Ransomware attacks and ransom payments for data continue to spike, with The New York Times reporting a 40% increase between 2018 and 2019.

As cyber threats go, ransomware is especially insidious, because these attacks, hitting everything from municipalities to banks to small businesses, often go unreported. That means less shared information and fewer actionable insights for insurers or insureds trying to arm against an ever-morphing enemy.

We saw a gap — leading incident response experts who work with the cyber insurance industry didn’t have a forum to exchange information about what was happening on the front lines of these attacks.

We needed a way to get our arms around this problem to better support our cyber insurance carrier partners, a way to keep up to date and better understand the data trends from the expert’s vantage point at ground level.

Enter the Cyber Insurance Ransomware Advisory Group, which NetDiligence assembled in early 2020. Featuring 20 members from leading breach incident response service providers — consisting of Arete, Charles River Associates, Crowdstrike, Kroll, Kivu, Tracepoint, MOXFIVE, Tetra Defense and others.

The group meets quarterly and at select NetDiligence Cyber Risk Summit conferences to discuss emerging trends and best practices and make these insights available to the cyber insurance industry.

The Emergence of the Maze Variant

One of the key takeaways from the inaugural meeting was the emergence of the Maze variant and a “new normal” of data exfiltration, often including stolen private customer information.

Whereas previous generations of ransomware have been designed by threat actors to encrypt data and extort an organization for bitcoin in exchange for the decryption key, Maze significantly increases the pressure on the victimized organization and threatens to make the stolen data public by releasing it on the internet.

This has magnified the potential loss exposure and has led to a host of new privacy data breach risks for insureds — with accompanying notification requirements.

Even clients capable of restoring files from secure backups may find themselves subject to privacy data breach impacts, such as the need to comply with state breach notification laws that include attorneys general and the victimized population, which significantly increases claim costs.

See also: 5 Questions That Thwart Ransomware  

Ryuk Is Still Ever-Present

Another dangerous variant, Ryuk, continues to plague organizations with its tendency to attack both servers and workstations.

Experts expressed concern about organizations responding to Ryuk attacks with complete network shutdowns rather than impact isolation.

When assisting small to medium-sized enterprises (SMEs), experts often find it challenging to convince management of the necessity of deploying automated malware eradication and remediation tools and to ultimately convince these organizations to keep endpoint protection in place once the immediate incident is resolved.

What Other Ransomware Concerns Are Out There?

Other specific ransomware types encountered include DopplePaymer, Sodinokibi, Revel and Netwalker, as well as the continued rise of ransomware as a service (RaaS).

During the COVID-19 global pandemic, the impact of ransomware could prove devastating to an organization that may already be struggling.

Many of the widely held notions about ransomware are changing, we found. After paying the ransom, some organizations may never receive the promised decryption key (in the past, certain threat actors were believed to be reliable).

Even with reliable threat actors, experienced negotiation can be critical.

Threat actors are also extorting organizations to pay for their encrypted administrator-level credentials. And, increasingly, ransomware affects the backup files, as well, encrypting or otherwise making them unusable for data recovery.

The experts reported that more than 50% of the time backups had already been exploited.

To Pay or Not to Pay

Nevertheless, recovering from a viable and segmented backup repository is still the preferred method of the majority of experts rather than paying the bad guys.

In fact, reported time for business interruption is much longer for cases where the ransom is paid — lasting from three to 15 days. If backup is used, business interruption typically spans one to 10 days, experts say.

This was a bit of a surprising finding. Members advised that the negotiation process itself, as well as problems encountered with the unreliable decryption keys, have contributed to delays with the bitcoin payment path and extended the business interruption.

A Need for a Cyber-Ready Team

A continuing concern for handling ransomware remediation is the difficulty for SMEs to respond in a timely manner toward the essential task of paying larger amounts of bitcoin — or authorizing a third party to pay — for the ransom demand (averaging $100,000, but based on severity ranging from $400,000 to $8 million, according to group members) within the given timeline for response.

SME clients often don’t have the liquidity for these significant payments, even if their cyber insurer will reimburse them.

What’s more, SME-sized IT departments are often unprepared to deal with this type of business interruption and may at times lack a functional understanding of cyber policy coverages and the supporting claims process, which forces them to learn on the fly during the crisis — underscoring that preparation is key.

Finally, the expert group reported that leading cyber security deficiencies that continue to haunt organizations include the usual suspects: lack of multifactor authentication, lack of next generation anti-malware endpoint protections, open remote desktop protocols, unsegmented backups and lack of employee training.

One thing is certain: The ransomware scourge is no fleeting trend. Experts believe that it’s here to stay, inflicting damage as long as companies are willing to pay.

With the onset of COVID-19, ransomware attacks continue apace. While the nature of the attacks has altered slightly, their frequency has not, said Winston Krone, global managing director of Kivu Consulting.

See also: A Dangerous New Form of Ransomware  

The Ransomware Advisory Group will continue to stay on top of these threats so that carriers and their policyholders can defend against them.

Quick Takeaways for Cyber Carriers and Covered Entities:

• Ensure that policyholders’ management has in place an actionable data breach incident response plan that can be accessed at a moment’s notice and includes vital third-party experts known to their cyber insurer.
• Offer a loss control checklist for SMEs of some baseline must-have cyber security measures to mitigate ransomware, such as multifactor authentication (especially in O365), endpoint protections (example Crowdstrike’s Falcon Prevent), close remote desktop protocols, cloud-based backups and employee training.

You can find this article originally published here on riskandinsurance.com

We must act.

This is the plea we are hearing from our streets. It’s the realization we hear in our own heads during quiet moments of self-reflection. And it’s the refrain we are starting to hear from some corporate C-suites that are coming to grips with the reality that establishing Diversity & Inclusion roles and Employee Resource Groups simply isn’t enough to support racial equity. 

For the insurance sector, this moment could go either way. We could retreat to familiar ground and tell ourselves that, despite lots of efforts, black, brown and other minority job-seekers simply don’t find the insurance world interesting or attractive. After all, we’ve been telling ourselves that on talent broadly for generations. Or we could embrace our role in society and treat institutional inequality as one of the most insidious—yet pervasive—risks facing the communities we’re here to protect. To take this approach would require that we reflect the diversity of those communities, which in turn will require new ways to recruit from traditionally underserved talent pools, as well as new efforts to develop, retain and promote diverse talent.

