Today’s underwriters have more variables to contend with, more submissions, more competition and more data of all kinds to deal with than ever before. That’s why more and more insurance firms are deploying AI in commercial underwriting.

Machine learning (ML) and AI are incredibly well suited for helping to deal with the masses of data that underwriters now face. These technologies are changing underwriters’ working lives for the better and delivering huge benefits to businesses and the insurance industry as a whole.

In this article, we’ll explore five key ways you can implement AI and ML in the underwriting process and the results they can achieve. Without further ado, let’s get started.

1.  Processing underwriting submissions

Although efforts have been made to streamline submission processing, many lines of business in the insurance industry still have to deal with large volumes of documents that need to be processed manually. Until now, that’s just been part of the job — and a time-consuming, laborious one.

New applications of AI in commercial underwriting can give great assistance in extracting information from PDFs, printed documents, emails and even handwritten documents, reducing the amount of work underwriters need to do by hand. Optical character recognition and natural language processing are now sophisticated enough to identify the required data in a document, extract it and even perform a degree of evaluation. These advances in text extraction and analysis are opening up efficiencies in underwriting processes, expediting workloads that had previously been a burden to insurance professionals. Time saved on submissions processing is time gained for more rewarding work that makes better use of underwriters' skills and helps to develop the business.

2. Making risk appetite decisions

As you know, reviewing submissions for viability is another task that can take up a lot of an underwriter’s time. Analyzing the submission and all the related risk data, making the decision whether to underwrite it – it all takes time and effort. And it’s another area where you can deploy AI in commercial underwriting to achieve great results.

Machine learning can now offer underwriters valuable assistance in the decision-making process. Using data on previous applications that have been approved or rejected, these systems build an understanding of which are likely to be viable and which aren’t. The systems can automatically decline certain activities described in the application as free-form text, if deemed too risky or otherwise unviable. Using text classification, these activity descriptions can be automatically mapped onto their corresponding industry codes, based on a given standard. If an application is found to be viable according to the system’s judgment, it can also recommend the most appropriate product according to your historical data. Once again, this valuable assistance can be a real asset for time-pressed underwriters.

3. Submission assignment and triage

Some underwriting submissions, in certain lines of business, require extra attention during processing. They need to be prioritized, but, unlike with other submissions, this can’t be done using simple, blanket rules such as their policy effective date. Underwriters need to look in greater depth to decide their priority.

Using AI in commercial underwriting can help here, too. Optimization and forecasting technologies can assist in assigning these submissions to the most appropriate underwriter. Predictive modeling can also rank submissions according to their estimated closing ratio or some other key performance indicator (KPI). For instance, AI could decide to rank one application highly because you’ve recently been successful at closing business with that broker. These innovations have a tangible impact on how well your business operates and your bottom line: Submissions are allocated more effectively, and your overall closing ratio improves.

See also: ‘3D Underwriting’ in Life Insurance

4. Evaluating risk profiles

To evaluate the risk involved in a submission, underwriters must often invest considerable time in research. They must research and weigh all kinds of information to properly evaluate these risk profiles. Sifting through the wealth of information available, in myriad formats, can be like searching for a needle in a haystack — until now.

Today’s intelligent tools can search through many types of structured (processed and labeled) data as well as raw, unstructured data and aggregate relevant information for underwriters to use. For instance, an underwriter may use this system to search through a database of property inspections, to compare similar cases of structural damage and their results. These systems also make it far easier to retrieve similar past applications to see patterns and learn from earlier experience. Now your business never has to make the same mistake twice.

As we said earlier, AI is the master of dealing with large volumes of complex data, so, when it comes to locating and surfacing valuable items of information like this, AI is in its element. The benefits for underwriters and businesses are huge here: They can be better informed and more confident in their risk evaluations.

5. Coverage recommendations

Toward the end of the underwriting submissions review process, it’s time to make a judgement: what coverages will be recommended? AI-powered systems are capable of assisting end-to-end, so they have much to offer at this point, too.

Recommender systems can help with coverage judgments. By analyzing previous applications, they can get a sense of what the appropriate coverages, with limits and deductibles, might be and offer suggestions the underwriters can use to make their final decision. On a business-wide scale, this means your product and coverage recommendations will be better aligned with clients’ needs and their risk profiles.

Ready to deploy AI in commercial underwriting?

All the use cases we’ve outlined here are available to businesses right now, so if you want to start deploying AI in the underwriting process, you can start obtaining the benefits without delay.

As the industry evolves in the coming years, we’re certain that AI will become an even more useful assistant to underwriters all over the world. And, as new applications of AI in commercial underwriting are developed, we look forward to telling you all about them.

This article was originally published here.

The Weather Network reports that "the first three months of the 2020 Atlantic hurricane season have featured numerous... records" as we enter the official peak in September. Hurricane Hanna, the first of the season, brought heavy rain and flash flooding that, according to Karen Clark & Co. (KCC), caused $350 million of damage to Texas automobiles and properties, The Insurance Information Institute (III) reported that Hurricane Laura, which hit on Aug. 26, caused insured wind and flood losses "well into the billions of dollars.

It’s vital for insurers to understand the flooding impact of hurricanes vs. the tropical storms they develop into after they hit land. In June 2020, the federal government stated, “New NOAA-funded research finds that across all major Atlantic hurricanes affecting the southeastern and eastern U.S. during the twentieth century, the largest areas and heaviest intensities of rainfall over land occur after major hurricanes become tropical storms, not during hurricanes or even major hurricanes.” Therefore, if more record-breaking hurricane seasons occur, the losses to insurers from tropical storms are likely to be the biggest risk.

Many insurers now publish flood plans that can be used by homeowners or businesses and encourage the use of flood defenses and other resilience measures to mitigate losses. However, losses continue to mount, which for many is due to the quality of flood warnings they receive. 

National and local flood warnings currently have two weaknesses: lack of detailed information on the precise locations at risk of flood and too many false alarms. The weaknesses are caused by weather’s unpredictability, with every storm being different. For instance, Hurricane Laura’s flood warnings predicting flooding to 20 feet high and 40 miles inland did not materialize because the eye of the storm hit 40 miles east of the forecast’s prediction.  Such traditional forecasts use library-based approaches, which do not consider flow routing processes. As a result, they have very low levels of accuracy and are unable to provide depth or time forecasts. 

Over the last 19 years of university and commercial research, in conjunction with the U.K. government, the next generation of flood forecasting has been developed. This uses a live modeling approach, which solves the library-based problems by using hydrodynamic modeling, explicitly routing flood water over the landscape. This new forecasting technology has been proven globally, including against Superstorm Sandy, which hit New York City in 2012, where the model had 90% accuracy. These results prompted Loughborough University to commercialize the service through a spinout business, Previsico.

See also: Now Comes the Flood Season

This new approach provides real-time warnings at an individual property level, with a new forecast generated every three hours that predicts flooding up to 48 hours ahead of time. Critically, this approach works for storm surge and river and surface water flooding, including flash flooding.

