The biggest data breaches, the ones hitting big businesses such as Target, Facebook and Marriott International, generate the headlines. But what surprises many is that small businesses are more likely to suffer data breaches than are the globe’s biggest companies.

So, cyber liability insurance is a must-have not just for giant corporations but also for small businesses. Insurers, then, need to promote this protection to the owners of medical offices, financial planning firms, hardware stores, grocery stores and any other small businesses in their communities. 

The numbers make the case

According to Verizon's 2019 Data Breach Investigations Report, 43% of cyber attacks target small businesses. This makes small businesses the most common target of these cyber crimes, according to Verizon. 

A survey released in October 2019 by the National Cyber Security Alliance found that 28% of small businesses experienced a data breach during the prior 12 months.

Even more worrying, the survey found that these data breaches can be devastating to small business owners. The alliance reported that 69% of small businesses suffering a data breach went offline for a time, while 37% experienced a financial loss. And in the worst cases? The Cyber Security Alliance found that 25% of small businesses had to file for bankruptcy protection after a data breach and that 10% went out of business. 

Those are serious numbers. 

See also: Why Buy Cyber and Privacy Liability. . .  

It’s not just outside attacks, either

Customer information isn't always stolen by outside hackers. Sometimes, employees make mistakes that expose financial or personal data.

How do workers cause breaches? Employees might accidentally send the financial information of a business’ customers to an incorrect email address. Another might lose a cell phone or laptop that contains the personal information of clients. A glitch in a company's computer systems might leave customers' information exposed.

This is important information for insurance professionals to share when they are making the case for cyber liability insurance. Otherwise, it becomes too easy for owners to think they can do without this insurance protection.

Costs matter

The cost of another annual premium is no inconsequential matter for owners. Running a small business is no easy task. Owners face intense competition for dollars, often from bigger rivals with larger budgets. They also must adapt to fickle customers who are constantly changing the way they shop. The rise of e-commerce has put a dent in the profits of many small businesses. The task of hiring employees who will remain loyal to the business and of following all local business regulations and permitting requirements can be costly challenges, too. 

Because of these financial challenges, owners are constantly looking for ways to trim their expenses.  

Fortunately, the cost of cyber liability insurance remains relatively affordable. A report by AdvisorSmith Solutions in 2019 said that the average yearly cost of cyber liability insurance for businesses in the U.S. came in at $1,501. This figure was for a business with a moderate risk of suffering a data breach that was paying for $1 million in liability coverage with a deductible of $10,000.   

Such small businesses in Michigan paid an average of $1,233 for a year of cyber liability insurance while those in California paid an average of $1,594.

The costs, then, of a cyber liability policy aren’t inconsequential. But they’re not high enough to outweigh the benefits businesses receive when investing in these policies.  

Selling the benefits

What are the main benefits that business owners get when investing in this insurance?  

The Insurance Information Institute says one of the most important is liability insurance. If a hacker breaks into a business' computer systems and steals the personal and financial information of its customers, these customers might file lawsuits. Cyber liability insurance will cover the costs that businesses incur when defending themselves.  

The costs of repairing damaged computer systems and recovering lost data can be high, too. 

Traveler's Insurance points to the costs of notifying customers that their information might have been stolen. Traveler's cyber liability insurance will reimburse businesses for this cost and for any other costs they might incur in answering consumers' questions regarding a breach. 

See also: How Data Breaches Affect More Than Cyberliability  

Nationwide offers three types of cyber insurance coverages, including coverage that reimburses businesses that pay for credit-monitoring services for consumers whose information has been exposed. This is an important coverage: Consumers today increasingly expect businesses to offer them this additional protection, and credit-monitoring services don't come free. 

What if a business must shut temporarily while recovering from a breach? Chubb Commercial Insurance advertises that its cyber liability policies provide business interruption protection, a payout to make up for the loss of income the business suffers if a breach should shut it down for several weeks or months.

A data breach can also cause serious damage to the reputation of a small business. Repairing that reputation, and making sure that customers come back, can be expensive. The Hartford advertises that its cyber liability insurance will help cover the costs that businesses incur when they hire a public relations team after a data breach. 

It's clear that data breaches aren’t going away. It’s equally clear that even small businesses need protection from this threat.

Incumbent insurers are facing headwinds in increasingly complex markets, with new distribution models and entrants coming from all corners of the world. Few incumbents have the overview of what’s happening and at what speed, and even fewer have action plans for the market changes.

Looking at the insurance industry players across the continents, they can be placed on the infamous S-curve as leaders, followers or laggards. The position can, and should, of course be seen in the context of the market the insurer is playing in as well as the product lines offered. Bear in mind that digitization and diminishing borders pose significant threats in terms of new distribution channels and business models adjusted to customer expectations and needs.

Uncumbent insurers are faced with three scenarios for their future that are vital to understand to decide the future strategy and direction of the company.

1. Out of business

The worst-case scenario happens when the insurer has been sustaining losses for too long and no longer can meet the requirements from insurance authorities. The insurer has to stop writing business and ultimately must close.

In most cases, the "out of business" future ends with the second scenario, an acquisition.

2. Acquisition target

Declining business and inability to stay competitive makes an insurer a great acquisition target, and combining two insurance portfolios is a great way to create a stronger company.

But that won’t last long. If two similar insurers are merging, chances are that the reasons they merged in the first place will prevail – the larger portfolio will enable the new company to reach out to new customers, but that does not necessarily change the overall competitiveness of the insurer in the longer run. So, the problem resurfaces over timem and the insurer starts losing business again – and becomes an acquisition target in itself. History repeats.

3. Re-invention

All insurers face the grim truth about losing market share caused by market developments, regardless of the current position on the S-curve. Even today’s leaders will be threatened by emerging business models and therefore need to focus on how to stay ahead. There’s a trap here: Leading companies can be complacent and not see or feel the need for change.

