--Don't put all your eggs in one basket.

--Don't spread your leadership too thin.

--Don't underestimate the corporate antibodies.

--Don't quit too early.

--Don't get too invested in an idea.

1. Don’t think like a venture capitalist.

I watched IBM try to be a venture capitalist in the '80s and '90s and Intel try in the '90s and aughts. The companies thought their insights into computers and processors would let them identify winners. They thought the investments would provide cachet to the startups, too, and incorporated their products and services into the portfolios of the IBM and Intel sales forces. 

Didn't work. IBM and Intel didn't pick many winners, and their attempts to help tended to smother the start-ups.

Chunka explains why venture capital isn't even the right game to be playing for innovators. 

"Despite the allure of Silicon Valley," he writes, "don’t conflate corporate innovation with venture capital. There are major differences. Large company innovators are not financiers. Their primary objective should not be to maximize return by investing in a large portfolio of start-up companies." 

Even a successful venture capital portfolio won't move the needle much for a major insurer, and a VC effort could very well distract companies from what really matters: innovating (alone or with startup partners) in ways that will make a difference across the enterprise.

I haven't seen many insurers making the VC mistake in recent years, but the temptation will be there with generative AI, especially as some startups go public and valuations pop.

2. Don’t aim low.

Chunka writes, "Meaningful innovation and true business model reinvention can only arise from aspirations of the kind that took Amazon from books to AWS cloud services, and Apple from Macs to iPhones." 

That claim may not resonate so much in insurance, where companies like Lemonade that tried to reinvent the industry haven't been faring so well. But companies still need to think big, even if they're just exploring how, say, generative AI can be used in distribution, underwriting or claims. You can start off imagining reinventing the agency, having continuous underwriting or moving to straight-through processing of claims, even if you know you won't get there overnight and know you won't be reinventing the business model of the whole company. 

3. Don’t put all your eggs in one basket.

When the CEO or even the head of a unit has an idea for innovation, it tends to become THE idea. Everyone working for the CEO or unit head tends to quash any objections and does their utmost to make the idea pan out. But even a really good idea -- and many ideas aren't that great -- often fails, so it's important to have a portfolio of potential innovations. 

"Given the uncertainty of technological change, it doesn’t make sense to have only one alternative," Chunka writes.

4. Don’t spread your leadership too thin.

But, but, but... don't have too many alternatives percolating at any one time. 

As Chunka says, "In corporate innovation, the constraining resource is management attention, not capital. There’s only so much of it available. No one can keep track of one or two dozen nascent businesses while still running a company day to day. The head of the business can’t delegate the work, either," for any project that could have a transformative effect. "It's impossible to neutralize naysayers, build the necessary alignment, or guide the organization through the necessary transitions. Our experience is that the right number of killer options is usually three or four, and no more than five."

5. Don’t underestimate the corporate antibodies.

"Almost every organizational bias favors protecting the status quo," Chunka writes. "People are going to find every possible way to make a radically new idea fail. They’ll try to steal the money or poach the people. They’ll throw up technological obstacles.... So, perhaps corporate innovators’ most difficult but important job is to block the antibodies long enough that [innovations] get every means to prove themselves. Having a manageable number of options and the right level of CEO support is critical."

6. Don’t give up too early.

I've written many times that our mantra about innovation is Think Big, Start Small, Learn Fast, and I may seem to be contradicting our admonition to kill ideas the very moment you know they won't work. But this point of Chunka's is different. It's about being willing to make an investment and stick with it -- barring those clear signs of failure -- even if your bet is a long shot.

Chunka explains: "Take a lesson from the concept of pot odds in poker. The notion is that you don’t just figure out whether you have a better-than-even chance of winning a pot. You calculate what it will cost you, now and possibly after future cards, to compete for a pot. You compare that number with the size of the pot, then compare that ratio to what you think your odds of winning are. If you have to bet $1,000 to have a shot at a $10,000 pot, even a 20% chance of success might justify the risk. In other words, evaluate the size of the additional investment against the size of the potential market as you evaluate whether to renew" an innovation effort.

7. Don’t get too invested in an idea.

This is one of the hardest issues to sort out. When do you fish, and when do you cut bait? 

The best way we've come up with is to set the rules ahead of time. Otherwise, proponents and opponents of an idea will arguing about the rules and complicating the discussion while you're trying to make an important decision. 

As Chunka puts it, "Set up regular reviews, agreed to ahead of time, [to decide] whether to continue funding. The analysis has to be done afresh each time, so you don’t get carried away by the amount of money already invested. The question has to be: How much additional money will we need to invest, and might the bet be worthwhile? When a bet no longer looks good, set it aside, regardless of how much financial and emotional capital has been poured in."

******

Innovation is tricky, but you can at least increase your chances of success if you absorb the mistakes that others have made before you. 

Cheers,

Paul

In 2023, four massive floods in the U.S. caused more than $1 billion in damage each. From California to Florida to the Northeast and East Coast, they struck in different seasons and geographies but were united by a common thread: Their intensity defied the expectations of many experts. 

In addition to these billion-dollar catastrophes, the U.S. endured numerous smaller but still destructive floods. Whether the source was surging high tides in coastal communities or relentless atmospheric rivers that overwhelmed storm drains, the floods destroyed homes, disrupted businesses and endangered lives.

