Agile adoption for insurers has grown significantly in the past few years; most have already begun their agile journey and are at varying stages of maturity. Yet agile has financial, organizational and cultural implications that can reshape the entire organization. Adopting this methodology often leads to the flattening of hierarchies, new budgeting processes and a change in role for the project management office (PMO).

Alignment Implications: Projects to Product

Following trends outside the industry, a growing number of insurers are choosing to organize their IT value delivery around supporting products rather than delivering projects. Products are durable, whereas projects are transient; they have a clear beginning and end. The idea of well-defined ending and scope has always been in conflict with the core ideas of agile, where scope can change week to week, and the end can come earlier or later as needed.

Part of this realignment to product means that many insurers are retooling their PMOs to fit an agile delivery model. PMOs that endure in highly agile organizations tend to shift away from a directive model to one that is more supportive and consultative. Agile works best when teams are empowered to operate as semiautonomous units—this doesn’t mesh well with the controlling PMO model.

Some insurers with advanced agile organizations have chosen to replace their PMO with other organizational structures like product management. Product managers are defined by scaling agile frameworks like SAFe and are common in software organizations. The product-based nature of agile implementations also requires consistent vision over an entire life cycle, with product managers as the custodian of that vision.

Organizational Implications: Funding and Federation 

One of the biggest challenges in shifting to product-focused IT alignment is how the work will be funded. Advanced agile tends to depart from traditional ROI-based funding. Instead, teams are funded for a fixed period (usually a year) where funding levels reflect the business value of the product and the road map. 

The transition to an agile delivery approach can be a catalyst for IT organizations to move away from centralized IT and toward greater federation. This shift provides business partners with greater accountability for delivering on the business value proposition. 

Stronger IT alignment with business also means that IT metrics will measure outcomes rather than inputs, outputs and plan adherence. The lack of detailed plans render many traditional metrics obsolete. Measuring business outcomes like new sales or claims duration can supplement traditional agile metrics like velocity.

See also: A Short History of Agile Development  

Cultural Implications: Agile Innovation

Agile allows teams to collaboratively and creatively solve hard problems. It requires a tolerance for failure, a willingness to experiment, psychological safety, high degrees of collaboration and a lack of hierarchy. All these are defining characteristics of the world’s most innovative companies. Several large carriers are using agile as the blueprint to drive this kind of cultural change. They have executed aggressive plans to restructure their organizations, redefining roles and management, transforming governance and adjusting key performance indicators (KPIs) to drive the desired behaviors.

Yet some organizations resist the migration to agile because it represents a change from how things have always been done. Outdated compensation and reward structures can also impede agile adoption. Executive sponsorship is important to deal with this challenge; equally important is advocating for change at all organizational levels.

Exceptions to Agile

Insurance carriers shifting to agile are realizing benefits in improved software quality, better business outcomes, lower cost and risk and increased customer satisfaction. Yet agile isn’t the right solution for every organization or every type of technology investment. Full implementations like large-scale financial system replacements, including general ledger and ERP systems, may not be ideal candidates for agile. Rigorous testing cycles required in a comprehensive testing phase completed near the end of development inhibit the value of quicker release cycles.

Moreover, the business is often not ready to become a dedicated partner. When business partners aren’t available in day-to-day delivery of the solution, the outcomes aren’t very different from a waterfall or iterative development model. Agile also tends to be unsuccessful if IT relies heavily on full offshore development teams without a product manager on site. Insurers recognize the benefits of agile development: increasing alignment between IT/business, improving speed to market and boosting employee engagement. However, this transition is not immediate.

Insurance carriers are at different levels of maturity depending on how long they’ve been practicing and the willingness of business and IT to adapt. Novarica’s recent brief, Agile Maturity Model for Insurers, provides an overview of challenges and implications of agile adoption at insurers, as well as a capabilities model to define stages of maturity across areas affected by a transition to agile.

“Pathogen outbreaks are an emergent property of global 21st century society,” Dr. Richard Hatchett, executive director, Coalition for Epidemic Preparedness (CEPI), Bloomberg BusinessWeek, Feb. 13, 2020

As a society, we are obviously becoming increasingly more connected. Most of the time, we don’t realize the fragility caused by our interdependence. We take our connections among and between people, physical artifacts and digital artifacts for granted and seem them as benign as the sun rising in the East and setting in the West.

Until COVID-19 emerged in late 2019, all of our discussion about connectedness was framed almost entirely on social networks, networks more generally and, of course, network effects (i.e., the Big Tech companies – that we voluntarily use – that are ruining (or is that running?) our lives and ruining society). 

COVID-19 is cutting society’s connections

The emergent properties of our global 21st century society have been primarily related to digital: cyber risks; social media that enable bullying, spreading misinformation and amplifying outrage; and "trial by Twitter."

But a global pathogen has supplanted our discussion about emergent digital issues. With COVID-19 cascading through country after country, the world is going into quarantine as we experience:

• entire countries being locked down
• major sections of countries being shut down
• conferences around the world being canceled or moved to a virtual format
• colleges asking their students to leave campus and attend classes virtually
• businesses asking their employees to work from home
• shopping malls being abandoned
• sports games being played without fans
• "social distancing" (not shaking hands and staying at least six feet away from another person) and vigorous hand-washing being strongly recommended practices
• panic buying in some locales, with people stripping grocery stores bare of items needed for hand cleaning, sanitizing and bathrooms. 

All of the above are natural human reactions to a pathogen infecting hundreds of thousands and killing thousands of people, that to date does not have a vaccine or a course of treatment. 

