Data privacy is a sprawling, multi-faceted, complex and controversial issue that means different things to different audiences but has serious implications for businesses and consumers alike. And the issue is sure to continue to grow in importance given the explosive adoption of data-driven technology and digitization, which will drive ever greater levels of information capture and use. Meanwhile, concerns about how personal data is captured, managed and exploited are intensifying, with the emergence of more data breaches, hacking, identity theft and ransomware crimes.

Our focus in this piece is fairly narrow – namely the unauthorized use of personal information in the auto insurance claim reporting, damage evaluation and collision repair process. While this is just a subset of the broader data privacy issue, the implications are quite serious and affect millions of consumers, insurers and their supply chain partners and present exposure to hundreds of supply chain participants. These events occur more than 20 million times a year across a multibillion-dollar ecosystem.

Data Privacy

Data privacy generally means the ability of a person to determine for themselves when, how and to what extent personal information about them is shared with or communicated to others. This personal information can be one's name, location, contact information or online or real-world behavior. This includes personally identifiable information (PII).

If you are uncertain about what types of data make up your PII and how this relates to the subject of data privacy, you are not alone. But as technology adoption and complexity is accelerating at hyper-speed, ever increasing amounts of personal data are being collected and exchanged. As technology applications become more invasive, so do the uses of the associated data, including yours.  

PII is any information connected to a specific individual that can be used to uncover that individual's identity, such as their Social Security number, license plate number, vehicle identification number (VIN), full name and physical or email address. In the context of this article, it includes details regarding an individual’s auto insurance claim, vehicle identification, damage description, accident and repair estimate.

See also: Risks, Trends, Challenges for Cyber Insurance

Personally Identifiable Information (PII)

Despite existing rules and regulations, and the general expectation of privacy by consumers involved in this process, some of the PII captured and transmitted digitally during a claim is being used commercially in ways not anticipated or approved by claimants or the businesses involved in such claims, primarily auto insurers and collision repairers.

The implications and the damage done by these unapproved uses of PII extend beyond just the violation of consumers’ rights to include potentially significant economic cost to the victims and legal, compliance and reputational damage exposure to auto insurers and collision repairers.  

PII in the Auto Insurance Claims and Repair Process

In simple terms, what is happening is that information concerning the damaged vehicle and its owner flows digitally through claims software used by insurance companies to record claim-specific information and populates third-party collision estimating software, which in turn is integrated into collision repair body shop management systems and is frequently shared with numerous other supply chain partners.

This PII is being captured, with and without the knowledge of consumers, by third-party vendors that repackage and sell it to information brokers, including vehicle history reporting services that use it to earn hundreds of millions of dollars from a wide variety of users. Among these, ironically, are auto insurers that purchase the data for auto insurance underwriting purposes and collision repairers that use the data to promote their services to competitors' customers both domestically and internationally. 

One significant use of the data is the creation of vehicle history reports, which are sold or provided to consumers and automotive dealers and which identify the prior claims and repair history of specific vehicles. The disclosures often reduce the value to the seller. It is not uncommon for the vehicle owner to blame their insurers for divulging the information, which they consider private and confidential. At a minimum, this dispute can create reputational damage for the carrier. It could also lead to legal exposure for damages. Of critical importance here is that the vehicle owner likely never gave their permission to any party for the release of this personal information and had the right to expect all involved parties would protect it.   

Privacy Laws: Federal and State Level

The U.S. does not currently have a national comprehensive privacy law, despite efforts to enact one. In 2022, the U.S. House considered the American Data Privacy and Protection Act (ADPPA), the first bipartisan and bicameral bill to protect consumer data collection and privacy across nearly all sectors. It has still not been passed.

As a result, U.S. states have had to act independently. The most comprehensive state privacy law is currently in place in California, where voters enacted PII regulations through Proposition 24, known as the California Privacy Rights Act (CPRA), in 2020 and which took effect Jan. 1, 2023. Many other states have followed California’s lead by enacting similar or slightly weaker versions of CPRA, including Colorado, Connecticut, Virginia, Utah and Texas. Legislation has been approved and is pending effective dates between 2024 and 2026 in Oregon, Montana, Delaware, Iowa, Tennessee and Indiana. Vermont, Oklahoma, Kentucky, New Hampshire and Hawaii are considering data privacy bills.

All these laws are slightly different, however (in defining thresholds, fines, cure periods, impact assessment, opt-outs, sensitive data and consumer rights), which can be very challenging for multi-state operators and consumers to navigate. 

See also: The True Cost of Big (Bad) Data

Call to Action

Several industry associations and organizations have and continue to call for solutions. In 2012, three industry groups issued their Joint Statement Regarding the Collection and Reporting of Repairer Business Data. These are: Society of Collision Repair Specialists, (SCRS), Alliance of Automotive Service Providers (AASP) and Automotive Services Association (ASA).  

The statement included this call to action: “This statement serves as a public request from the collision repair industry to Audatex, CCC, Mitchell and other technology firms who collect data. The industry seeks removal of contractual clauses within End User License Agreements which require permissive access to aggregate and collect end‐user data as a point‐of‐sale requirement to purchase those programs. Further, we believe that if a business is to permit their data to be mined, they should be entitled to access to an annual report specifically indicating where that data was used, and a list of parties that received reports utilizing data from the user’s system. We believe the ability for businesses to choose participation in the data collection process is a reasonable solution, and we look forward to your response.”

Today, the Collision Industry Conference (CIC) has a separate committee working on this problem to help collision repairers manage the pirating of customer information 

Implications, Risks (and Opportunities) to Auto Insurance Ecosystem Participants

Software solutions have come to market such as Secure Share from CCC Intelligent Solutions (CCCIS), which allows collision repairers to securely share estimate data with third-party applications. Last month, CCCIS introduced enhanced data security feature for collision repairers writing estimates on their estimating software, which redacts the last six digits of a VIN and certain PII. 

Also in January, DataTouch announced the launch of VINAnonymize, a technology that prevents collision repair estimate information from being used by VIN reporting services such as CARFAX and AutoCheck. In addition to VINAnonymize, DataTouch offers Data Analyzer and Data Auditor for use by collision repairers to secure PII and repair data to meet regulations and protect repair data from being sold. 

These early-stage solutions represent an encouraging start but still require broad industry adoption to make a real impact.      

For auto insurance carriers, these and other future data privacy regulations could represent an obligation to protect the private information of policyholders and ensure that their auto claims supply chain partners are adhering to all federal and state laws – no small certification compliance challenge. However, industry support and greater compliance would engender greater trust and loyalty from policyholders.  

For collision repair facilities, this recent growth in state privacy regulation highlights the need for end-user license agreements and data collection/use consumer disclosures sooner rather than later, if not already in place. As custodians of PII, collision repairers that take additional care to protect it can elevate their brand and reputation among auto owners. 

For information providers and other supply chain partners, while their exposure and risks relative to existing and emerging privacy laws may currently be opaque, what is crystal clear is that this is an opportunity to be on the right side of regulators, consumer advocacy groups and the ultimate customer of every company involved in the auto insurance and claim process – the policyholder.

For those information providers that traffic in the unauthorized use of PII, including claims data, to produce vehicle history reports, now would be a good time to develop an alternate business model, one that complies with the spirit, intent and requirements of this growing amount of data privacy regulation. Failure to do so could cost more than it is worth.

KEY TAKEAWAYS:

--In addition to reducing the building sector’s carbon footprint, mass timber brings significant cost and quality-control benefits, as well as reduced construction time.