To stay as a leader – or to become one – the insurer must understand the current business environment and make a strategic decision on how and where to compete.

If the market isn't overly mature, the first steps to becoming a leader can be simple; matured markets require a more focused and specific market positioning and execution strategy.

In less mature markets, it could be possible to lead the industry simply by creating a leaner and more efficient insurer, offering fast turn-around times and lower prices, made possible by internal process optimizations.

See also: Innovation: ‘Where Do We Start?’  

This strategy would not work in mature markets, where optimized processes and partnerships are nothing more than a ticket to play. In these markets, the insurer needs to reinvent itself and define a new target operating model for the future.

Taking the rise of the mega-platforms and industry consolidation into consideration, there are basically six strategic options for the insurer to choose from:

• Technology provider, specialized in one or more of the core insurance processes, like claims systems, underwriting tools, customer relationship management, etc. They will provide an invaluable part of incumbent insurers’ value chain in the future – this is the position taken by most insurtechs; a recent study shows that only around 10% of insurtechs aim to challenge the insurers directly.
• Niche product provider, creating and selling a strong, very specialized product where sheer product expertise is the core competence of the insurer – this product can be sold directly or through insurance platforms and other platforms (e.g. insurance- on-demand products, home insurance through AirBnB, pay-as-you-go passenger protection through Uber, etc.).
• Boutique provider, creating products and services tailored for a specific segment and sold directly – e.g., personal insurance product suite for pilots sold through pilots’ associations. This is somewhat similar to the niche product provider, but the value provided from the boutique insurer is deep knowledge not only of a product but also of a target segment of users and their specific needs.
• Raw capacity provider, offering other insurers and startups insurance capacity – this is likely to be a future provider for the tech giants if they enter the personal insurance market. This strategy could be relevant for insurers that follow an acquisition strategy, buying insurers with stagnating or declining business, creating a larger capacity and thus staying relevant due to sheer size and pricing.
• Underwriting specialist for one or more products, based on high level of data analytics, usage of Internet of Things and artificial intelligence/machine learning – these specialists will provide their expertise to other insurers that are participating in the insurance platforms or as part of a boutique insurance solution.
• Platform provider, the “Uber of insurers,” connecting other insurers with a wide range of products to a large user base, thus establishing a strong distribution channel – this is the expected strategy of tech giants like Amazon or Google as they already have the user base, creating a very attractive platform for insurers to participate in. It's expected that very few insurers will have the size and investment appetite to create a platform insurer like, for example, PingAn has done

There are still many options for incumbent insurers to become leaders in their markets – and to conquer new ones. But one thing is for sure: If insurers don’t accept and understand the pace of market changes and what consequences they will have, insurers will move from leaders to followers to laggards – and then they’re out or being acquired.

Almost every insurer has an official list of risks, often referred to as a risk register. Maintaining a risk register is a basic step in managing risks, following risk identification, prioritization, assignment of risk owners and creation of mitigation plans. 

One problem with many risk registers is that they are filled with generic risks. Although these risks may be real ones for the company, their lack of specificity does not contribute to a true understanding of them in the necessary detail or to planning targeted mitigations for them. 

For example, a risk register might show a risk such as “premium receivables may be late, resulting in ‘over 90s’ or uncollectable premiums,” a risk that every insurer has to some degree. However, for the company in question the real risk is “underwriters may have too much discretion to change premium collection terms and conditions leading to ‘over 90s’ or uncollectable premium.” The generic version does not indicate the root cause of the risk and can lead to ineffective mitigation strategies.

Or, a risk register may show a risk as “difficulty in attracting talent for open positions” when the real risk is “social media and internet sites may not present the company in a good light, making it hard to attract talent.” By stating a generic risk, management does not have to admit what it may not want to acknowledge.

Yet another example is a risk register that has stated an IT risk as “too many legacy systems still exist, creating data and service issues,” when the actual risk is “the XYZ underwriting system is not adequately integrated with other systems to create accurate data and seamless processing or a competitive customer experiences.” Not naming the culprit system(s) omits the source and scope of the risk and not adding some modifiers to the effects of the risk omits the true nature of what is at stake if the risk is not addressed.

The more nebulously a risk is characterized, the less clear who should be the risk owner. Without a clear and appropriate risk owner, the greater the chance that the risk will not be adequately addressed.

Regardless of the category of risk, without specifics the entries in many risk registers seem more for external consumption than internal action. If the same list of risks could be adopted by any other insurer of the same size, age and business mix, then it is not fit for purpose for the insurer whose risks it is supposed to represent. It may be fine for an externally published list of risks to lack detail that could be considered proprietary, so long as it meets certain thresholds, but it is not fine for a list intended for internal use.

See also: Risks, Opportunities in the Next Wave  

Another big problem with risk registers is that many do not include the strategic risks the company needs to be concerned about. Strategic risks tend to stem from the vision, mission and goals of the company. A strategic risk might concern the lines of business written or the customer segments targeted or the geographic footprint. For example, a risk for a WC monoline insurer might be “premium volume may shrink significantly in the next five years due to robotics and AI reducing the size of the workforce.” A risk for an "internet only" insurer might be “there may be difficulty reaching sufficient scale because of the lack of barriers to entry by identical competitors and because some buyers will never buy over the internet. Such an insurer will also have a talent risk because of competition for IT talent across all insurers and industries.

Or, a risk for an insurer that has high concentrations in Cat-prone states might be: “Without further geographic expansion, the lack of diversification may hurt profitability significantly.”  

It is simply not common to see these types of strategic risks listed in the risk register. Yet, strategic risks tend to be the most existential of all risks. In the past, some large insurer failures stemmed from strategic risks not being addressed appropriately or at all. For example, risks associated with undisciplined growth or delayed reaction to underperforming books of business, which are strategic risks, have not been recognized by insurers, and such insurers have paid a steep price for that lack of recognition. 

