Medical costs make up the biggest portion of workers' comp expenses, and while medical inflation in WC has remained moderate for the past decade, the recent spike in consumer prices—8.3% over the previous 12 months—has elevated concerns.

A Tale of Two Factors

When it comes to medical claim changes, price and utilization are the two driving forces.

In a detailed analysis, “Inflation and Workers Compensation Medical Costs—Overall Medical," NCCI looked at changes in paid medical costs compared with various price indexes, including the Consumer Price Index (CPI) and the Producer Price Index (PPI). The NCCI determined that the price index most closely reflecting medical cost distributions in WC is the Personal Health Care (PHC) index—a mix of CPI and PPI. Prices for medical services in WC are subject to inflationary trends, but such trends are tempered to some extent by changes in fee schedules and contractual agreements with service providers, among other factors.

Two other key observations: 

• While drug costs are declining, physician costs are up slightly, and facility costs are rising in the WC system
• Facility services have been the main contributor to changes in WC medical costs across regions—most prominently in the Southeast

By the Numbers

Between 2012 and 2019, WC paid costs increased at a relatively stable 1.5% annually. 2020 reflected the exceptional drop in new WC claims due to the COVID-19 pandemic. In 2021, paid medical costs per claim rose 2%. 

NCCI observed that, in 2021, WC medical costs in the Northeast and Southeast each increased by an estimated 3%, while the West rose by 2% and the Midwest by 1%. Every region except the Midwest had a slightly larger increase in 2021 WC medical costs relative to those observed between 2012 and 2019.

The countrywide distribution indicates approximately 80% of WC medical costs are for physician and facility services—drugs and all other services make up the remainder. While drugs paid in a calendar year may seem, the figure is based on payments made directly to service providers at the bill line level. As such, the distribution does not reflect payments to settle future medical benefits, which typically include a significant amount for prescription drugs.

See also: How Digital Health, Insurtech Are Adapting

The Bottom Line

As medical costs continue to grow at a relatively moderate rate, it’s worth keeping an eye on as it relates to the WC industry. As of September, NCCI estimates the CPI for medical services and commodities, net of health insurance retained earnings, is at 3.6%, and the PPI for healthcare services is at 2.4%. So far, medical cost containment measures such as fee schedules and changes in utilization practices have helped mitigate the impact of medical inflation.

In the next three installments of the inflation and workers' comp series, NCCI will delve into the different types of medical services—physicians, facilities and prescription drugs.

Over the past few years, insurers reexamined their strategies amid new demands and increasingly digital customer interactions, with underwriting departments, in particular, experiencing waves of changes. Now, new research shows the results of insurers’ efforts in transforming their underwriting businesses, and the small commercial segment is entering a new phase of automation.

SMA’s recently published eBook, “Small Commercial Lines Underwriting Transformation: The Next Level of Automation,” reveals that a small group of insurers have moved their underwriting plans past the modernization of policy admin systems to deploy transformational technologies and innovative underwriting tools. This group likely acknowledged the struggles with transformation during the pandemic and spent the past two years strategizing around innovative initiatives. However, more than half of insurers remain in earlier phases of digital transformation and are not investing heavily in transformational technologies and advanced automation tools.

The initiatives at the top of insurers’ agendas in 2022 include those involving data and analytics, such as pre-fill and scoring, which are being piloted or implemented at nearly all small commercial lines insurance companies. Eighty-nine percent of insurers are also planning or applying automated workflow technologies to their small business operations.

When considering how insurers are leveraging new tech and data, paired with the 83% of executives who expect big changes to small commercial underwriting within the next five years, all signs point to continued momentum toward increased automation in the segment. But now is the time for insurers to create their future road map and evaluate the new tech solutions and data-sourcing options in the underwriting space.

Drivers are, without a doubt, a fleet’s greatest asset. Because of that, ensuring their health and safety is of primary importance. At the same time, organizations must take into account that the behavior and performance of their drivers has an enormous impact on both corporate reputation and profitability. With more and more drivers on the road, there are naturally more risks associated with driving fleets. To better understand how to create a safe environment for drivers, it’s important to understand in what ways fleet drivers might be putting themselves – or others – at risk.

Dangers on the road

50 million people are injured each year due to traffic violations. These are just in reference to basic laws: following speed limits, adhering to a safe following distance, yielding to pedestrians and stopping at red lights, to name a few. Here are some sobering statistics:

• The leading cause of death in the U.S for ages one to 54 is road crashes.
• At least 20% of crashes are caused by drivers who have driver fatigue or fall asleep at the wheel.
• More than 50% of the 5 million yearly crashes in the U.S. are caused by aggressive drivers (with speeding being the most prevalent). Additionally, drivers between the ages of 19 and 39 are significantly more likely to engage in aggressive behaviors.
• Rear-ending is the most frequent type of crash (about 29%).
• Each year, about 2 million drivers who are in car accidents end up with permanent injuries.