--But there are hazards and challenges, including fire, natural catastrophes, water damage, manufacturing, supply chain and faulty workmanship issues, as well as termite infestation.

----------

The emergence of mass timber as a sustainable construction alternative represents a significant opportunity for the building sector to reduce its carbon footprint while satisfying a demand for a material that is more cost-efficient but as durable as steel and concrete. However, in any industry, deployment of new materials or processes can result in new risk scenarios, potential defects or unexpected safety consequences, as well as bringing benefits, and mass timber is no different. 

A new Allianz Commercial report, Mass Timber: Emerging Risk Trend Talk, examines the challenges and loss-prevention measures to consider that could help to mitigate the risks of mass timber as an increasingly popular construction material.

1. Fire

Mass timber is still wood, and fire is the primary hazard, with this risk needing to be considered through all the life stages of a building – design, construction and operation. Fire is already the most expensive cause of all construction/engineering insurance losses, accounting for more than a quarter (27%) of the value of 22,000 claims analyzed over a five-year period, according to Allianz. The risk of collapse during the cooling phase of a fire may be particularly critical for timber elements, while buildings with combustible elements are at the highest risk of fire during construction. Once a building is in operation, the risk of fire can increase depending on factors such as the type of occupancy, storage and interior fittings. Research and testing are being conducted to further develop a methodology for evaluating the performance of structural elements during the entire duration of a fire. This includes comprehensive studies of the heating and cooling phases, as both phases are crucial for evaluating the behavior of timber elements and ensuring optimal fire safety.

2. Natural hazards

Damage from natural catastrophes is already the second-most expensive cause of construction claims, Allianz analysis shows. Extreme wind forces, especially during tornadoes or hurricanes, can affect beams, columns and panels, posing a risk of widespread damage, while floods, including river floods, flash floods and storm surges, pose a significant risk to timber buildings. Timber buildings exposed to floods may require structural controls, drying and repairs, affecting expected operating losses.

See also: Building an Effective Risk Culture

3. Water damage

Similarly, water damage is already a major source of loss across the construction sector. Mass timber is highly vulnerable to water damage, including flood, water ingress and plumbing leaks. To mitigate water damage, mass timber elements can be manufactured with reduced moisture content and stored in controlled atmospheres. Water management and high-quality analysis are crucial for ensuring the durability of structures.

4. Manufacturing, transportation and supply chain issues

Mass timber construction has a unique supply chain and manufacturing process that differs from traditional concrete and steel framing. Factors such as the need to have specialized production facilities, as well as just-in-time delivery, means thorough logistical planning and management of building materials are essential to avoid costly project delays.

One significant disadvantage of the assembly line manufacturing process is the potential for a serial loss scenario. If a particular batch of mass timber elements has a defect, multiple elements in a structure or across project sites may be affected. Defective products are already the third-costliest cause of construction /engineering insurance claims, according to Allianz.

See also: Emerging Risks for Shipping Industry

5. Faulty workmanship issues and repair costs 

Construction firms may face challenges in finding experienced work crews for mass timber construction projects, given its nascent status. This can result in productivity issues and safety concerns as crews navigate the learning curve of working with mass timber. Inadequate installation can result in damage, which can have significant financial implications for repairs or replacements, while in some cases the cost of repairing or rebuilding mass timber structures could be significantly higher than those made with conventional construction materials. 

6. Termite and insect infestation

While not common in all areas of the world, termites and other wood-boring insects may pose a significant threat to mass timber buildings, potentially causing extensive structural damage. Given that termite infestation usually occurs gradually, the exposure of notable damage during the construction phase is low compared with the operational phase. However, as termites are most likely to attack decaying timber in buildings, it is important to ensure timber does not have long periods of contact with water by implementing sufficient protective measures.

To view the full report, please visit: Mass Timber: Emerging Risk Trend Talk.

I was minding my own business last Thursday when I drove smack into a truck blockade outside Mexico City that brought back memories of how unexpectedly and powerfully what we benignly refer to as "geopolitical risk" can derail business expectations.

Because I think of myself as pretty sophisticated on geopolitical risk, based on many years of living in multiple countries outside the U.S. and on decades as a journalist, the fact that I could be caught unawares makes me want to sound an alarm: All sorts of things can go wrong in all sorts of ways.

The blockade arose because of one of the sorts of disputes that I followed when I led the Mexico City bureau for the Wall Street Journal from 1993 to 1996. The tensions were always there. The question was just whether, and how, they'd turn into incidents or even movements that would affect real people in real ways.

In this case, a large group of truckers argues that the federal government isn't doing enough to protect drivers, one or two of whom are being killed by criminals each month, according to the group. The federal government says it's working with the truckers to improve security, but the truckers say the government isn't acting in good faith and has decided to use public pressure. (While I have a lot of history here, I don't know enough about this dispute to offer an opinion on who's right and who's wrong, and assignment of blame isn't even all that important for my point about how geopolitical risk can surface suddenly.)

I blundered into the blockade because I had flown to Mexico City to help my older daughter, Shannon, celebrate her 30th birthday. She was born there, but we left before she turned two, and she hadn't been back. Shannon had long expressed interest in exploring her Mexican roots -- as a blonde with blue eyes who speaks nearly fluent Spanish with a native accent -- so she, her sister and I decided to mark the milestone birthday there. We had driven to San Miguel de Allende, a lovely town a few hours north of Mexico City, for a couple of days and were heading back to do our part for the Mexican economy by having a decadent lunch at Quintonil to mark Shannon's big day.

Then traffic just stopped. And this wasn't a let's-jockey-for-position-to-get-around-the-crash sort of stop or even a let's-wait-for-the-ambulances-and-police-cars sort of stop. This was a full stop. This was an everybody-turn-off-your-engines-and-sit sort of stop. 

And the stop went on for more than four hours.

It was also just one of nine that blocked freeways heading into and out of Mexico City that day, meaning that commercial traffic for one of the world's five biggest cities was essentially halted. (For the record, the blockade that caught me was the largest and most painful -- and not just because my daughters and I couldn't get to Quintonil for lunch... or even that I was losing my hefty deposit.) 

Now, occasional strikes aren't necessarily all that big a deal for business, in general, and for insurers, in particular. When I ran the editing operation for the Wall Street Journal/Europe in the 1980s, we used to sometimes miss deliveries because truckers, especially in Italy, were on strike, but readers stuck with us.

The blockade in Mexico, though, summons memories of the sort of risk that can derail whole industries, even economies.

When I was offered the position of Mexico City bureau chief, it was a real departure from my time covering the computer industry, but there were some "known unknowns" that intrigued me. NAFTA was being implemented in the fall of 1993, and a presidential election was going to be held in 1994, an event that often triggered major changes (even more than in other countries, for a host of reasons). But I wasn't even close to plumbing the depths of what the story turned out to be.

Mexico woke to New Year's Day in 1994 with the news that a Marxist group had occupied the capital of the state of Chiapas. In March, the presidential candidate who was all but guaranteed to win the election was assassinated, ending a moratorium on such political violence that had lasted for six decades. Two high-profile kidnappings followed. In September, the head of the ruling party was assassinated -- leading to a too-tangled-to-be-believed saga that sent the president's brother to prison for 10 years, before his conviction was overturned. 

And all that was just leading up to the main event: a devaluation of the currency. 

Carlos Salinas de Gortari, who served as president from 1988 to 1994, had embarked on a bold economic plan that intrigued much of the developing world. He renounced the country's socialist history, privatizing banks, the telecommunications system, the television monopoly, etc. He campaigned for foreign investment to modernize the Mexican economy, promising, in return, that he'd support the value of the currency and protect those investments. And the shock therapy seemed to be working... until 1994 came along and steadily eroded investors' confidence.