An additional problem with risk registers is the mediocrity of the planned mitigations. A good risk register should minimally show: 1) the risk, 2) its ranking as to impact and likelihood, 3) the risk owner, 4) the planned mitigation and 5) the status of the mitigation efforts at each update of the register.

Undoubtedly, it is key to identify the risks, but identification and recording of the these does nothing to help to the organization unless there is adequate mitigation. Mitigation can take many forms: avoiding, transferring, minimizing or accepting the risk, albeit with a contingency. A planned mitigation that is too weak, too expensive versus the risk or too impossible to implement will not benefit the organization. Worse yet, an inadequate mitigation may allow the risk to grow while the board or senior management thinks it is being reduced.

The mitigations in the register should not be just a recounting of current controls or risk-reducing practices lessening; they should be innovative and robust tactics for attacking the risks.

Boards, senior management and chief risk officers should evaluate their risk registers based on these questions:

• To what extent are risks stated clearly and specifically?
• Are there risks included that are unique to the company?
• Based on how the risk is stated, is it clear who the risk owner should be?
• Based on how the risk is stated, does it help to pinpoint what type of mitigations are needed?
• To what extent are strategic risks included?
• Are there current or emerging strategic risks that are not included?
• Are the planned mitigations equal to the seriousness of the risks; i.e. are they sufficiently robust? 
• Is the cost of the planned mitigation in balance with the potential impact of the risk?   
• Are the planned mitigations attainable, implementable?
• Is the mitigation plan implementation on track?

Bottom line, a poorly constructed risk register points to a failure of the entire ERM process and practice. As an essential tool for managing risk across the enterprise, it reveals a lot about how well risk is being managed. Thus, the register can be a good indicator of the overall state of ERM in the organization.

When I worked at the Wall Street Journal, in the pre-internet days, we'd often see companies try to bury bad news by issuing a press release after the markets had closed and the ticker had shut down, right before a weekend—better yet, a long weekend. How much play would we give a days-old story that following Monday or Tuesday, even if that was the first time print readers would learn of it? 

Well, the reverse happened to Aon and Willis Towers Watson, which announced their $30 billion merger Monday, only to have it smothered by news of the biggest drop in the stock market since the 2008 financial crisis, amid continuing fears about the coronavirus and, for good measure, an oil price war between Russia and Saudi Arabia. 

Let's still spend a couple of minutes looking at the implications of the Aon takeover of Willis Towers Watson, because it pushes the industry in some important directions, including toward more advisory services and accelerated consolidation. There's even a coronavirus connection; the current global health crisis could amplify one of the major effects of the merger, in the middle market.

The most immediate effect will be on the brokerage world, where Aon and Marsh will individually be larger than the rest of the top 10 put together. (According to the Insurance Information Institute, Aon/Willis had $19.13 billion in revenue in 2018; Marsh, $16.84 billion; and the rest of the top 10—Gallagher, Hub, BB&T, Brown & Brown, Lockton, USI and Acrisure—totaled a combined $16.03 billion.) 

Aon/Willis will amp up competition because it will have broader scope than the companies did on their own and will put pressure on everyone to cut costs. Aon says it expects to take $800 million of annual costs out of the combined entity within three years, and that seems plausible. Research I did for a 2008 book, Billion Dollar Lessons, on what to learn from corporate catastrophes found that, while revenue synergies almost never pan out, the kinds of cost-cutting synergies posited by Aon routinely do for companies with similar businesses. Aon, smartly, says that, while it expects revenue synergies, it isn't baking any expectations into the numbers at this point. 

Customers should see a change, too, because the addition of Willis Towers Watson will accelerate Aon's recent push into advisory services. The first talk I did in front of an insurance audience was titled, "Whoever Sells the Least Insurance Will Win," so I applaud the thought that Aon/Willis may lead the brokerage industry to focus less on selling products and more on providing the informed counsel that clients want and need. 

Done right, this focus on advice could lead to the kind of self-reinforcing, information advantage that we see in Big Tech. Google isn't Google just because it's a great company. Google is Google because it established an advantage early on and kept building on it. Even though Microsoft spent billions of dollars trying to make its Bing search engine as good as Google, and may have briefly come close at the technical level, Google's search engine was still seeing 80% or more of the searches that people did, so it could keep learning faster than Bing about what people wanted, how they formed their questions, how they wanted answers formulated, etc. Amazon has the same advantage. It not only sees what you buy; it sees what you considered buying and set aside, what you bought from another vendor at a lower price or in a slightly different form, and so on. If Aon/Willis and Marsh can turn their advisory work into a similar sort of information advantage about what customers want, what they don't want, etc., then they can keep learning faster than smaller competitors. 

Attaining that sort of information advantage is by no means a done deal, but the issue is worth watching.

In any case, the effects of the merger may extend beyond brokers, customers and products/services and address a question that has puzzled me since I got involved with Insurance Thought Leadership back in 2013: Why are there thousands of insurance companies? 

When I chatted with my old ITL colleague Wayne Allen after the merger announcement, he predicted that the increased bargaining power for brokers would bring about a major consolidation among insurers. He said Aon has already been reducing the number of insurers that it works with, as it rationalizes working arrangements across the sprawling business in a "one firm" initiative it calls Aon United. Wayne, now a principal with IE Advisory, says Aon seems to be heading toward an 80/20 rule and will surely apply that as it incorporates the Willis Towers Watson business—great if you qualify in that top 20% in Aon/Willis' view, but not so great if you fall into the 80% according to a company that controls so much of the brokerage business. 

Wayne speculated that the balance of power will shift so much to the brokers and to their big corporate clients—bigger, in many cases, than the carriers serving them—that insurers increasingly will just be viewed as a source of capital. The brokers and corporate clients will lay out a risk management plan, then decide where to line up any capital needed to support that plan, in Wayne's view.