Luckily for any insurance executive taking these issues seriously, there is such a new way—it’s called apprenticeships. Simply put, apprenticeships are ways to allow new employees to earn while they learn, drawing a full-time salary while they advance their education and work. Long a fixture in European job markets, the model is growing fast in America, with over 710,000 apprentices hired since 2017.

Some industry leaders like The Hartford, AON, SECURA and Zurich have established their own apprenticeship programs that now employ hundreds of apprentices. The programs have proven successful against metrics such as retention, employee engagement and upward mobility.

See also: Step 1 to Your After-COVID Future  

More than their operational success, these programs have exposed their sponsors to new pools of talent that we traditionally overlooked: people returning to the workforce after a hiatus for family reasons, veterans returning to civilian life, racially diverse people who didn’t previously see a path to college and service or retail workers who want to move from jobs to careers. At their core, these programs are rooted in the principles we must collectively embrace to effect systemic change, including equal employment opportunity, diversity and inclusion and social impact.

The truth, however, is that establishing apprenticeship programs can be complicated. Beyond simply the internal HR programs and financial investment, sponsors need to select community colleges, develop curriculum and file for certification with government agencies. It’s why only a few of the industry’s largest players have had the resources to make such programs happen.

Earlier this year, that all changed with the launch of Insurance Apprenticeship USA (IAUSA), an industry effort backed by the American Property Casualty Insurance Association that aims to catalyze local efforts to bring together insurers, reinsurers, brokers, agents, risk management functions and others dependent on insurance talent to jointly establish local apprenticeship programs. 

In fact, during the last business trip I took before COVID-19 changed the world, I had the honor to stand before 300 industry leaders and seek commitments on who would be willing to organize such discussions in their home markets. In a matter of minutes, we had volunteers in 14 cities across America, and you could feel the energy in the room as a grassroots movement was born before our eyes. 

However, within two weeks we were coming to grips with the most destructive global pandemic in a century, and soon thereafter an economic collapse faster than the Great Depression. Among the many corporate casualties was any new initiative not directly related to COVID-19, as we all adjusted to new ways of functioning and took stock of how deeply our lives, companies and society had changed.

It is why many contemporary historians began calling this the Great Reset, or the Great Pause. We saw the fragility of modern life and realized just how tenuous the underpinnings really were. 

And then — just as we thought the COVID-19 crisis was leveling off — we witnessed the brutal murder of George Floyd, bringing other police-involved killings of black people to the fore, and in a matter of days a 400-year-old struggle with oppression seemed to transform from a series of isolated causes to a cohesive national movement. Personally, the reason I believe it’s different this time is that we’re different this time. We’d just redefined what “essential” meant, and in coalescing against a common enemy we self-identified as humans first.

It’s in the face of these new truths that we all must ask ourselves, “Are we doing enough?” Are we as individuals making that shift from passive resistors of hate to aggressive agents of change? Are we as companies fully understanding the power of opportunity that is truly accessible to all? Are we as insurers using all the tools we possess to adequately prepare society for the complex risks it faces, be it from new vicious pandemics, continuing social inequality or the looming climate crisis?

See also: 2020 Outlook for U.S., Americas  

Insurers have the opportunity under the IAUSA banner to literally change the face of the industry within just a few years. The first IAUSA program kicks off this August in Manhattan, and with industry support we could spread this model to dozens of cities across America. It’s not a panacea and will need to be only one of many actions we take—as individuals, companies and an industry—but it’s the type of institutional step we can take now to capture this moment in history.

Never forget that we’re the industry that drives toward the storm when everyone else is driving away from it. It’s that spirit that led us to create Underwriters Lab (UL), the Insurance Institute for Highway Safety (IIHS) and the Insurance Institute for Business & Home Safety (IBHS). And it’s that same spirit that should drive us now to stand proudly on this history of societal risk leadership and take concrete steps to tackle social inequality and move toward greater equity. 

We must act.

The speed with which money moves in today’s economy affects every industry. Advances in digital payment infrastructures are powering more efficient processes and heightening consumer expectations around funds access. In fact, research points to the digital payments market reaching $132.5 billion by 2025, based on a compound annual growth rate of 18%. 

Insurance providers that capitalize on the opportunity stand to realize notable operational advantages as well as a competitive edge with clients. Some of the largest carriers have already moved toward more simplified, expedient payment processes to address disaster situations, requiring only a debit card and email address to receive funds within hours. 

Beyond just faster payments, insurers need to recognize that the era of real-time payment is not that far off. Consolidation trends coupled with the financial industry’s introduction of a real-time payments systems and person-to-person (P2P) models—such as Zelle—have some industry experts suggesting it’s well under way.

A recent Engine Insights and VPay survey across 502 consumers who had filed an insurance claim in the past three years found that more than half would be willing to switch insurers to gain access to instant claim payment; that figure included more than 90% of Gen Z and 68% of millennials.

Simply put, the era of real-time claim payment is inching ever closer, and insurers need to evaluate readiness and consider the best strategies for sustainable alignment.

Consumer Expectations: A Closer Look

The vast majority—more than 95%— of survey respondents said that ease of payment, speed of payment and the ability to access funds quickly affected satisfaction with an insurer. More than two-thirds said that the ability to receive same-day claim payment is somewhat or very important—including 82% of millennials and 81% of Gen Z. 

Regarding a willingness to switch insurers for real-time payment, a majority “yes” response was seen across multiple categories, including gender, income level and nearly all regions of the U.S. The desire for instant payment from insurers includes more than half of respondents with incomes higher than $50,000, which suggests that the concept of instant claim payment isn’t just important to those with lower incomes or among younger generations.

The survey also uncovered a glaring shortfall: 60% of respondents received their last claim payout by paper check. Consequently, today’s insurers need to think seriously about how they are either going to get a digital payment strategy off the ground or expand their current offerings.