When the new administration devalued the currency in December 1994, it tried to portray the move as a minor adjustment, but the bottom fell out. The peso went from roughly three to the dollar to 10 to the dollar, almost overnight. Foreign investors, feeling betrayed, pulled out of the country. The Mexican economy cratered. Other Latin American economies with strong ties to Mexico teetered, creating enough of a threat to even the U.S. economy that the Clinton administration orchestrated a bailout for Mexico.  

And I foresaw none of that -- not Chiapas, not the assassinations, not the kidnappings, not the devaluation that undercut a major trend in the economic progress of the developing world.

Nor did anyone else. In fact, my reporters and I -- as surprised as we were -- were so far ahead in our reporting about the loss of foreign confidence in 1994 and in our analysis of how the devaluation would play out that the WSJ nominated us for a Pulitzer Prize for our coverage in 1994. As part of a larger effort at the WSJ, we were finalists for the Pulitzer for our coverage in 1995. 

The world has certainly learned a lot about the potential dangers of unknown unknowns in recent years. Almost no one saw a pandemic coming. A Russian invasion of Ukraine was barely a possibility for just about all of us. An attack on the U.S. Capitol? No way. 

So there's certainly more humility about knowledge of geopolitical risks than there has been. The inflationary spikes that resulted largely from supply chain disruptions have also given us far greater appreciation of the potential fallout.

But I wanted to underscore the need to look past the general idea of geopolitical risks and get to the specifics. Perhaps the problems will just turn out to be surprising, like my four hours fidgeting on a Mexican freeway last Thursday. But the problems could also turn out to be massive both for businesses and those that insure them, as happened when I was in Mexico in the '90s. 

"Geopolitical risks" is a fine term, but it can be considered at a 50,000-foot level. The view from 1,000 feet -- or five feet, the distance that separated me from the bumper of the car ahead of me -- can be a lot scarier... and far more instructive.

Cheers,

Paul

P.S. The fine folks at Quintonil worked us in for dinner the night after the blockade blew up our lunch reservation, and the food was glorious.  

 

Paul Carroll

Based on what you’ve written for us, I gather that the first thing an agency or brokerage should do in setting strategy is to think about carriers’ expectations. Could you tell me a little bit more about how that plays out in real life?

James Keane

it's probably a little different this year than it has been in the past. Carriers’ expectations have changed so much, so fast.

In the past, their expectations were simple. They wanted you to write business, they wanted it to be profitable business, and they wanted you to write as much of it as you could, as often as you could. Now, their appetites are changing. But how quickly are they changing? How are their appetites different now than they were three or four or five months ago? Appetites are continuously evolving. Being able to have those conversations with your carrier partners is critical so you know exactly what's changing throughout the year.

And you have to be able to measure everything so you understand what you're trying to accomplish. If your goal is to write X number of policies from new business, are you able to build that in backward by saying, If I want to write 100 policies, and I have a 50% close ratio, that means I need to quote 200 policies? So what do I need to do to quote 200 policies? How many leads do I need to speak to get to those two hundred quotes?

And what's the value of a policy? Even though your goal might be to write 100 policies, what if you can write 50 policies that are each twice as profitable? Is that better?

Understanding all the numbers is super critical for your agency to evolve and grow throughout the year and stay nimble.

Paul Carroll

Homeowners is one that we're reading a lot about. It's very much in flux. Auto rates are certainly going way up. Cyber is undergoing significant changes, too. Are those areas that you're talking about that might have different carrier appetites, or are there others, as well?

James Keane

When you think about personal lines, auto and homeowners, carriers have been trying to get the rate that they needed for the last couple of years and certainly in the last 12 months. They're getting closer and will be able to write business more freely. The issue is obviously very state-specific. California comes to mind as state where there have been challenges with rate adequacy because there are a significant number of high-value homes, major wildfires and more over the years. We're starting to see some pieces around the auto market stabilize: Used car prices are decreasing while inventory is increasing.

But all those services that are insurance-adjacent – the mechanics and body shop folks who are working on cars, the contractors who are working on houses – well, all of their payrolls have gone up, and will reset at a new normal.

Cyber is interesting, because you have more people working at home with computers that are not in a protected network. That is still such a new class of business.

But while cyber is definitely seeing more policies initiated, more insurance folks are still putting more focus on auto and home because that's what has always paid their bills.

The second point you make strikes me as more of a general one. Inertia is a powerful force, and you're saying people have to commit to really thinking about doing things differently rather than just coasting. If you talk to a lot of insurance people, many will continue to run their business the way they always have. It’s worked for them forever.

But if you think about our industry, there has been more change in the last three years than probably in the 10 or 15 years before that. A lot of that change was by necessity. If you want to continue to grow, and rapidly, what are you going to continuously do differently? Are you evaluating everything that's going on in your agency to determine what is working well and what can be improved on? What do you need to continue doing versus what should you stop doing?

So it’s the “Start, Stop, Continue.”

I ask people a lot about what they are doing in their business and why. Often, they respond, "Oh, this is what I did last year. And this is how I got to where I am." A lot of times people are saying they're in a wonderful place in their agency and in their career, but if you're trying to get to somewhere different and if you're trying to have exponential growth, what are you doing differently to really get that momentum going?

The answer could be how you manage your people, or perhaps how you're prospecting. It could be how you're marketing, or it could just be the market that you're going after.

We need to be ruthless about how we evaluate those processes to say: What do we need to start? What do we need to stop? And what do we continue doing so we can, again, accelerate?

Paul Carroll

That sounds absolutely right. I've long found that stopping stuff is even harder than getting things going. There's this inertia that develops. Having written a few business books in my time, I'm waiting for the opportunity to write the book that says what not to do. A lot of books tell me what to do. I want to tell you what not to do.

James Keane

When you ask a sports coach or instructor why they did something, a lot of times they say, Well, that's how I was taught. Then you ask them when that happened. Were you taught that 30 years ago when you were in high school? Well, things have changed over 30 years.

Certainly the basic tenets of our business have stayed the same. Relationships matter. Relationships with your agents matter. Relationships with your consumers matter. Relationships with your staff matter. All of those things are super critical, but they've changed. Twenty years ago, you interacted with your clients via phone, fax or in person. Now, you have a whole range of new options. Are you adjusting, or are you doing things the old ways just because that’s how you’ve always done them?

The old ways might still be right. But there should be a current reason for using them. It shouldn’t just be because that’s how you were taught. And, yes, stopping is always so hard.

Paul Carroll

Twenty-plus years ago, I interviewed a guy who had been No. 2 at Cisco and had made a whole mess of money. Then his mom died of ovarian cancer, and he got ticked off that ovarian cancer was so hard to detect. He started a foundation seeded with about $100 million of his own money to improve the detection of certain cancers, and he managed to get a Nobel Prize winner in medicine to lead it. He told me that he rather sheepishly told this guy, “I have to admit I got a C in high school biology,” and the Nobel Prize winner said, “That's okay. Everything they told you was wrong anyway.”

James Keane

Things change, right? I started my career in the early 2000s The industry was different then. Not better or worse, just different. Things evolve.

Back in 2004, nobody would have predicted that for a year, basically every agency was going to be fully remote due to a pandemic. But in 2020, we had to learn to interact differently. We used to do our banking in-person. Now I don't remember the last time I went to the bank.