Moreover, all of the above, other than the guidance relating to hygiene, are drastically slowing or stopping commerce around the world. 

Per an article in Fortune.com dated March 11, 2020:

“Nearly 75% of companies are seeing capacity disruptions in their supply chains as a result of coronovirus-related transportation restrictions, according to an Institute for Supply Management survey published Wednesday (March 11, 2020). This is a strong warning that COVID-19 is weighing down the global economy.”

I’m not arguing that the measures being taken should not be taken. I am glad that all of the actions are being taken. That doesn’t alter the fact that commerce, or the pace of commerce, is grinding to a halt. 

(Personally, I believe that every U.S. state and international communities should cancel their entire schedule of events for the spring and summer, including fairs, festivals, music events, theaters, outdoor plays, college commencements and other social gatherings until a vaccine or course of treatment for COVID-19 is identified and made available to everyone.)

See also: Coronavirus Boosts Cyber Risk  

Hoisted on our own petard (of connections)

As a society, we are currently being hoisted on our own petard: A natural phenomenon is driving us to cut our global and regional (and local) connections or at a minimum put them on the shelf. COVID-19 may not be taking society back to the Middle Ages, but it seems as if it is taking society back to a time before any significant amount of global trade was conducted through systems of linkages or networks. 

Society can not become completely digital

I realize there are probably quite a few people who see COVID-19 as an opportunity for society to become entirely, or at least mostly, digital. We may be forced to strive to make that happen until we have a vaccine or course of treatment for this pathogen. 

However, a significant component of society is, and will always remain, analog. Physical artifacts are not going to disappear. I believe that significant parts of our society can become even more dependent on digital interactions (what I label Mediasphere in the visual below). But the practical reality is that people need, at a minimum, to have:

• food to eat and utensils (and plateware)
• water to drink and containers for the water
• clothing
• medicine (over-the-counter or prescription) and containers to store the medicine
• a choice of physical artifacts to sit on for homes and offices
• a choice of vehicles to share/own/lease
• groceries and storage, plus carry-bags for the groceries
• appliances in homes and offices (for any number of practical reasons)
• infrastructure to move:
  • food, water, medicine and medical devices
  • physical artifacts
• trains, planes and trucks to move food, water, medicine, medical devices and other physical artifacts from one terrestrial point to another terrestrial point.

COVID-19 or not, our society is, and will remain, a mixture of physical and digital artifacts. 

Societal connections: linkages and networks

Humans have been building linkages and networks to support interactions with each other throughout the history of our species on our planet. We are an animal that communicates in a wide variety of ways, including speech, art, trade and an ever-expansive set of tools. From the Cave Walls of Lascaux to the walls of Facebook, from the Silk Road to ocean maritime shipping and from party-line telephones to ubiquitous, mobile IP-connected telephony, humans have continually created and expanded communication pathways to share, shop and entertain.

I am purposely not defining or discussing the differences between linkages and networks. Additionally, a more robust discussion would also include ecosystems and platforms and the impact of global pathogens on both of them. But I will say that I consider the walls of Lascaux, the Silk Road, ocean maritime shipping and party-line telephones to be linkages rather than networks.

Three major domains of society’s linkages and networks

In the visual below, I attempt to capture three major domains of society’s linkages and networks and some of the key elements in the two historic domains of geographic territories and marketplaces:

• Geographic Territory: A small village or a town, city, state, province or entire country. The territory consists almost entirely of physical artifacts but is increasingly leavened with digital capabilities (i.e. IoT).
• Marketplace: Where people and businesses go to shop and purchase goods (including food, water and medicine) and services (including healthcare). Throughout most of our existence, the marketplace has been entirely composed of physical artifacts. However, as society has become more computerized, more digital, more mobile and of course connected using the Internet and web, the marketplace is increasingly a locus of both physical and digital artifacts.
• Mediasphere: My made-up term to mean a digital arena that supports communication, commerce, entertainment, virtual office work, news and other digital services (i.e., virtual reality, augmented reality, holograms). The Mediasphere consists entirely of digital artifacts. (Other than that the infrastructure that enables the very existence of the internet is itself a portfolio of physical artifacts.)

COVID-19, an emergent property of our 21st century society as Dr. Hatchett stated, affects all three domains. The pathogen is effectively slowing or closing the interactions between and among people and physical artifacts within geographic territories and the marketplace. 

Simultaneously, COVID-19 is transforming the Mediasphere into a crucially important domain for humans to interact digitally whether for business, education, news, entertainment or other digital services. As some articles in the press have noted: COVID-19 will really test the limits of the digital haves and have-nots. This pathogen may be the trigger that finally motivates governments to ensure their entire populations can access the web and do so in a cost-effective manner (for consumers).

Implications and advice for insurers

During the COVID-19 crisis, insurers should:

• ask all of their employees, whether now working in the home office, a field office or an agency, to work from home
• provide the necessary equipment, and requisite security and privacy, for their employees to work from home
• hold meetings virtually
• strengthen the security of all of the company’s digital connections (including data flows within the company’s value chains and flows to/from external sources)
• ensure that employees have the necessary telecommunications access to the content (forms, documents, files, presentations, other) they need to perform their work at home, including uploading the work from each employee
• ensure that employees can be tested for the COVID-19 virus from home.

For sales, claim service and customer administrative service, insurers should also create the infrastructure, processes and access to the requisite content for interactions with clients and claimants to be done virtually. Insurers that are using video solutions to fulfill these interactions will create more satisfied clients and claimants.

See also: Coronavirus: What Should Insurers Do?  