Case studies show, for instance, that two New York art galleries that incurred $6.3 million in losses in Superstorm Sandy would have had no losses if the new approach had been in force, providing a timely warning to move the art work to safety. 

Lloyd’s Lab case studies show that reducing flood losses from immovable assets can range from 10% to above 90% if the property has protection such as flood defenses and other resilience measures. While many hurricane victims may have some flood protection, they need accurate warnings to ensure the protection is in place in time.  

The National Flood Insurance Program (NFIP) provides buildings and content insurance support to businesses and homeowners alike. However, this still leaves insurers exposed to business interruption and automobile claims when hurricanes hit. 2017’s Hurricane Harvey brought 20 trillion gallons of rainfall, the equivalent of nearly 1 million gallons per person living in Texas, according to the federal government. Thousands of businesses were affected and incurred billions in losses that could have been avoided. For instance, Big Star Honda in Houston lost 600 vehicles and had to cease operating for five days. With actionable flood warnings, the cars could have been easily moved to safety.

The U.S. private flood insurance market is growing, as Lloyd's and re-insurers offer capacity to try to fill the $40 billion U.S. flood insurance gap. This is important because the National Association of Insurance Commissioners found that 50% of flood losses are outside FEMA’s high risk areas, and 99% of properties that fall outside the zones have no flood insurance. The insurance gap is only going to increase, as NOAA states that, “With future warming, hurricane rainfall rates are likely to increase, as will the number of very intense hurricanes, according to both theory and numerical models.”

See also: A Way Forward on Flood Insurance?

Flood insurance is a substantial opportunity, with gains possible across a carrier’s business, especially in a hardening market. Underwriters can manage loss ratios more effectively by agreeing with customers on their responsibility to manage use flood warnings and plans. Marketing can offer flood warnings as a value-added service to customers, and claims departments can respond to flooding more efficiently. Finally, boards armed with a real-time property-level flood loss estimate can manage their exposure.

Instacart, Netflix, Zoom. It’s hard to imagine our lives without the companies that provide digital experiences and services so we can continue with our everyday lives amid the pandemic. Almost overnight, in-person, paper and manual processes became obsolete, forcing industries like insurance to embrace and reprioritize digital transformation across all business functions at an accelerated speed and as a new reality, rather than just an out-of-reach goal.

Yet, despite advancements in digital payment technologies and offerings, there still has been minimal adoption across the insurance landscape when compared with other industries. Even before the pandemic, the majority of customers preferred instant payments, but just 11% of insurance claim disbursements were paid instantly last year while 52% were sent via paper check. Within P&C, carriers mail paper checks for more than 75% of their claim payments, which can take weeks even without the recent U.S. Postal Service delays.

The most obvious reason to ditch this antiquated, siloed and inefficient approach for a digitized payments process aligns perfectly with insurance carriers' core focus: their customers. By giving policyholders the options they’ve come to expect from nearly every other company they interact with, carriers can provide a seamless customer experience for added satisfaction. And providing the best payment experience and digital payment method helps carriers because digital payment platforms can cut transaction costs by a whopping 10X compared with paper checks. Leveraging a digital payments platform also enables carriers to achieve industry ideals such as automation, transparency and centralization to create simple, cost-effective outcomes for everyone involved.

Automation streamlines pivotal moments in the payments process, decreases cycle times and reduces payment creation effort.

Today, 85% of businesses believe automation helps prepare for future business continuity needs. Not only are carriers looking to automate sub processes, but they are also embracing this new environment to revisit the entire end-to-end process and imagine the value and operational capacity that automation can unlock. 

• Carrier-branded, automated payee enrollment better engages beneficiaries and claimants, while driving adoption of digital, real-time payments.
• Digital authorizations and releases with e-signatures enable a faster, fully digital claims settlement and payment workflow. 
• Inclusion of third-party processes into the claims file automation removes excess touchpoints, communication and manual payment entry—increasing the velocity of the payment process, payment posting and claim closure. 
• Automated verification of claimants’ tax information, as well as digital payments issued to multi-party claimants, vendor plus claimant and law firm plus client payee scenarios, increase a carrier’s digital payment universe and allow for greater overall digital adoption.    

Digital platforms and payments make the lifecycle of a payment more transparent for claimants and carriers alike.

Another critical component of achieving claim payment transformation is transparency. Leveraging digital payments platforms instead of manual processing provides an inclusively transparent experience for both carriers and their claimants. 

• Through a digital payments process, customers have more visibility into claims payment choice, settlement posting and real-time payment status—ultimately increasing payees’ satisfaction with their insurers and decreasing inquiring phone calls and emails to carriers.
• Increased insight and access to granular payee response and experience data helps carriers inform decisions around their payee experience based on behaviors.
• Additional data inside the claim system and carrier staff visibility outside of claims increases transparency and actionable information to the entire organization. 

See also: Payments at the Speed of Light

A centralized platform enables all payment types, engagement and reconciliation to serve as the source of truth for an entire organization.

Adopting digital payments lets insurance companies leverage payment platforms to achieve centralization of multiple workflows and use cases. Carriers need a centralized payments system to ultimately maximize benefits and efficiency across all business, payment and system channels. 

• Centralized payments systems empower carriers to leverage economies of scale and add claim types, policies, premium refund and reinsurance payments with incremental effort. The systems also allow carriers to maximize their existing third-party partners such as bill reviewers to streamline and automate system reconciliation and the payment process. 
• Multiple payment options and payee self-service allow customers to select their preferred payment method for multiple use cases and reuse that profile in the future. 
• Duplicate payment checks, payee identity validation and a unified payment channel reduce losses from payment duplication and fraud. 
• Centralized digital payments platforms provide payees with a consistent, engaging and digital process no matter the creation path, line of business or core system limitations.

We may be living in uncertain times, but the pandemic has made one thing clear: The digital future is here. While insurance carriers are recognizing the need for digital transformation and ramping up efforts in certain areas, the industry as a whole has a long way to go, and digitizing payments is a critical part of that process. By embracing a fully digital payments process, the insurance industry can provide innovative, streamlined and convenient experiences that all parties involved expect today, while positioning for the future.

Technologies like machine learning, the Internet of Things (IoT), robotic process automation (RPA) and natural language processing (NLP) were already hot topics in P&C insurance before the world was turned upside down in 2020 due to the pandemic. These and many other “transformational” technologies have great potential for insurers in the rethinking and optimization of distribution, underwriting, claims and many other parts of the business. So, it is important to ask the question – how have the initiatives that leverage these technologies changed due to the pandemic?

Are personal and commercial lines carriers still moving forward with projects in 2021? Do executives still have the same expectations about the potential of these technologies to transform their business?

We answer these questions in detail for 13 specific technologies in two new SMA research reports, one covering personal lines and the other covering commercial lines.

However, I won’t leave you hanging in this blog, wondering about the answers to those questions. The short answer is yes – P&C insurers generally plan to move forward in 2021 with projects that leverage various technologies that have the power to deliver significant results and competitive advantage. The technologies we follow closely and have profiled in our reports have been organized into three strategic planning horizons: short-term, near-term and long-term.