The U.S. isn't alone. Globally, flooding affects more people than any other natural peril. While floods have traditionally been considered secondary perils – the kind that happen relatively frequently but generate modest losses – climate change is super-charging their impact by making them larger, less predictable and costlier, more like primary perils such as Atlantic hurricanes or typhoons. 

A major challenge in understanding and preparing for evolving flood threats has been that maps used to assess and quantify flood risk often haven't kept pace with a changing climate. One government assessment concluded that U.S. flood hazard maps, for decades a key resource for communities to set building standards or determine flood insurance premiums for vulnerable properties, "didn't reflect the best available climate science." 

See also: AI, Aerial Imagery Can Help Spot Flood Risks

Hazard intensification

As one of the world's largest reinsurers, Swiss Re has long tracked natural catastrophe loss trends, including from floods. While urbanization, population growth and accumulation of assets in exposed regions have historically been main drivers of insured losses, our experts have determined that changing climate will become an increasingly important factor in rising future losses.

And with climate change contributing to intensifying hazards like extreme rainfall or powerful ocean storm surges that harbor potential to cause bigger floods, access to powerful tools to understand these evolving risks is growing more urgent. Simply put, we must get better at predicting what's to come, especially when a warming planet makes the past a less-reliable guide to future threats.

Fortunately, powerful tools are becoming available. For instance, this month, Swiss Re Reinsurance Solutions, our division focused on delivering data-driven risk insights to clients, achieved a milestone when we integrated independently validated, high-resolution U.S. flood maps into CatNet. This is our risk assessment tool that insurers and companies may rely on to analyze exposures to natural catastrophe risks. 

These U.S. flood maps were developed by our subsidiary Fathom, the U.K.-based water intelligence company that Swiss Re acquired last year to supply clients with dynamic flood risk assessments. Founded in 2012 by scientists at the U.K.'s University of Bristol, Fathom's hydrologists, software engineers, modelers and geographic information system (GIS) developers have created the most accurate digital terrain model of the U.S., with a resolution of 10 meters per pixel.  

See also: Property Underwriting for Extreme Weather

One platform, multiple risk models

Reinforcing modeling resources with maps supports insurers and companies to create more sophisticated climate-driven flood risk scenarios, instead of relying on historical data alone. Multiple flood-risk models on a single platform allows simultaneous comparisons, enabling more comprehensive risk assessments.

Beyond visualising flood risks more accurately, insurers can integrate data into their underwriting models to assess and price risk more confidently. Thus equipped, they can pinpoint and address exposures to vulnerable regions, adjust terms and conditions and exclusions to reflect evolving risks and even identify new, promising geographical areas to pursue growth.

Similarly, U.S. flood maps can help companies determine where their biggest risks will emerge, informing adaptation strategies aimed at avoiding losses today and tomorrow. Communities can leverage mapping technology to better understand how and where to grow, to protect citizens and economies. Fathom already provides flood data via the World Bank to help 16 climate-vulnerable countries future-proof themselves against disaster.

The U.S. suffers the largest absolute annual economic losses from natural catastrophes of any nation. With climate change, it faces increased exposure to rising weather-related losses, including from floods like those in 2023. This January, for instance, San Diego County, California, became the latest place to be declared a federal disaster area after rainfall eclipsed records, damaged hundreds of homes and washed cars away. 

While residents described being taken off guard by what some called a 1,000-year storm, climate change actually means such events can no longer be considered anomalies. To prepare and adapt for this new reality, flood maps that keep pace with the forces of a warming world are an essential tool.  

Discover strategic game-changing insights in the latest publication from insured.io, "Revolutionizing Customer Engagement: The Impact of Omnichannel Experiences in the Insurance Industry":

• Uncover the 25% increase in renewal rates for users of multiple service channels
• Learn actionable strategies such as SMS alerts and IVR services
• Dive into real-time engagement solutions that foster customer loyalty
• Gain comprehensive insights based on a study of 250,000 P&C consumers
• Elevate your insurance business with data-driven and practical approaches

Download now and revolutionize your customer experience!

Sponsored by: ITL Partner: insured.io

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has a list of bad cyber practices, all of which are common among insurance agencies:

1. Use of unsupported or end-of-life software
2. Use of known, fixed or default passwords and credentials
3. Use of single-factor authentication for remote or administrative access to networked systems

Carriers and agencies cite competing priorities, expense and problems with operational interruptions as reasons for not implementing crucial cybersecurity measures. These objections can be short-sighted in view of the high severity of a breach. 

IBM’s “Cost of a Data Breach Report: 2023” says, “Organizations with fewer than 500 employees reported that the average impact of a data breach increased from $2.9 million to $3.3 million,” a 13% increase from 2022. Organizations of more than 25,000 employees saw a 2.5% decrease in average losses from a data breach, to $5.4 million in 2023, the report states. Still, the financial hits for large companies are painful, with regulatory and reputational consequences, as well.

The risk of system shutdown from ransomware attacks and the potential costs of liability for the dissemination of proprietary information far outweigh the expense of protection. Happily, there are steps carriers and agencies can take that are comparatively inexpensive that will also improve efficiency in transactions.

Unsupported software

An average agency does business with 10 to 12 carriers, and a large agency could have as many as 30 carrier partners. It is very likely that each carrier has a different update cycle for its software. A breach to the weakest link, maybe because a security patch was not applied, could affect all the other carriers an agency is doing business with. 