So the relationships still matter. But how can you change that relationship so that the time you spend in-person is more meaningful? Get the transactional things out of the way so that you can have the conversation around: “Hey, listen, I took care of all the transactional things. I have your home covered. But let's talk about your next steps. Let's talk about where you want your business to go so that we make sure we can protect. Let's talk about what your goals are for your personal life so we can make sure you’re protected as your assets continue to grow."

Paul Carroll

You’ve also written about how people sometimes do not write down goals. That’s a pet peeve of mine, because the lack of a record means people can kid themselves about how accurate their planning was.

James Keane

Early in my career, somebody told me that if you don't write down your goal, it's a dream. And that's not really a good plan. You actually have to write down something so you can aim for it.

To me, a goal doesn't necessarily need to be something like, "I'm going to hit this very specific dollar number." It can be a variety of things. But when you create that goal, you want to share it. Nobody wants to try and achieve something but only do so internally, because you want to be able to share that success when you hit it.

Let's say your goal is to write 10 policies a week. For the overwhelming majority of people, it's pretty powerful to start ticking off the numbers, then see how far over that goal you can reach. When you have that written goal, you also can't back away from it. Perhaps you want to go from two policies per household to 2.3 policies per household. As you start building your action plans out, you can evaluate: Do they help me reach that goal or get in the way?

By the way, when we hit the goal, we're going to have a party. We're going to celebrate this achievement. You should celebrate, not just as a business owner, but as an entire staff. Take them out, have a party and enjoy it.

Paul Carroll

Certainly with big companies, which is where I've tended to live for the last four decades, there's a tendency to assume that things only go upward, that you're going to maintain that baseline you have and then add to it. There's a tendency not to realize that, oh, the other guys are smart, too. The other guys are working hard, too, and they're going after our business at the same time we're going after theirs. I think that understanding certainly needs to get incorporated into planning.

Now that people have set their goals and worked backwards to understand what they need to do, how should they approach marketing?

James Keane

The first question should be, What does success look like for marketing? How do you measure it? Lots of online tools let you track things like open rates and click-through rates. You need to know, ultimately, when people come to you, how did they hear about you? What campaigns are working?

Think back to the days of the phonebook; everybody advertised in the phone book because they had to advertise themselves. Does anybody know what the phonebook actually did to help their business?

When you build out your strategies, you must start thinking about your consumer. Who is the consumer you're trying to get to? And is your marketing strategy going to target them? If you're going after a multi-line, mass-affluent type of client, you can't look for them in a place that mass-affluent people don't go.

You also must build your agency staff toward that goal. You must have the staff to follow up on your marketing.

Paul Carroll

You’ve also talked about the need to look for outside help.

James Keane

I'm a huge believer in getting other people's opinions. Consultants can be great. Mentorships can be great. People in the same business and in the same place as you are great. Remember, none of us need to know everything. We need to be able to talk through ideas and figure out how we make things that work for the business.

A nice thing is that consultants and networks have a bias in your favor. If you grow, they look good. If you don’t, they don’t.

At the end of the day, our business is to help our clients and to be there when our clients are having a really bad day. What can we do to create value for them so that they want to continue to see us when they're not having a bad day? What can we do to ensure our clients trust us to give them good advice and to provide them good solutions so that when a bad day does happen, we're able to help them out?

So we have to constantly question and test. If something isn’t right, change it. Move on. Ask questions to get better.

Paul Carroll

I agree totally. I really appreciate your taking the time to speak to me today.

A theme has emerged in some of the recent pieces that thought leaders have written for me at Insurance Thought Leadership on the world of agents and brokers: that it's especially important this year to know the risk appetites and goals of your carriers. 

That's hardly a new idea. To work effectively with carriers, you have to be sending them the sort of business they want to write. What's different is that those goals and appetites have been changing, sometimes rapidly, and likely will continue to change as the year progresses.

We've seen this most dramatically in homeowners insurance, where some carriers have pulled out of big markets because wildfires, convective storms or hurricanes have made them money-losers. It's wasted effort for everybody if you send prospective business to a carrier right before it leaves a market. 

We've also seen rapid changes in auto insurance – though rates are catching up with costs faster there than in homeowners – as well as in cyber and many other lines. And who knows where we go from here?

To get a handle on how to plan for 2024, I turned to James Keane, a vice president at SIAA, a national network of independent insurance agents, and asked him to update us on a smart piece he wrote for me on the topic in November. 

He says:

Things are "probably a little different this year than... in the past. Carriers’ expectations have changed so much, so fast. In the past, their expectations were simple. They wanted you to write business, they wanted it to be profitable business, and they wanted you to write as much of it as you could, as often as you could. Now, their appetites are changing. But how quickly are they changing? How are their appetites different now than they were three or four or five months ago? Appetites are continuously evolving. Being able to have those conversations with your carrier partners is critical so you know exactly what's changing throughout the year.
"And you have to be able to measure everything so you understand what you're trying to accomplish. If your goal is to write X number of policies from new business, are you able to build that in backward by saying, If I want to write 100 policies, and I have a 50% close ratio, that means I need to quote 200 policies? So what do I need to do to quote 200 policies? How many leads do I need to speak to get to those two hundred quotes?

"And what's the value of a policy? Even though your goal might be to write 100 policies, what if you can write 50 policies that are each twice as profitable? Is that better?"
He lays out a very thorough road map. I think you'll find the interview enlightening.

Cheers,
Paul

---

THE SALES FUNNEL IS OBSOLETE

Customers now have a number of ways to discover, research and purchase policies, so the customer journey has become less linear.

HOW AGENTS CAN FIND MORE AND BETTER LEADS

The old way of generating qualified leads is failing. Digital performance marketing might be the answer.

CAN AI SOLVE UNDERLYING DATA PROBLEMS?

Forward-thinking insurance agencies are ready to put AI to work, but for many, the data just isn’t up to the challenge.

AI’S PLACE IN INSURANCE INFRASTRUCTURE

Understanding how data can give carriers insights is key, but AI won’t draw accurate conclusions on its own.

HOW TO THRIVE AS AN AGENT IN 2024

Embrace AI, encourage customers to reflect on their insurance needs and talk to carriers about their evolving goals and appetite. 

OOPS! THE FUTUROLOGISTS WERE WRONG

Amazon's closing of its Insurance Store shows the strength of incumbents. AI and telematics offer routes to even better results.

For me, the highlight of the Super Bowl is that the San Francisco 49ers are still at five Lombardi trophies, one behind the record held by my Pittsburgh Steelers and some team based in Boston. 

But there were highlights, too, for those of you who aren't yinzers. So I'll run through a few and explain how they relate to insurance — starting with the total absence of cryptocurrency ads.

Weren't we being assured for years that the entire economy was about to be rewired around decentralized digital currencies? What ever happened to that notion? What does the crypto crash tell us about other ideas that might be fads (beyond that we shouldn't just take Matt Damon's word for it when he tells us that "fortune favors the brave")?  

I'll be rather quicker than normal because I'm headed to the airport and to México City to help my older daughter celebrate her 30th birthday. She was born there but has no recollection of the city because she wasn't yet two years old when we moved back to the U.S. We're going to wander around and acquaint her with the city of her birth.

On to the highlights. Mine aren't as jazzy as Chris Berman's, but I hope they're more helpful.

Fortune Favored the Cautious

Cryptocurrencies are still around, of course, and Bitcoin has more than doubled in price since languishing in the doldrums in the second half of 2022 and into 2023. But the total lack of Super Bowl ads (the "dog coin" that didn't bark?) shows how much more perspective we've gained on the prospects for the currencies and for spinoffs such as non-fungible tokens (NFTs). 