For both personal and commercial lines, technologies in the AI family play heavily in the short-term category. Machine learning, NLP, RPA, computer vision and new user interaction technologies all rank high in terms of their potential to transform and in the level of activity underway or planned by insurers. Technologies that fall into the near-term or long-term horizons include wearables, blockchain, voice, AR/VR (augmented reality/virtual reality), 5G and autonomous vehicles. All have potential in insurance and will likely be incorporated into projects by innovators over the next couple of years but will not make it into broad, mainstream application until midway to late in the decade.

Our research on transformational technologies, when viewed in concert with our SMA Market Pulse surveys, shows that in some cases proofs of concept (POCs) and new projects have been put on hold in 2020, but all indications point to full steam ahead in 2021. Major projects already underway are continuing, and insurers state that they do not want to lose momentum for foundational projects like core systems. Projects that include transformational technologies needed to address digital gaps that were exposed during the pandemic have been raised in priority.   

See also: AI in a Post-Pandemic Future

In many ways, the pandemic is accelerating digital transformation across all industries, including insurance. Transformational technologies will play an outsized role in that transformation and look to be important components of insurers’ plans for 2021 and beyond.

In a year of COVID-19, contractors and crews need to stay vigilant and celebrate successes during Construction Safety Week.

Construction Safety Week was created six years ago by more than 40 companies in recognition that construction crews face countless risks of injury every day on job sites. COVID-19 has added risks and uncertainties. 

That’s one reason Zurich, a supporter from the start, remains a committed sponsor of Safety Week in 2020. Zurich Risk Engineers have been working to help protect construction workers in many cities and states where building has continued in exceptionally challenging times. Safety Week is an opportunity to heighten awareness of practices that can help manage those challenges to protect workers’ lives and livelihoods. 

Construction has always been a high-risk occupation. However, this Safety Week is like no other due to the additional risks crews are facing from COVID-19. Zurich has sponsored Safety Week since 2014, and we will continue encouraging practices that can help mitigate both the perennial risks and the unprecedented ones.

Here are five points that are top of mind for this year’s Safety Week, which consists of both virtual and live events across the country Sept. 14-18.

1. Continual training and communication

Crews need continual training and communication in the best of times, but the evolving challenges of COVID-19 heighten that need. Socially distanced huddle meetings at the start of a shift can offer a preview of the risks anticipated during the shift and prescribe actions to prevent injuries or accidents. Refresher training on how to wear a fall-protection harness, for example, can be especially crucial for workers who might have been out of work for weeks during the height of the pandemic, as well as for subcontractors who may lack the training resources that general contractors have. 

“Contractors should have a communications plan in place for their crews and subs, and there should be regular meetings where they’re communicating how they expect work to be performed to get everyone home safely at the end of each shift,” said Rick Zellen, construction senior risk engineering consultant for Zurich North America. 

2. Personal responsibility

Contractors and workers need to be vigilant about monitoring and adhering to state and county requirements related to COVID-19. This is complicated by the fact that mandates are evolving as COVID cases rise and fall in different areas. 

“Key points to know are requirements for wearing face coverings, temperature taking and social distancing,” Zellen said. “One of the biggest things for workers is, if you feel sick, don’t come to work.” 

Furthermore, workers need to protect themselves even when they’re not at work, which is part of looking out for each other’s well-being, too. 

3. The fundamentals

COVID concerns have at times overshadowed the Focus Four Hazards that the Occupational Safety and Health Administration talks about with construction. Workers still need to maintain situational awareness and safety practices related to the Focus Four Hazards, which include falls, electrocution, being caught in or between, or struck by, objects.

“Some contractors have us come in, and they want information about cutting-edge technology,” said Robert Labbe, another construction senior risk engineering consultant at Zurich. “I say, ‘First, let’s talk about the basics. If you don’t have people who are tying off, or something is missing in the training, let’s talk about that before we talk about the cutting-edge tech.’ Fall protection and safety glasses still have to be an integral part of safety training from the first day a worker comes to a site.”  

See also: COVID-19: Next Steps in Construction

4. Mental health

Construction is an occupation with one of the highest rates of male suicide, according to the Centers for Disease Control and Prevention, and misuse of opioids is also higher in construction than in many occupations. Social isolation and new stressors, such as providing care for children who can’t return to school because of COVID-19, can take a toll. 

Superintendents, foremen and others on a construction job site need to be attuned to subtle signs that another crew member may be suffering, get to know people on a first-name basis and take the time to pull up a five-gallon bucket to listen and talk, albeit while wearing a face covering and maintaining physical distance, if required. 

“Mental health issues in the past were swept under the rug,” Zellen said. “Our people need to be aware of the issues and know how to recognize signs and symptoms of serious distress.”

5. The power of “thank you”

In a time when contractors and crews may be rushing to make up for time lost to the pandemic shutdown, it’s easy for supervisors to forget to thank their crews for their efforts to work safely — including when they report near-misses. Many jobs have close calls, which can shed light on what action prevented a potential tragedy or what action could be improved to reduce the risk next time. 

“A lot goes into making jobs a success,” Zellen said. “On a daily basis, there are a lot of people who do good-quality, safe work; who plan, inform, protect and prevent accidents. Especially today when people are dealing with so many issues, Safety Week is a good opportunity to recognize people and celebrate the successes.”

‘Fake News’ Reaches Risk Management Paul Carroll, Editor-in-Chief of ITL With all the legitimate concerns about the wildfires in the West, I was dismayed to see that people in Oregon were declining to evacuate because they were convinced that antifa would loot their homes. To try to catch members of antifa, vigilantes even set up roadblocks and demanded that those trying to leave present ID. Authorities have said that, despite the rumors, there is no evidence of any involvement by antifa in setting fires, and there have been no reports of looting. But such “fake news,” amplified on social media, is complicating crisis management in Oregon. I’m afraid the pernicious effects of “fake news” will only grow — and massively — for risk managers... continue reading > Complimentary Q&A Panel The Future of Smart Property and Insurance  Watch Now SIX THINGS Creating the Future of Distribution by Denise Garth Having partnerships and an ecosystem becomes very strategic as insurers expand their reach and presence to where their customers will be. Read More For Agents, COVID Means Digital or Bust by Bill Suneson Survival in the era of COVID-19 will be determined by the independent agent’s ability to implement digitization. Read More How to Evaluate AI Solutions by Amber Sutherland There are five main concerns when implementing regulatory technology, especially AI technology, in the financial sector. Read More You Can Still Have Personal Interactions by Priya Merchant The challenge in these socially distant times is how to create real relationships with customers despite so much of the exchange being digital. Read More Navigating Security in the Remote Paradigm by Jarrod Lynn While companies having been improving during the work-from-home phase, bad guys have been busy, too--and deep fakes are getting scary. Read More What My $18,289 Medical Bill Says by Kate Terry Systemic problems don’t sound catchy, don’t boil down to one sentence and take time to implement -- but we need systemic solutions. Read More GET INVOLVED Write for Us Our authors are what set Insurance Thought Leadership apart. Get Started Partner with Us We’d love to talk to you about how we can improve your marketing ROI. Learn More SPREAD THE WORD Share Share Tweet Be Innovative Learn about Notion's easy-to-launch programs to get started. Learn More SUBSCRIBE TO SIX THINGS

I regularly communicate with a very large and diverse cross-section of the broad insurance ecosystem. and almost everyone expresses the same professional anxieties and frustrations. With regard to the business of insurance, very few have a clear view of the future, and for obvious and good reasons. However, I believe that several discernible patterns are emerging out of the fog of this pandemic and together they provide a fairly well-defined view of the future of insurance, leaving only the timing uncertain.