Prepare for post-COVID-19 times

Insurers need to be ready for the time the current global pathogen is contained (by vaccine or course of treatment) by:

• maintaining constant awareness of what events, even events that seem outlandish, could shred the firm’s connections
• considering if it is possible to (profitably) offer new insurance covers to mitigate the risk of pathogens (even thought they are very low- frequency and very high-severity events) beyond business interruption or cancellation insurance
• creating analytical templates of “density of risk” territory profiles that illustrate the distribution of client ages and the distribution of clients' chronic conditions and diseases in each territory where the firm has insurance clients.

What else would you suggest for insurers to do both during this current pathogen crisis and for the time after COVID-19 is resolved?

We are all familiar with the concept of nurse triage to help manage work-related injuries. A new telemedicine concept, doctor triage, takes the idea to the next level.

The telemedicine approach reduces costs, increases flexibility for both doctors and patients and allows for consultations 24 hours a day. Patients speak with board-certified physicians who determine if self-care, emergency room or clinic visits are appropriate and do so more authoritatively than is possible with nurse triage. Early results from our own Doctor Now program find that 99% of the people who were recommended for self-care returned to work without additional treatment. Part of the reason appears to be that, among those who speak with a doctor, self-care recommendations are followed more often.

Doctor triage is part of the growing trend in enhancing telemedicine programs. The number of patients using telemedicine services increased to 7 million in 2018, up from less than 350,000 in 2013. In 2017, about 70% of employers offered telemedicine services as an employee benefit.

Telepresence combined with telemedicine creates saving not just in direct costs for treatment but also in indirect costs. In the U.S., the average total time for a medical visit is 121 minutes, with a minimum travel time of 37 minutes. The average clinic visit is 84 minutes, and the average emergency room visit is two hours, often extending well beyond. Most of the time is not spent with the physician but is spent waiting to see the doctor. By contrast, the average telemedicine visit takes 15 minutes (including wait time); the average time for a doctor triage call is less than 7 minutes.

Adults in the U.S. spent 1.1 billion hours of unnecessary time traveling and waiting for a doctor last year, resulting in additional costs of lost productivity and lost time from work.

Workers' comp is an area that still remains very much uncharted for telemedicine, and that needs to change. Our young Doctor Now virtual clinic shows the potential. Looking at recent doctor triage sessions: 61% of the calls were for self- care, and 99% of those callers agreed to the self- care and returned to work. Only one person was referred to the emergency room for chest pains. Others were referred to clinics for evaluation and treatment of eye injuries, fractures, lacerations, etc. All received appropriate care, and most returned to work in some capacity.  

The tele-triage approach is especially valuable for those who use our electrodiagnostic functional assessment (EFA). Employers use it to screen employees when they join a company, to establish an objective baseline on physical condition and abilities that can be used as the basis for comparison when an injury occurs -- the baseline and comparison let everyone see whether a work incident caused dysfunction, and the baseline provides a goal for treatment.

With EFA, a truck driver who feels he or she sustained a back at injury at work could simply pull to the side of the road and call the 24/7 clinic line. If no emergency care is needed, and there is a baseline EFA for the body part in question, the triage doctor can schedule a second EFA, sometimes for the same day. The triage doctor can also recommend self-care.

If there is no baseline EFA and there needs to be an additional evaluation outside of the triage, a virtual clinic evaluation can be arranged, typically within the hour. The individual can be seen while still at work or in the comfort of his or her home.

Virtual clinic visits offer the injured worker specific analysis; treatment often leads to full-duty release within four visits. Virtual clinic evaluations are typically $150 each. Therefore, with simple musculoskeletal disorders (MSD), a full-duty work release can be obtained for under $1,000, with no narcotics prescribed -- telemedicine doctors are not allowed to prescribe narcotics. This is truly a good outcome for everyone.

Even in a state where the employer must give the employee a panel of doctors to choose from, the virtual clinic is one option presented to the employee, along with other panel providers. Insurance carriers are embracing this concept and adding the specialized virtual clinic providers to their panel.

New telemedicine services improve outcomes for not only employees but employers. The return-to-work results and cost savings for employers are dramatic, but the outcome for workers is even better: improved quality of life.

In the insurance industry, documents represent the vital communications between the insurer and the insured, yet, for those who are blind or partially sighted, reading and understanding documents is difficult or impossible without the help of a sighted person or an assistive device. This may be especially true of websites and related digital communications channels, which are primarily visual media and often problematic for the 15% to 20% of the U.S. population that is blind or partially sighted, a number that is expected to increase with the aging baby boomer population. Given that they have global spending power of $6 trillion, according to the World Wide Web Consortium’s report “The Business Case for Digital Accessibility,” addressing this market is a business strategy well worth pursuing.

The U.S., Canada and other jurisdictions have enacted laws requiring documents, including those posted on websites, to be made accessible to those with visual impairments. Some of the most prominent legislation includes the Americans with Disabilities Act (ADA) of 1990 and the Rehabilitation Act of 1973, Sections 504 and 508 in the U.S., as well as the Accessibility for Ontarians with Disabilities Act (AODA) in Canada. Over recent years, there has been a 400% increase in demand letters to businesses and an annual 37% increase in Department of Justice (DOJ) lawsuits related to website accessibility. 

In October 2019, the U.S. Supreme Court sustained a lower court’s decision in a case brought by a blind individual who claimed discrimination when he was unable to order a pizza via the internet because he couldn’t read the restaurant’s website. Though the ruling was announced only a few months ago, it set a loud and clear precedent for the increasing number of lawsuits related to the accessibility of internet-based communications and transactions. If such a ruling can take place over something like eating pizza, imagine what we have to be concerned about in the insurance industry with its ever-growing body of regulations?