These are just a handful of the things that can occur on the road, but one thing is clear: There will always be risks involved with driving. Within the fleet industry, it’s important to note that the most common cause of crashes is distracted driving. In fact, distracted driving injured more than 420,000 drivers and killed 3,142 people in 2020 alone, according to the National Highway Traffic Safety Administration (NHTSA).

It's not uncommon for someone stopped at a red light to quickly glance at their phone, but if it holds their attention and the light turns green, someone behind them may become impatient and honk, causing the driver to hit the gas without even looking around. Or perhaps a driver is running late to a job site and sends a text to their manager while driving and runs a red light. Either of these circumstances – and more – could wind up in a collision.

One report that included 3,411 responses from fleet safety professionals within an array of job functions, industries and fleet sizes, found that more than a third of accidents reported within a year showed the fleet driver at fault. When crashes occur, there will almost assuredly be costly repairs to vehicles, which can reduce the number of vehicles on a road. Crashes can also bring lawsuits, medical expenses, raised insurance costs and the risk of damaged reputation to an organization.

See also: How Geospatial Data Lowers Traffic Risk

Finding a solution

We know these are critical issues that must be addressed, but how? Nearly half of the fleet safety professionals from the previously mentioned study reported that planning, where safety is concerned, is not an issue, but executing it was a primary pain point in achieving safety goals. However, more than half of those who use telematics/GPS tracking reported that the technology is very effective in helping improve safety within a fleet. 

A telematics tool like a dash camera can detect a number of things, including hard acceleration, driver drowsiness, speed limit violations, following distance, seatbelt compliance and traffic light and stop sign violations, to name a few. Each second is analyzed for safety via artificial intelligence to recognize risky driving behaviors – and without any human intervention needed. AI can send alerts or provide coaching when drivers exceed any threshold that’s been set for a variety of behaviors. This provides drivers the opportunity to improve their habits on the road.

Should there be an incident, a dash camera can detect it in real time. This gives managers the ability to quickly determine who was at fault with video capture and then perform intelligent automated reporting for increased visibility across a fleet. Essentially, dash cameras can do all the heavy lifting when it comes to any review, evaluation and storage of footage.

When fleet managers deploy their drivers, they must protect not only the drivers but other drivers and pedestrians on the road, as well. Telematic tools like dash cameras empower organizations to recognize and correct dangerous behaviors. They are an invaluable asset that will create efficiency and safety, as well as reduce downtime and costs associated with unsafe driving habits, giving managers a way to confidently safeguard employees, a company’s reputation and the bottom line.

As a trained occupational therapist working in industrial wellness, I spent many years trying to prevent hand and upper extremity injuries in manufacturing and logistics centers. That meant more job site analyses, ergonomics studies and functional capacity evaluations than I can count.

In other words, I’ve spent a lot of time analyzing how human beings move through work environments and how they affect  our bodies. 

While we’ve certainly made significant progress in the way we engineer workplaces to mitigate injury, the rate of musculoskeletal disorders (MSDs) remains high. So does the economic impact on businesses. According to the U.S. Bureau of Labor and Statistics, MSDs are the single largest category of workplace injuries and are responsible for nearly 30% of all workers’ compensation costs. Injuries resulting from repetitive tasks (like hand-intensive work) cost U.S. businesses more than $2 billion per year.

Here’s the good news: Advanced technology is providing businesses the unprecedented ability to identify harmful movements and prevent MSD injuries. Wearable devices paired with artificial intelligence hold the potential to significantly reduce workers' comp costs for businesses and the insurance providers that protect them. 

MSD injuries cost employers serious money

The median nerve begins in the neck as a group of disparate roots that form together to travel down the upper arm, across the elbow, and into the forearm. As the nerve moves through the wrist en route to the hand, it passes through a narrow gap between bone and ligament known as the carpal tunnel. 

When the wrist is held in a compressed state for extended periods, the tissue surrounding the flexor tendons can swell, narrowing the carpal tunnel and putting pressure on the median nerve. The resulting reduction in blood supply and lymphatic flow can cause micro-tears, tingling, pain, weakness in the hand and, if left untreated, permanent nerve damage.

OSHA calculates that by the time a worker has had surgery and rehab to redress carpal tunnel syndrome, their employer has paid nearly $65,000 in direct and indirect costs—and that’s on the conservative side (price tags closer to $100,000 are common). Spread across a workforce of hundreds of people performing similar movements, these issues can quickly become a significant financial liability. 

Carpal tunnel is far from the only concern. Cubital tunnel, radial tunnel, medial and lateral epicondylitis, thoracic outlet syndrome and many other injuries plague people who perform the repetitive physical motions common on manufacturing and logistics floors.

Technology allows businesses to get proactive

How can businesses prevent these harmful repetitive motions? One solution is wearable devices that provide real-time feedback and coaching to prevent risky movements before they cause injury. Tech-enabled hand wraps and gloves can assist the safety team in measuring, identifying and recording the frequency and directions of movements in the hand, back and shoulder. If an individual is frequently working with excessive movements in one specific direction or working at the extreme end range of motion, that becomes visible.