Digital Evolution

It’s a good bet that you are reading this article on digital media and that it was published in digital format. As overused and abused the word "digital" may be, it is mission-critical to every aspect of our industry. And, although the migration from analog to digital was already well underway in 2019, the arrival of COVID-19 acted like gasoline on a fire and accelerated the trend. Data by its very nature demands to be digitized to be useful, and no industry has more data than insurance. Technologies such as mobility, connectivity, imaging and artificial intelligence in all of its manifestations are useless in an analog environment. Paper is the enemy of efficiency, information and cost management.  

Claims Is a Major Beneficiary of Digital

No single area of insurance has benefited more than claims from the digital revolution. The “claim is the moment of truth” mantra is tiresome but truer than ever. As insurance fell victim to commoditization, and as advertising budgets became bloated, insurers turned to claim service to differentiate and promote their brands. But true claims excellence is only attainable through end-to-end claims process digitization. From first notice of loss automatically transmitted by connected sensors and devices all the way to claim payments made instantly and digitally, and for every step in between, digital solutions are being adopted and integrated into digital claims platforms at breakneck speed.

Digitization and Innovation 

If, as it often said, “data is the new oil,” then digitization is the refinery, storage facility, pipeline and the distribution network. Innovation essentially means connecting the dots, particularly the ones that others have missed and those that were previously unconnectable. Digitization enables the connection of “dots” – individual bits of information from myriad sources all strung together in an electronic chain to arrive at a critical outcome. That could be an insurance quote, an estimate of repair costs, the identification of a likely fraud and thousands of others, all of which are required to make, build, operate and maintain an insurance enterprise and partner ecosystem. And digital, next-generation technologies enhance an insurers’ ability to easily build a partner ecosystem, embed insurance offerings and enable an innovation culture.

See also: For Agents, COVID Means Digital or Bust

Digitization has enabled mobility and connected vehicle telematics, which in turn has spawned exciting cross-industry partnership products and services linking auto makers, insurers, information and service providers as well as drivers. The resulting rewards and benefits include hyper-personalized auto insurance products, services and rates for drivers, deeper engagement with vehicle owners and greater certainty of safe and proper accident repairs for OEMs, faster and better claims service for insurers and safer roadways for all of us.  

Similarly, digitization has enabled property insurers to develop and market new risk avoidance and claims services for connected homes, factories and businesses. Life, health and accident insurers are leveraging wearables and telehealth to drive meaningful customer engagement and potentially significant new revenue. 

Digital Communications and Customer Experience

A new universe of digital messaging platforms, chatbots, business texting, voice assistants and more has emerged and is in widespread and general use in commerce today, and the insurance industry has taken notice and is quickly playing catch-up. During a recent virtual insurance industry event, a SMA (Strategy Meets Action) survey of participating insurers asked about their interest in and objectives for digital communications and found that 83% consider it a vital part of the overall digital transformation strategy; 75% expect digital communications will help to improve the customer experience (CX). And who among us is not routinely conducting business through videocast – the ultimate digital/human interface? 

Accenture says that “CX is the new battleground for brands.” 72% of businesses say improving customer experience is their top priority, according to Forrester. And no wonder – Forrester found that each single point increase in CX can translate into tens of millions to hundreds of millions in annual revenue.  

In its “Digital Transformation: Powering the Great Reset” of July 2020, the World Economic Forum (WEF) states that as the world moves even more online due to the coronavirus pandemic – which has driven a 50% to 70% increase in global internet usage – the ability to serve customers on the digital channels they choose is no longer an option, creating what the WEF calls a “watershed moment for the digital transformation of business.”

Digital Disruption

The insurance industry has been a laggard in digital transformation, yet a new class of venture-backed startups has disrupted and refocused incumbents and exploited their weaknesses by leveraging new digital technologies. 

Specific legacy vulnerabilities and areas of opportunity for these well-funded startups have included new cyber risk and gig economy protection products, underwriting, administration and claims management. 

Applying many types of artificial intelligence (AI), including machine learning (ML), natural language processing (NLP) and imaging technology to fraud prevention addresses one of the industry’s most enduring pain points. 

Another intensely painful area is the claims process, which has long been a protracted, labor-intensive, inefficient and costly process and has hurt customer satisfaction, loyalty and retention. New technology offerings have come to market that streamline and compress the end-to-end claims process using AI and digital imaging to augment damage appraisals, track and report repair status, automate disbursements to policyholders and vendors and better engage with policyholders. 

See also: New Digital Communications

Insurance claim payments have always been slow and complicated, involving multiple parties such as other insurers, attorneys, healthcare providers, auto and property repairers and contractors. New digital claims payments systems have come to market to solve those challenges, and the rush to touchless and virtual claims processes, boosted by pandemic-driven consumer preferences for safer contactless transactions, is driving adoption of these systems.

None of these advances would have been possible without digitization. The future of insurance is starting to come into focus, and it is filled with exciting new digitally enabled opportunities for everyone involved.  

This theme will be explored in depth with industry CEOs and C-level speakers during The Future of Insurance USA from Reuters Insurance Events online, Nov. 16–18, 2020.

With all the legitimate concerns about the wildfires in the West, I was dismayed to see that people in Oregon were declining to evacuate because they were convinced that antifa would loot their homes. To try to catch members of antifa, vigilantes even set up roadblocks and demanded that those trying to leave present ID.

Authorities have said that, despite the rumors, there is no evidence of any involvement by antifa in setting fires, and there have been no reports of looting. But such "fake news," amplified on social media, is complicating crisis management in Oregon. I'm afraid the pernicious effects of "fake news" will only grow -- and massively -- for risk managers.

What's happening with wildfires will surely happen, in exponentially greater fashion, when a vaccine for the coronavirus becomes available, likely within the next several months. We'll head into a stretch where "fake news" about a vaccine could easily overwhelm real news and real science, given the environment of fear about the virus and suspicion about political motivations. Rumors, and even deliberately faked "news," could determine millions of decisions about whether to take the vaccine, whether to fully reopen businesses and schools and whether individuals will try to resume their normal lives.

In a thoroughly rational world, risk managers could make thoroughly rational decisions about how a vaccine would be rolled out. Then risk managers could advise on how quickly offices, factories and small businesses could safely reopen and on the myriad other issues that will face companies as we try to feel our way back toward the pre-COVID economy.