Even if crypto eventually becomes the core of our financial system (and I'm a skeptic), it faces the sort of chicken-and-egg problem that slowed the rollout of high-definition television. I saw demos of HD TV decades ago, but the same old analog signals were driving them, so there was almost no difference in the resolution I saw on the fancy new screens. Nobody was going to spend thousands of dollars on an HD TV just to get the same reception they always had. It was only after most of the back end of the television world became digital that there was enough sharp, new video to justify the switch.

So there's no need to figure out how to take payments in digital currencies, no need to rush out a host of new coverages, etc.

The lack of crypto ads also got me thinking about how we can all distinguish fads from real business trends. In addition to crypto, I've been skeptical about the metaverse (here, in 2021) and virtual reality (including Apple's new Vision Pro), while touting generative AI (including in this piece last spring), and I feel quite comfortable with all those predictions. Why? The rule of thumb for breakthrough innovation is that it needs to be 10X the status quo — not 10% better, 10 times as good.   

Crypto doesn't even work nearly as well now as our banking system does. Turning myself into an avatar without legs in Mark Zuckerberg's metaverse feels like a distinct loss to me, too. At least with the Vision Pro, I can see gamers loving it, but I'm simply not going to strap a 1 1/2-pound weight to my face to go online, not when my laptop, phone and iPad all do nicely. Generative AI, by contrast, has all sort of immediate applications to help, for instance, gather documents for underwriters and claims that pass the 10X test for parts of the work. 

While Matt Damon comes across as a good guy, fortune only favors the brave when they're headed in the right direction. In the case of crypto, fortune favored the cautious, as it does with all fads.

Social Media Is Forever

Troy Aikman got snippy back in September 2019 when someone noted on Twitter (now X) that "Patrick Mahomes has thrown 36% of Troy Aikman's career touchdowns, in about 8% of the games."

Aikman, who won three Super Bowls in the 1990s as the quarterback of the Cowboys, replied: "Talk to me when he has 33% of my Super Bowl titles."

Well, Mahomes and the Chiefs won the Super Bowl after the 2019 season and have now won the last two, as well, so Twitter dredged up the old exchange and made sure Aikman knows that "Patrick Mahomes would go on to win 100% of Troy Aikman's Super Bowl titles before turning 29 years old." 

I think we just about all have gotten the message by now to be careful on social media, but reminders never hurt. Right, Troy?

On the Other Hand...

...Social media can be your friend, if you use it right. Yes, lots of social media is toxic these days, but people still respond to clever posts, and they can be used to help, say, an agency build a persona. 

One of my favorite examples is Merriam-Webster, which decided it didn't need to be dry. It drops little pearls of cleverness into my feed from time to time, including this one, based on a snippet showing Taylor Swift and two friends hooping and hollering in reaction to a big play by the Chiefs. The droll caption reads, "When you spell ‘restaurant,’ ‘definitely,’ and ‘accommodate’ correctly in the same sentence." (Warning: If you read lips at all, you'll see Blake Lively scream a word that starts with "f.")

Trey Wingo, a sports broadcaster, does personal branding with clever tweets like this one, mocking the conspiracy theories about how Taylor Swift's dating Travis Kelce is somehow part of an elaborate plot to win reelection for President Biden while also taking a shot at the bloviators who claimed earlier in the season that she was distracting the Chiefs and costing them games. He puts her face on a famous photo of longtime Chiefs quarterback Len Dawson smoking wearily during halftime of the first Super Bowl. The caption reads: "Taylor Swift after carrying the Chiefs all season to a Super Bowl victory."

Oh, okay, here's one more just because I like it. Someone posted this widely shared image of Kelce screaming at his coach, Andy Reid, and added the best caption I've yet seen: “We’re losing, coach! She’s gonna write a song about me! She’s gonna write a song about all of us!!!!!”

For Heaven's Sake, Know the Rules

The overtime rules for the Super Bowl changed a couple of years ago — but some 49ers players say they didn't get the memo. They didn't know that both teams were guaranteed a possession until they heard the referee say so at the start of overtime.

I see no reason to think that the lack of knowledge affected the outcome. While some commentators say the new rules meant the 49ers shouldn't have decided to receive the kickoff in overtime when they won the coin toss, head coach Kyle Shanahan had gamed out all the possibilities ahead of time. Still, the lack of understanding is unforgiveable.

Communicating key messages is a pain for executives. They not only bore themselves with their repetition but are sure they're boring their audiences. But I've never heard a CEO say they communicated too much, and I've heard a lot wish they had hammered their messages home more. 

Simplicity Sells

While Tony Romo got so involved in explaining the new overtime rules that he talked over the winning touchdown, here is Dora the Explorer explaining a false start. There's a reason the Nickelodeon broadcast was so well-received — and, as I've been saying for years, I think the insurance industry's language could use a hefty dose of simplification.

A Bonus Highlight, From My Steelers

Yes, I know my team hasn't even been to a Super Bowl since 2011 and last won one in 2009, but the culture that pervaded the 49ers during the Bill Walsh days and that seems to be back reminds me of the importance of culture to all organizations — and great culture reminds me of the Steelers.

Steeler culture is often traced back to Art Rooney, the founding owner, and there's some truth to that. "The Chief," as he was known, instilled some kindness into what can be a brutal business. For instance, when Rocky Bleier came back from Vietnam with a right foot mangled by a grenade, Rooney told him to just worry about healing for a couple of years. The team would take care of him. Bleier, of course, more than repaid the kindness in four Super Bowl wins, including catching a game-winning pass in one. 

Steeler culture is also about steadfastness concerning its leaders. They have had only three head coaches in 55 years, and the current coach, Mike Tomlin, who has never had a losing record in 17 seasons, is only 51 years old. I'd say that steadiness is a piece of the culture, too.

But for me, the culture really took root the day Joe Greene showed up in camp, having been taken with the fourth pick in the first round of the 1969 draft. He was not only spectacularly gifted but competed so ferociously against the Steelers offensive linemen that the veterans told him to take it easy, to save his energy. They'd line up for the next play in practice, and Greene would blow up the whole line once again.

Eventually, the offensive linemen got the idea and started working much harder in practice, too, if only out of the need for self-preservation. Then the defense started filling in around Greene — Jack Lambert, Mel Blount, Jack Ham, Donnie Shell, LC Greenwood... all playing with the same sort of talent and intensity. The offense took longer but finally developed in the same mold, with Terry Bradshaw, Franco Harris, Mike Webster and more.

Culture matters so much to businesses, and the Steelers have always been my model for how to get a culture right. The 49ers are probably a great model, too, though I'm far less familiar with them — and am in no hurry to have them win their sixth Super Bowl.

So much for being brief. Oh, well. Vamos a México.

Paul 

KEY TAKEAWAY:

--Fortunately, an early-detection tool that blocks people from accessing suspicious links and sites in the first place has been in use for 15 years in the corporate world and only needs adaptation for a broader market. This risk-mitigation tool creates a security perimeter around people’s digital lives by overriding their browser settings on every device, cutting off the supply of data at its source and overwhelmingly reducing the likelihood of acquiring malware. 

----------

At first glance, it makes sense that the proliferation of digital devices used by the average person would make consumers more vulnerable to cybercrime. However, the reason is not straightforward. It is because our smartphones, tablets and laptops have actually become more secure that fraudsters and hackers have switched their point of attack: As vulnerabilities have become more human-centered, they are no longer hacking software — they are hacking people.