See also: The Best Boost to Customer Experience  

Privacy is also an important issue. When customers access sensitive personal information, such as their health records or policy documents, they should not have to ask someone they know to read a document to them or have a call center representative offer to read it over the phone. All customers want the ability to conduct their own affairs. Making your organization’s documents accessible shows respect for your customers’ privacy and desire for independence.

Options for making documents accessible

To truly meet the individual needs of visually impaired customers, employees and others, insurers may need the ability to produce documents in a variety of accessible formats, such as Braille, large print, e-text or audio formats made available online or produced on a CD. Most organizations work with a third-party provider for printed documents, using specialized software for creation of large print or Braille formats and mailing them to customers.

Accessible PDF and Accessible HTML are growing in popularity for making communications compliant and can be accessed through a website or web portal.

Developing a new website or reworking an existing one to make it accessible requires special knowledge and skills that can go beyond those of some website designers, possibly necessitating training or the use of consultants. For example, designers must familiarize themselves with the specific applicable industry standards. The World Wide Web Consortium (W3C) has established the primary international standard for accessibility on the web, called the Web Content Accessibility Guidelines (WCAG). WCAG 2.0, published in 2008, provides comprehensive guidelines regarding how to make a website accessible, including the documents accessed through it. The guidelines include four principles of web content accessibility: It must be perceivable, operable, understandable and robust.

The public-facing static documents that reside on your website will also need to be made into accessible formats. The initial conversion can be outsourced to organizations that can provide a fast and cost-effective migration. Tools and training can be employed to keep updated documents accessible as they are updated.

Transactional documents that are individually created and contain personal information can be set up manually with accessibility components when the document is created in its source composition software, as long as the software supports adding accessibility features. While this will normally make the document immediately accessible when output to a digital format such as Accessible PDF or HTML, it also has drawbacks in terms of the time and employee training required to do it, as well as increased storage costs. Making transactional documents accessible from the outset is challenging because few customer communications management (CCM) document composition software solutions can include accessibility components within documents and create WCAG-compliant documents.

See also: How to Improve the Customer Journey  

Because of these challenges, an automated, post-document-composition method of achieving document accessibility is often preferable. This approach makes it possible to enable content to be properly “tagged” for accessibility no matter what system was used to compose the document. When the conversion is executed during retrieval from the archive, it also significantly reduces the cost of archiving the large files that are created with accessible documents, because documents don’t need to be stored in their accessible form. Automation also avoids the delays involved if documents are made accessible only upon request.

Those companies understanding the ramifications of expensive fines and damaging publicity have been at the forefront of making their websites and digital documents accessible to all. They also understand that taking an aggressive approach to accessibility is more likely to gain and keep loyal customers within the growing population with vision loss. Individuals with or without vision loss will select the insurers they interact with based on how easy it is to work with them. Supporting this growing market is an investment in the future of your company.

The biggest data breaches, the ones hitting big businesses such as Target, Facebook and Marriott International, generate the headlines. But what surprises many is that small businesses are more likely to suffer data breaches than are the globe’s biggest companies.

So, cyber liability insurance is a must-have not just for giant corporations but also for small businesses. Insurers, then, need to promote this protection to the owners of medical offices, financial planning firms, hardware stores, grocery stores and any other small businesses in their communities. 

The numbers make the case

According to Verizon's 2019 Data Breach Investigations Report, 43% of cyber attacks target small businesses. This makes small businesses the most common target of these cyber crimes, according to Verizon. 

A survey released in October 2019 by the National Cyber Security Alliance found that 28% of small businesses experienced a data breach during the prior 12 months.

Even more worrying, the survey found that these data breaches can be devastating to small business owners. The alliance reported that 69% of small businesses suffering a data breach went offline for a time, while 37% experienced a financial loss. And in the worst cases? The Cyber Security Alliance found that 25% of small businesses had to file for bankruptcy protection after a data breach and that 10% went out of business. 

Those are serious numbers. 

See also: Why Buy Cyber and Privacy Liability. . .  

It’s not just outside attacks, either

Customer information isn't always stolen by outside hackers. Sometimes, employees make mistakes that expose financial or personal data.

How do workers cause breaches? Employees might accidentally send the financial information of a business’ customers to an incorrect email address. Another might lose a cell phone or laptop that contains the personal information of clients. A glitch in a company's computer systems might leave customers' information exposed.

This is important information for insurance professionals to share when they are making the case for cyber liability insurance. Otherwise, it becomes too easy for owners to think they can do without this insurance protection.

Costs matter

The cost of another annual premium is no inconsequential matter for owners. Running a small business is no easy task. Owners face intense competition for dollars, often from bigger rivals with larger budgets. They also must adapt to fickle customers who are constantly changing the way they shop. The rise of e-commerce has put a dent in the profits of many small businesses. The task of hiring employees who will remain loyal to the business and of following all local business regulations and permitting requirements can be costly challenges, too. 

Because of these financial challenges, owners are constantly looking for ways to trim their expenses.  

Fortunately, the cost of cyber liability insurance remains relatively affordable. A report by AdvisorSmith Solutions in 2019 said that the average yearly cost of cyber liability insurance for businesses in the U.S. came in at $1,501. This figure was for a business with a moderate risk of suffering a data breach that was paying for $1 million in liability coverage with a deductible of $10,000.   