But we don't live in a thoroughly rational world. We live in what some call a "post-truth" world, where likes and shares on Facebook matter more than veracity, where the debunked "Plandemic" conspiracy video carries more weight for many than public health authorities do. We vote on truth these days, certainly when deciding what journalism to believe but even when choosing what science to accept. So, anyone who wants to predict what risks will look like over the next six months to a year, as the vaccine rolls out, will need to channel his or her inner Nate Silver.

Even in the best of circumstances, the next six months to a year would be tough for risk managers to plan for. The FDA will approve a virus as long as it's 50% effective (once it's determined to be safe), which leaves a lot of room for indecision. Those in vulnerable groups will still be cautious if told a vaccine is only 50% or 60% likely to protect them. At some point, through vaccines and through immunity achieved the hard way, by getting sick and recovering, enough people will become protected that we will achieve herd immunity -- but at what level does that happen? I've seen estimates ranging from 20% to 80% as the level of immunity that needs to occur in a population to render us generally safe. There's a lot of room for uncertainty between those numbers. And it's not clear how long immunity will last -- it could be as little as several months. Until people know how safe it is to venture out again, and start acting predictably, all planning will be iffy.

Now consider our actual circumstances and all the misinformation -- and even disinformation -- that will be tossed into the mix.

The Trump administration has pushed a political agenda that has often run roughshod over the science on issues related to the pandemic (hydroxychloroquine, masks, convalescent plasma, etc.). At times, the administration even contradicts itself, with the president saying one thing while public health authorities may say something very different. So, even if the president declares victory on a vaccine, many people might see that claim as "fake news."

Those ignoring of disputing the president could, in turn, spark a reaction from his supporters, which could produce the kind of political divide that occurred over wearing masks and create the sort of angry environment that fosters misinformation and disinformation. Michael Caputo, a spokesman for the Department of Health and Human Services, may have given us a taste of what lies ahead when he bizarrely claimed over the weekend that there is a "resistance unit" within the Centers for Disease Control where officials are willing to commit "sedition" to undercut the president and that "they're going to have to kill me." [Note: After this article was published, Caputo apologized for his remarks, then announced that he is taking a 60-day leave of absence.]

The anti-vaxxers will have their say, too. So may the Russians and any other foreign actors interested in stirring up confusion and rancor in the U.S.

"Fake news" is going to have its way with us, complicating every decision that we make as individuals, as families and as leaders of our organizations as we try to determine the pandemic's risk over the next six months to a year. Pity the poor risk managers who have to predict how all those individual decisions will play out, so they can spot the key risks and help all of us mitigate them.

Fasten your seatbelts, then check your airbags. Okay, maybe put on a helmet and some body armor, too.

This will be a bumpy ride.

Stay safe.

Paul

P.S. On a personal level, I ask that we all be the place where rumors go to die. Having spent too much time on Twitter, I'd say the most dangerous words known to man are, "Interesting, if true" -- which almost always introduces some article that has a 0.0% chance of being true. I think we'll all be better off if we only share information that we've personally vetted and would be prepared to defend on a witness stand.

P.P.S. Here are the six articles I'd like to highlight from the past week:

Creating the Future of Distribution

Having partnerships and an ecosystem becomes very strategic as insurers expand their reach and presence to where their customers will be.

For Agents, COVID Means Digital or Bust

Survival in the era of COVID-19 will be determined by the independent agent’s ability to implement digitization.

How to Evaluate AI Solutions

There are five main concerns when implementing regulatory technology, especially AI technology, in the financial sector.

You Can Still Have Personal Interactions

The challenge in these socially distant times is how to create real relationships with customers despite so much of the exchange being digital.

Navigating Security in the Remote Paradigm

While companies having been improving during the work-from-home phase, bad guys have been busy, too--and deep fakes are getting scary.

What My $18,289 Medical Bill Says

Systemic problems don’t sound catchy, don’t boil down to one sentence and take time to implement -- but we need systemic solutions.

Summary 

The current remote work situation has brought to light a three-part problem around security. First, it has created challenges in defending against traditional threats – both physical and information security. Second, emerging technologies promise new threats that will be all the more difficult to counter in remote settings. Third, the body of regulations mandating security measures vis-à-vis personal data is growing. Liability for breaches does not abate due to the current circumstances. The inherent vulnerabilities of the remote situation paired with likely advances in adversary tactics and threats from emerging technologies will challenge organizations to meet their regulatory security obligations. In this article, I will give an overview of these problems in isolation and discuss how they might combine. Finally, I will suggest some measures to take to begin to deal with this predicament. 

Introduction

At its core, a security program’s goals are the protection of life and the maintenance of the confidentiality, integrity and availability of information. 

The recent widespread shift to off-premises work has two primary distinguishing features from a security perspective: It expands or eliminates the organization’s physical perimeter and necessitates remote access to corporate networks as well as a far higher degree of dependence on information systems for communication between employees. These factors upend an entity’s normal process of security assessments and controls and create fertile ground for both traditional and emerging threats. With unsupervised personnel and data dispersed to uncontrolled locations, using various means to access organizational networks, numerous varieties of threats abound.

Categories of vulnerabilities and threats for which there were standard controls and processes in the traditional setting require rethinking in this new reality. Likewise, emerging technologies pose novel threats. We can expect adversaries to continue to adapt to changing conditions of work by capitalizing on physical vulnerabilities and developing increasingly sophisticated and clever implementations of both existing and new technologies. 

At the same time, targeted organizations and individuals continue to bear the costs and liabilities of adversary actions. Victim entities may suffer direct losses from attacks. In addition, cybersecurity requirements related to privacy and penalties for failure to comply grow with each new law without regard to the remote work situation. This creates a difficult bind for defenders and all types of enterprises and individuals who control the data of others. 

There are, however, steps that can be taken to address these concerns. Now, more than ever, defenders will see the advantage of relying on skilled security personnel and cross-disciplinary leaders and teams as well as adopting an approach to security that recognizes that cyber and physical security are intertwined.  

While the long-term status of the recent shift to work-from-home remains unclear, inherent vulnerabilities of the remote paradigm combined with threats based on new technologies present an opportunity for reflection on the status of future contingency plans and demand the attention of executives, counsel, security professionals and insurance providers now. 

How the Remote Paradigm Interacts With Security for Traditional Threats  

Effective security programs apply technical, physical and administrative controls or countermeasures to assessed vulnerabilities, threats and risks. While not always uniformly or well-applied, and noting that threats are continually evolving, standards are generally well-developed in the context of traditional workplaces and often in the case of small groups of workers who require remote access, such as members of sales teams and business travelers. 

The remote paradigm expands or eliminates the physical perimeter and forces remote access and communication, with serious significant consequences for security controls. 