Again, far from a done deal, but perhaps worth a thought or two if you work at an insurer that isn't clearly an industry leader....

Wayne also offered an intriguing idea about the middle market that gets me back to my statement about the effect of the coronavirus. He predicts that the accelerated advisory push and the increased power of the biggest brokers will put all kinds of business up for grabs by reorienting the insurance industry's approach to mid-sized firms from horizontal to vertical. In other words, rather than thinking horizontally, in terms of transportation businesses or manufacturers of a certain size, brokers will help their large clients drill vertically down into their supply chains to manage risk as thoroughly as possible.

The fact that the coronavirus emerged out of nowhere and in slightly more than three months not only has disrupted supply chains even at world-class companies like Apple but also threatens to stall major economies underscores the need for more focus on supply chains and on resilience. (And the math of epidemics suggests the problem will get far worse before it gets better; if you really want to scare yourself, read through this Twitter stream on how the numbers might unfold.) So, mid-sized companies can expect to have more insurance and risk management requirements placed on them by the large corporations they supply.

And guess who increasingly will be advising those mid-sized companies, on behalf of their large customers?

If you're not one of the Big 2 brokers, you might want to start thinking about how to keep those mid-sized customers.

Cheers,

Paul Carroll
Editor-in-Chief

As if insuring multi-family housing weren’t already unpredictable enough, some states are adding layers of regulation around issues like sexual harassment that pose new risks to property managers and their insurance providers.  

In the past year, three states — New York, Connecticut and Illinois — have passed significant sexual harassment legislation that reduces the threshold for illegal behavior and increases employer liability. 

Other states are stepping in with their laws on issues like fair housing, rent control and marijuana, creating a fragmented regulatory landscape that complicates the risk assessment for property owners.

The cost of poor compliance can be very high. Since 2017, the U.S. Department of Justice has filed or settled 14 cases of sexual harassment in housing, resulting in $1.6 million paid out to victims. But just looking at federal action significantly understates the financial impact of #MeToo and sexual harassment liability. These cases are the tip of an iceberg that includes litigation most typically handled through civil suits with employees or residents bringing claims, and whose cost in terms of legal fees and judgments remains confidential.

There’s a tremendous opportunity for insurers that can adapt their products to changes in the market and work with property managers to understand their risks and train their employees accordingly. 

New sexual harassment laws

While the same social forces born from the #MeToo movement have spurred a number of state legislatures to take up new sexual harassment laws, each state is developing unique legislation with unique demands on employers. 

With a new law in New York, harassment does not need to meet a severity standard to be prosecuted, and employers will be liable for harassment even if an employee did not follow the employer’s complaint procedure. 

In Connecticut, new provisions went into effect last October. Now, virtually all Connecticut employers must provide two hours of sexual harassment training to all employees, and supervisors must also receive training.

See also: How to Cut Insurers’ Legal Costs  

In Illinois, all employers must provide sexual harassment training to all employees each year. As in New York, the new law protects not just employees but also independent contractors from harassment and discrimination.

In each case, these states are stepping beyond federal law, both in terms of consequences for companies and in making employers liable when bad things happen under their watch. 

Designing solutions

Insuring multi-family housing is fundamentally complicated. It’s an area where issues associated with the workplace and home overlap — not to mention the challenges of affordable housing, income inequality and threats from the outside, like natural disasters and active shooters. 

But complicated doesn’t mean impossible, and there’s a tremendous opportunity for insurers that can quickly respond to emerging trends, adjust to their risk assessments and work with property managers to adapt on the ground. 

Too often, property managers are caught in a cycle of playing defense when it comes to new insurance or regulatory risks. Rather than responding to lawsuits or waiting for laws to change, executives in this unique market need to see what’s coming before they are forced to respond to it. For issues like sexual harassment, this means integrating agile training systems that are instantly updated based on the emerging threats and expectations. 

Insurers can help create the tools — and, thanks to their intimate and expansive view of the market, collect the data — that allows property managers to see what’s coming and respond to it, before it becomes a costly transgression or drive-by lawsuit. 

The claims intake process is a powerful tool in collecting data on emerging risks. Taken in aggregate, this information can then be presented to property managers as a sort of real-time risk analysis. Paired with agile training systems, this data empowers property managers and their employees to be prepared for the coming threats, rather than react to them. 

Insurers that embrace the unique challenges of multi-family housing — and form dynamic, data-based partnerships with the managers of those properties — will not only mitigate the emerging risks, they will make these homes safer and more secure places to live and work.

Most people buy single insurance products, mainly auto. For them insurance is a set-it-up-and-forget-about-it problem. They want to spend as little time as possible thinking about their car insurance. In fact, 90% of insurers worldwide can go a full year without communicating with customers.  

The story changes a bit as customers get older. They get married and maybe buy another car. They buy a house and need homeowners insurance. Maybe they have children and start to think more seriously about life insurance and disability. People in the second half of their lives spend a lot more time considering insurance.

A first-time insurance buyer’s experience might be radically different from that in other industries like e-commerce, where the majority of customers make at least three visits to a site before purchasing. But, given how valuable a life-long customer is to an insurance company, getting the first-time experience right for the customer could make a difference of tens of thousands of dollars over their lifespan.

Although customers interact with insurance companies much less than with their favorite retail brands, customers still expect the same high standard of experience across the board.

You may only get one chance to talk to your customers, and it’s likely they need something, and fast. No one is casually browsing GEICO or Allstate to waste time at work. It is critical that the information put in front of the consumer is relevant, contextual and useful. A personal experience can make all the difference here.

See also: Bold Prediction on Customer Experience  

Use these three tips to make sure you’re prepared with answers when customers open the app, call the support center or search the site. 

Ditch the Jargon

What do you call that one form? With the numbers? Something about claims?