Such small businesses in Michigan paid an average of $1,233 for a year of cyber liability insurance while those in California paid an average of $1,594.

The costs, then, of a cyber liability policy aren’t inconsequential. But they’re not high enough to outweigh the benefits businesses receive when investing in these policies.  

Selling the benefits

What are the main benefits that business owners get when investing in this insurance?  

The Insurance Information Institute says one of the most important is liability insurance. If a hacker breaks into a business' computer systems and steals the personal and financial information of its customers, these customers might file lawsuits. Cyber liability insurance will cover the costs that businesses incur when defending themselves.  

The costs of repairing damaged computer systems and recovering lost data can be high, too. 

Traveler's Insurance points to the costs of notifying customers that their information might have been stolen. Traveler's cyber liability insurance will reimburse businesses for this cost and for any other costs they might incur in answering consumers' questions regarding a breach. 

See also: How Data Breaches Affect More Than Cyberliability  

Nationwide offers three types of cyber insurance coverages, including coverage that reimburses businesses that pay for credit-monitoring services for consumers whose information has been exposed. This is an important coverage: Consumers today increasingly expect businesses to offer them this additional protection, and credit-monitoring services don't come free. 

What if a business must shut temporarily while recovering from a breach? Chubb Commercial Insurance advertises that its cyber liability policies provide business interruption protection, a payout to make up for the loss of income the business suffers if a breach should shut it down for several weeks or months.

A data breach can also cause serious damage to the reputation of a small business. Repairing that reputation, and making sure that customers come back, can be expensive. The Hartford advertises that its cyber liability insurance will help cover the costs that businesses incur when they hire a public relations team after a data breach. 

It's clear that data breaches aren’t going away. It’s equally clear that even small businesses need protection from this threat.

Incumbent insurers are facing headwinds in increasingly complex markets, with new distribution models and entrants coming from all corners of the world. Few incumbents have the overview of what’s happening and at what speed, and even fewer have action plans for the market changes.

Looking at the insurance industry players across the continents, they can be placed on the infamous S-curve as leaders, followers or laggards. The position can, and should, of course be seen in the context of the market the insurer is playing in as well as the product lines offered. Bear in mind that digitization and diminishing borders pose significant threats in terms of new distribution channels and business models adjusted to customer expectations and needs.

Uncumbent insurers are faced with three scenarios for their future that are vital to understand to decide the future strategy and direction of the company.

1. Out of business

The worst-case scenario happens when the insurer has been sustaining losses for too long and no longer can meet the requirements from insurance authorities. The insurer has to stop writing business and ultimately must close.

In most cases, the "out of business" future ends with the second scenario, an acquisition.

2. Acquisition target

Declining business and inability to stay competitive makes an insurer a great acquisition target, and combining two insurance portfolios is a great way to create a stronger company.

But that won’t last long. If two similar insurers are merging, chances are that the reasons they merged in the first place will prevail – the larger portfolio will enable the new company to reach out to new customers, but that does not necessarily change the overall competitiveness of the insurer in the longer run. So, the problem resurfaces over timem and the insurer starts losing business again – and becomes an acquisition target in itself. History repeats.

3. Re-invention

All insurers face the grim truth about losing market share caused by market developments, regardless of the current position on the S-curve. Even today’s leaders will be threatened by emerging business models and therefore need to focus on how to stay ahead. There’s a trap here: Leading companies can be complacent and not see or feel the need for change.

To stay as a leader – or to become one – the insurer must understand the current business environment and make a strategic decision on how and where to compete.

If the market isn't overly mature, the first steps to becoming a leader can be simple; matured markets require a more focused and specific market positioning and execution strategy.

In less mature markets, it could be possible to lead the industry simply by creating a leaner and more efficient insurer, offering fast turn-around times and lower prices, made possible by internal process optimizations.

See also: Innovation: ‘Where Do We Start?’  

This strategy would not work in mature markets, where optimized processes and partnerships are nothing more than a ticket to play. In these markets, the insurer needs to reinvent itself and define a new target operating model for the future.

Taking the rise of the mega-platforms and industry consolidation into consideration, there are basically six strategic options for the insurer to choose from:

• Technology provider, specialized in one or more of the core insurance processes, like claims systems, underwriting tools, customer relationship management, etc. They will provide an invaluable part of incumbent insurers’ value chain in the future – this is the position taken by most insurtechs; a recent study shows that only around 10% of insurtechs aim to challenge the insurers directly.
• Niche product provider, creating and selling a strong, very specialized product where sheer product expertise is the core competence of the insurer – this product can be sold directly or through insurance platforms and other platforms (e.g. insurance- on-demand products, home insurance through AirBnB, pay-as-you-go passenger protection through Uber, etc.).
• Boutique provider, creating products and services tailored for a specific segment and sold directly – e.g., personal insurance product suite for pilots sold through pilots’ associations. This is somewhat similar to the niche product provider, but the value provided from the boutique insurer is deep knowledge not only of a product but also of a target segment of users and their specific needs.
• Raw capacity provider, offering other insurers and startups insurance capacity – this is likely to be a future provider for the tech giants if they enter the personal insurance market. This strategy could be relevant for insurers that follow an acquisition strategy, buying insurers with stagnating or declining business, creating a larger capacity and thus staying relevant due to sheer size and pricing.
• Underwriting specialist for one or more products, based on high level of data analytics, usage of Internet of Things and artificial intelligence/machine learning – these specialists will provide their expertise to other insurers that are participating in the insurance platforms or as part of a boutique insurance solution.
• Platform provider, the “Uber of insurers,” connecting other insurers with a wide range of products to a large user base, thus establishing a strong distribution channel – this is the expected strategy of tech giants like Amazon or Google as they already have the user base, creating a very attractive platform for insurers to participate in. It's expected that very few insurers will have the size and investment appetite to create a platform insurer like, for example, PingAn has done

There are still many options for incumbent insurers to become leaders in their markets – and to conquer new ones. But one thing is for sure: If insurers don’t accept and understand the pace of market changes and what consequences they will have, insurers will move from leaders to followers to laggards – and then they’re out or being acquired.