Each carrier will say it has a robust authentication process. However, do all the carriers the agency connects to have an equally strong process? A common and secure method to authenticate system access can reduce the breach risk for all participants.

See also: Risks, Trends, Challenges for Cyber Insurance

Use of known, fixed or default passwords and credentials

It is difficult to remember even one complex password. How many 15-character passwords with uppercase, lowercase, numeric and symbols requirements can you remember? It’s not surprising that agency representatives use the same password across multiple carriers to increase efficiency. It makes sense if convenience is the primary concern. 

Independent agents may log in to each carrier multiple times in a day. This requires switching between authentication credentials – ID, password, multifactor authentication (MFA) – with each access request. As CISA indicates, using a fixed or default credential across accounts increases the breach risk. Once one carrier is compromised, use of a common password also puts the other agency carrier partners at risk.

Even worse, in some agencies, there is a single, shared login for all users to simplify access. Use of this practice means a cybercriminal has to gain the credentials of only one user for all account data to be compromised, and potentially open a gateway to carrier systems.

To solve the cybersecurity issue and improve efficiency, carriers, technology partners and agents must work together. MFA will help the entire independent agent channel be more secure. For example, our SignOn Once makes it operationally easy to enable the agency management system to be a single authentication point. The agency management system generates a unique token for a user at login, and that acts like a key to unlock entry into carrier agent portals. It isn’t shared, and it changes every day. Cost for carriers is about $1 for each of their agencies for the year. 

Use of single-factor authentication

Multifactor authentication – where login with an ID and password is verified by input of a secondary piece of information – is becoming an industry standard. This additional information can be a code or clicking on a link delivered to a secondary device, such as a cell phone. With the rise in cyberattacks, both regulators and cyber insurers are advocating for or, in some instances, mandating its use. MFA prevents a bad actor from entering a system with just a stolen ID and password. It’s an incredibly important deterrent to cybercrime.

Crowdstrike says that “80% of all breaches use compromised identities.” Because totally preventing access to user IDs – and even associated passwords – may be impossible, especially with the burgeoning abilities of artificial intelligence, having that second layer of protection provided by MFA is essential.

See also: How to Combat the Surge in Ransomware

Carriers can lead the way on cybersecurity

With the increasing threat of cybercriminals, taking the simple step to protect access to systems at the agency level would seem to be a no-brainer. Moreover, the impending threat of AI-generated audio and email fakes that replicate the voice or tone of a trusted source suggests hackers may gain even greater access to login credentials. Affordable cybersecurity measures are needed ASAP.

Carriers can, and should, take the lead by working together to protect all industry stakeholders. Security is not an area for carriers to compete. Ask your carrier partners to invest $1 in your agency each year to strengthen your security posture and increase operational efficiency.

In the digital world, where risk postures and behaviors are changing and new risks are emerging, actuaries need to function as business strategists, looking beyond historical data and increasing agility in rate filings.

Disparate data stores and lack of granularity across the enterprise, coupled with legacy systems, have forced actuaries to spend significant effort on data processing. This affects their work in core activities, such as 

• Reserving Studies
• Rate Filing
• Risk Analysis
• Profitability Studies

Also, traditional generalized linear models (GLMs) may not be able to handle very large or high-dimensional data sets and unstructured data (telematics, sensors, images, etc.), limiting their accuracy or effectiveness to capture behavioral changes, forecast claim cost trends and revise their assumptions. Heavy reliance on spreadsheets for rating and lack of governance and traceability pose delays in filing rates and responding to audit inquiries. 

Generative AI as a companion for actuaries

The advancements in AI can be leveraged to alleviate the burden on actuaries and serve as a companion to improve their productivity and agility. Below are some applications where Gen AI can assist actuaries in streamlining workflows and enhancing capabilities:

• Data Processing for Experience Analysis: A significant amount of time is spent in cleansing and preparing data for analysis. AI can be leveraged to automate tasks such as pattern recognition, data correlation, outliers, transforming data into formats suitable for modeling (model input file generation, etc.) 
• Data Enrichment: Based on pattern recognition and data correlation, a synthetic data generator can be leveraged to fill in the missing values in applicable scenarios, such as claims processing. Experience analysis can be enriched with additional socioeconomic, health or financial data, allowing the insurer to build up a more granular understanding of policyholders and factors that lead to differences in experiences across various cohorts.
• Code Conversion for Models: As part of actuarial transformation and tech debt reduction, organizations are increasingly migrating their code base from legacy technologies to R and Python, etc. Gen AI can analyze existing code, capture the tacit knowledge or business logic and create baseline code that serves as a jumpstart for modernization.
• Model Documentation: From a model governance standpoint, documentation plays a critical role to enable transparency and maintainability, but documenting complex actuarial models is time-consuming. In this context, Gen AI can analyze the model code and automatically create baseline technical documentation in natural language based on format, structure, etc. provided as input as part of prompt engineering. Quality can be enhanced by integrating prompting language and a retrieval augmented generation (RAG) process.
• Scenario Analysis: Scenario analysis is critical for assessing the risk exposure and defining mitigation strategies. In this context, digital twin (an AI-driven, multi-model, simulation-aided platform) can be leveraged to construct hypotheses, run various “what-if” simulations and determine the impact to the portfolio. The explainability component of digital twins enables actuaries to make informed decisions.
• Operational Efficiency: As part of the monthly or quarterly close, operations often face challenges manually traversing through various linked spreadsheets to identify and prepare inputs or references for the model run. An AI model can be used to analyze and document the upstream and downstream links relevant to a specific spreadsheet, process or output report. 