Moving Toward Real-Time Payment

Automated clearinghouse (ACH) has represented the first step into digital payment offerings for many insurers in recent years. But carriers should not consider this single step a mature strategy going forward. 

See also: The Pandemic and a New Ecosystem  

From an operational efficiency standpoint, insurers are leaving money on the table when ACH is the only option, as it typically only covers a percentage of transactions; high-cost, legacy paper-payment processes have to cover the rest. Because an ACH payment is disassociated from important data such as remittance advice, these models can also create additional tasks related to reconciliation. Finally, ACH cannot compete with the turnaround times of emerging digital payment options, which enable payment in near real time on any day at any hour as opposed to within one to two banking days. 

As insurers consider how best to advance their digital payment footprint, three strategies are central to future positioning: 

1. Offer more digital touchpoints and payments options.

Push-to-debit, virtual card and mobile payment options are becoming important complements to ACH offerings, simplifying and speeding claim payment. Push-to-debit allows payment to flow instantly into a consumer’s bank account by simply obtaining the consumer’s debit card number. Alternatively, virtual cards enable same-day processing via a unique 16-digit card number that can be sent directly to service providers and run on their card terminal. 

2. Personalize the payment experience.

The VPay survey found that choice was important to the claim experience for more than half of survey respondents, suggesting that generational differences and preferences should be taken into consideration to build trust. Customizable options that personalize the payment experience allow policyholders to select their preferred form of payment on a “claim-by-claim” or “all-claims” basis, whether a digital offering or paper-based check.

3. Stay abreast of technological advancement.

Technological advances will ultimately usher in greater opportunities to pass real-time payment on to policyholders, claimants, members and service providers. Peer-to-peer (P2P) models are a good example of how more consumers are embracing disruptive payment models, and progressive fintech companies are leading the way to introduce these options to the industry with configurations that fit into existing claims workflows. While 23% of survey respondents — primarily within older generations — were not familiar with payment methods such as push-to-debit and Zelle, 47% noted a preference for receiving payment this way, suggesting that new digital models are gaining traction. 

See also: Data Security to Be Found in the Cloud  

The digital payment landscape is rapidly evolving and stands to leave the insurance industry behind if carriers do not act now. It’s simply a matter of time, as consumers and service providers will increasingly expect the same frictionless payment experiences they have in other sectors of the market. Carriers that embrace the move toward real-time claim payment and take steps now to align with current trends will be best positioned to keep and gain market share in the future.

Many insurers still have systems that grind away for ages before they cough up group benefits quotes. Brokers and underwriters insist on predictable, fast responses, and they are even more important today, with more people working from home because of the pandemic, straining networks.

If an insurer can’t streamline its process, clients will soon start getting quotes elsewhere. Brokers and MGAs are demanding. Time is money for them.

Complexity drives need for streamlining and AI

Streamlining group quotes is challenging to begin with. It’s more challenging when voluntary benefits with various options are added. Added complexity makes it even more important for insurers to choose a robust, responsive platform. It must let users quickly compare plans and see all options and rates for each employee division and class. 

Whenever possible, census data should be used to get a more accurate rate and facilitate straight-through processing from the quote to the proposal, onboarding and enrollment. That calls for artificial intelligence. AI can correct and supplement census data obtained during quoting. It can train the census scrubber to make smart decisions regarding missing and incorrect data, saving a lot of manual work.

You can’t sacrifice accuracy for speed. The two are equally vital. A more streamlined system must also help manage risk effectively. An insurer must be able to readily update it with underwriting and regulatory changes. 

Insurers need a system designed for accuracy and built for speed.

Likewise, security can’t be sacrificed. Hackers are more relentless than ever. Streamlining doesn’t mean taking the easy way out and leaving huge security gaps that put your client data at risk. Streamlining should increase security.

See also: 3-Step Framework to Manage COVID Risk  

Algorithm cuts touchpoints for better, faster results

Quoting group insurance sometimes seems more like an art than a science. But, if you boil it down to its essential steps, there is a definitive rules-based process that can be built into a responsive algorithm. This is the best method for providing comprehensive, quality quotes, fast.

Streamlining the entire process reduces the number of touchpoints among systems, which makes for a faster, more accurate experience. This, in turn, boosts usage, which ultimately leads to writing more business in less time. It also helps cut costs.

How much time can insurers save?

Here are some examples: 

• At a medium-sized Canadian insurer, producing a typical quote for 300 lives with a menu of voluntary benefits used to take four hours. Now the same job takes just 20 minutes. That is a 92% decrease.
• A large U.S. insurer cut quote processing times by 70% to 80%.

These and many other companies are providing more detailed, accurate and rapid service. They are selling and retaining more business.

The heat of summer is kicking in around the U.S., and the temperature is rising, too, in the digital transformation in one area of the market: digital outbound payments in claims.

Since February, the pace has accelerated beyond what we even thought fathomable. COVID-19 has been horrific, but it has brought clarity about the areas that are urgently in need of digital transformation.

SMA recently published findings from our latest market pulse survey, titled P&C Tech Plans in the COVID-19 Era. The report reveals that fully 81% of personal lines insurers and 57% of commercial lines insurers are investing in digital payments. 

In January 2019, I wrote that this area was positioned to explode. The focus on enhancing the customer experience was pushing P&C insurers forward. The digital payment process possessed the potential to provide operational improvements, especially in efficiency. The flexibility around payments became the target of many critical initiatives.

See also: Cloud Computing Wins in COVID-19 World  

Fast forward to May 2020. When we went into lockdown, we quickly realized which activities required intervention – those that required people coming into the office to print paper checks to be sent to customers and third parties. It becomes obvious that this is low-hanging fruit, and a plethora of vendors have solutions in the market today.

Join SMA and TDI on July 15 for a first-of-its-kind industry event that showcases the capabilities of digital payments and how vendors are bringing these capabilities to life.

Over the weekend, Korean pop made news because fans supposedly helped bait the Trump campaign into overestimating by an order of magnitude the number of people who would show up for a rally in Tulsa, Okla. No matter how big the actual effect, K-pop can serve as an exemplar for insurers and agents as we all try to figure out how to engage with clients more often and increase their affinity for our brands.