Your customers aren’t insurance experts. Making search too literal can make it difficult for customers to find what they’re looking for. Track how customers are articulating their needs in the search bar and reflect that language in your search results to save them time. And to save your customer support center from a frustrated phone call. 

Know When to Sell and When to Service

A customer who just purchased a hefty renter’s insurance policy, bundled with auto and life, is probably not trying to purchase that bundle again. If the person comes to the site and searches, he's probably looking for help or for policy records. Search results should reflect each customer's unique journey and provide an FAQ or links to access the account, not the best deal for new customers. Use a recommendation engine and apply machine learning in the form of personalized offers to put new and relevant information in front of existing customers.

Don’t Put All Your Eggs in the Chatbot Basket

AI-powered virtual assistants are a great way to help customers help themselves. But beware: Bots are still learning. Forrester cites USAA as a great example of combining the power of a virtual agent with the option for speaking with someone. “Customers can still reach a human associate when the virtual assistant does not understand the question, avoiding dead ends that lead customers to abandon their sessions in the app.” (Forrester Research, Inc., Simplify Insurance Customer Journeys by Improving Search, 2019).

See also: 8 Key Changes for Customer Experience  

As an insurance company, you only have a few chances to delight customers. Be sure the digital experience across mobile and online channels leads them to the products, documents and support they need.

Concern about the spread of the coronavirus has triggered the largest “work-from-home” mobilization in history. Here are practical steps that organizations can take to remain cyber resilient amid the crisis.

The outbreak of COVID-19 has caused significant disruption to businesses and a degree of panic within the employee community. Companies across Asia have activated contingency and business continuity plans and have allowed or instructed employees to work from home to limit the spread of the virus. In a new reality where millions of people are working remotely, secure networks are now more critical than ever. To remain operational and secure, Aon recommends that companies take the following steps:

Defend Against the Phishing Wave

Malicious actors will leverage the intense focus placed on the virus and the fear and panic it creates. Security researchers have already observed phishing emails posing as alerts regarding COVID-19. These emails will typically contain attachments that purport to offer information about the outbreak or updates on how recipients may stay safe. In an environment where people are stressed and hungry for more information, there is a lack of commitment to security best practices.

This is the time for organizations to remind employees of the need for vigilance and the dangers of opening attachments and links from untrusted sources. Running a simulated spear phishing campaign can also demonstrate the level of resilience to these attacks. At a more technical level, up-to-date antivirus and monitoring tools can limit the effectiveness of successful spear phishing attacks.

Test System Preparedness

Organizations will be experiencing an unprecedent amount of traffic accessing the network remotely. Companies with an agile workforce have been preparing for this contingency for some time and will be well-equipped to maintain network integrity through the use of sophisticated virtual private networks (VPNs) and multi-factor authentication. Enterprise security teams are recommended to increase monitoring for attacker activities deriving from work-from-home users, as employees’ personal computers are a weak point that attackers will leverage to gain access to corporate resources.

For those less prepared, COVID-19 presents a challenge. There is a risk that the increased volume of network traffic will strain IT systems and personnel and that employees will be accessing sensitive data and systems via unsecure networks or devices. We recommend that these organizations migrate as quickly as possible to remote working and bring-your-own-device (BYOD) standards. Virtual private networks (VPNs) should be patched regularly (for example, a vulnerability in the Pulse Secure VPN was patched in April 2019, but companies that failed to update were falling victim to ransomware in December), and networks should be load-tested to ensure that the increased traffic can be handled.

See also: Coronavirus: What Should Insurers Do?  

Brace for Disruption

A remote workforce can make it more difficult for IT staff to monitor and contain threats to network security. In an office environment, when a threat is detected, IT can immediately quarantine the device, disconnecting the endpoint (i.e., the compromised computer) from the corporate network while conducting investigations. Where users are working remotely, organizations should ensure that, to the extent possible, IT and security colleagues are readily contactable and ideally able to physically address a compromise at its source. Sophisticated endpoint detection and response (EDR) software can also be used to quarantine workstations remotely, limiting the potential for malicious actors to move through the network.

As this risk moves beyond the technical, companies should adopt
an enterprise risk approach. This can include rehearsing business continuity plans (BCP) and senior management response through tabletop crisis simulations that focus on cyber scenarios as well as how pandemics and other similarly disruptive events are likely to affect automation, connectivity and cyber resilience.

Companies can also safeguard against the increased risk of disruption through a robust cyber insurance policy that, in the event of a digital disruption to systems, can provide cover for business interruption losses, as well as the costs of engaging forensic experts to investigate and remediate a breach.

COVID-19 presents a range of challenges to businesses across Asia, but developments in technology since the SARS outbreak mean companies can remain operational and nimble in the face of uncertainty. Keeping one eye on the pervasive cyber threat in the midst of this crisis is critical to ensuring continuing success.

Money has been pouring into insurtechs, reaching a record of almost $2 billion in Q4 2019. Since 2018, investors have put more than $1 billion per quarter into companies seeking to shake up the industry. Not a single market segment has been untouched.

In 2020, the focus will be on innovating with insurtechs that enable incumbents. One report found that 96% of insurers said that they wanted to collaborate with insurtech firms in some way. Those surveyed favored partnerships and the software as a service (SaaS) approach to developing new solutions. There’s a rapidly growing list of insurer and insurtech partnerships.

See also: An Insurtech Reality Check  

Insurtechs are developing to solve niche problems, and most aren’t aiming to tackle every vertical or every phase of the process. We all know the saying, jack of all trades, master of none. Insurtechs are focused on being the master at very specific parts of the value chain. Allianz has partnered with Flock, an insurtech startup offering pay-per-flight drone insurance; Aviva partnered with Digital Risks in the U.K. to develop insurance for startups and small and medium-sized enterprises (SMEs); and State Farm partnered with Cambridge Mobile Telematics to deliver usage-based insurance to drivers in the U.S.