These applications help to automate repetitive tasks, improve accuracy and increase efficiency and enable actuaries to focus on the core, as a business strategist.

See also: Balancing AI and the Future of Insurance

Human + AI Partnership

To realize the true value of human/AI partnership, governance and guardrails are the foundation, and Gen AI needs to be leveraged responsibly and aligned to ethical standards and regulations. As part of its evolution, Gen AI will play an assist and augment role, and actuaries (human) will still be responsible for defining model parameters, interpreting results, driving strategies and ensuring twin objectives are met. Re-imagined actuaries in collaboration with data scientists will drive innovation in continuous underwriting, loss reserving, product innovation, sustainable investments, personalized pricing and profitability, transforming the insurer.

Current pricing trends in the directors’ and officers’ insurance market could yield premiums that prove inadequate to cover potential claims, owing to growing risks for which senior corporate directors and officers are held responsible.

After a decade of woefully inadequate rates in the U.S. D&O insurance segment that led to consistently unprofitable underwriting results, aggressive pricing increases in 2020 and 2021 finally made inroads for D&O insurers and led to much-needed market stabilization. These pricing increases also attracted capital to the market from strong underwriters with new, creative approaches to public D&O underwriting. 

However, beginning in the second quarter of 2022, D&O premiums began to decline materially in most sectors, as did retentions, resulting in much more favorable pricing for insureds. (Insured retentions tend to decline as markets grow softer, as clients can shop around for coverage.) Direct premiums written declined by nearly 10% in 2022, due largely to the economic environment that made M&A and IPOs less attractive. Less M&A and IPO activity diminishes demand for public D&O coverage.

D&O pricing in 2023 continued the momentum from the prior year, and renewal pricing was essentially flat, on average, by the end of the year. This has offered a reprieve for risk managers and brokers, but with pricing changes sinking below economic inflation, fear began to rise that the pendulum may be swinging back to rate inadequacy. 

See also: The 'B' Word: Bankruptcy and D&O

Third-quarter 2023 results show an uncertain picture for the D&O line going forward. Premiums declined for a sixth straight quarter on demand shifts and pricing changes; AM Best’s estimate for 2023 is $12 billion, which would constitute an 11% drop from the previous year. The number of IPOs declined again, to 72 in 2023, the lowest since 2009 during The Great Recession. With results leveling out and demand for transactional liability coverage declining, average pricing on D&O accounts has since fallen dramatically.

At the same time, the direct calendar year loss ratio for the line has also fallen, reflecting the realized benefit of the substantial up-pricing of renewals and new business from 2020 through early 2022. The direct loss ratio of 51.5 through third-quarter 2023 is on track to be the lowest in nine years, improving the industry’s underwriting performance. If results continue to be favorable and prior accident-year reserve development does not trend adversely, additional capacity may flow into the D&O market. That loss ratio does not factor in the potential impact that adverse loss reserve development could have on the net, bottom-line results for D&O insurers. With more lawsuits being settled or adjudicated as courts fully open following pandemic-driven closures and delays, the true profitability of policies underwritten is still maturing -- prior accident years 2017-2020 remain unknown.

AM Best is assigning a negative outlook to the D&O liability insurance market segment for 2024. Prior to this year, the D&O market outlook was captured under the professional liability catch-all, even as D&O represented the dominant line. That outlook was revised in 2020 to negative, so the new outlook on the D&O segment for 2024 is not a deviation from the previous few years.

An increase in players in the D&O market is a factor in the outlook, as the influx brings additional capacity and declined pricing amid growing exposures. Also included in the negative D&O outlook are expanded liability risks, as the business environment has become increasingly more complex and connected. Cyber and data breaches are becoming ever more pervasive in all different business sectors, particularly for businesses that rely on personal data. At the same time, new data protection laws and related disclosure requirements have added to the minefield senior executives must navigate to protect against potential litigation. The rise of generative artificial intelligence (AI) opens a whole new avenue for the plaintiffs’ bar, as well. Depending on how companies integrate AI into their decision-making process, corporate directors and officers could be accused of algorithmic biases in risk selection or underwriting decisions.

Inflation over the past 18 months, as well as interest rate increases to fight inflation and market volatility, have created negative pressure for stock prices and funding for privately held companies, which could result in shareholder and derivative actions. The bank failures of last year also have led to intense scrutiny of banks’ executive leadership and boards of directors. 

The rising cost of litigation owing to societal trends, such as broad interpretations of liability contracts, legal advertising and more plaintiff-friendly juries continues to drive increases in loss frequency and severity, and large, public-facing companies are particularly vulnerable. Litigation financing has been used for a range of lawsuits, including complex multidistrict and class-action litigation, in which D&O liability cases can specifically come into play. Third-party funders provide financial help in exchange for an interest in any recovery, and the financing can be offered to law firms that are unwilling or unable to fund a potentially protracted case or to help underfunded claimants directly. For D&O insurers, litigation funding pressures claims costs by driving up the magnitude of awards and settlements.