In very general terms, an expanded perimeter leads to: 

1. Less physical control over information systems and data
2. Technical/physical vulnerabilities (e.g., potential adversary access to residential Wi-Fi) 
3. Less physical security over personnel (e.g., threats to their physical safety) 
4. Less supervision over staff 
   1. complicating application of administrative controls such as job rotation 
   2. greater potential for problems from insider threats – both witting and unwitting 

In equally general terms, remote access and communication means: 

1. Inherent technical vulnerabilities to data – both at rest and in transit 
2. Proliferation of endpoints and lack of control over these 
3. Reliance on communication between remote users and the need for out-of-band communication
4. Communications involving proprietary data (e.g., trade secrets) and sensitive activities (e.g., engineers working on live systems) that normally occur in controlled settings and may now be conducted remotely
5. Increased reliance on, and accelerated migration to, the cloud 

Organizations have established processes for addressing traditional threats in the context of the status quo. The remote paradigm entails significant changes to the security process. Categories of vulnerabilities, threats and risks that are relatively well-managed in an on-site setting must be reconsidered when the whole enterprise is operating remotely. Adversaries are left to their imagination in ways to overcome whatever security measures may (or may not) be in place in the many home offices from which employees operate. 

Beyond considerations around configuration management, security professionals must be aware of the potential presence of Internet of Things devices such as smart appliances and smart speakers that may have implications from both a technical and physical security perspective.

In addition, two newly established threats can have significant potential ramifications in a remote environment. In “Zoom bombing,” someone who is not supposed to be involved in a meeting can disrupt it, eavesdrop or alter the message. In other words, the person can interfere with the confidentiality, integrity or availability of information. Secondly, a well-made deep fake can be very damaging to an organization if, for example, it falsely portrays an employee acting in a way that runs counter to the entity’s interests. These threats are particularly problematic in remote settings because communication and public messaging is complicated and potentially interfered-with. 

See also: Getting Back to Work: A Data-Centric View

Emerging Threats 

At the same time as the remote paradigm complicates existing threats, new threats are on the horizon with emerging technologies. As with traditional threats, emerging threats will pose more of a problem in the remote environment. Here, we will consider some potential malevolent applications of quantum computing, artificial intelligence/machine learning (AI/ML) and real-time deep fakes. 

Both quantum computing and AI/ML are broad new technologies with myriad potential beneficial implementations as well as malevolent uses by adversaries. 

Practical applications of quantum computing are not yet reported to be in use outside of a laboratory setting. However, there is a quantum arms race underway due in large part to the fact that quantum computing will revolutionize cybersecurity. Quantum computing is predicted to make child’s play of current encryption. Remarkably, it may be possible to apply quantum decryption of current protocols retrospectively. That is, traffic might be recorded today and replayed through future quantum decryption tools to decrypt it later. This could have dramatic implications for organizations to the extent that they rely on current encryption to safeguard sensitive communications that will remain sensitive. The current predicted timeframe for widespread use of quantum technology varies; however, three recent developments suggest it may be accelerating. First, processor power has been improving exponentially. Second, the U.S. Department of Energy recently unveiled a blueprint report to develop a national quantum internet. Third, given the threat of quantum computing to current cryptography, the National Institute of Standards and Technology (NIST) aims to develop a post-quantum cryptography standard by 2022. 

Moving to AI/ML, adversaries are already using the beneficial features of AI/ML in numerous malicious ways. For example, AI/ML can obfuscate an attacker’s location and identity and augment traditional attacks, providing additional power and scale. Malevolent uses will continue to evolve to enable far more sophisticated attacks. Recent developments involving photon-based chips have moved us closer to AI/ML that learns independently at the speed of light.   

Judging anecdotally from the preponderance of articles and developments in both AI and quantum, we may be at a tipping point for both.

Although enabled by AI/ML, deep fakes are a sufficiently rare use case as to merit their own mention. Separate from the pre-recorded deep fakes discussed above, it is now possible to create a deep fake in real time. The primary concern with real-time deep fakes is that an adversary could appropriate the likeness of an employee, infiltrate an internal or external video teleconference, convince an audience of the veracity of the messages and influence outcomes. It is also possible to imagine that a real-time deep fake could falsely portray an individual engaging in some sort of behavior that is damaging to the organization.

Whether in a traditional setting or operating at a distance, these emerging threats are problematic. However, the remote environment continues to provide adversaries with more opportunity due to the expansion or elimination of the physical perimeter and the necessity of remote access and communication. 

Some Scenarios

Having looked at the inherent problems of the remote paradigm and some of the emerging technologies, consider some edge cases. Each of these is presented in its starkest form and capitalizes on weaknesses in a generic remote model. 

The first scenario stems from advanced persistent threats (APTs). APTs are insidious in that they tend to burrow into an information system and lie in wait or operate undetected, frequently exacting a heavy toll. They can benefit from emerging technologies of AI and ML as well as the security shortcomings and potential chaos around the current remote work situation. 

The next general category of threats has to do with physical violence against employees operating away from corporate offices or in settings that are not within a security perimeter managed by the organization. This could range from a kidnapping to a home invasion and assault or murder. Likewise, as in a remote bank robbery, an employee could be forced to take actions against an organization’s interests under duress. 

Next is the new category of real-time deep fakes. The real danger to organizations with this technology is the prospect of a real-time deep fake during an internal or external communication. At a minimum, this could interfere with the confidentiality, integrity and availability of information. At worst, such a tactic could be used as a ruse to outright direct the actions of employees or outside interlocutors. 

Finally, a very serious and dramatic threat is that an adversary could take advantage of the various attack vectors available combined with the weaknesses in the remote paradigm to completely divert the organization’s resources to his or her uses for a time. Far more damaging than ransomware, this could constitute a total takeover. This might involve a mix of physical force and real-time deep fakes as well as other technical weaknesses inherent in remote communications. Further, the attacker could rely on an entity’s lack of out-of-band communication or other successful means of authentication to ensure that he or she is able to carry out the plan. This is admittedly an extreme, worst-case scenario. A far more nuanced possibility would involve an attacker subtly manipulating corporate resources using scaled-down versions of the same tactics. 

Considering these scenarios, readers might be tempted to ask who would do these things and why. 

The potential cast of bad actors and motives is the same as always. It ranges from opportunistic “script kiddies” to activists to common thieves and organized criminals to nation-states. What is different here is that the how becomes easier. Further, bad actors may be emboldened by the lack of traditional security controls and barriers. Simply, someone not otherwise inclined to physically access a system or commit violence in the service of what could be a relatively white-collar crime might make a calculated decision that the risks involved are not prohibitive relative to the rewards. In a traditional environment, corporate security and access control measures would ordinarily discourage the mere consideration.  

Potential Consequences 

These threats can cause a variety of harms – physical harm to people, exposure of private data, financial loss to shareholders and damage to the organization through lost profits, regulatory trouble and reputational harm. 

Regardless of other priorities, any entity’s first concern must be mitigating increased risk to remote employees stemming from their employment. Should harm come to pass, there could possibly be civil liability, but safety is the first priority.   

The next area for concern is data privacy. Nearly all entities hold personally identifiable information (PII) of some sort, even if it is little more than the data of their own employees. If a breach exposes that data, liability to data holders (customers, employees, vendors) or shareholders may ensue. Likewise, chances are that a given entity is bound by at least one of the ever-growing number of industry- or regional-specific regulations addressing cyber security and privacy.