One big driver of these partnerships is the inability of one company to do everything at once. Synergies can be realized when combining complementary skills. In Germany, Generali formed a partnership with Nest to offer homeowners insurance that leverages Nest’s smart home technology. Nest’s technology detects smoke and carbon monoxide and sends alerts to customer’s phones, reducing the risk for the insurer. Nationwide’s partnership with sure.com allows it to sell renters insurance through an app; Nationwide is still handing the underwriting and policy management separately. 

More and more, incumbents are working with several insurtechs that integrate to bring change to every aspect of the industry. 

Insurtechs bring the speed, agility and technological skills that incumbents need.

As Deloitte’s 2020 Insurance Outlook pointed out, “Despite some attempts to upgrade legacy marketing and distribution systems… carriers continue to struggle to drive more effective connections with consumers accustomed to online shopping and self-service.” Trying to bring legacy systems into the current age of digitization simply isn’t working, and, if incumbents try to build in-house, they face a longer time to market and higher costs.

Partnering with an insurtech company allows incumbents to quickly bridge the innovation gap, where technology changes faster than their ability to keep up. The estimated timeframe to develop solutions in-house is around 18 months, whereas you can be up and running in as little as three months if you partner with an insurtech. Moreover, incumbents that partner can respond more quickly to changing customer demands and lessen their risk of losing market share to a competitor. 

See also: How Tech Makes Sector Safer, Smarter  

For their part, insurtechs have realized that seeking to disrupt and replace incumbents can be too costly. To run a successful insurance company, you need significant capital, which is difficult for startups to raise. The insurance industry is also regulation-heavy, making it difficult for newcomers to find a place. Startups struggle to access the complex networks that support insurers. The industry presents too many barriers to independent disruption, but partnership benefits everyone involved.

Insurers are ready to innovate and have the data and distribution networks to support large-scale rollouts. Insurtechs have the technology and the agility to come into a large organization in the midst of change, work with its legacy systems, partner with insurtechs solving other problems in the supply chain and provide immediate value in moving them into the digital world. Both sides of the equation are ready and willing to realize the benefits of working together.

From one way of looking at it, the big carriers are caught in the middle, between the providers that aggressively raise their prices each year and the employers or individuals who are starting to realize that there’s no bottom to the pit into which they throw their premiums and deductibles each year.

On the other hand, no one in the U.S. healthcare system has been better-positioned to use their combined purchasing power to force delivery organizations to finally focus on the value of the services they provide than those same large carriers. Yet, over and over, they’ve been happy to pass those escalating prices on to the people paying their premiums – with just enough of a markup to ensure their own profits aren’t at risk.

Part of problem is semantics. As Vitalware CEO Kerry Martin recently said, there is an important difference between healthcare “costs”/“charges” and healthcare “prices,” but the lines between them are often blurred. People say, “healthcare costs are increasing” when it’s more accurate to say “healthcare prices are increasing.”

Think of it this way: Healthcare costs are what it costs hospitals to perform certain services. These haven’t really gone up over the years, evidenced by the fact that cash prices – what people who forgo insurance and choose to self-pay – have seen few fluctuations.

What has gone up are the prices that carriers negotiate off those costs/charges to turn a profit. Prices are increasing, with no added benefit to beneficiaries. Perhaps, health benefits should be renamed health detriments. 

It’s a broken system, ripe for disruption by upstarts that can attack the areas of biggest waste, while the incumbents focus on protecting their legacy service bundles.

A recent JAMA study pinpoints those areas with the greatest opportunity for change. The greatest source of wasteful healthcare spending, accounting for $265.6 billion of the estimated $760 billion to $935 billion industry total, came from administrative complexity, defined as “waste that comes when government, accreditation agencies, payers and others create misguided rules.” Complexity by design is the root cause. Thomas Sowell put it well, “People who pride themselves on their ‘complexity’ and deride others for being ‘simplistic’ should realize that the truth is often not very complicated. What gets complex is evading the truth.” 

The second-greatest source of waste, accounting for between $230.7 billion and $240.5 billion, the authors identify as pricing failure, or “waste that comes as prices migrate far from those expected in well-functioning markets, that is, the actual cost of production plus a fair profit.” Essentially, this is waste that comes from the cost versus price loophole carriers, and hospital executes have historically taken advantage with a devastating impact on the working and middle class. There is no bigger contributor to 20 years of wage stagnation and decline than hospital profiteering. 

See also: Pricing Right in Life Insurance  

This gap, historically too opaque for consumers to notice, is now quite salient, thanks to all the news coverage that surprise medical billing got in 2019. Many informed consumers are no longer afraid to give their medical bills a long and hard review, questioning not only why they would pay an arbitrary price, but also the quality of care they’re buying. They’re aware that, despite the high prices they may be paying, there’s often little return on their healthcare investment, and as a result are becoming pickier and picker about the providers they choose.

Some in high-deductible health plans are even going so far as to research what their providers’ cash prices are, and if they’re less than what they’d pay prior to hitting their deductible, are making the conscious decision to ignore insurance. That can be a smart approach.

If carriers don’t change, it’s likely government will soon change them. The Centers for Medicare and Medicaid Services’ (CMS) hospital price transparency final rule, which would require hospitals to “establish, update and make public a list of their standard charges for the items and services that they provide,” comes into effect this time next year. Carriers can continue to keep the prices they negotiate with hospitals secret for now, but not forever.

Being upfront and transparent about how and why they’ve come to agree on certain prices for certain services or procedures isn’t just the right thing to do, it’s the inevitable. And those that get a head start on that now will be the ones to have a leg up on their competitors in the not-too-distant future.

 

Life insurance is a dichotomy: decades-long customer relationships, but products in a continual state of change. As companies evolve, active sales of specific products are often discontinued due to underperformance or corporate shifts in strategy, although many of the policyholders are still very much alive.