AI software can then assist by deploying a pre-programmed haptic or biofeedback cue. One example of a haptic is a gentle buzz that can notify an employee any time they move their hands outside a neutral, thumbs-up position. Maintaining a safer position can alleviate a lot of the maladies described above.  

Other haptics, such as a reminder for workers to take a break and do a microstretch, can be employed as well. Examining the data allows safety teams to make the most accurate decision on which haptic makes the most sense for different workers.  

A leading logistics and warehousing company using this technology recently observed through the data that a large subset of workers performed 70% of their hand motions in two specific directions and at the extreme end range of motion for those recorded excessive movements. These unbalanced and excessive movements corresponded with recent diagnoses of DeQuervain’s Tenosynovitis, a painful wrist condition often caused by repetitive movements in a specific direction. 

Equipped with these findings, the employer conducted targeted training among the riskiest quartile of employees most prone to these unbalanced movements. The company instructed them on proper biomechanics and ergonomics, encouraging them to work in a neutral hand position. Back on the floor, the training was reinforced with haptic feedback: Any worker whose hand deviated beyond 30 degrees of the mid-range of motion point in each direction received a real-time vibration cue from the connected gloves to return to the neutral hand position.

By encouraging neutral hand position, the business saw a 38% reduction in risky movements.

See also: Why Cloud Platforms Are Critical

Workplace safety tech takes the guesswork out of injury prevention

Wearable devices and AI can’t replace on-site safety teams or clinical professionals trained in diagnosing and preventing injuries. But they can serve as essential tools and adjuncts to treatment in an ever-expanding technological toolbox. The safety professional is provided with more functional data that can be used to design, develop and implement objective programs and targeted coaching. And because this technology is typically expensed through an IT or facility operations monthly budget, it does not compete with health professional services. 

This technology extends the safety team’s visibility to the entire workforce and ensures that vulnerable employees aren’t lost in the shuffle. It cuts down on paperwork and improves response time. It allows businesses to become more proactive, which ultimately means fewer injuries. 

And the benefits don’t stop there.

It’s not hard to envision insurance companies offering premium reductions for businesses that ask their workers to wear connected devices: Show us your people are moving in a more biomechanically responsible way, and we’ll drop your rates. Compliant businesses could show the quantifiable results of stretch programs and ergonomic instruction. 

I can also see insurers from a workers' comp company having therapists use wearables as a tool during functional capacity evaluations, work conditioning services and PT/OT evaluations and treatment. This would provide objective and detailed insight into how effectively an individual is following their return-to-work plan and help with compliance of the home exercise program recommendations. If range of motion can be measured more functionally and precisely to better evaluate progress, employees could get back on the floor more quickly and safely.

Ultimately, this technology takes the guesswork out of injury prevention and recovery. It provides objective data that makes decision making cleaner. And the ROI benefit is significant: The system essentially pays for itself after preventing just one or two MSD injuries. (Remember that $65,000 price tag for carpal tunnel?)

For businesses looking to mitigate risk of injury to their workforce—and the costs that come along with it—investing in safety technology is no longer a luxury. It’s a necessity

It’s becoming increasingly common for insurance companies to offer discounts in exchange for agreeing to share some personal information, usually through high-tech monitoring. This information, about a driver’s habits behind the wheel or potential threats to a house, is valuable to insurers because it gives clearer insights into potential risk.

But an annual survey from Policygenius about technology and insurance shows that most consumers value their privacy more than savings. More than six in 10 people said that they would not install data-sharing devices — including apps, doorbell and dashboard cameras or sensors in their homes — for any discount amount.

Diving more deeply into the Policygenius findings:

• 68% of Americans would not install an app that collects driving behavior or location data for any insurance discount amount, up from 58% last year.
• 68% of Americans would not install a live dashboard camera for any insurance discount amount.
• 65% of Americans would not install smart-home devices (doorbell cameras, water sensors, thermostats) that collect personal data for any insurance discount amount.
• 77% of Americans would not install a smart doorbell camera that shares facial recognition data with third parties for any insurance discount amount, compared with 67% last year.

Some people indicated they could be persuaded to share personal information with their insurance companies as long as they were guaranteed a big discount. 

Depending on the type of data-sharing device and whether it’s for a home or car, between 67% and 74% of people who say they would install these devices would only do so for a discount that reduced their insurance premiums by at least half.

Still, even with promises of large discounts, the majority of people aren’t interested in sacrificing their privacy to save money.

Year over year, more Americans choose privacy over insurance discounts

When we compared the results with last year’s Home & Auto Insurance Technology Survey, we found that fewer drivers, homeowners, and renters say they would exchange privacy for discounted rates.

Last year, 58% to 67% of people (depending on the data-sharing device we asked about) said that no discount was worth sharing more data with their insurance companies. This year, 68% to 77% of consumers say they’re against giving their insurers access to more information for lower rates.