In the U.S. alone, there are multiple regulatory regimes and regulators that address PII and security – the California Consumer Privacy Act (CCPA), the Sarbannes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability Accountability Act (HIPAA) and the Payment Card Industry-Data Security Standard (PCI-DSS), as well as those falling under the jurisdiction of the New York State Division of Financial Services (NYSDFS), the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC) – and the list is growing. Meanwhile, the GDPR has major implications for organizations whose operations have a connection to Europe.

In some cases, the obligations are clear, while in others, what exactly a business is required to do vis-à-vis PII is opaque. For instance, both the FTC and CCPA refer to a requirement to implement “reasonable” data security, without providing much clarity on what constitutes "reasonable." The sum and substance of these requirements is that even when, or precisely when, they are the victim of an attack, organizations remain obligated to provide a given measure of security over PII. 

Although beyond the scope of this article, organizations might consider potential downstream effects should their systems be used as a launching point for attacks on third parties, as well as impacts on the performance of contracts. 

Finally, the takeover or even meddling with a given entity’s operations is clearly likely to have severe direct consequences to the enterprise itself. For a business, this could include loss of revenue during down time, siphoning of productivity and damage to reputation, among other potential consequences. 

What Organizations Can Do

I hope it is clear that there are some immediate problems that merit attention. In this situation, one of the worst things to do would be to deny the problem and do nothing. 

Moving forward, organizations should start by asking whether the remote situation is temporary or permanent. For any entity that has plans to return to full on-site operations in the very near term, some of these considerations may be less pressing. 

For all other entities, the first concern is how to improve security in the remote situation. The best thing any organization can do is to hire, fund and take the advice of a competent chief security officer, chief information security officer and counsel, who should work together on issues of physical security, information security and administrative controls. Preferably, the CSO and CISO will take a holistic view of security favoring a convergence approach, where appropriate. If an organization does not currently have the benefit of competent or sufficient in-house security personnel, a firm specializing in security may be a viable option in the short term.  

Developing and adjusting security controls to the remote paradigm is a challenge, but it is not insurmountable. What follows is a non-comprehensive list of recommendations that can be taken related to certain key steps. 

From an information and technology security perspective, this starts with knowing the enterprise’s network, what machines are connected to it and the identity and location of the organization’s crown jewels. Organizations must decide whether the risks of allowing certain business functions that may have only historically occurred in dedicated spaces and via hardline connections (such as discussions of trade secrets and access to live/production systems for engineers) should occur remotely. Likewise, organizations must make decisions related to approved devices, means of accessing corporate networks and standardized security procedures (e.g., securing Wi-Fi). Organizations should also decide on remote identity and access management, to include the use of two-factor authentication. Organizations should consider engaging outside security firms to assist with these assessments as necessary, to audit physical and cyber security through penetration testing and, potentially, to conduct employee training. 

Administrative controls are more difficult. Given the variety of harms that can arise directly from human behavior, leaders need to find a way to encourage and maintain a culture of security despite the lack of physical proximity. Witting and unwitting insiders have much more room to cause damage away from supervision and peers. Organizations need to find ways to implement controls such as those related to access management and job rotation, among others. Education and training, particularly around topics such as spear phishing and authorized uses of corporate networks, should be designed with an emphasis on the remote setting. Employees should be given incentives to comply with security. Security managers need to stay abreast of trends in employee malfeasance around remote work as well as emerging best practices in this new area. 

Physical security will also prove challenging. Organizations should consult with counsel to determine their obligations to employees and tailor programs to meet these needs. Just as enterprises assess the sensitivity of their data systems, they should also assess the exposure of their personnel. For certain high-risk employees, it may be wise to consider implementing off-premises physical security measures or, at the very least, training. 

For all types of enterprises, whether they plan to return to on-site operations now or not, there are some common considerations. First, they should consider the possibility that clever and determined adversaries may have taken advantage of this period during which their guard has been down to some degree to access systems and plant malware or establish an unauthorized presence on the organization’s systems. With this in mind, organizations should carefully examine their networks for indicators of compromise. Likewise, they should consider that this has been a period in which insiders have had an opportunity to grow bolder. Security departments should step up their efforts to detect insider threats. 

See also: Keeping an Eye on Consumer Privacy

In the longer term, all organizations can take certain additional measures. This period has proven fortuitous in a number of ways. First, it can be treated as a practical drill. All entities should conduct an after-action review. Leadership at all levels from individual teams to the C-suite and boards should sit down and discuss what went right and wrong. Where business continuity plans and other policies and procedures did not match with reality, they should be rewritten. We’ve been handed a real-world opportunity to improve upon our posture. 

One specific action all sorts of entities should ensure is that they have reliable out-of-band communication and authentication. This is absolutely essential. In the event of a form of takeover such as the doomsday scenario proposed above, an organization needs a reliable and immediate way of verifying information, authenticating its source and enacting contingency plans should it become necessary. 

The various regulatory obligations to provide measures of security over PII imply a responsibility to keep up to date on shifting threats and vulnerabilities that stem from changing environments and emerging technologies. Organizations are on notice that they must begin to find ways to ensure they are meeting their obligations to develop measures to provide security against these threats. In other words, organizations are on notice. The fact that NIST has a public target date for its first quantum security standard provides some saliency around this. Some companies have already taken action along these lines. 

It does not appear as though exceptions will be made for shortcomings in security in the current situation, for example under NYSDFS rules and the CCPA. However, the rules of the road for the remote paradigm are being written as we speak. Organizations should use this opportunity to help write them. They should also develop relationships with law enforcement and regulators. They should join industry ISACs and other relevant security groups. Groups such as the IAPP and SANS also offer a wealth of information for professionals interested in working to improve their processes. In consultation with counsel and security professionals, all enterprises need to consider what constitutes acceptable security measures in the current situation and with awareness of emerging technologies. 

Of course, organizations should consider which forms of insurance are best-suited to the purposes of the scenarios laid out above. Cyber insurance and kidnapping and ransom may apply.

Conclusion 

We are facing three simultaneous game-changers – the remote paradigm, emerging technologies and increasingly prescriptive privacy regimes. At the same time, adversaries are taking advantage of this time to invest in research and development. Victim enterprises continue to bear many of the costs. 

The current remote work situation may continue, we may return to normal or we may find itself somewhere in the middle. Regardless, this time presents an opportunity to look at our approach to remote situations. By extension, it should be a time to examine and adjust business continuity plans, many of which may have been found lacking in this experience. Moving away from the remote setting, this experience highlights many aspects of traditional security that can benefit from fresh work. Again, it calls for a recognition of the increasing interdependence of physical and information security. Further, overall, this period should demonstrate the need for competent security officers and cross-disciplinary teams dealing with security at the highest levels of the organization as well as the need to invest in comprehensive security and exercise plans meaningfully. 

Disclaimer: This article is intended as general educational information, not as security guidance with respect to any specific situation or as legal advice. If the reader needs legal advice, the reader should consult with an attorney.