As a result, insurers have to dedicate time and resources to servicing these discontinued products, also known as closed blocks. This robs focus—and funding—from strategic growth initiatives.

On average, these blocks run off anywhere between 4% and 10% a year, depending on the type of product. Yet, the costs to manage these discontinued products aren’t decreasing at the same rate.

In most cases, closed blocks run on legacy policy administration systems, which typically require more human intervention than newer, more agile platforms. The technology may be so old that it requires specialists to operate, which keeps the servicing costs per policy high.

In the past, the only way life insurance companies could mitigate the high cost of closed block administration was to sunset obsolete systems and migrate to a new solution. However, this approach presented problems of its own.

Data conversion was expensive and complex, at best, often taking years to produce the expected efficiencies. Even then, there was no guarantee of accuracy. Meanwhile, managing the change took time away from the company’s core business.

Today, the emergence of new approaches and disruptive technologies give insurers more options, and new opportunities to reimagine the administration of closed blocks.

Three main factors are driving the changes:

• Innovative business models can shape more advantageous deal structures with variable costs and reduced risk.
• Extreme transformation levers like robotics, automation, machine learning and artificial intelligence decrease operating costs and deliver efficiency gains in months, instead of years.
• The application of automation and big data conversion techniques speed data transfer without the inherent risks of more traditional conversion methods.

This paper explores the impact of these new enablers and how life insurance companies can maximize the benefits of these new closed block strategies.

See also: Selling the Urgency of Life Insurance  

Innovative Business Models Give Insurers More Options

In the past, life insurance companies had limited options for closed block management. Today, insurers have myriad approaches beyond traditional platform migration to consider.

Sell the Closed Blocks

One simple way to lessen the burden of managing closed blocks is to sell these policies to a reinsurer or to another carrier. While this approach does eliminate the challenge of servicing this run-off business, by divesting these policies companies also sever the associated client relationships. Cutting ties with clients who hold these discontinued policies eliminates the ability to cross sell or market new offerings to them (and their families) effectively. The sale could also be negatively received by the client as a disregard for long-term customer relationships, or as a sign of financial instability. Either of these perceptions could cast a negative light on the insurance company’s brand.

Outsource to Best-of-Breed BPO and ITO Provider

Companies that want to maintain client relationships but offload the day-to-day servicing of closed blocks could consider outsourcing policy administration and claims services.

While this option is feasible to mitigate some of the labor costs associated with closed blocks, it does nothing to alleviate the technology overhead or do anything to simplify the complex architecture that adds costly manual steps to the servicing process.

Outsource to Comprehensive Third-Party Administrator

Outsourcing both platform and personnel to a third-party administrator is a viable option for many life insurance companies. They can retire aging systems, redirect the specialized personnel often required to run these older platforms and turn a fixed cost into a variable cost structure. The idea is not only to offload operations as is, but add automation, robotics and other disruptive technologies for continual efficiency gains and cost savings throughout the duration of the contract. The challenge is that very few established third-party administrators with these capabilities and insurance industry experience currently exist. The other challenge is that established third-party administrators are less flexible in their approach, which often leads to nickel-and-diming the insurer or compromising the customer experience.

Develop a Structured Deal With Strategic Partners

Instead of going it alone, some insurance companies are entering into strategic alliances or creating structured or balance-sheet-based deals with trusted partners or other carriers to increase value, leverage economies of scale and manage risks. In this scenario, insurance companies share resources, knowledge, expertise and risk associated with closed block management. A few examples of such options are:

• Joint ventures, in which vendor and insurer share resources, revenue, expense and profits. These agreements can be very informal or complex. While they work for some insurers, they also have the potential to take focus away from the insurer’s core business.
• Equity strategic alliances, in which the provider takes over closed block administration, but both provider and insurer share in the block’s costs and profit.
• Industry consortium, in which two or more life insurance companies jointly invest with a provider to create an industry utility to manage their collective closed blocks.

Extreme Transformation Levers Drive New Levels of Efficiency and Customer Engagement

Technology is advancing at light speed, which is excellent news for life insurance companies. Extreme transformation levers are now in play, enabling companies to improve productivity by as much as 35% to 40%. 

Blending the use of disruptive technologies, like robotics, automation, descriptive analytics and machine learning, with system conversions can transform the economics of closed block management.

A transformed environment operates under a RAPID, SMART, LEARN, VIRTUAL model:

RAPID

Use automation to make processes run faster.

SMART

Use analytics to really look at how to process and who will process.

LEARN

Fully use machine learning in data extraction and document classifications to learn what information has to be taken from each form, each process and each individual.

VIRTUAL

Create a straight-through processing environment, where the transactions move seamlessly through the required steps without human intervention.

Robotic Process Automation

Robotic process automation (RPA) is the first phase of the evolution of automation. The “robots” are actually advanced computer software solutions that can interpret existing applications for processing transactions, manipulating data and communicating with other digital systems. The software is not only capable of streamlining repetitive, manual tasks previously handled by humans but, because it requires no coding, is fast and cost-effective to implement and is completely non-disruptive to the existing IT environment.

The number of tasks or hand-offs requiring human intervention is typically very high in legacy systems for closed blocks. The work might require countless hours and investment to fix the administration systems. It can alternatively be addressed through RPA, which can provide 20% to 30% efficiency gains within three to six months and with limited investment.

If life insurance companies work with a provider with skilled RPA technologists on staff, that provider can not only speed ROI by leveraging RPA for lower-complexity tasks but can minimize conversion efforts. Ultimately, this enables the provider to increase efficiency and throughput at lower costs.

Artificial Intelligence (AI) and Machine Learning-Based Utilities

There are multiple technologies within artificial intelligence, like natural language processing (NLP), machine learning and computer vision. There are already uses cases in the industry for leveraging AI to reimagine customer engagement, automate transactional processing or improve claims processing. The results show that employing AI- and machine learning-based utilities to extract structured, semi-structured and unstructured data from documents can improve efficiency by 30%, even if the company makes no other changes.