And fewer people said they would install a device that monitored their homes or driving habits even if it meant they could reduce their insurance premiums by half. Last year, 24% to 32% of people said that they would be open to this for a large discount; this year that range shrunk to 16% to 24% (depending on the device).

See also: Raising the Bar on Data Privacy

More than two thirds of people say that no discount is worth using dashcams and data-tracking apps

For the most part, drivers just aren’t interested in lower car insurance if it means downloading and using apps or installing dashboard cameras to monitor their driving habits.

Sixty-eight percent of people say that no discount is worth installing a usage-based app that tracks their driving behaviors and location. The same percentage of people say that they wouldn’t install a dashcam that recorded them while they drove.

Drivers are even cooler toward this tech than they were last year. In last year’s survey, 58% of drivers said that no discount was worth using an app that kept track of their driving habits, and 60% said they would decline to install a dashcam.

Not even the promise of large savings can convince many drivers to share their data. We asked whether drivers would be more open to downloading a driver-tracking app or dashcam if it meant their premiums would be reduced by half. Just 24% would install a camera, while only 22% of people would use a tracking app.

Most people wouldn't trade discounts for having data-collecting tech in their homes

Most Americans don’t want discounts in exchange for data-collecting tech in their homes, either. Sixty-five percent of people don’t think that any discount is worth installing a smart-home device, like a doorbell camera, water sensor or thermostat in their homes that would share data with their home insurance company.

Even fewer people would take a discount on their home insurance if it meant installing a smart doorbell camera with facial recognition capabilities that shared the data it collected. More than three-quarters (77%) of people would not install this type of camera in their homes for any size discount.

As with usage-based auto insurance and dash cams, most homeowners and renters aren’t persuaded by large discounts if it means giving up their privacy. Only 24% of people would get smart-home devices even if it reduced their premiums by half. Facial recognition-capable doorbells are the least popular among consumers: Just 16% said they would install this tech for cheaper home or renters insurance.

Overall, survey respondents indicated they were less likely to install any of this tech in their homes than a year ago. In 2021, 43% of those surveyed said they would install smart-home devices that collect personal data for a discount; this year, only 35% would. Facial recognition doorbells already weren’t very popular in last year’s survey — only one-third said installing one would be worth a discount. This year, that share dropped to just 23%.

For years now, Siri, Alexa and Google Home have been portrayed as just the beginning of a pathway to virtual assistants that will give each of us a J.A.R.V.I.S., the voice-activated software used by Iron Man to handle, well, just about everything. 

But the wave of layoffs happening at Amazon's Echo unit tells a different story.

That story will govern for the foreseeable future, and insurers should heed it as they consider how to incorporate natural language processing technologies into their operations. While many futurists have claimed that voice is such a natural means of communication that it will soon take over all customer/corporate interactions, Amazon's experience proves otherwise. 

Here's the core of the issue for Amazon and for any insurer implementing natural language processing technologies: I love my Echo and use it all the time, but I've never bought anything with it and am unlikely to ever do so. 

I set a lot of timers, ask every day or two about the temperature outdoors and maintain a running list for grocery shopping. Other than that, I seem to ask for people's ages -- if I want to see how long I'm going to have to watch my Tottenham Hotspurs suffer at the hands (feet?) of Liverpool forward Mo Salah, I might call out for his age, for instance.

But that's about it. Amazon has tried to entice me to do all kinds of things, including buying items on my shopping list via Amazon Prime. That should be the easiest extension for Alexa, but I've never even been tempted, because of the fundamental limitations of a voice interface. 

The limitations for Alexa, and all such voice interfaces, boil down to two insurmountable ones: trust and complexity.

Quite simply, I don't trust my Echo to act on my behalf. I expect Alexa to act on behalf of Amazon, its creator and manager. So, I wouldn't just tell Alexa to order cat food, even if it knew the brand I wanted. I assume Amazon would steer me toward a product or size or flavor that maximized its profit. 

And the trust problem becomes greater as the complexity of the purchase does. Who would ever say, "Alexa, get me a plane ticket to Chicago next Thursday, and a rental car, too"? Certainly, no one would ever buy an insurance policy via a voice interface, or even renew a policy, I imagine. 

The complexity problem figures in here, too. If I'm flying to Chicago, I can call up a host of options via Expedia on my computer screen and quickly sort through them based on a combination of convenience, price and favored airline, but that selection would take forever via voice -- "Remind me, Alexa, what the price was for that United flight at 6:45 a.m." Yes, software agents will eventually become sophisticated enough that they'll have a good handle on my preferences, but we're a long way from the day when a voice interface can let you sort through complexity nearly as efficiently as a visual one.