Over the last 18 months, the dynamic of this cyber threat has shifted so fast that insurers have been unable to change their policy language to keep pace. 

Our analysis shows the most prevalent claim type is social-engineering fraud, where threat actors use an onslaught of sophisticated digital scams to trick users into clicking the wrong link and sharing too much information, so hackers can defraud them of large sums of money. Social engineering is now, by far, our number-one issue. Cybersecurity firm PurpleSec estimates that 98% of cyber attacks leverage social engineering. The most common type is phishing, in which attackers dupe recipients into handing over login credentials through emails purporting to be from a trusted source that lead recipients to fake websites. 

Phishing email volumes surged a shocking 569% from 2021 to 2022, and of the 77,000 URLs created daily, 86% are fraudulent. Many people are looking to insurers for protection, but the identity-restoration coverage companies have historically offered is no longer enough. While insurers know their potential customers worry about sharing information, they are uniquely positioned to help those customers feel more secure online.

The Evolving Threat Landscape

Ransomware had been the leading claim in cyber insurance until about 2022. However, holding business data hostage and extracting payment is a much messier process for threat actors than tracking people across the internet and then impersonating legitimate websites. These social-engineering scams offer an easier access point to consumers’ personal information due to the many digital devices people now use and the growth of remote work, accelerated by the pandemic.  

Today’s threat environment is an arms race as threat actors create new fake sites every day to keep ahead of security measures. With so many people now working in online workplaces, both individuals and their employers are being exposed. This mingling of risks happens when threat actors manipulate the individual on the personal side of their digital presence to gain access to their business credentials and vice versa. 

Insurance carriers, in general, have been slow to respond to the shift toward targeting individuals, yet in one of our recent consumer surveys, most people assumed it would be their insurer — not their bank or financial provider — that would protect them from this type of fraud. That is why the new wave of social-engineering attacks represents an urgent call to upgrade coverage to protect both the consumer’s physical assets and their digital presence. 

Bringing Insurance Up to Speed

Originally, large companies used several layers of security to protect their businesses and employees against cyber-attacks. By contrast, consumers and small businesses have been an underserved market for cyber insurance and typically left to fend for themselves after falling victim to a cyber-attack or digital scam. 

Nearly every U.S. personal lines insurance company covers ID theft, but the next generation of coverage needs to include personal cyber to respond to social engineering scams, ransomware, cyber bullying and other cyber risks. Younger people are especially worried about cyber attacks, with 35% of Gen Z respondents having experienced cybercrime within the last six months, so the right coverage will have relevance to the market.

Over the last few years, early mover insurers have begun offering personal and small commercial cyber insurance, but these rarely include tools that protect against persistent cyber threats. While insurers are more likely to bind and retain business if they have a more comprehensive offering, their cyber coverage will be incomplete if it does not offer a first line of defense against top cyber risks like social-engineering scams. 

Prevention Is Better Than Managing Breaches

Threat actors tend to take advantage of people over time, where they gradually misuse personal information to avoid drawing immediate suspicion. But like a balloon slowly inflating, the problem just gets bigger and bigger. If our defense is to triage breaches in real time, we will always be left behind. 

Fortunately, an early-detection tool that blocks people from accessing suspicious links and sites in the first place has been in use for 15 years in the corporate world and only needs adaptation for a broader market. This risk-mitigation tool creates a security perimeter around people’s digital lives by overriding their browser settings on every device, cutting off the supply of data at its source and overwhelmingly reducing the likelihood of acquiring malware. 

We have not seen this type of solution used before in the context of cyber insurance or prevention, but its time has come. Our advice to insurers is to find providers offering this tool and make it part of their cyber-risk coverage. It will not only safeguard customer information but improve profitability over time by reducing cyber claim costs and making insurers relevant at a time of shifting threats and shifting demographics.

Risk Aggregation and a Total Solution

The biggest fear of insurers is dozens or even thousands of policyholders making claims after a mass event, like a hurricane coming up the coast. That concentration of risk is just as relevant in the world of cyber threats, where a data breach can implicate scores of consumers. The issue for insurers is that cyber risk is so amorphous that it is hard to quantify or qualify.

In this context, having a preventative tool that can evolve with the threat can give insurers the confidence to create a broader solution around cyber — one that helps customers feel secure no matter how many devices they have and without their ever having to deal with the scare tactics used by all those faceless threat actors.

KEY TAKEAWAY:

--We are seeing a transition away from a reliance on underwriters to data science and algorithmic rating-driven approaches. For many insurers assessing less complex and more commonplace risks, the underwriter now has less discretion to change the price and less leverage to adjust the policy. In many cases, insurers have implemented “no touch” pricing and underwriting, eliminating underwriter involvement completely.

----------

When fewer cars were on the road during the pandemic, U.S. commercial auto insurers enjoyed a respite from years of struggling with profitability. However, it turned out to be only a one-time shot in the arm for underwriters who maintained premium levels while enjoying a transitory reduction in loss exposure. As soon as driving patterns normalized post-pandemic, auto insurers began losing money again. After almost breaking even in 2021, the sector recorded underwriting losses of $3.3 billion in 2022.

Commercial insurance is lagging the personal lines insurance market in its digital transformation, which could help combat headwinds of “social” and economic inflation while dealing with the residual effects of supply chain disruptions that occurred in 2021 and 2022.

The commercial auto insurance segment has posted a combined ratio above 100% in 11 of the last 12 years — and some insurers are exiting the industry altogether. Yet, the market leaders that have pursued pricing automation and upgraded their segmentation capabilities continue to be profitable.

We need to broaden the conversation about modernizing rate plans to ensure the whole segment can move into profitability and benefit from these gains.

In an uncertain global economic environment, adopting next-generation data tools necessary to incorporate disciplined pricing, to achieve rate adequacy and to perform targeted underwriting can help future-proof policies and businesses against runaway loss trends. 

See also: Could Auto Accidents Be Reduced by More Than Half?

Becoming Responsive, Not Reactive

The insurance industry, particularly commercial insurance, made up for lost time in 2023 and is rapidly automating. We are seeing a transition away from a reliance on underwriters to data science and algorithmic rating-driven approaches. For many insurers assessing less complex and more commonplace risks, the underwriter now has less discretion to change the price and less leverage to adjust the policy. In many cases, insurers have implemented “no touch” pricing and underwriting, eliminating underwriter involvement completely.

In the long run, using more data science-based versus manual pricing approaches will improve rating accuracy, make businesses more efficient and increase objectivity. 

Traditionally, insurance actuaries and product line owners make an educated guess of where they think inflation and loss trends are headed, build those assumptions into their rating and tell regulators how much premium they need. However, the limitations of this approach were exposed when insurance was disproportionately affected by the spike in inflation in the last few years. 

Inflation rose as high as 20% on a year-over-year basis for replacement equipment and parts, while the realized cost of replacing a totaled vehicle exceeded what insurers’ rate plans had built into their policies. This coincided with a supply chain choke point where new vehicles and replacement parts were not available due to a shortage of semiconductors, equipment and other parts. With obtaining approvals for rate increases from regulatory authorities taking 12 to 18 months, auto insurers couldn’t react fast enough — and so they accumulated losses faster, with commercial lines hit especially hard. 

The Digitization of Insurance

Historically, the task of evaluating most risks fell to commercial insurance underwriters because of constraints in the availability of scalable data for use at rating, as well as limitations in legacy systems’ abilities to process complex data. But now, automating underwriting through robotic process automation (RPA), artificial intelligence and machine learning is helping insurers expand the breadth of available data, gain new insights from existing data and increase their level of rating sophistication. 