Yes, there will have to be considerable translation -- and not just from Korean to English -- to bring ideas from K-pop's outreach into our industry. Insurance customers would never even want to hear from companies and agents as often as K-pop fans engage with the idols -- "idol" being an official term for a K-pop group member.

But K-pop is very much an industry, with "factories" that create idol groups from among the thousands of youngsters who sign up for several years of training on how to sing and dance and on how an idol should act. And the interactions with the fan base are carefully and skillfully designed.

Now, no insurance company will ever get 750,000 fans to simultaneously do anything, as the most popular K-pop group, BTS, did with a live, pay-per-view concert last week -- my daughters stayed up to watch from 2am to 4am California time. But let's take off our insurance hats for a moment, look at the sorts of outreach BTS does and see if we can't be a bit more creative about what insurance clients might appreciate.

The group of seven young men, ranging in age from 22 to 27, have released four albums in two years, an aggressive schedule. But it's the steady stream of creative ways they interact with fans in between albums that stands out for me. Since my younger daughter found time to indulge her BTS fan-dom -- when her law school classes went online and her side gig as a waitress in the D.C. area was put on hold -- I'm sure a week hasn't gone by without some lengthy bit of new material. Sometimes, it seems that barely a day goes by.

In their seven years as a group, BTS has produced more than 100 episodes of Run BTS, a sort of variety show where they do things like bungee jumping or competing at a water park. The videos are engaging on their own, despite the need for subtitles for those many of us who don't speak Korean, while letting fans see the individual personalities in ways that can't always come across in the group's highly choreographed, elaborate shows.

Members of the group appear regularly on a live streaming app where they may, for instance, talk to the camera about what's going on in their lives or may answer fans' questions. There's nothing slick about the production values. A recent one showed two members sitting in a kitchen trying to figure out how to make gimbap, a traditional dish akin to sushi rolls that their moms made for them growing up. That's it. But fans love the videos. (An American singer learned one day that a song he had released a while ago had popped to the top of the iTunes charts in South Korea. What was going on? A BTS member had sung the song on one of the live streams. That's all it took.)

BTS recycles old material creatively, too. For instance, the group "held" a festival in April that replayed eight of their concerts from 2014 to 2018.

The group leans into social causes, as well. For instance, BTS donated $1 million to Black Lives Matter causes -- fans almost instantly raised a matching amount, then an individual fan, pro wrestler and actor John Cena, added a further $1 million. This week, the group announced that it was donating an additional $1 million to a cause helping those whose work at concert venues has been canceled by the pandemic. BTS, and K-pop in general, have become so identified with social causes that fans in the U.S. identified hashtags associated with white supremacy and flooded them with K-pop videos to drown out expressions of hate in the wake of George Floyd's death. (The New York Times detailed the K-pop activism this week.)

If BTS itself ever posts a photo on Twitter, well, look out: There could easily be two million likes.

The steady interactions with fans have produced unprecedented popularity for a K-pop group. They were not only invited to appear on the YouTube "graduation ceremony" in early June, alongside the Obamas and others, but were given two large blocks of time, first so each of the seven could offer thoughts to the graduates and then to perform three songs.

Of course, that sort of exposure just feeds more popularity. When BTS released a single a few days ago, called "Stay Gold," it instantly went to the top of the iTunes charts in more than 80 countries. BTS's last four albums have hit No. 1 on the Billboard charts, a Herculean feat given that songs in Korean get so little radio play in the U.S., and radio play is such a big factor for Billboard.

How can insurers match BTS?

They can't, not even if Greg Case, Brian Duperreault or some other executive sings and dances a whole lot better than I know. But it seems to me that there are still lessons that can be learned from the group's outreach, about the benefits of continual (welcomed) communication, about the different possibilities presented by various media and about the lack of need for great production values, even from the industry heavyweights.

In personal lines, I imagine that health and auto insurance present the greatest opportunities.

During this pandemic, especially, there are loads of reasons for my health insurer to be keeping me updated about what's being learned about how the coronavirus is spread, what preventive measures I can take, what therapies are showing promise, how many cases are being found in or near my ZIP code, etc. I already gather that sort of information on my own, but I'd certainly welcome an occasional email from my health insurer that promised me updates. I might well click through to a video that illustrated some key point or to a brief Ask Me Anything-style post, whether in word form or just as a Zoom-style recording of some expert sitting in her living room answering questions I might have. Nothing fancy needed: just some good information delivered periodically.

Al Lewis delivers through Quizzify the sorts of updates I'm imagining; his employer clients send monthly trivia quizzes that educate employees about COVID and other current topics, as well as broader healthcare issues, both to help employees and to keep them from undergoing unnecessary care that can cost employers dearly. But, as far as I can tell, health insurers could be doing a lot more.

My auto insurer has kept me updated about premium credits as long as mileage plunged for months, but why not also tell me about how quickly driving is picking up, what the new version of rush hour looks like and is likely to look like, etc.? Auto insurers might run out of topics much faster than health insurers, but there are still event-based communications that I'd welcome. For instance, I relied on personal experience when teaching my daughters to drive, but surely there is a host of collected wisdom that an insurer knows about and that could have been flagged to me as soon as a teen showed up on my insurance. Again, the advice could have taken a variety of forms, many of them low-cost, along the lines of an Ask Me Anything -- perhaps augmented by a slick video designed to scare the bejeezus out of kids about all the bad things that their phones can suck them into doing.

The same sort of email/social/video outreach could work in small commercial lines, too, especially at a time of so much uncertainty. Think a pizza parlor or small retailer wouldn't welcome a stream of advice, with the promise of additional resources, on how to reopen while protecting customers and employers? Think they wouldn't welcome help thinking through all the workers' compensation issues that are floating around?

The really good agents and brokers are, of course, pulling together all sorts of advice and providing it to clients in our current health and economic crisis. But it seems to me that the advice outreach could be much more systematic, could be organized more by the insurers so that more agents can provide top-notch service and should be set to extend long after the crisis passes.

So, think BTS. You'll never be as popular as they are. But think about the language barriers they overcame while establishing links straight into the hearts and minds of so many, and take heart.