Voice interfaces can still do great things. Who gets lost these days, when you can say to your phone, "Hey, Siri, get me driving directions to XYZ"? In insurance, voice interfaces can remove a lot of drudgery and expense by having automated systems answer simple queries from customers, such as about when a payment is due or when a policy renews. Natural language processing used in chatbots and conversational AI allows for even more complex interactions via text, such as initiating a claim. 

But the trust and complexity issues will limit voice interfaces for the foreseeable future. 

You can't say Amazon didn't try. The Echo began in 2014 as an idea from then-CEO Jeff Bezos and got all the attention that the pet project of a billionaire founder can receive. The New York Times reported that the Echo had sustained $5 billion of losses by 2018, and spending only accelerated from there. Business Insider reports that the division that includes Echo will lose $10 billion just this year.

You can see where the money went, too. The technology is as slick as can be. 

The business case just isn't there yet, and it won't be any time soon.

Cheers,

Paul  

Where we stand dictates our view, right?

For 15 years, my view was the inside of large corporations, first as a consultant and later as an executive. But after five years as an entrepreneur, my line of sight back at the cliffs of corporate life reveals some new contours. Now, I can pick out some of the barriers to innovation in large companies that I unfortunately (and gleefully) participated in in the past.

“Big company thinking” is usually pejorative, but that’s really not fair. Institutions persist because they work, however imperfectly, unfairly and inefficiently at times. Big companies drive a huge portion of the economy. And they have a lot going for them that startups don’t – cash on the balance sheet, both depth and breadth of expertise, established distribution, stable go-to-market processes, cash on the balance sheet (you get my point). I sure do miss the infrastructure and support of a corporate job some days.

And it's not that big companies can't be innovative - we can all think of life-changing products built by the Fortune 100. It's just that scale bogs down agility almost without anyone noticing. These three patterns are especially pervasive: Spinning Plates Syndrome, the Department of No and Zombie Resurrection.

Spinning Plates Syndrome

One of the most terrifying moments as a new startup founder was staring at a blank document on my screen and realizing that absolutely nothing about Surround was going to exist unless my cofounder Jay or I (and later our team) willed it into being. Without repeated acts of creation, a startup literally does not exist.

The relative safety of corporate life all too easily conceals that foundational truth. The only things that will ever exist, other than the natural world, are things some human somewhere willed into being by doing productive work.

You remember back to high school physics? Work requires both force and movement. If it’s just force, it’s not work, it’s just…force. Same in the office. If you’re lots of force, but nothing is moving, that’s just effort, not work. And in large organizations, there’s a tendency to measure and reward effort, not progress. Keeping the plates spinning is super visible, and sure looks cool, but at the end of the day you put the plates down and you’re exactly where you started.

What does progress require? The courage to do something that’s possibly wrong, and an organization that doesn't punish mistakes. It takes courage to figure out how to do something that’s not been done before and show the results to others. Courage is a fragile bird, and the hand slapping in many corporate environments prevents that courage from taking flight.

What’s just effort without progress? Steering committee meetings. Projects that are so big that the overhead to deliver is a significant portion of the time spent. Status meetings. Detailed meeting minutes. Some of this is necessary, but spinning the plates is a distraction from the real work. No steering committee has ever had an engine.

What to do if you’re stuck in this loop? Look carefully at what you and the managers in your organization look for as proof of work. Is it fancy PowerPoint decks? Or is it a signed contract, a draft landing page, a delivered feature?

You get what you ask for.

See also: When You Have Too Many Good Innovation Ideas

The Department of No

Startups are relatively permission-free – everyone builds, everyone contributes and the projects are small enough that it’s usually easy enough to figure out what you’re supposed to be doing next. Asking a manager or coworker whether you’re permitted to make a change might well get you laughed out of a lot startups. Nobody has time for that.

However, corporate jobs often mean living in a permission-bound world. There’s serious downside to being caught doing something without permission (aka no plausible deniability) and relatively little upside.

The direct result is the Department of No.

Who often gets rewarded? The people who save the corporation from infamy and failure by bravely crushing everyone else’s ideas? Or the people who sometimes break things, carefully and in limited ways? The former is the Department of No. If you have a Department of No, you probably don’t have much innovation.

Big companies can do it well, though.

I worked at Progressive Insurance early in my career. Glenn Renwick was the CEO back then, and every month there was an all hands get together in the cafeteria in the Cleveland headquarters. They’d have a cake for all of that month’s birthdays (you know, the good kind, the sheet cakes with the swirly frosting and sprinkles). Glenn would speak for bit, and he’d share Progressive’s wins for the month.

Then he’d do something interesting. He’d list the failures, as well. Pilots that didn’t work, product launches that failed, advertising campaigns that fell flat. Sounds horrible, right?

Well, no.

He was calling out the good failures. The ones where someone had taken the initiative to come up with an idea, made a data-backed case for trying it, implemented it well, measured it, then shut it down and reported it. Glenn called out the names of the people involved, explained we were able learn from their work and led a round of applause.

Pretty darn powerful statement that failure is a learning opportunity for an organization, no?