See also: Insuring Risks Amid AI's Constant Evolution

As the costs of litigation continue to rise, companies are becoming more likely to explore settlement opportunities even when the facts may be on their side. According to Woodruff Sawyer, settlement dollars during the first half of 2023 were up slightly more than 29% year over year, with settlements over $20 million up about 33% from the same period in 2022. These trends are apparent in underwriting results near year-end 2023.

If interest rates remain high and inflation persists, access to credit markets will become increasingly difficult, as companies struggle to balance the need for profits with prudent debt management. D&O insurers will need to better assess and adequately price for the ever-changing risk exposures while effectively focusing on evolving regulatory requirements.

Credit card fraud would seem to be a frequent, lucrative method of monetary gain for cybercriminals. While this was the case for many years, activities over more recent years have shown otherwise. The number show that cybercriminals were losing interest in selling and buying stolen credit card information. But lately, the global underground market for compromised cards seems to be on the upswing again, climbing steadily from the end of 2023 and continuing this year.

It's both surprising and sadly predictable -- a reminder that there's rarely a "done and over with" in cybersecurity battles.

See also: Cyber's Evolving Threat Landscape

Understanding the world of stolen credit cards

At Cybersixgill, we collect millions of pieces of data from the deep, dark and clear webs each day to better understand the actions of digital fraudsters who are continually seeking ways to enrich themselves, so we can help businesses protect themselves.

In 2019, more than 140 million compromised credit cards were listed for sale on underground markets. The number then plummeted each year, and by 2022, the total number of compromised cards dropped to 9.1 million. The price of cards dropped, as well.

In September 2022, we analyzed why the number of cards declined and attributed it to a fall in both supply and demand. On the supply side, it became more difficult and less attractive to compromise cards. For those on the demand side, security measures were making it harder to use a card in fraudulent ways. Our conclusion was that those who looked to profit from cybercrime pursued other methods, such as ransomware.

A change of course in late 2023

Through the first 10 months of 2023, average sales of compromised cards were about the same as in 2022. But beginning in November, sales shot up dramatically -- so much so that overall annual sales jumped 25% from 9.1 million in 2022 to more than 12 million in 2023.

These trends continued into January and February 2024, setting the number of compromised credit cards sold on pace to exceed 34 million this year, representing a major reversal after years of decline.

Seeing this data, we had to dig deeper and figure out what was going on.

What's the reason?

Our research shows that a particular dark web market -- one that had been dormant for a while -- recently re-opened. The re-emergence of this market has shifted the entire landscape of compromised credit cards; since mid-November 2023, it has listed more cards than any other market. In fact, it has accounted for about 65% of ALL compromised cards for sale and is solely responsible for the overall rise in cards.

See also: Cyber Insurance at Inflection Point

Why is this market bucking such a significant trend?

First, we posited that the universalization of EMV chips and better e-commerce site security made it more difficult to compromise cards compared with the heyday of Magecart attacks of 2018. (If you're not familiar, Magecart is a collective of cybercriminal groups that inject digital credit card skimmers on e-commerce and payment websites. These groups have been active since 2015 and gained momentum in 2018 with successful breaches of well-known brands such as British Airways and Ticketmaster.) It could be, however, that the operators of this renewed market discovered a new attack technique or carried out a major breach, enabling them to accrue a massive supply of cards.

Second, we considered that threat actors had far better opportunities to make money, specifically with ransomware and crypto-exchange hacking. However, things have changed over the last few years. With so much effort on the part of organizations and governments to fight ransomware, only the most sophisticated groups can carry out successful attacks. And crypto-exchange hacking appears to have declined significantly, as well.

Therefore, it could be that the operators of this market determined that carding was indeed their most lucrative and least risky option, and they reincarnated their old operation.

Now what?

It remains to be seen if recent activity in this fraudulent card market is an anomaly or if it represents a new trend. Will it be able to sustain the number of cards? Will other markets increase their supplies? Will new markets emerge?

Fortunately for consumers and issuers, the Payment Card Industry Data Security Standard (PCI DSS) is undergoing changes that promise to make credit card payments safer than they were previously. These broad changes, which represent the first major update since 2016, begin this month and go into full effect a year later.

Governmental action also plays an important role: Banks are under increasing regulatory pressure to minimize credit card fraud. Additionally, law enforcement may choose to pursue markets for stolen credit cards more aggressively, as they do with ransomware.

Consumers need to be wary of suspicious activity and check their accounts regularly to spot any charges they don't recognize. They should use a card with an EMV chip to prevent skimming attacks and be highly cautious so as not to fall for phishing email schemes.

In our increasingly interdependent digital world, cybercriminals are permanent residents, not temporary visitors. We need to acknowledge their presence and stay diligent.

Adopting new technology creates a lot of anxiety for insurance organizations. Cost concerns and the potential risks around service interruption often keep them in a holding pattern where they remain dependent on outmoded systems that lack the features and scalability they need to move forward. However, many insurance leaders have reached an inflection point.

Think about how quickly your customers’ digital experience expectations have skyrocketed in the last five years. The pandemic and “work from anywhere” lifestyle have forced many insurance organizations to take an unflinching look at all of their technology investments. The question becomes: Are these investments helping your business to grow and scale?

Recently, we surveyed hundreds of insurance CEOs, CTOs, CIOs, CFOs and COOs about the current state of insurance technology. We learned that, too often, their technology systems are not helping them meet their growth goals or delivering high-quality data to help them make decisions. We also learned that they are fully aware of the shortcomings of their current technology systems and are planning to make significant changes. 