As the latest single says in its opening:

In a world where you feel cold
You gotta stay gold

Stay safe. And stay gold.

Paul

P.S. Here are the six articles I'd like to highlight from the past week:

We Are Open for Business; Now What?

Expectations for success continue to rise as more businesses reopen with safety as a top priority.

Keys to ‘Intelligent Automation’

Combining robotic process automation and machine learning, IA accomplishes the end-to-end automation of business processes.

Insurance Innovation — Alive and Kicking

An abundance of startups shows the industry adopting a two-speed strategy, around speed of operation and speed of innovation.

3-Step Framework to Manage COVID Risk

Insurers need a comprehensive yet customizable approach to assess operational risk quickly and dynamically and chart responses to COVID-19.

Epic Policy Failure on Contractors

California is making a mess as courts, the legislature and possibly voters sort out who qualifies as an employee and who as a contractor.

Loss Prevention or a Trojan Horse?

"Ecospheres of prevention" sound great, but they may just be a way for insurers to use, say, leak detection devices to gain leverage on clients.

Insurance innovation is alive and kicking, and gaining traction, as represented by the wide array of submissions for the 2020 Innovation in Insurance Awards, sponsored by Efma and Accenture. Last year, I was honored to be selected as a judge, and the winners were just announced in a virtual award ceremony.  Congrats to all for carrying the commitment to innovation for our industry!

With customer demographics and expectations changing, with new channels and competitors appearing and with so many technological possibilities opening up, we see a two-speed strategy around innovation: speed of operation and speed of innovation. 

Speed of operation focuses on optimizing the existing business model while speed of innovation looks at new business models that will disrupt the business. This two-speed strategy aligns well to AM Best’s innovation ratings.

Innovation That Stands Out

So, how are insurers innovating? In the submissions this year, there are leaders who understand the intersection of customer, technology and market boundary shifts and are blazing trails.

See also: COVID-19: Innovation, Your Time Has Come  

Here are six interesting trends and focus areas that stood out to me:

1. Personalized digital platforms

While a number of portal or mobile app submissions focused on niches such as bill payment, they did not provide the engagement offered by personalized digital solutions that delivered the kind of great experience customers increasingly expect. One submission offered services and rewards to clients with life insurance and monitored customer behaviors to provide personalized recommendations and rewards that would encourage healthy behavior. The result was a fully executed digital platform for behavior change.

2. Home and wearable IOT ideas

IoT and wearables have matured rapidly over the past five years. As I discussed last year, Insurance at the Intersections of Protection and Prevention, the real opportunity for these technologies was to create a bridge from P&C and home security into home health and wellness. P&C insurers (using IoT devices to protect the home) can use health awareness devices to serve those who choose to age-in-place – connected home and health all in one. With more than 10,000 Baby Boomers retiring each day, this is a huge market opportunity. One submission used smart technology to safeguard clients and their home while providing access to a range of services, including home repairs and maintenance, food delivery and medication reminders. The concept, a creative use of traditional P&C and life & health, epitomizes a customer-first approach, rather than a product approach. In today’s COVID-19 environment, and with the cost of nursing home care increasing, this option could appeal to a lot of customers.

3. Data ecosystem

Innovative uses of data are driving growth, and ecosystems can accelerate it. One submission built a data ecosystem with partners across a wide array of industries that allowed the entrant to visualize and use data for underwriting and helping clients minimize risks, thus increasing the company's business. The opportunities to build on this concept are enormous.

4. Travel insurance's customer experience

While buying travel insurance via an app seems commoditized, one submitting team changed the policy transaction into a broader customer experience, driving engagement, value and loyalty. Travelers receive recommendations on where to go, safety and security alerts (using geo-location from the mobile phone) and other services that improve the experience while reducing risk. This submission is a great example of thinking beyond the traditional risk policy to a broader customer relationship.

5. Family insurance

A number of years ago, the concept of a single insurance policy that would adapt as you went through life was discussed within a company where I worked. But the idea could not be done on the old mainframes prevalent back then. Fast forward, and the idea has morphed and emerged in one of the submissions. The entry looked at a single policy that would meet the needs of the family, including facets of home, accident, health and pet protection – all wrapped into a digital service that helps manage common, high-level family needs over the lifetime of the policy. This concept is radically different – approaching the need from the customer point of view, not from our long-held insurance point of view.

6. Agriculture

The last area that stood out is near and dear to my heart – agriculture. As an “Iowa farm girl,” I see the rapidly changing agriculture landscape and the use of technology to aid farmers from planting through harvest – well beyond just for potential risk and claims. There were three submissions that stood out to me. The first was a digital experience for farmers in India that focused on providing crop insurance but also included services such as cultivation recommendations that would help increase crop yields. The second was insurance that also provided intelligent traceability of agriculture products to minimize potential risks – all about secure sourcing and food safety. The third was parametric insurance for coffee growers. All of these highlighted how a centuries-old agriculture industry is ripe for new products and services to help optimize it while also protecting it.

See also: Step 1 to Your After-COVID Future  

Innovation is Defining the Future of Insurance

Each of these companies – and others I did not mention – are reimagining the future of insurance with the customer at the forefront. They are taking control of their future before someone else does. And they are doing it with a focus on both operational and strategic innovation, fitting within A.M. Best’s innovation criteria.

These companies and the winners are well along the path to becoming the innovation experts that will reshape the future of insurance. Congratulations to all!  I can’t wait to see next year’s innovative ideas come to life!

Established continuity plans are an essential part of a business’ reopening in a post-COVID-19 world. Expectations for success continue to rise as more businesses reopen with safety as a top priority. With a growing list of resources and recommendations, many employers are wondering where to start.  