To determine the pricing of a commercial auto policy, a data-driven approach assesses and weighs various exposures, allowing for a more granular evaluation of risk. This approach includes the assessment of drivers’ and vehicles’ records and behavior, as well as predictive factors such as proprietors’ and drivers’ financial management. Automated processes also play a crucial role in gathering all relevant data about businesses’ risk profiles.

Synthesizing these damage-coverage data points helps fuel the ability of insurers to automate reading and better select risk. However, when it comes to liability coverage, additional factors come into play, contributing to serious challenges in the industry. Yet, once again, a data-led approach can prove invaluable in mitigating the risks associated with social inflation.

Mitigating Social Inflation

Social inflation can be defined as the increase in liability costs as a result of paid and pending legal settlements above and beyond what can be expected due to normal inflation. U.S. commercial auto insurance liability claim payouts blew out by an estimated $30 billion between 2012 and 2021 due in part to social inflation. The Insurance Information Institute found that two of the biggest factors behind the dramatic rise were legal system abuse and third-party litigation where financiers such as hedge funds support injured parties to sue for much larger payouts. 

Attributed in part to America’s litigious culture, this development marks a big departure from when the insurance company would offer the injured party a figure and they would generally accept. Further complicating risk, the commercial driver labor market has grown since the pandemic, and younger drivers have been increasingly responsible for a rise in moving violations and accident rates. That is why a full evaluation of drivers’ contribution to risk becomes critical to more accurately rate and underwrite policies. Modernizing the rate plan leverages data to better assess liability exposure.

See also: Telematics Updates Are Transforming Auto 

Join the Data-Led Transformation

The headwinds facing the industry are admittedly highly problematic, but the market leaders are making money year in and year out because they have invested in the appropriate products and solutions. By contrast, many companies find themselves struggling to post combined ratios below 100% as a result of adverse selection from competitors. Yet, the automation tools to level the playing field by modernizing underwriting and pricing capabilities are available now. Small and medium-sized commercial auto insurers can future-proof their business by embracing this opportunity for digital transformation. 

In the wake of widespread cloud adoption, organizations are grappling with massive data volumes and the consequent complexity of safeguarding this data. Data protection is a significant challenge, as more information is processed and stored in more locations than ever before.

For organizations, operationalizing data security is no longer a simple IT task and can't be solved with one tool or solution. It's a strategic imperative that affects every level of an organization. From diverse data sources and evolving threat landscapes to the nuances of compliance and the human element of security, the challenges are multifaceted.

While technology offers advanced tools and solutions to boost defenses, the key challenge lies in seamlessly integrating these tools into an organization's operations. Essentially, it's about striking a balance between robust security and operational efficiency -- and ensuring that protective measures enhance rather than hinder business processes. A holistic approach that encompasses technology, processes and people is crucial for success.

There are numerous operationalization challenges for organizations, but there is one common thread: Before overcoming these hurdles, organizations must understand where data is located, the context of the data and if it is at risk. Let's explore the top 10 operationalization challenges for organizations and how they can be addressed.

1. Resource Constraints

Implementing robust security measures often requires a large financial investment, as well as dedicated time and expertise. Hiring skilled cybersecurity personnel is expensive, assuming you can even find the right personnel, and continuous training is essential. The deployment of advanced security tools and infrastructure places an additional strain on an organization's budget.

Data protection solutions with a streamlined implementation process eliminate the need for extensive resources. Agentless solutions based on application programming interfaces (APIs) are easy to deploy and can deliver value in days, without any upfront work required. As an example, today's managed data security posture management (DSPM) security solutions enable any size organization to streamline cybersecurity operations and significantly reduce the burden on in-house IT teams.

See also: The Latest Trends in Cybersecurity

2. Diverse Data Sources

Data is everywhere, and organizations use a plethora of platforms and services -- from cloud storage solutions like Gdrive and Box, to communication tools like Slack, and collaboration platforms like SharePoint. Even more concerning is that sensitive data is no longer just structured. At least 80% of an organization's data is unstructured, meaning it's embedded in millions of financial reports, corporate strategies documents, source code files and contracts created by CFOs, general managers, engineers, lawyers and others.

To address this challenge, today's DSPM solutions are designed to control information flows between departments and third parties, ensuring that data at risk is identified and sensitive data remains protected -- regardless of its location.

3. Data Classification

Data classification is the foundation upon which many security measures are built. By categorizing data based on its sensitivity and importance, organizations can apply appropriate protection measures. But the sheer volume of data generated and stored today makes manual classification a herculean, if not impossible, task, and continuously updating classification criteria in response to an evolving data landscape is crucial.

Best-of-breed AI-based classification solutions leverage sophisticated machine learning technologies to autonomously scan and categorize documents. With the latest AI models for fast and accurate data discovery and categorization, organizations can eliminate the need for manual classification, which has proven to be both inaccurate and inefficient.

4. Access Governance

Some data is public, some is confidential and some is strictly on a need-to-know basis. Managing who has access to what data is a cornerstone of data security and requires the definition of access permissions and continuously reviewing and updating them. Ensuring that permissions are always up-to-date and adhere to the principle of least privilege -- where individuals have only the access they need and nothing more -- is a continuous challenge, especially in large, dynamic organizations.

Data access governance (DAG) establishes and enforces policies governing data access and usage, and plays a key role in ensuring that only authorized individuals can access sensitive information. This process is enhanced by a deep contextual understanding of both structured and unstructured data, which helps in keeping access permissions current and aligned with the principle of least privilege. DAG solutions enable organizations to comply with access and activity regulations, demonstrate control to auditors and adopt zero-trust access practices.

5. Rapid Remediation

Rapid remediation is crucial to minimizing damage and protecting sensitive data when a security risk or breach is identified. Remediation actions include revoking access permissions, isolating affected systems or notifying affected parties. But rapid remediation requires swift action, clear protocols and a well-coordinated response team. Organizations must have these protocols in place, understand what data is at risk and ensure that all stakeholders know their roles and responsibilities in the event of a security incident.

Advanced data security platforms are designed to discover and remediate risks efficiently. These solutions can pinpoint data at risk due to inappropriate classification, permissions, entitlements and sharing. According to Concentric AI's Data Risk Report, each organization had 802,000 data files at-risk due to oversharing. Autonomous remediation capabilities in these platforms ensure that access issues are quickly addressed.

6. Compliance and Regulations

Different industries operate under various regulatory frameworks, each with different sets of data protection and privacy mandates. Operationalizing data security in this context means not only protecting data but also ensuring that protection measures align with legal and regulatory requirements.

Data security solutions that assist organizations in meeting regulatory and security mandates, demonstrating control to auditors and implementing zero-trust access are important in addressing this challenge. By detecting and remedying risks, these solutions help businesses comply with various privacy regulations, including managing right-to-know, right-to-be-forgotten and breach notification requests.

7. Constantly Evolving Threat Landscape

Today, as soon as organizations bolster their defenses, malicious actors evolve their tactics. Ransomware attacks, phishing schemes and advanced persistent threats require businesses to try to stay a step ahead. Continuous monitoring, updates and adaptations are crucial to counteract new and emerging threats

Modern data security approaches go beyond static rules or predefined policies. Innovative analysis methods continuously compare data against its peers to identify anomalies and potential risks. This stance ensures that as data changes, its protection mechanisms evolve accordingly. AI models that leverage continuous monitoring and can learn from the data landscape help organizations address new risks as they emerge.