Consider this: 76% of insurance organizations with over 5,000 employees juggle an average of six to 10 technology systems. More often than not, these are legacy systems with an average duration of use of four years. When it comes to insurance-specific agency and broker management platforms and policy administration systems, 41% of respondents admit to keeping the same system for five to 15 years. In short, their current investments are aging out.

As these insurance leaders go through their due diligence and issue RFPs in search of new, purpose-built software platforms, there are a few key things to remember. 

See also: How to Transform Your Core Platforms

The seven most important attributes of an insurance management platform are:

1. Scalability: Growth is the name of the game, and the right software platform should be able to manage an insurance organization’s growth at scale. That means the power to accommodate a growing number of users, agents, partners and policy transactions and increasing amounts of customer data without significant reengineering efforts. Further, the software platform of choice must have the ability to understand and streamline insurance workflows across the organization. Scalability also means being able to incorporate acquisitions, including the addition of a different operating model than the acquirer. 

2. Configuration and Flexibility: The insurance industry is too complex and varied for a one-size-fits-all approach to software platforms. This is where the platform-based approach can bring tremendous value, with configurable features and modules that can meet a specific insurance business need. This flexibility enables businesses to create unique solutions without starting from scratch.

3. Interoperability and Ecosystem Building: With the growing popularity of insurance ecosystems, software platforms must be built for today’s technology partnerships. For example, platforms with open API architecture have the power to support integration with other software systems and services, enabling seamless data exchange and interoperability. This interoperability reduces data silos and enhances collaboration within and between organizations.

4. Cost-effectiveness: Leveraging a software platform can be more cost-effective than developing a custom solution from scratch or combining multiple point solutions that aren’t built for the insurance sector. It’s also less risky given the likelihood of failures of in-house software builds. Platforms often offer subscription-based pricing models or pay-as-you-go options, reducing upfront costs and providing predictable expenses.

5. Support for “Work from Anywhere:” Cloud-based insurance management platforms are accessible from anywhere with an internet connection. This accessibility expands the reach of applications and services, catering to a broader audience and enhancing user engagement. It also helps to support remote work for agents and brokers.

6. Data Insights and Real-Time Analytics: This is probably the most vital feature of an insurance software platform, solving a major challenge for insurance organizations. Our research shows that data quality issues are the number-one concern (41%) of insurance leaders regarding their current technology. The built-in analytics and reporting capabilities of platforms provide valuable insights into user behavior, trends and performance metrics. These insights empower businesses to make data-driven decisions and optimize their operations.

7. Security and Compliance: Many platforms invest heavily in security measures and compliance certifications, such as GDPR or SOC 2, to ensure data protection and meet regulatory requirements. This commitment to security and compliance instills trust and confidence among users and stakeholders. Compliance with regulatory requirements is another critical aspect of the insurance industry. Software platforms can help ensure compliance by incorporating features such as automated reporting, audit trails and adherence to industry standards and regulations.

See also: 5 Must-Haves in Agency Management Systems

Overall, software platforms offer a range of benefits that align with the evolving needs of insurance businesses in today's digital landscape. Some software platforms allow insurance companies to automate certain processes, from underwriting and policy management to claims processing and customer service. This automation reduces manual effort, eliminates the need to re-key information, speeds up processes and minimizes errors. All of this leads to improved operational efficiency and a better customer experience.

For example, Atlantic Global Risk, a forward-thinking specialty insurance broker that specializes in crafting complex insurance solutions for legal, tax and credit risks, recently invested in a software platform that replaced three separate technology tools. Before making this technology upgrade, Atlantic Global Risk was juggling multiple applications for different operational needs, including a CRM for sales leads, an enterprise cloud platform for managing associates, policies and documentation and an agency management application for invoices and customer records. The challenge was that these applications were not specifically designed for the insurance industry, leading to inefficiencies and data fragmentation across departments. The company was able to streamline workflows, eliminate data silos caused by having so many different applications that could not talk to each other and empower its staff with access to a single source of information across the company.

With industry-specific software platforms, insurance companies can offer digital self-service options to their customers, such as online policy purchasing, claims submission and account management through a customer portal. This improves the overall customer experience by providing convenience and accessibility.

Insurance organizations are turning to software platforms to stay competitive in a rapidly evolving industry, improve operational efficiency, empower their employees, enhance customer experience and drive innovation.

When two earthquakes made front page news in the past week, the one near New York City seemed to get more attention because, well, New York City.... But the earthquake that hit Taiwan is far more important, not just because of the billions of dollars of damage it caused but because of what it didn't cause. 

The 7.4 earthquake (on the Richter scale) in Taiwan unleashed some 8,000 times as much energy as the 4.8 earthquake that shook the New York City area, yet the death toll was only 13 people, and only one of those was killed in a building collapse. The rest were killed by landslides and boulders. 

How was Taiwan so well prepared that a massive quake killed only 13 people, 25 years after a similar quake there killed almost 2,500? Therein lies a tale – and an endorsement for the Predict & Prevent model for insurers and their clients.

The short answer about why Taiwan withstood the earthquake so well includes luck. The earthquake occurred just off the coast of a sparsely populated, mountainous area that absorbed much of the force before it reached Hualien County and its population of about 320,000. 