Almost every insurer has an official list of risks, often referred to as a risk register. Maintaining a risk register is a basic step in managing risks, following risk identification, prioritization, assignment of risk owners and creation of mitigation plans. 

One problem with many risk registers is that they are filled with generic risks. Although these risks may be real ones for the company, their lack of specificity does not contribute to a true understanding of them in the necessary detail or to planning targeted mitigations for them. 

For example, a risk register might show a risk such as “premium receivables may be late, resulting in ‘over 90s’ or uncollectable premiums,” a risk that every insurer has to some degree. However, for the company in question the real risk is “underwriters may have too much discretion to change premium collection terms and conditions leading to ‘over 90s’ or uncollectable premium.” The generic version does not indicate the root cause of the risk and can lead to ineffective mitigation strategies.

Or, a risk register may show a risk as “difficulty in attracting talent for open positions” when the real risk is “social media and internet sites may not present the company in a good light, making it hard to attract talent.” By stating a generic risk, management does not have to admit what it may not want to acknowledge.

Yet another example is a risk register that has stated an IT risk as “too many legacy systems still exist, creating data and service issues,” when the actual risk is “the XYZ underwriting system is not adequately integrated with other systems to create accurate data and seamless processing or a competitive customer experiences.” Not naming the culprit system(s) omits the source and scope of the risk and not adding some modifiers to the effects of the risk omits the true nature of what is at stake if the risk is not addressed.

The more nebulously a risk is characterized, the less clear who should be the risk owner. Without a clear and appropriate risk owner, the greater the chance that the risk will not be adequately addressed.

Regardless of the category of risk, without specifics the entries in many risk registers seem more for external consumption than internal action. If the same list of risks could be adopted by any other insurer of the same size, age and business mix, then it is not fit for purpose for the insurer whose risks it is supposed to represent. It may be fine for an externally published list of risks to lack detail that could be considered proprietary, so long as it meets certain thresholds, but it is not fine for a list intended for internal use.

See also: Risks, Opportunities in the Next Wave  

Another big problem with risk registers is that many do not include the strategic risks the company needs to be concerned about. Strategic risks tend to stem from the vision, mission and goals of the company. A strategic risk might concern the lines of business written or the customer segments targeted or the geographic footprint. For example, a risk for a WC monoline insurer might be “premium volume may shrink significantly in the next five years due to robotics and AI reducing the size of the workforce.” A risk for an "internet only" insurer might be “there may be difficulty reaching sufficient scale because of the lack of barriers to entry by identical competitors and because some buyers will never buy over the internet. Such an insurer will also have a talent risk because of competition for IT talent across all insurers and industries.

Or, a risk for an insurer that has high concentrations in Cat-prone states might be: “Without further geographic expansion, the lack of diversification may hurt profitability significantly.”  

It is simply not common to see these types of strategic risks listed in the risk register. Yet, strategic risks tend to be the most existential of all risks. In the past, some large insurer failures stemmed from strategic risks not being addressed appropriately or at all. For example, risks associated with undisciplined growth or delayed reaction to underperforming books of business, which are strategic risks, have not been recognized by insurers, and such insurers have paid a steep price for that lack of recognition. 

An additional problem with risk registers is the mediocrity of the planned mitigations. A good risk register should minimally show: 1) the risk, 2) its ranking as to impact and likelihood, 3) the risk owner, 4) the planned mitigation and 5) the status of the mitigation efforts at each update of the register.

Undoubtedly, it is key to identify the risks, but identification and recording of the these does nothing to help to the organization unless there is adequate mitigation. Mitigation can take many forms: avoiding, transferring, minimizing or accepting the risk, albeit with a contingency. A planned mitigation that is too weak, too expensive versus the risk or too impossible to implement will not benefit the organization. Worse yet, an inadequate mitigation may allow the risk to grow while the board or senior management thinks it is being reduced.

The mitigations in the register should not be just a recounting of current controls or risk-reducing practices lessening; they should be innovative and robust tactics for attacking the risks.

Boards, senior management and chief risk officers should evaluate their risk registers based on these questions:

• To what extent are risks stated clearly and specifically?
• Are there risks included that are unique to the company?
• Based on how the risk is stated, is it clear who the risk owner should be?
• Based on how the risk is stated, does it help to pinpoint what type of mitigations are needed?
• To what extent are strategic risks included?
• Are there current or emerging strategic risks that are not included?
• Are the planned mitigations equal to the seriousness of the risks; i.e. are they sufficiently robust? 
• Is the cost of the planned mitigation in balance with the potential impact of the risk?   
• Are the planned mitigations attainable, implementable?
• Is the mitigation plan implementation on track?

Bottom line, a poorly constructed risk register points to a failure of the entire ERM process and practice. As an essential tool for managing risk across the enterprise, it reveals a lot about how well risk is being managed. Thus, the register can be a good indicator of the overall state of ERM in the organization.