See also: Data Breaches' Impact on Consumers

8. Complexity and Scope

Data security is a multifaceted domain that encompasses a myriad of components, from network security and access controls to encryption and authentication. Different data types, whether it's financial records, personal information or proprietary research, have unique security requirements. Coordinating these diverse components and tailoring security measures to different data types add layers of complexity to the operationalization process.

Using advanced machine learning technologies, today's data security solutions autonomously scan and categorize data, adapting to its growing complexity and scope. They ensure protection for all data types and locations. Comprehensive analysis provides a complete view of data, ensuring protection for both structured and unstructured data, whether stored in the cloud or on-premises.

9. Monitoring and Auditing

Continuous monitoring is essential for keeping a vigilant eye on systems, data access patterns and user behaviors to detect anomalies or potential breaches. Regular audits are crucial to assess the effectiveness of security measures and identify areas for improvement. Conducting these audits, analyzing the results and implementing changes based on findings demand significant time and expertise.

Modern data security tools offer accurate data classification without manual rules or policies. These tools quickly identify any discrepancies or risks in data classification.

10. Integration With Existing Systems

Most organizations have a myriad of existing systems, tools and software in place. When a new data security solution is introduced, it's crucial that the solution integrates seamlessly with existing infrastructure. Disruptions, compatibility issues or data silos can undermine the effectiveness of security measures and create vulnerabilities.

Today's data security solutions are designed to integrate smoothly with established frameworks, such as those for data classification and management. This integration ensures that data classification is in line with existing security protocols, boosting the overall data protection strategy.

While data challenges abound, technology approaches exist that can help organizations down the operationalizing data security path. DSPM enables organizations to gain a clear view of their sensitive data: where it is, who has access to it and how it has been used. Best-of-breed DSPM solutions can autonomously discover, categorize and remediate data -- whether it's structured or unstructured and stored in the cloud or on-premises.

Robust DSPM solutions develop a semantic understanding of data and provide a thematic category-oriented view into all sensitive data. By investing in proper data management practices and leveraging the right tools and expertise, companies can go a long way toward operationalizing their data security. By doing so, they can help accomplish the key goals around securing private data, making more informed decisions about data and threats, protecting private data and mitigating risks.

Over the past few years, workers' compensation benefits have been undergoing significant changes brought on by technological advancements, societal shifts and the constantly changing economic and socio-cultural landscapes of the workforce. As we head into 2024, a variety of new laws have been put in place to reshape various aspects of workers' compensation—influencing the rights and protections afforded to employees in the face of work-related injuries or illnesses. 

These legislative changes include a range of considerations, from addressing the continuing impact of the COVID-19 pandemic to offering greater support for mental health issues. Below are just a few examples of new legislation made by various states to expand and enhance workers’ rights and the compensation they receive.  

New York

Legislation to Raise Workers’ Compensation Minimum Benefit: Effective Jan. 1, 2024, New York State has increased the minimum weekly benefit rate for workers’ compensation benefits to $275 from $150. If an injured worker’s regular wages are less than the minimum weekly benefit ($275), they will receive their full, regular wages.

The new legislation, signed into law by Gov. Kathy Hochul, also raises the minimum weekly workers’ compensation benefit to $325 starting Jan. 1, 2025.

Legislation to Strengthen Workers’ Rights: Legislation (S. 2518/A. 836) prohibits employers from requesting or requiring usernames, login information and passwords of personal accounts as a condition of hiring, as a condition of employment or for use in a disciplinary action.

See also: How to Enhance Workers' Comp Outcomes

Oregon

Oregon Senate Bill 907 (Discrimination/Retaliation/Workplace Safety): Effective Jan. 1, 2024, this law bars employers from retaliating or discriminating against employees who refuse to do work that would expose them to serious injury or death arising from a hazardous condition, provided the employee acted “in good faith and with no reasonable alternative.”

Oregon House Bill 3307 (Discrimination & Harassment). Effective Jan. 1, 2024, this law extends civil rights, discrimination and harassment workplace protections to participants in registered apprenticeship programs and certain private-sector on-the-job training programs. 

Illinois

Paid Leave for All Workers Act: Effective Jan. 1, 2024, covered employers under the Paid Leave for All Workers Act (PLAWA) must provide employees with up to 40 hours of paid leave during a 12-month period. The law applies to all private-sector employers, regardless of size, but exempts seasonal workers, as well as college students working temporary jobs for their universities.  

HB 3733: Effective Jan. 1, 2024, HB 3733 amends the Illinois Minimum Wage Law, Illinois Equal Pay Act, Illinois Wage Payment and Collection Act, Illinois Child Labor Law and Illinois Day and Temporary Labor Services Act by requiring employers with employees who do not regularly report to a physical workplace to distribute the mandatory notices under these laws by either email or posting the materials on the employer’s web or intranet site. 

Connecticut

Expansion of PTSD Benefits Under Workers’ Compensation Act: Effective Jan. 1, 2024, Connecticut significantly expanded the circumstances under which employees can receive workers’ compensation benefits for post-traumatic stress injuries suffered while working. The Workers’ Compensation Act now specifically defines the following traumatic events as qualifying events triggering eligibility for benefits for all employees who:

• See the death of an individual or an accident involving their death 
• Witness someone’s injury who dies prior to hospital admission as a result of that injury
• Attend to an injured person who dies before hospital admission 
• Witness an injury that results in permanent disfigurement of the victim
• Witness the death of a minor

Under previous legislation, these benefits were available only to firefighters, police officers, parole officers and corrections officers. The new legislation drastically expands the definition of an “employee” to allow benefits to all employees.

See also: Case Study on Using AI in Workers' Comp

Pennsylvania

Workers’ Compensation Maximum Rate for 2024 Announced: Pennsylvania’s Department of Labor and Industry determined that the maximum compensation payable under the Workers Compensation Act shall be $1,325 per week for injuries and illness occurring on and after Jan. 1, 2024. For purposes of calculating the updated payments for medical treatment rendered on and after the Jan. 1 of this year, the percentage increase in the statewide average weekly wage is 4.0%.

California

SB 740 – Hazardous Materials Management, Stationary Sources and Skilled and Trained Workforce (Effective Jan. 1, 2024). When contracting for the performance of construction, alteration, demolition, installation, repair or maintenance work at a stationary source that is engaged in petroleum-related activities, an owner or operator of the stationary source must require that its contractors and subcontractors use a skilled and trained workforce to perform all onsite work.

AB 521 – Toilet Facilities at Construction Jobsites (Effective Jan. 1, 2024). This law requires the Division of Occupational Safety and Health (Cal/OSHA) to draft a rulemaking proposal to consider revising a regulation on construction jobsite toilet facilities to require at least one single-user toilet facility on all construction jobsites designated for employees who self-identify as female or nonbinary. 

SB 700 – Cannabis Use (Effective Jan. 1, 2024).Existing law makes it unlawful for an employer to discriminate against a candidate or employee because of the person’s use of cannabis off the job and away from the workplace unless an exception applied, such as testing for only psychoactive cannabis metabolites (as opposed to non-psychoactive), federal law permitting testing for controlled substances and jobs requiring federal government background investigation or security clearance.  

Staying informed about changes to workers' compensation laws is important for both employers and employees. With many new regulations put in place in 2024, injured, sick, discriminated-against and harassed workers will find themselves better protected with greater rights and access to higher-quality care. Understanding the protections that these legislative changes bring will make it easier for workers to receive the benefits they are entitled to.