But Taiwan has also been bracing itself, literally, for a quake like this for 50 years.  Taiwan has been incorporating earthquake resistance into building codes since 1974 and has been continually strengthening requirements based on lessons learned from quakes around the world. 

Taiwan has enforced the codes, too. After the Chi-Chi quake in 1999 killed almost 2,500 people, inspections found that many developers and builders had taken shortcuts or used cheaper materials to save on costs. Many were thrown in prison, as well as fined heavily. 

Thousands of buildings were reinforced, including more than 10,000 schools. When a strong quake hit Hualien in 2018, building regulations were tightened further. 

The New York Times reported: "The government had also helped reinforce private apartment buildings over the past six years by adding new steel braces and increasing column and beam sizes.... Not far from the buildings that partially collapsed in Hualien, some of the older buildings that had been retrofitted in this way survived."

The Guardian wrote that, "with more than 4 million homes in buildings that are at least 30 years old [in Taiwan], according to official statistics, the government has also introduced subsidies for local authorities to inspect and upgrade any buildings that do not meet modern safety standards." 

The BBC described the effects of Taiwan's preparations as stunning: 

"Just over a year ago, we saw earthquakes of about the same magnitudes striking Turkey and Syria, causing the deaths of more than 50,000 people. These countries, of course, had far fewer resources. But when a much smaller 6.7 magnitude quake hit the city of Christchurch in New Zealand in 2011, almost the entire city center was flattened."

By contrast, in Taiwan, "A hundred meters beyond the police cordon, the streets of Hualien look entirely normal. Shops and cafés are open, traffic is flowing. Drive through the city, and if you didn't know a big quake had struck days ago, you wouldn't guess it." (The police cordon the author mentions is around the Uranus Building, a 10-story office building that was knocked to a precarious angle and whose image became the dominant one from the quake.)

The Times offered a similar description: 

"It was possible to walk for city blocks without seeing clear signs of the powerful earthquake. Many buildings remained intact, some of them old and weather-worn; others modern, multistory concrete-and-glass structures. Shops were open, selling coffee, ice cream and betel nuts. Next to the Uranus Building, a popular night market with food stalls offering fried seafood, dumplings and sweets was up and running by Thursday evening," the day after the quake.

Most importantly from an economic standpoint, operations at TSMC, the world's most advanced semiconductor manufacturer, only needed to suspend operations briefly and reported minimal damage. The precision of its work is mind-boggling. The lines being etched into the surface of the chips and the lines of metal being deposited on them are as thin as 13.5 nanometers—a nanometer being a billionth of a meter, or about 100,000th the thickness of a sheet of paper. So to not have much of anything knocked out of whack suggests extraordinary precautions—and great benefit to the world economy, given the roles that TSMC chips play in just about everything . (I wouldn't be surprised to hear of the loss of some work in progress, because the making of a chip requires hundreds of steps and perhaps 11 layers of metal, but TSMC has yet to report any lost production.)

Taiwan's extraordinary preparations won't be easy to duplicate elsewhere. Taiwan sits on a series of faults, and everyone knows it, so there isn't any need to convince people of the peril, in the way that there can be with potential natural disasters in other parts of the world. Even if you know you're facing an active hurricane season in the Southeastern U.S. – and forecasts keep getting worse -- there is an awful lot of territory that could be threatened, so you may not need feel the need to make extraordinary preparations. Besides, threats such as wildfires and convective storms may migrate from year to year, rather than staying constant, like the earthquake threat in Taiwan.

In addition, Taiwanese are conditioned to be alert to threats, not just because of earthquakes but because of the possibility of military action, even invasion, by China that has hung over the island nation for decades and has been intensifying in recent years. So Taiwanese respond when they get a phone alert about an earthquake, based on the nation's sophisticated early warning system, in a way that Americans getting an evacuation order in advance of a hurricane may not. Those earthquake warnings may be only seconds ahead of the shaking, but they can still give lots of people a chance to find at least a bit of shelter. 

Still, the Taiwanese earthquake shows the power of the Predict & Prevent model for insurers – spotting risks ahead of time, warning people about them and working with people to prevent losses, rather than taking the traditional approach of primarily focusing on paying claims after the loss occurs. 

And there are steps we can take, even if it'll be hard to match Taiwan's performance any time soon. 

"The Fortified program that's done in conjunction with Alabama and the University of Alabama's Risk Center is an ideal example of what communities can do." Sean Kevelighan, CEO of the Triple-I, said in a conversation we had late last year. "Fortified is a certified home building process developed by the Insurance Institute for Business and Home Safety, and it helps us withstand the likes of hurricane-strength winds or other natural catastrophes. And Alabama has embraced this. I think they are a unique example in the Gulf Coast community. Neighboring states arguably have many more issues because they haven’t focused as much on resilience.

"The program has been featured in your alma mater, the Wall Street Journal, as something that is working. We're hoping [for] more of these types of community-based projects."

If we don't figure out some way to prevent some of these massive losses that natural catastrophes are causing, the prospects for profitability are, at best, clouded and, at worst, bleak.

Pete Miller, CEO of The Institutes (ITL's parent), wrote recently:

"Last year, U.S. P/C insurers incurred a $21.2 billion net underwriting loss, only slightly improved from a $24.9 billion underwriting loss recorded in 2022. Roughly $65 billion in natural catastrophe losses hit P/C insurers last year. The August 2023 Maui wildfires alone contributed an estimated $4-$6 billion in damages.