We partnered with the Public Agency Risk Management Association (PARMA) for our latest Out Front Ideas with Kimberly and Mark webinar, where three special guests joined us, to discuss employer considerations for returning to a physical workspace:

• Tim Karcz, senior risk manager | California Joint Powers Insurance Authority
• Traci Parke, partner | Burke, Williams & Sorenson
• Chuck Pode, risk manager | county of Ventura

Physical Workspace

There is an abundance of public health recommendations for reopening safely, but businesses are left to develop their own policies and practices to implement these standards. The Centers for Disease Control and Prevention (CDC) has outlined how to create a plan for implementation, including measures for separation, social distancing and sanitizing. Many public entities are requiring a site-specific plan addressing these issues before reopening. One of the best ways to get started is to conduct a walkthrough of the facility, acting as one of the employees. Before completing the walkthrough, you should know what day-to-day activity looks like, where to make necessary adjustments and what the expectations are for both employees and custodial staff. Be open to changing and revising the plan constantly and communicating the changes with employees.

Your continuity plan should include:

• Engineering controls, like barriers and social distancing measures.
• Administrative controls, like staffing level changes.
• Personal protective equipment to control transmission, like masks.
• Cleaning and disinfecting procedures.
• Employee training to address check-ins, health screens, social distancing and usage of personal protective equipment (PPE).
• Employee-specific guidelines to address when an employee feels ill, or if someone in the person's household is feeling sick. 
• Updated data security measures.

See also: Access to Care, Return to Work in a Pandemic  

Safety Considerations

An excellent resource for preparing a safe return to work is OSHA document 3990-03: Guidance on Preparing Workplaces for COVID-19, which follows standard regulatory requirements. There are six key elements listed for implementing a successful reopening model:

1. Develop an infectious disease and response plan. Ask your business partners if they have any resources readily available. There are resource templates available for what applies to your industry, but OSHA is encouraging more personalized plans to meet your organization’s needs.
2. Prepare and implement basic infection prevention methods. These include refraining from physical contact, using a key or pen to open doors, throwing away used tissues and not touching your face, mouth or nose with unwashed hands. Make these guidelines inclusive to all employees within your industry. 
3. Develop policies and procedures for prompt identification and isolation of sick people. Encourage employees to self-isolate if they are experiencing symptoms and have a plan in place if someone exhibits symptoms within the workplace.
4. Develop, implement and communicate about workplace flexibilities and procedures. Talk to your employees about their concerns regarding leave, safety, childcare and any other issues that may arise. Flexibility with current policies is critical to continued success. 
5. Implement workplace controls. Engineering, administrative and protective equipment measures all need to be addressed. 
6. Follow existing OSHA standards. Many existing rules apply to current prevention methods and should be included as part of any continuity plan. 

OSHA also suggests classifying worker exposure to COVID-19 into four risk categories: very high, high, medium and low. The guidance document has specific definitions for each:

• Very high risk includes those exposed to known or suspected COVID-19 patients.
• High risk includes those exposed through medical services, like first responders. 
• Medium risk includes those possibly exposed to someone who may be infected, but may not know they are infected.
• Low risk includes the majority of employees, who are not required to be around those who may be infected but could be exposed at some point.

ADA Considerations

As COVID-19 makes a more significant impact on the day-to-day lives of employees, compliance with the Americans with Disabilities Act (ADA) may pose a greater challenge for employers. The Equal Employment Opportunity Commission (EEOC) has published guidance on complying with the ADA with COVID-19 in mind. A few of the commonly addressed questions include:

1. How much information can an employer request from someone who is sick to protect the workforce? Typically, the employer cannot request details of the illness, but, because of COVID-19, the employer can request that the employee disclose any symptoms related to COVID-19. The employer must keep this information confidential. 
2. Can employers take employee temperatures or require health screens before entrance into the workforce? Yes, although the screening can present confidentiality issues because there is no real playbook for how to conduct the health screens. If implementing this process, it is a good practice to disclose plans to employees before they return to the workplace. Specific states will require a notice of collection before screening employees. This information will also need to remain confidential. 
3. What can we do to protect our high-risk employees or any employee who seeks health-related accommodations? ADA duties and obligations still apply to provide accommodations for anyone with a preexisting condition or disability that makes the person particularly susceptible to COVID-19. Think about the individual risk factors that these employees may face in the workplace. Accommodations may vary depending on the essential functions of their day-to-day job. Get input from the employee and the person's manager to protect them. Telecommuting is highly encouraged by the EEOC and should be seriously considered if it does not cause undue hardship for the employer.

See also: Strategies to Reopen Your Business Safely  

To listen to the full Out Front Ideas with Kimberly and Mark webinar on this topic, click here.

With new technologies and evolving customer expectations driving rapid change in the insurance sector, research suggests that more than 65% of insurance carriers will adopt at least limited automation by 2024. But, today, the insurance sector largely relies on multiple layers of manual processes that make customers wait while employees try to make sense of complex documents.

Intelligent automation (IA) offers insurance businesses an opportunity to revolutionize the way they operate to meet increasing demands from customers and pressures from the market and to plan for future, unanticipated interruptions. Through the combination of robotic process automation (RPA) and machine learning (ML), IA solves complex enterprise issues through the end-to-end automation of a business process.

The Insurance Ecosystem Involves Many Parties and a Deluge of Data

Many third parties are involved in the end-to-end insurance lifecycle. That’s the case whether you are in commercial, employee benefits, retail or any other type of insurance. A lot of information gets passed around. 

Brokers and insurers share data and documents. Advisers working with clients provide information, as do others, such as loss adjusters and lawyers. And the data arrives in the format preferred by the person who shares it.

That Data Comes in a Variety of Formats 

Data used for insurance purposes comes in many formats — structured, unstructured and semi-structured — and must be ingested, understood and digitized with accuracy before any automated processing takes place. This involves making sense of data such as cursive handwriting, which is commonly found in life insurance change-of-address and name-change forms, as well as in beneficiary documents. Insurance entities must extract data from highly unstructured employee benefits documents, such as dental, income protection, long- and short-term disability and medical documents. 

Brokers and insurers also need to compare and extract data from binders/slips, which can be up to 400 pages long and may use different words to describe the same thing. Insurers looking to ingest unstructured data (like email attachments, handwritten documents, PDFs and unlabeled data) — which is estimated to compose 80% of any enterprise’s data — can find their answer with cognitive machine reading (CMR).

While the industry's standard data ingestion tool — optical character recognition (OCR) — can digitize structured data, it falls down when it comes to reading and extracting unstructured data such as tables, checkboxes and many other forms. In addition, OCR can't read and digitize handwriting and signatures. 