When I worked at the Wall Street Journal, in the pre-internet days, we'd often see companies try to bury bad news by issuing a press release after the markets had closed and the ticker had shut down, right before a weekend—better yet, a long weekend. How much play would we give a days-old story that following Monday or Tuesday, even if that was the first time print readers would learn of it? 

Well, the reverse happened to Aon and Willis Towers Watson, which announced their $30 billion merger Monday, only to have it smothered by news of the biggest drop in the stock market since the 2008 financial crisis, amid continuing fears about the coronavirus and, for good measure, an oil price war between Russia and Saudi Arabia. 

Let's still spend a couple of minutes looking at the implications of the Aon takeover of Willis Towers Watson, because it pushes the industry in some important directions, including toward more advisory services and accelerated consolidation. There's even a coronavirus connection; the current global health crisis could amplify one of the major effects of the merger, in the middle market.

The most immediate effect will be on the brokerage world, where Aon and Marsh will individually be larger than the rest of the top 10 put together. (According to the Insurance Information Institute, Aon/Willis had $19.13 billion in revenue in 2018; Marsh, $16.84 billion; and the rest of the top 10—Gallagher, Hub, BB&T, Brown & Brown, Lockton, USI and Acrisure—totaled a combined $16.03 billion.) 

Aon/Willis will amp up competition because it will have broader scope than the companies did on their own and will put pressure on everyone to cut costs. Aon says it expects to take $800 million of annual costs out of the combined entity within three years, and that seems plausible. Research I did for a 2008 book, Billion Dollar Lessons, on what to learn from corporate catastrophes found that, while revenue synergies almost never pan out, the kinds of cost-cutting synergies posited by Aon routinely do for companies with similar businesses. Aon, smartly, says that, while it expects revenue synergies, it isn't baking any expectations into the numbers at this point. 

Customers should see a change, too, because the addition of Willis Towers Watson will accelerate Aon's recent push into advisory services. The first talk I did in front of an insurance audience was titled, "Whoever Sells the Least Insurance Will Win," so I applaud the thought that Aon/Willis may lead the brokerage industry to focus less on selling products and more on providing the informed counsel that clients want and need. 

Done right, this focus on advice could lead to the kind of self-reinforcing, information advantage that we see in Big Tech. Google isn't Google just because it's a great company. Google is Google because it established an advantage early on and kept building on it. Even though Microsoft spent billions of dollars trying to make its Bing search engine as good as Google, and may have briefly come close at the technical level, Google's search engine was still seeing 80% or more of the searches that people did, so it could keep learning faster than Bing about what people wanted, how they formed their questions, how they wanted answers formulated, etc. Amazon has the same advantage. It not only sees what you buy; it sees what you considered buying and set aside, what you bought from another vendor at a lower price or in a slightly different form, and so on. If Aon/Willis and Marsh can turn their advisory work into a similar sort of information advantage about what customers want, what they don't want, etc., then they can keep learning faster than smaller competitors. 

Attaining that sort of information advantage is by no means a done deal, but the issue is worth watching.

In any case, the effects of the merger may extend beyond brokers, customers and products/services and address a question that has puzzled me since I got involved with Insurance Thought Leadership back in 2013: Why are there thousands of insurance companies? 

When I chatted with my old ITL colleague Wayne Allen after the merger announcement, he predicted that the increased bargaining power for brokers would bring about a major consolidation among insurers. He said Aon has already been reducing the number of insurers that it works with, as it rationalizes working arrangements across the sprawling business in a "one firm" initiative it calls Aon United. Wayne, now a principal with IE Advisory, says Aon seems to be heading toward an 80/20 rule and will surely apply that as it incorporates the Willis Towers Watson business—great if you qualify in that top 20% in Aon/Willis' view, but not so great if you fall into the 80% according to a company that controls so much of the brokerage business. 

Wayne speculated that the balance of power will shift so much to the brokers and to their big corporate clients—bigger, in many cases, than the carriers serving them—that insurers increasingly will just be viewed as a source of capital. The brokers and corporate clients will lay out a risk management plan, then decide where to line up any capital needed to support that plan, in Wayne's view.

Again, far from a done deal, but perhaps worth a thought or two if you work at an insurer that isn't clearly an industry leader....

Wayne also offered an intriguing idea about the middle market that gets me back to my statement about the effect of the coronavirus. He predicts that the accelerated advisory push and the increased power of the biggest brokers will put all kinds of business up for grabs by reorienting the insurance industry's approach to mid-sized firms from horizontal to vertical. In other words, rather than thinking horizontally, in terms of transportation businesses or manufacturers of a certain size, brokers will help their large clients drill vertically down into their supply chains to manage risk as thoroughly as possible.

The fact that the coronavirus emerged out of nowhere and in slightly more than three months not only has disrupted supply chains even at world-class companies like Apple but also threatens to stall major economies underscores the need for more focus on supply chains and on resilience. (And the math of epidemics suggests the problem will get far worse before it gets better; if you really want to scare yourself, read through this Twitter stream on how the numbers might unfold.) So, mid-sized companies can expect to have more insurance and risk management requirements placed on them by the large corporations they supply.

And guess who increasingly will be advising those mid-sized companies, on behalf of their large customers?

If you're not one of the Big 2 brokers, you might want to start thinking about how to keep those mid-sized customers.

Cheers,

Paul Carroll
Editor-in-Chief

As if insuring multi-family housing weren’t already unpredictable enough, some states are adding layers of regulation around issues like sexual harassment that pose new risks to property managers and their insurance providers.  

In the past year, three states — New York, Connecticut and Illinois — have passed significant sexual harassment legislation that reduces the threshold for illegal behavior and increases employer liability. 