"As the severity and frequency of losses continues to increase exponentially, so does the cost to repair damages after a loss occurs. This is making insurance’s traditional approach of detecting and then repairing after a loss no longer economically viable."

With that sort of outlook, I'm hoping we can learn to be more like Taiwan -- with lots of the recent luck and as few as possible of the natural disasters.

Cheers,

Paul

P.S. I encourage you to consider submitting an application to be considered for a Global Innovation Award, which ITL is handing out together with the International Insurance Society again this year. We are recognizing the Insurer of the Year in Property and Casualty, the Insurer of the Year in Life, Health and Retirement and the Insurtech of the Year in Predict & Prevent. The awards will be handed out at the IIS's Global Insurance Forum, being held in Miami this year in November. 

For more information on the awards and on last year's winners (AIA, PAK Insurance Programs and Swiss Re), click here. You can apply for this year's awards here. Note that the deadline is April 17, so it's coming up fast. 

We had a great representation of innovators last year, the first year we gave out the awards, and are hoping to hear from even more of you this year, as we try to encourage and recognize the impressive innovation happening within insurance and risk management. 

There is no great mystery about what determines insurance premiums – it all comes down to market conditions and risk profiles. However, many policy applicants have a huge misconception that can inadvertently increase their rates.

The role of an insurance agent is akin to that of a matchmaker – the goal is to connect businesses with suitable policies that address their specific needs. To make a successful match, insurance agents and underwriters require information. Generally speaking, the more information, the better. 

Many business owners, however, think it is somehow beneficial for them to “hide the ball” from insurers and obfuscate details of their business. 

This myth of secrecy is not only incorrect but incredibly damaging. When there is a dearth of information about a potential client, underwriters are forced to fill in the blanks as best they can. Underwriters are not an optimistic bunch. When confronted with limited information, they will not assume the best. Instead, they will make conservative assumptions that will likely result in higher premiums than would have been the case if a more transparent approach was taken.

See also: The Need for Transparency in Underwriting

While insurance agents are typically the face that clients see the most, underwriters are working behind the scenes to:

• Build Risk Profiles: Underwriters scrutinize various aspects of a business, including its industry, operations, financial stability and claims history. Then they assess the likelihood of future losses based on these factors.
• Understand the Client's Risk Management Practices: Underwriters appreciate companies with robust risk management protocols, as they are less likely to incur significant losses. These practices include safety measures, loss control strategies and disaster preparedness.
• Customize Coverage: Underwriters initially work with generalized risk profiles, but the real magic happens when they gain specific insights into a business. The more details they have, the better they can tailor coverage. Imagine a custom-made suit versus an off-the-rack option—the former fits perfectly.
• Tell a Story: Underwriters and insurance companies want to know the story of their clients. When potential clients volunteer information and give generous insights into their goals, strategies and relevant data, they make the job of an underwriter much easier. 

How to Bridge the Knowledge Gap

All this is to say that when insurance companies know more about applicants and have a high degree of confidence about the levels of risk at play, they will offer more competitive rates, terms and coverage. Businesses applying for coverage can do themselves a huge favor by abandoning the myth of secrecy and helping their agent or broker to bridge the knowledge gap and provide information for underwriters to use in their calculations.

The more specific information about a business and its risk management practices that the underwriter knows, the more accurate the risk profile becomes. A good risk profile makes an applicant more desirable in the insurance marketplace. Businesses with solid risk management and loss control practices will be offered much better policies than those with generalized average risk profiles or incomplete information. This means that when an underwriter has a question about some aspect of your business and that unknown isn’t addressed, they will be likely to assume that a hidden risk is present, and policy offerings will be priced accordingly.

Examples of key steps a business can take to create a solid risk management strategy that will appeal to insurers and their underwriters include: 

1. Build a company-wide culture based on safety
2. Manage claims efficiently to keep costs down
3. Pinpoint exposures and cost drivers
4. Identify the best loss control solutions to address risks specific to the business
5. Create a business continuity plan to account for disasters and other unpredictable risks

These five items help you control your claims history, which plays a huge role in determining insurance costs. Businesses that take risk management seriously will stand out in the insurance market and become better, safer and more effective.

See also: What Makes Insurance Invoicing Different

Ditch the Secrecy, Get a Better Policy

If information is hidden and a claim occurs, that information will likely come out, whether the insured party likes it or not. This undesirable scenario could be grounds for rejecting the claim or for non-renewal when the policy term ends. The business could need to pay the cost to address the claim out-of-pocket and will likely face higher rates when shopping around for a new policy.

Today, applicants for insurance face the most unfavorable market conditions in decades. Everyone is experiencing increases, even those with a good loss history and no claims. The market reacts to industry trends, and increased claim expenses due to inflation and a recent uptick in third-party litigation are currently driving significant price increases. 

Despite this, insurance costs can still be somewhat controlled by having a strategic risk management plan and a transparent relationship with your insurance agent or broker. Their role can also extend beyond merely selling policies – in fact, they can act as a valuable resource for risk management advice and best practices.

Insurance premiums aren’t arbitrary numbers pulled from thin air. They reflect a careful analysis of risk. Applicants who take an active role in bridging the knowledge gap will almost always get a better outcome than those who buy into the myth of secrecy. Those who want a well-fitted insurance policy that protects their business effectively should embrace transparency, share relevant details and let underwriters work their magic.