A CMR-enabled intelligent automation platform (IAP) can analyze and process large amounts of unstructured data and complex business contracts in a fraction of the time it takes with traditional, manual processes. An IAP enables insurance companies to address the error-, labor- and time-intensive challenges involved with human-driven processes. 

For example, a global broking client wanted to extract 17 data points from commercial policies and endorsements. The documents came in from many different insurance carriers and in varying formats. All the data points required rules or reference tables to make the output usable, and most of the data didn’t have labels. In just a three-week period, with the samples of only 220 documents, with 40 different formats, multiple insurers and 10 coverage types, an IAP learned to extract 98.7% of the data, with 96.8% accuracy. Following this proof of concept, the client decided to implement this solution in multiple geographies.

See also: Automation Lets Compassion Scale   

CMR Allows Insurance Entities to Do More

John Hancock illustrates the many benefits businesses can derive from a CMR-enabled IAP. The company originally used manual processes to handle the large volume of policy management documents it received. Many of those documents held vast amounts of unstructured data — especially handwritten text in bold and cursive. 

Since adopting AntWorks’ CMR-enabled IAP solution, John Hancock has enjoyed higher business productivity, lower turnaround times and a more than 65% increase in accuracy for handwritten cursive recognition. Because the AntWorks IAP uses assistive and adaptive machine learning to learn from exceptions, the system’s accuracy gets better over time.

Insurance entities also can greatly increase their case volumes with the help of CMR. Using manual processes would require armies of people to do validation checks and take a lot more time, while producing higher error rates.

One of the world’s largest human resources consulting firms implemented AntWorks technology to manage large volumes of data and provide optimized quotations to customers for new policies and renewals. This company eliminated manual keying and automated healthcare claims-related processes by extracting data from paper documents and validating for accuracy. That enabled 70% faster processing and a 40% increase in accuracy.

A Fortune 500 insurance company that provides title insurance protection and professional settlement services found that the manual process of validating title documents was leading to error-prone and inconsistent output. CMR technology enabled this company to increase field accuracy across orders by more than 75% and increase productivity by 200%. (Field accuracy is one of the key performance indicators that insurance companies, their technology suppliers and analyst firms like NelsonHall use to evaluate automation solutions. For example, NelsonHall in its SmartLabTest evaluation of document cognition platforms looks at the proportion of fields correctly recognized, accuracy of extraction of recognized fields and proportion of fields overall that are 100% accurate and require no manual intervention.)

IAP Equates to Faster Time to Revenue and Richer User and Employee Experiences

When insurers adopt automation, they dramatically improve the experience for all parties — the broker, the customer and the insurer. They relieve employees from doing what is considered value-added but repetitive work like manual data entry. Automation also eliminates the need for error-prone, stare-and-compare work that’s common in the insurance industry.

That elevates the customer experience because IA allows insurance companies to process requests and respond much more quickly. Digitizing processes also delivers a better experience because customers don’t have to contend with the cumbersome process of filling out and handling paper forms. Meanwhile, IA enables insurance businesses to enrich their data with both structured and unstructured data from other sources and use data analytics and predictive analytics to make their propositions better and more personalized. 

IA also can enable businesses in the insurance ecosystem to move faster. That can help them to be more profitable.

Imagine a person is underwriting a life insurance case. If the data that person submits for the case is referred, an insurer would then have to go out to a doctor to get a medical report value. The underwriter would need to assess that report to understand whether it’s an acceptable case and communicate with the customer.

Getting and processing all the data can take weeks, delaying the policy kick-off. But if you can use intelligent automation to understand the data within medical reports, use rules to decide whether to accept or decline and automate the outcome, things happen much faster. 

The title insurance protection and professional settlement services insurance company mentioned earlier reduced its processing time by 70% after adopting a CMR-based IAP solution. Meanwhile, the human resources consulting firm noted above increased its operational efficiency by speeding turn-around time, leading to higher customer renewals, an uptick in new customers and increased revenues. 

Process Discovery Helps Companies Better Understand the Work They Do

Often, a lack of knowledge and understanding of process flows leads to automation failure. If you’re not quite sure which processes are the most optimal to automate or you’re not clear on all the steps involved in your process (and you don’t have time to do workshops with lots of analysts and business subject matter experts to figure things out), then process discovery is an excellent way of understanding exactly how the process is conducted. 

Process discovery enables organizations to identify high-value processes for automation by recording actions that users undertake. If an organization can look at, say, 10 different people doing the same process, it can better understand not only how the process really works but also all the variations in the process, including things like the different process times and different applications accessed. The discovery enables the organization to see the steps involved and create automated processes that use the optimal approaches to those processes. The organizations can then apply what they learned to claims data extraction, fraud detection, mortgage verification and processing, account set-up, policy administration, quotation validation, title verification and a wide variety of other insurance use cases.

In addition to helping companies better understand their processes, process discovery can help in identifying opportunities for automation, expedite digital transformation and unveil previously unknown processes for in-depth process mapping.

See also: Evolving Trends in a Post-Covid-19 World  

Intelligent Automation Makes Companies More Resilient

Our new normal puts increased focus on the importance of business resiliency. Manual processes work against that because they often mean that workers need to go to physical business locations to handle paperwork. That creates risk in today’s environment. Intelligent automation frees people and organizations from on-site, paper-based manual processes and instead relies on processes that are better suited to today’s digital, distributed, remote work world. IA also scales, as needed, to adjust to changing circumstances.

The time has come for insurance companies to look at ways to improve their operational processes through technology innovation. IA has the capabilities to help insurance practitioners to do business much faster, more efficiently and with greater security.

“The rest, in swarms, will overrun the boat deck

They'll lose all sense of right and wrong

It will be every man for himself, all right!

The weak thrown in with the strong!”

Titanic, A New Musical (1997)

On April 30, 2018, the California Supreme Court issued its opinion in Dynamex Operations West, Inc. v. Superior Court (2018), 4 Cal. 5th 903. The court filled a void, in its view, of how to determine whether someone was an employee subject to wage orders of the Industrial Accident Commission.