Does your organization do cake-and-fails? You should.

Resurrecting Zombies

Technical debt is one thing you get to start a company without. I can’t even begin to describe how freeing that is. (In fact: nah nah nah nah nah. Ok, enough gloating). There’s more than technical debt in large organizations, though – there’s also historical debt.

You know the person in your department who knows everything that ever happened? Like that deal in 1973 that led your company to acquire Below Sea Level Homeowners Insurance Inc.? And the fee you’ve charged those homeowners for the doodad you send them every year? The 12 remaining customers who are expecting their doodads? And the person in your department who knows this and continually explains That It Is Crucial To Send The Doodads Because We Have Always Done It?

Well, the history of where a company has been is important. It's like Chesterton’s fence – if you come upon a fence, and it doesn’t make any sense where it is…pause for a moment. Someone put a lot of effort into putting it there for some reason. Best to understand why before you choose to tear it down, no? That being said, there are plenty of fences that should go. They create a clear path for innovation. But tearing down those fences takes courage, too, because those decisions may to be unpopular with both long-tenured staff and some customers. That doesn't make them the wrong decisions.

You cannot grow toward the future without letting go of at least some of the past. Startups have no past; big corporations do, and therefore need to decide what to hold on to, and what to let go.

Don't resurrect zombies, Kill off the zombies.

See also: Innovation: Top Down/Bottom Up

A Final Thought

People everywhere are full of ideas. It’s why we stood up on two legs and built grand civilizations. Willing innovation into being doesn’t usually require more ideas… it requires systematically clearing a path for those ideas to take flight. That means rewarding actual work, reducing the impact of naysayers and saying no to work your organization has outgrown. That’s saying yes to innovation.

Mergers and acquisitions give organizations the potential to increase capabilities, diversify offerings and expand market share, but they also present considerable risks. While companies typically review financial, strategic, legal and operational details before completing an M&A transaction, another important concern is often overlooked: cybersecurity.

When organizations do not complete a detailed cyber evaluation of target companies before a merger or acquisition, it can create an unnecessary risk – one that can result in significant financial and legal challenges. A data breach could not only threaten a company’s business assets and functions but also lower its profits, market value and brand reputation, potentially resulting in significant (and costly) litigation and regulatory enforcement actions.

Why is cybersecurity due diligence important?

Conducting cybersecurity due diligence before a merger or acquisition helps companies accurately assess risk before taking on liability as well as identify any issues that might warrant restructuring the purchase agreement. 

Before integrating its network with a target company’s network, an organization should identify the IT assets, systems, software, websites and applications, whether proprietary or third-party, and know how that company’s data or personal information (PI) is stored or processed. These post-acquisition processes are fundamental to building a comprehensive strategy to incorporate or update an acquired business’s information technology post-closing. 

Additionally, for businesses that collect, store or process non-U.S. workforce, customer or consumer data, it is important to understand if that data is generated by, stored in or exported to personnel or servers located in other countries or U.S. jurisdictions. This data may be subject to multiple jurisdictions’ laws, and other regulations might govern whether and how data can be transferred across borders post-merger. 

Given the continuous evolution of cyber threats and data protection laws, due diligence investigations should also look beyond a target’s cybersecurity and compliance programs and focus on the target’s overall culture of information security and data privacy. Although a target company may not be currently violating any data protection laws, it is important to understand and assess whether it has the institutional framework in place to recognize new regulatory requirements and adjust its policies and procedures accordingly. In turn, buyers should determine whether the target has an internal, information governance structure and, if so, whether that structure is capable of effecting meaningful change throughout the organization in response to new cyber and privacy rules and regulations. Organizations with internal information governance structures are often able to easily adapt to changes in the law and to mitigate the monetary and reputational costs related to legal noncompliance.

See also: Cyber Risk and Insurance in 2022

Important cybersecurity due diligence: key questions and considerations

From networks and systems to cyber evaluation to data incidents, there are many considerations that should be part of an acquiring company’s due diligence. The following areas may prove helpful in examining these complex issues:

Networks and systems 

Documentation or information should be provided about the target company’s network and system architecture and data flows, including the use of cloud providers and third-party applications to allow for assessment of a target company’s attack surface and vulnerabilities. This allows for the acquiring company to understand what type of data the target company’s systems store and identify what type of sensitive information (e.g. Social Security and driver’s license numbers, credit/debit card information, health details and usernames/passwords) that can be connected to a specific person the target company’s systems store.

Once it has been determined that the target company stores this type of data, the acquiring company should be assessing the security controls in place that are currently protecting this information (e.g. multi-factor authentication or access controls).

Lastly, the acquiring company should assess and be aware of any on-premise server or cloud storage that holds sensitive personal information. If these servers are owned and operated by third-party service providers, it is important to understand how that vendor manages the target company’s data confidentiality and infosec. Also, it is important to know the use of legacy applications or providers for critical functions that are subject to long-term contracts or those that would be difficult to port to an alternative platform.