After 9/11, a revolution happened in airline travel. Airline security tightened far beyond what we had previously known. In addition to new carry-on guidelines, travelers were subjected to more frequent individual screenings. More items had to be removed from our bags and examined. Electronics had to be turned on. Our shoes started coming off. The TSA needed to know us personally before we were allowed to fly.

The revolution, of course, created lines. We had to get up earlier to get to the airport to account for two hours in security. Shorter flights were no longer worth it. “I can drive there in less time.”

So, in 2019, the TSA, doing anything it could to improve the line situation, began using computed tomography (CT) scans in many busy airports. CT scans would change 2D baggage scans into 3D scans, allowing the operator to look at an item in greater detail without tagging a bag to be opened and checked by hand. The ability to “see” the hidden information would shorten lines and streamline the travel experience.

When COVID hit, lines evaporated. Air travel hit rock bottom. Lines are mostly not an issue right now, but public safety is now an even greater issue. In China, for example, large scanners are being used to check human temperatures on anyone traveling. Those with high temperatures are tagged and removed for further screening.

This concept bears a close look for all insurers, and especially for life insurers. In what ways can we use technology to know applicants and policyholders instantly, using that information to protect them and our level of risk in the process? Can we build flexible frameworks for accelerated and fluidless underwriting that will allow us to tackle new issues as they arise and capitalize on new data as it becomes available? Life insurers, group providers and voluntary benefits carriers are entering new regions of opportunity through new doors of data capability.

In Majesco’s latest thought-leadership report, Rethinking Life Insurance: From a Transaction to a Life, Health, Wealth and Wellness Customer Experience, we examine the nature of the purchase experience. Our recent survey across all age groups segmented into two groups – younger (millennial and Gen Z) and older (Gen X and Boomer) generation - painted a picture of a population that is growing in its desire to buy, growing in its goals to stay healthy and wanting the purchase to happen.

Every experience holds data

Today, nearly every aspect of the B2B, B2B2C and B2C customer experience has a level of intelligence that has created a wealth of data about customer activity, behavior and preference. From smart speakers to smart watches, phones, appliances, outlets and more — sensors and signals are everywhere. And, with customers' permission, sensors are measuring nearly every aspect of their lives. The result is that we now have the data to capture the instantaneous 3D view instead of the 2D view. But insurers must strategically invest in ways to capture and master this data to transform customer experiences in an age of instant digital engagement, delivery and satisfaction. 

The use of data for life insurance is crucially important. Interestingly, the insurance industry has been capturing behavioral insights from customer interactions—offline—for many decades, before technology simplified managing customer relationships. Companies unfortunately didn’t know how to optimize their use of the data before now. That must change if insurers are to survive.

See also: Key Advantage in Property Underwriting

Can data improve the experience?

To meet the needs and expectations of today’s customers, insurers must create a radically different insurance experience, moving from a reactive approach to using real-time data, artificial intelligence (AI), machine learning (ML) and behavioral science to make processes and transactions simple, convenient, transparent and fast, like in other businesses. Encouragingly, our research found that the younger generation is ready and willing to use and share most new data sources for buying and rating life insurance. This willingness will be a key to unlocking sales. 

Adding to this market opportunity, Majesco’s survey data showed that even those Gen Z/Millennials who currently DON’T have life insurance are open to these new data sources being used, nearly the same as their peers who DO have life insurance.

Insurers that are not actively planning and building capabilities to use new sources of data will be rapidly left behind. 

MIB’s February 2020 activity report highlighted that pandemic-related demand for life policies pushed application activity to its highest level for the period since 2015. As noted previously, online, “fluidless” life insurance has dramatically increased during the first three months of 2020.

To accomplish this major experience transformation and bring the decision and the purchase into the same moment, insurers are moving from an underwriter-centric view to a digital, data-driven, accelerated and sometimes fluidless underwriting process. Accelerated underwriting is becoming widespread for term insurance. As shown in Figure 1, the interest in products that use dynamic underwriting and pricing is over two times higher in the younger generations – a significant difference that many insurers are unable to react to today. Once again, our data showed the younger generations who DO NOT currently have life insurance are even more interested in this option than their peers who DO have life insurance (41% vs 35%). Market and growth opportunities await for those who accelerate the move to dynamic underwriting and pricing with new data sources.

Figure 1: Interest in products that use dynamic underwriting and pricing

With the proper use of data, we don’t stop people at the checkout counter

In the traditional underwriting model, we ask people to come to the checkout counter for a price check, then send them home until we verify their ability to buy by gathering lots of medical and personal data. Companies are surprised with their level of not-taken policies. But if you put yourself in the customer’s shoes, why do you want to go through the extra hassle and time, particularly when other options are emerging. Using this picture, we can correctly assume that accelerated underwriting is a modern-day non-negotiable capability that will fit the desire for instant gratification at the point of need.

As a start, some insurers are reducing attending physician statements (APS) and paramedical exams (providing bodily fluids) and using more third-party data and predictive analytics-based models to automate and enhance the underwriting process.

Others are bringing in behavioral data from fitness and wellness programs, social media and new sources with AI and machine learning algorithms to create “smart, automated underwriting” that is continuously learning and adapting. All of this is redefining the process and cycle time and is creating a completely different customer experience.

The right ingredients in the right place at the moment of opportunity

Here is where technology acts as the enabler. For life insurers to fit their products into lifestyles and experiences instead of traditional transactions, several components must be in place.

Cloud Use for Digital Enablement: The point of sale (and marketing) must be well-integrated into current life processes. Often, this means partnerships or channel expansion that will require digital integration using application programming interfaces (APIs) and a cloud-based environment.

Data Integration (and AI / ML) for Accelerated and Fluidless Underwriting: Insurers need to create ways to go fluidless and physician-less so they can automate decisions in real time.

Ecosystem Philosophy: Insurers need to ramp up quickly. They can do this by partnering with ecosystem developers that can give them access to the data sources, channels and technology opportunities that will contribute to quick transformation.

Innovate for the Future: Innovate. Replicate. Reach. Learning the lessons from the past, that good data doesn’t necessarily get used effectively, insurers need to place themselves on a course for optimal data usage across the enterprise. They need to innovate how they use data to get a 3D picture for accelerated underwriting. They need to replicate greenfield and startup methodologies that transform data accessibility into improved experiences. And they need to reach growing and untapped markets with products that sell at the point of life experiences, instead of relying on traditional sales tactics.

See also: Underwriting Wildfire Takes Extra Care

Industry status quo is no longer an option. Your customers, particularly the younger generation who will be your dominant buyers, are expecting all of this and more. They want a customer relationship with a broader value to make their lives better across life, health, wealth and lifestyle needs.

How do your strategies align to what customers want? What plans are you taking to improve your odds of success? 

Are you ready? Your customers are.

For more insights on how you can end transactional thinking and begin capitalizing on customer life experiences, be sure to download, Rethinking Life Insurance: From a Transaction to a Life, Health, Wealth and Wellness Customer Experience.