Even before the ink fully dried on this monumental opinion, the California legislature sprang into action. Assembly Bill 5 (Gonzalez) was introduced on Dec. 3, 2018, to codify this new rule of law and to expand its “ABC test” to unemployment and workers’ compensation. From that effort then sprang a comical – or tragic, depending on your point of view – effort by a multitude of businesses to gain a reprieve from the ABC test, which was adopted by the court without legislative blessing, or even at the urging of the parties in the litigation, in an effort to curb the abuses of misclassification of workers as independent contractors.

AB 5 granted various forms of absolution to a multitude of businesses. Some achieved an appropriate complete exemption from the now-codified ABC test. Others are now compelled to go through various requirements to achieve dispensation, some requirements either being hopelessly ambiguous or impossible (or meaningless) to comply with. Still others were left outside the cathedral doors (also known as the Capitol in Sacramento) in hopes that their petitions for relief would be heard.

The ABC test as codified and amplified by AB 5, now Labor Code § 2750.3, is a complicated set of outright exemptions, quasi-exemptions and – as was seen with the case of various freelance artists and writers – exemptions that were illusory in the face of the reality of such work. The freelancers began an aggressive campaign last fall to get the law changed in 2020. In some respects, their efforts are succeeding.  

When the legislature returned in 2020, there were dozens of bills introduced to delay, modify or outright repeal AB 5. Most were by Republican authors, and most were never heard in policy committees: the Assembly Labor and Employment Committee or the Senate Labor, Public Employment and Retirement Committee. Today, changes to AB 5 will have to come from two bills by the same author, Assemblymember Lorena Gonzalez (D- Dan Diego), who is also the author of AB 5. The first bill is Assembly Bill 1850 (Gonzalez), the second Assembly Bill 2257 (Gonzalez). Both bills are moving in the legislative process. AB 2257 specifically deals with the issues raised by freelancers. According to the analysis in the Assembly Labor and Employment Committee, California Freelance Writers United supports the measure, as do many others in the art, music and content-creation industries who use freelance workers. And, per the analysis by the Assembly Labor and Employment Committee, Assemblymember Gonzalez intends to add an urgency clause to AB 2257, meaning that it would become effective on signature by the governor and not upon Jan. 1, 2021. And so, freelancers achieved their objective.

AB 1850 includes the same language as AB 2257, at least for the moment. It also contains much more. This includes rewriting and reorganizing Labor Code § 2750.3 and adding still more exemptions from the ABC test. 

As proposed in AB 1850, there are nearly 50 occupations or business relationships that are not subject to the ABC test in Labor Code § 2750.3. Some of these exemptions are based on occupations, some on occupations provided that certain criteria are met and some on business-to-business or referral agency relationships. Many of these exemptions will require a careful analysis by a business if they are to be sure of passing muster with the labor commissioner, the Employment Development Department (EDD) and workers’ compensation insurance company premium auditors. The exemptions, in one form or another, maintain the venerable multi-factor test in S. G. Borello & Sons, Inc. v. Department of Industrial Relations (1989) 48 Cal.3d 341 or, in the case of occupations where the legislature augmented this standard, what is now called “Borello +.”  

See also: How to Lead and Collaborate in Claims  

The business-to-business exemption remains inscrutable and should particularly cause persons involved in a franchise relationship great concern even as the applicability of Dynamex to franchises remains the subject of significant litigation. The problem remains that, while the relationship between a worker and a business service provider is governed by the ABC test, the statutory language in Labor Code § 2750.3 refers to the degree of control of the contracting business over the business service provider and not the employees of the business service provider. This seemingly obvious distinction was not clarified by the Sept. 13, 2019, letter from Assemblymember Gonzalez to the Assembly clerk trying to explain on the one hand whether a business service provider was an employee of the contracting business while also stating that nothing in AB 5 was intended to change the laws relating to joint employment.

The claimed abuses of application-based drivers and service providers have frequently been cited as the raison d’être for AB 5. There is a battle in the California courts over the classification status of workers in the digital marketplace. Most recently, on May 5, 2020, in People of the State of California v. Uber Technologies, San Francisco County Superior Court No. CGC20584402, California Attorney General Javier Becerra and several city attorneys stated:

“But rather than own up to their legal responsibilities, Uber and Lyft have worked relentlessly to find a work-around. They lobbied for an exemption to A.B. 5, but the legislature declined. They utilize driver contracts with mandatory arbitration and class action waiver provisions to stymie private enforcement of drivers’ rights. And now, even amid a once-in-a-century pandemic, they have gone to extraordinary lengths to convince the public that their unlawful misclassification scheme is in the public interest. Both companies have launched an aggressive public relations campaign in the hopes of enshrining their ability to mistreat their workers, all while peddling the lie that driver flexibility and worker protections are somehow legally incompatible.”

This lengthy polemic is another way of saying Uber and Lyft (among others) have gone and filed an initiative to deal with the classification issue. Well, shame on them.

On May 22, 2020, the initiative, “Protect App-Based Drivers and Services Act," became eligible for placement on the November 2020 ballot. If it is not withdrawn by June 25, the voters of California will decide whether app-based workers, such as those for Uber or Lyft, are employees or independent contractors. The issue, as you might assume, is clearly more complicated than that, given the various requirements in the initiative necessary to qualify for an exemption to the ABC test.

See also: 4 Key Changes to WC From COVID-19  

It is safe to assume that the initiative polls very well with the public. It also is likely to pass.

So, by next year, the ABC test, “… whose objective is to create a simpler, clearer test for determining whether the worker is an employee or an independent contractor,” (Dynamex, 4 Cal. 5^th 951, fn. 20) will have dozens of exemptions acquiesced to by the legislature and, likely, an exception that nearly overwhelms the rule should the initiative pass on app-based drivers and service providers. 

Why are we doing this? It is an epic public policy failure to suggest the only distinction between an entrepreneurial worker and an exploited one is whether 21 senators, 41 Assembly members and one governor in Sacramento decide to issue a pass. It may be too late to reset the dialogue in California on this issue, between court challenges and, potentially, a successful ballot measure. It is not too late elsewhere, including in Congress.