But this is not to say that machines eliminate human beings from every process.

The ideal model creates a fine balance between technology and human engagement—moving from a model in which people perform the work and machines manage the exception to the polar opposite. The goal is to employ machines to do the basic, passive work and to engage people to handle the less menial, more reason-driven exceptions.

Analytics

Like RPA, data analytics and advanced machine learning algorithms can greatly enhance the conversion process by reducing the amount of manual coding needed. But prescriptive and predictive analytics are equally effective in reducing operating costs.

For example, providers that apply first contact resolution (FCR) analytics to identify patterns and trends can increase contact center efficiency. By using predictive analytics to quickly segment customers and anticipate need, more callers get the information or resolution they need in one call. Over time, that reduces call center volume, lowers costs and increases customer satisfaction in the process.

Implementing analytics and machine learning techniques can also improve customer satisfaction and retention, as well as reduce the volume of service requests. These tools can be used to create insight by analyzing past customer queries to predict the next actions they may take or issues they may face.  Leveraging this information enables companies to reach out and solve customer issues before they escalate.

Analytics can also be used to identify lapse and retention patterns, which enable insurers to more effectively manage cost and risk.

Omni-Channel Customer Care Technologies

The biggest opportunity lies in reimagining the customer journeys. Different customers want to engage in different ways, and their expectation is to have a seamless experience. In the process, insurers have the opportunity to lower costs by using chat triggers on web sites and deploying analytics to segment customers, deflecting many calls to channels that lower costs while improving customer satisfaction.

Given the option, consumers prefer online communication to making an inbound call, as long as they get the answers they need. The financial impact could be significant, depending on current call volume and customer personas.

See also: Pricing Right in Life Insurance  

Methodologies to Mitigate Conversion Risk

Although modern technologies provide more options than traditional system migration, there will be some conversion involved. This is typically a very resource-intensive process using tools to extract and transform data from legacy systems to make it compatible with a new system.

The good news is the conversion process has significantly evolved in recent years with advanced technology and modernized approaches, bringing more efficiency and accuracy to the process.

The following techniques detail the options:

Conventional Conversion Process

In the past, there was one way to convert legacy data to a new or different system, and it involved a great deal of human intervention. 

The legacy data was mapped to the target system through a conglomerate of extract scripts, transformation scripts and loading scripts, all created by technicians, coders, subject matter experts or a combination.

Because the logic is embedded in the code throughout multiple scripts and systems, changes and defects were difficult to manage. To compound the challenge, data lineage and mapping documents were rarely kept up to date. The testing process involved human beings sorting through the supplied information, with little automation.

Contemporary (Semi-Evolved) Process

The introduction of extract, transform and load (ETL) tools to manage the schemas of legacy and target systems added efficiencies to the traditional conversion process. ETL tools are used by coders and technicians to manage mapping, isolating extract code from transformational code to target systems, as well as managing transformation logic.

Essentially, these tools enable companies to extract data from numerous databases, applications and systems, transform it so it works with the target system and load it into the target database. Although some ETL components can be automated, like scheduling and common management functions, logic mapping still requires manual analysis, design and subject matter expert involvement.

So, there’s an improvement, but, because so much manual intervention and specialized personnel are still involved, ETL tools do not significantly reduce the overhead costs associated with conversions.

Modern Approach to the Process

Today, components of big data architecture can be leveraged to eliminate the need for manual coding. New big data platforms can accommodate new schemas with read functionality of Hadoop architecture, which scales to accommodate large data files more easily.

Spark, Java and Python machine learning libraries can now be built to perform source-to-target mapping, or schema mapping, automatically. Other open source tools can perform testing and analysis, adding efficiency without the need or cost associated with building proprietary tools. Although many ETL functions are still manually coded, automation of these and myriad other functions are currently in development and primed for future deployment.

How Insurers Can Prepare for Change

One message is very clear: the same old ways will not lead to a better future. No question, the supplier maturity and the emergence of disruptive technologies and tools have brought new closed block management options to insurers. But effective closed block management is not a one-way street. To maximize the benefits of these new technologies when working with a strategic partner, life insurance companies should follow these five best practices:

1. Strategic partner — Today, with the emergence of disruptive technologies and innovative models, life insurance companies have the opportunity to reimagine the administration of closed blocks. With the right partner and approach, insurers can ease the administrative burden and costs associated with managing these closed books of business and focus resources on growing the company for the future.
2. Active C-suite engagement — A successful transformation requires alignment between the insurer’s COO, CIO and CFO functions, each of whom should be engaged in a closed block initiative.
3. A business case that is proof of value — It’s also critical to perform an assessment of the business case, product complexity and capabilities of the third-party administrator or a strategic partner before setting project milestones. The objective is to determine the “proof of value,” which is different from the traditional way of doing a proof of concept. This work upfront not only reduces surprises down the road but enables companies to set realistic timetables for the closed block initiative.
4. Dedicated teams — Both provider and insurer have to assign dedicated teams of personnel to the project. Skipping this step, or assigning personnel who can’t fully focus on the project at hand, are the most common reasons that conversions fail. It’s also critical to recognize that the ideal platform for efficient closed block management is much different than what’s needed to support business growth. Often, life insurance company leaders blend the agenda and end up investing in expensive, highly configurable technologies that may not be necessary.
5. A provider that’s a cultural fit and transforms the status quo — Insurers should seek out and work with a provider that understands their business, is aligned with the leadership’s vision and is willing to share risks and rewards. This is not just a technology problem; it’s a business problem and therefore needs to be evaluated as a business strategy. Those characteristics, in combination with a proven track record of success, are key to optimizing outcomes.