Other states are stepping in with their laws on issues like fair housing, rent control and marijuana, creating a fragmented regulatory landscape that complicates the risk assessment for property owners.

The cost of poor compliance can be very high. Since 2017, the U.S. Department of Justice has filed or settled 14 cases of sexual harassment in housing, resulting in $1.6 million paid out to victims. But just looking at federal action significantly understates the financial impact of #MeToo and sexual harassment liability. These cases are the tip of an iceberg that includes litigation most typically handled through civil suits with employees or residents bringing claims, and whose cost in terms of legal fees and judgments remains confidential.

There’s a tremendous opportunity for insurers that can adapt their products to changes in the market and work with property managers to understand their risks and train their employees accordingly. 

New sexual harassment laws

While the same social forces born from the #MeToo movement have spurred a number of state legislatures to take up new sexual harassment laws, each state is developing unique legislation with unique demands on employers. 

With a new law in New York, harassment does not need to meet a severity standard to be prosecuted, and employers will be liable for harassment even if an employee did not follow the employer’s complaint procedure. 

In Connecticut, new provisions went into effect last October. Now, virtually all Connecticut employers must provide two hours of sexual harassment training to all employees, and supervisors must also receive training.

See also: How to Cut Insurers’ Legal Costs  

In Illinois, all employers must provide sexual harassment training to all employees each year. As in New York, the new law protects not just employees but also independent contractors from harassment and discrimination.

In each case, these states are stepping beyond federal law, both in terms of consequences for companies and in making employers liable when bad things happen under their watch. 

Designing solutions

Insuring multi-family housing is fundamentally complicated. It’s an area where issues associated with the workplace and home overlap — not to mention the challenges of affordable housing, income inequality and threats from the outside, like natural disasters and active shooters. 

But complicated doesn’t mean impossible, and there’s a tremendous opportunity for insurers that can quickly respond to emerging trends, adjust to their risk assessments and work with property managers to adapt on the ground. 

Too often, property managers are caught in a cycle of playing defense when it comes to new insurance or regulatory risks. Rather than responding to lawsuits or waiting for laws to change, executives in this unique market need to see what’s coming before they are forced to respond to it. For issues like sexual harassment, this means integrating agile training systems that are instantly updated based on the emerging threats and expectations. 

Insurers can help create the tools — and, thanks to their intimate and expansive view of the market, collect the data — that allows property managers to see what’s coming and respond to it, before it becomes a costly transgression or drive-by lawsuit. 

The claims intake process is a powerful tool in collecting data on emerging risks. Taken in aggregate, this information can then be presented to property managers as a sort of real-time risk analysis. Paired with agile training systems, this data empowers property managers and their employees to be prepared for the coming threats, rather than react to them. 

Insurers that embrace the unique challenges of multi-family housing — and form dynamic, data-based partnerships with the managers of those properties — will not only mitigate the emerging risks, they will make these homes safer and more secure places to live and work.

Most people buy single insurance products, mainly auto. For them insurance is a set-it-up-and-forget-about-it problem. They want to spend as little time as possible thinking about their car insurance. In fact, 90% of insurers worldwide can go a full year without communicating with customers.  

The story changes a bit as customers get older. They get married and maybe buy another car. They buy a house and need homeowners insurance. Maybe they have children and start to think more seriously about life insurance and disability. People in the second half of their lives spend a lot more time considering insurance.

A first-time insurance buyer’s experience might be radically different from that in other industries like e-commerce, where the majority of customers make at least three visits to a site before purchasing. But, given how valuable a life-long customer is to an insurance company, getting the first-time experience right for the customer could make a difference of tens of thousands of dollars over their lifespan.

Although customers interact with insurance companies much less than with their favorite retail brands, customers still expect the same high standard of experience across the board.

You may only get one chance to talk to your customers, and it’s likely they need something, and fast. No one is casually browsing GEICO or Allstate to waste time at work. It is critical that the information put in front of the consumer is relevant, contextual and useful. A personal experience can make all the difference here.

See also: Bold Prediction on Customer Experience  

Use these three tips to make sure you’re prepared with answers when customers open the app, call the support center or search the site. 

Ditch the Jargon

What do you call that one form? With the numbers? Something about claims?

Your customers aren’t insurance experts. Making search too literal can make it difficult for customers to find what they’re looking for. Track how customers are articulating their needs in the search bar and reflect that language in your search results to save them time. And to save your customer support center from a frustrated phone call. 

Know When to Sell and When to Service

A customer who just purchased a hefty renter’s insurance policy, bundled with auto and life, is probably not trying to purchase that bundle again. If the person comes to the site and searches, he's probably looking for help or for policy records. Search results should reflect each customer's unique journey and provide an FAQ or links to access the account, not the best deal for new customers. Use a recommendation engine and apply machine learning in the form of personalized offers to put new and relevant information in front of existing customers.

Don’t Put All Your Eggs in the Chatbot Basket

AI-powered virtual assistants are a great way to help customers help themselves. But beware: Bots are still learning. Forrester cites USAA as a great example of combining the power of a virtual agent with the option for speaking with someone. “Customers can still reach a human associate when the virtual assistant does not understand the question, avoiding dead ends that lead customers to abandon their sessions in the app.” (Forrester Research, Inc., Simplify Insurance Customer Journeys by Improving Search, 2019).

See also: 8 Key Changes for Customer Experience  

As an insurance company, you only have a few chances to delight customers. Be sure the digital experience across mobile and online channels leads them to the products, documents and support they need.