Cybersecurity and Technical Controls

The acquiring company should inquire how often the target company conducted privacy impact assessments, vulnerability scans, penetration tests or SOC audits to assess the types of risk the target company face based on industry sector, geographic reach and the nature of the product or services that it manufactures, develops, or provides. This type of inquiry provides the acquiring company a comprehensive understanding of the target company’s security controls leading up to acquisition.  

Furthermore, this type of assessment allows insight into the target company’s data loss prevention program, anti-virus and anti-malware solutions, end-point detection monitoring, multi-factor authentication, geo-fencing, encryption of data, patch management, vendor management and evaluation of the target company’s business continuity or incident response plan, if available.  

It also is important to understand the kinds of educational and training programs the target company has in place to educate its workforce about the importance of cybersecurity and improve its resistance to cyber incidents.

See also: "Micromorts": A New Way to Talk About Risks

Data incidents, complaints and governance

Corporate governance and data incidents are just as important as assessing the target company’s security controls. To round out the acquiring company’s due diligence, it should inquire about prior incidents of unauthorized access to or misuse, modification, exfiltration or disruption of the target company’s information system or proprietary technology systems, including any data stored on those systems and whether those matters were remediated. Also, through the acquiring company’s due diligence process it’s important to understand the target company’s data governance by inquiring about how the target company’s president, CEO, board and other senior leadership view its responsibility within the context of data protection and the frequency with which they initiated cybersecurity training among the workforce.

Although these considerations can be time-consuming, it is important that businesses complete their cybersecurity due diligence before any merger exists. Cyberattacks continue to increase in frequency and severity, and a data breach can be devastating to any organization.

Nature is declining globally at rates unprecedented in human history — and the rate of species’ extinction is accelerating, with grave impacts on people and communities around the world. 

The WWF’s 2022 Living Planet Report finds that wildlife populations have seen a devastating 69% drop on average since the 1970s. Furthermore, nature decline is making it harder to slow the rate of global warming and to limit climate change, as roughly half of today’s human-emitted emissions is absorbed by lands and oceans (and if these assets are degraded, this absorption function also declines). 

Fortunately, as both public and private sector entities are increasingly working to achieve net-zero emissions, the voluntary carbon market is rapidly expanding and is fueling investments into nature conservation and restoration initiatives. Various efforts are underway globally for natural capital accounting, which will help quantify how natural assets contribute to the economy and demonstrate nature’s value to society. 

Nature investments undoubtedly need to be scaled to help tackle the biodiversity and climate crisis. The UNEP State of Finance for Nature in the G20 report calls for G20 countries to increase annual spending on nature-based solutions from the current $120 billion a year to $285 billion by 2050 to address the inter-related nature, climate and land degradation crises. However, doing so in a manner that limits investment risk is important, and, if voluntary carbon markets are used as a conduit to facilitate some of this investment, then carbon project developers, communities, buyers, sellers, lenders, investors and various intermediaries need to manage risks including natural disasters, pest infestations, environmental pollution and political and regulatory changes.

Innovation in insurance solutions can help mitigate some of these risks and help improve the integrity of carbon offset transactions. For example, offering a carbon offset and reduction expense endorsement in property and casualty insurance policies could help address the increased cost of disposing of and replacing damaged property in a way that reduces carbon emissions and the continuing costs of carbon reduction efforts.

By bolstering confidence in the integrity of carbon offset transactions, the insurance industry can ultimately enable greater capital flows to areas where investment is most critical, such as underserved emerging markets. Aon recently announced a collaboration with Revalue Nature, which designs and develops projects that protect and regenerate forests, mangroves and other natural assets, to help de-risk projects, facilitate investment and accelerate the deployment of these solutions.

See also: A Better Way to Consider Flood Risk

Working with clients and industry partners is critical to build understanding of the insurance need, develop capacity to support risk transfer and help shape better decisions that address climate risks. Improved measurement, reporting and verification (MRV) and data can help encourage the development of new products, such as performance guarantees for carbon-credit-generating projects, and further facilitate and accelerate mainstream investment into conservation and restoration initiatives.

In addition to nature-based solutions for climate mitigation, technological and hybrid solutions are projected to gain momentum in the coming decades. Technology and hybrid solutions rely on equipment to capture carbon dioxide and use technology to speed natural processes for carbon dioxide removal. Insurance industry insights, focused on understanding technology risk and acumen in creative risk transfer solutions can help make some of these clean technology projects more “bankable” and accelerate the net-zero transition. For example, Aon’s Intellectual Property (IP) Solutions and technology performance guarantees can unlock investment into newer decarbonization technologies.

The dynamic nature of net-zero transition and voluntary carbon marketplaces gives rise to the need for trusted risk advisers to help navigate increasingly complex transactions, and insurance can help manage some key risks over time. For example, property insurance can help protect against physical damages/losses from natural disasters for assets that are meant to generate carbon offsets. With an ever-changing political landscape, insurance can also help protect clients against invalidation, seizure and other political and regulatory risks. 

It will take a “whole of society” approach to reach net zero, and the insurance industry is in a key position to help organizations around the world address and de-risk the actions that will contribute to reaching this ambition.

All descriptions, summaries or highlights of coverage are for general informational purposes only and do not amend, alter or modify the actual terms or conditions of any insurance policy. Coverage is governed only by the terms and conditions of the relevant policy. Insurance products and services offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida and their licensed affiliates.

Insurtech is in a confusing state at the moment. Public valuations for many of the big names are way down, and funding has cooled off. But some of the companies formed in the first wave of insurtech are thriving and are pointing the way for a new wave of insurtech that seems to be taking shape now. So, Paul Carroll, editor-in-chief at Insurance Thought Leadership, sat down recently with Ron Rock, senior director, insurance/insurtech, JobsOhio, and Andrew Daniels, founder and managing director, InsurTech Ohio, to talk about what comes next. An edited version of that conversation follows:

ITL:

To start us off, what did you see as the big ahas coming out of InsureTech Connect this fall and a more recent insurtech event that you held in Ohio?

ANDREW DANIELS:

We're seeing "neo-carriers" come through, and they're more mature than insurtechs have been in the past. A company like Branch [an innovative personal lines insurer based in Columbus, Ohio] is doing strategic partnerships and buying vendor technologies themselves. That's kind of flipped the insurtech world on its head. That used to be what incumbent carriers did, but some of these companies now have just completed their Series A, and they're already off trying to buy technology to go faster.

We're also seeing lots of new companies we haven't heard about, but they've already established their businesses in another vertical, like the financial space, before moving into insurance.

RON ROCK:

I won't speak for BoldPenguin [a six-year-old insurer also based in Columbus], but I get the sense that they're also being aggressive about finding ways to amplify their offerings. Certainly, a theme for insurtechs is partnerships, and they’re looking at each other, not just at incumbent carriers.

Embedded insurance is another trend. That's not exactly a secret, but I'm seeing more microinsurance. You buy my product, and the insurance is right there for you to buy.

ITL:

Any particular examples you'd like to point to?

DANIELS:

I'd consider battleface [whose U.S. headquarters are in Columbus] microinsurance. It was kind of the first a long time ago when travel insurance was launched. Now, they're digitizing a lot of underwriting processes so they can embed that product into other things that are being offered digitally.

The warranty space is another good example of microinsurance that can be embedded.

ROCK:

There's also progress being made in making sure that the uninsured or underinsured are becoming insured, so we're protecting lower-income families.

In the life insurance space, Atidot [an Israeli company] is one I like. They do artificial intelligence data analytics to streamline the underwriting process. They can help companies with orphaned accounts or just make sure agents have a better avenue for selling.

ITL:

You're on a roll. What are some other intriguing companies I should be watching?

ROCK:

Beam [also based in Columbus] is another interesting company. They've been so successful that they recently changed their name from Beam Dental to Beam Benefits, because they're starting to do a lot more things than just dental. They've been growing like crazy.

Coterie Insurance [based in Cincinnati] is a finalist to be named the innovative insurtech of the year. They offer small business insurance through a very streamlined process.

Champ Titles [based in Cleveland] uses blockchain to streamline the title clearing process for vehicles. The time it takes to clear and salvage a title for vehicles is insane.

DANIELS:

Foxen [based in Columbus] offers damage liability for renter's insurance, which they call Tenant Legal Liability Waiver, and is also doing some really cool things to make sure renters get credit on their credit scores for making their payments on a monthly basis. At the moment, there isn't a nationally recognized way to track those payments by renters.

ROCK:

We recently did an event on connected insurance, and, talking in more general terms, there were some very cool ideas coming out of there. Instead of just saying, Hey, thanks for giving me the money for a policy that will indemnify you for your losses, you say, What can we do up-front to make sure that you don't even incur those losses? We've all heard of the valves that can detect a leak and shut off the water before it does major damage to a house. There are lots of ideas along those lines.

ITL:

Having lived in Silicon Valley for years and having covered it for the Wall Street Journal, I've seen the power of critical mass, and for a bunch of reasons—notably, insurance company headquarters, venture capital firms and universities—you seem to have fostered an impressive community in Ohio.

ROCK:

I think we have a leg up on just about everybody. Less than five years ago, when we put on an insurtech event, it was Andrew, me and maybe 20 other people. We just had maybe 200 show up for that same event. There's a lot more buzz and a very engaged insurtech community of carrier innovators and startups.

And our director of insurance in Ohio has been involved in a lot of our events with InsurTech Ohio. It's important to have a very friendly regulatory environment and make sure the Department of Insurance is very transparent on what it takes to launch a product or do business in a state.

Yes, we've seen things cool off in terms of investment, but I'd bet investment has cooled off more globally than it has for Ohio. We're still having record years for VC or private equity.