The news of an outbreak in China of a new type of coronavirus (2019-nCoV), leading to respiratory illness, recalls previous potential pandemic infections. Coronavirus was behind SARS (Severe Acute Respiratory Syndrome) in 2002 and MERS (Middle East Respiratory Syndrome) in 2012. The outbreak is being linked to people eating the infected meat of small mammals or reptiles -- an echo of Ebola.

It is assumed, not proven, that this virus is passed between individuals by droplet spread because of the presence of respiratory complications. In scientific circles, there is concern about how it has jumped the species barrier. The suggestion that this rapidly mutating virus could develop a more powerful grip on its new human hosts is a grave concern. The WHO preliminary estimation is that each infected person could potentially transmit this virus to between 1.4 and 2.5 other individuals.

The WHO is not advising restriction on trade or travel. Chinese cities and airports are in lockdown, but cases are already reported outside China, underlining the sinister potential for rapid person-to-person spread. The advice offered so far by health authorities is simply to avoid contact with people who are ill, to wash hands and wear a face shield.

Insurers can do little to identify infected individuals during the window before they become symptomatic. The features are commonplace: fever, cough, shortness of breath and breathing difficulties. But in severe cases the virus may lead to pneumonia and even death.The latest epidemiological data reveals the proportion of deaths in currently reported cases is 4%. MERS was much higher at 23%. [Here is the latest bulletin from the WHO.]

While it is likely the WHO will label this an international public health emergency, insurers need not panic. The pattern of broad-spectrum severity, with deaths mainly in sickly individuals, is akin to most flu outbreaks.

In any outbreak of a novel virus, priorities include developing a vaccine if transmission is sustained and finding a drug to stop illness in infected individuals. It is important to retain perspective, and social media and hyped news headlines don’t help. So far, the number of confirmed cases and deaths remains low, with many who died already being in poor health, but the speed at which the situation is unfolding hints this could change. The 2002 SARS outbreak in China infected 8,000 people in 37 countries, claimed 750 lives and was a deadlier virus than 2019-nCoV currently appears to be.

See also: Selling the Urgency of Life Insurance  

Most of the action related to this outbreak centers on China and includes an obligation to monitor and report accurate data and take steps to limit contagion. But this type of event can quickly develop global consequences. Life and health insurers should therefore tune into the available sources of verified information, including WHO and Centers for Disease Control and Prevention to keep pace with developments, modifying their selection and claims criteria as or when this becomes necessary.

You can find this article originally published here.

One of the most daring bits of technological espionage occurred in the summer of 2009, when the Stuxnet virus—clearly designed by Israel and the U.S., though neither has ever 'fessed up—silently attacked centrifuges in Iran that were being used to enrich uranium for use in nuclear power plants and potentially weapons. The virus infiltrated the centrifuges' controllers and occasionally sped them up or slowed down the motors for short stretches over the course of months, gradually burning out about a fifth of the machines and making a big dent in Iran's nuclear program.

This was James Bond-level work. Not only were the centrifuges deep inside Iran, but they were separated by what's known as an air gap—there was no physical connection to the outside world. Over several years, spies had determined what sort of equipment the Iranians likely used and had written a virus using "zero day" vulnerabilities that had been saved for just such an occasion—they had never been exploited by anyone, so the victim would have zero days' notice that an attack could use them. The spies then infected computers at a handful of companies identified as likely doing illicit business with Iran, trusting that the virus would find its way to the centrifuges and quietly start putting them out of commission. 

The good news: The Stuxnet attack worked. The bad news: Hackers have recently devised malware that, like Stuxnet, can take over the controllers of your industrial machinery, shut down processes and encrypt your data until you pay a hefty ransom. And your security isn't nearly as good as the Iranian nuclear program's.

The malware is known as Snake or EKANS (as in, "snake" spelled backward). It was only identified by cybersecurity experts in the past month-plus. As this article in Wired explains in detail, the malware targets "industrial control systems, the software and hardware used in everything from oil refineries to power grids to manufacturing facilities." Hackers appear to have claimed at least one major victim: the Bahrain national oil company. (The choice of target raised the prospect that Iran might be behind the attack, but the cybersecurity community currently believes that mercenaries, not state sponsors, are to blame.)

While Snake isn't nearly as sophisticated as the "zero day" attack on Iran's centrifuges was, there are so many points of vulnerability for businesses that there's really no good response, at least for now. 

Insurers will need to raise rates, as many have already been doing because attacks and payment demands have soared. This New York Times article says ransomware increased more than 40% last year, and the amount demanded more than doubled just in the fourth quarter. The article adds that "even these numbers underestimate the true cost of ransomware attacks, which have disrupted factories and basic infrastructure and forced businesses to shut down." 

Some insurers may start to provide a separate policy for ransomware or may cover just a portion of the cost of ransom, especially for companies that seem to be frequent targets.   

The potential targets should already be identifying and closing as many vulnerabilities as they can, because the threats to customer and key corporate data have been known for years. (We first published on the topic in 2016.) Those efforts should include frequent training to harden a company's exterior, among other things educating employees on how to avoid "spear phishing" and other forms of "social engineering" that can trick people into downloading an infected file. Those efforts should go beyond the exterior, too, to suppliers and others with whom you share a digital connection, because they can pass along a virus—the major Target breach in 2013 came through a vulnerability in its HVAC system. IT departments must also continue their efforts to use AI and every other technology at their disposal to identify and control data breaches as quickly as possible—at the moment, the average time to discover a breach is almost 200 days, and the time to control one is nearly 70 days. 

While the good guys should eventually gain the upper hand, I really just have one concrete suggestion for now. Though the notion seems cynical to me, I think you might want to invest in some Bitcoin. If you have an operation that may be vulnerable to ransomware, and you'd pay off an attacker, you'll want to figure out Bitcoin now. Bitcoin is how hackers will demand to be paid, because it's anonymous, and, if you have enough on hand or at least have experience buying some, you can respond faster than you would otherwise and get your business running again. 

I wish I could be more optimistic and helpful.

Cheers,

Paul Carroll

Editor-in-Chief

The insurance industry may have its roots in the West, but its future will be written in the East. Within 10 years, China will represent 20% of global insurance premiums. Within 20, it will become the world’s biggest insurance market, according to the Swiss Re Institute. 

Although China’s insurance market has been rapidly growing for years, 2020 will likely be an important tipping point, the year in which the global market can no longer afford to be detached from it. Here’s why—and what it means for the industry.

China’s insurance market has never been more dynamic than it is today. The country boasts 1.4 billion consumers, and, while the insurance penetration rate is less than 5%, it will quickly catch up with the average of 6.1% for the rest of the world. The  government’s target of achieving RMB4,500 billion in annual industry premiums is also predicted to be met this year.

Chinese insurers have scaled quickly, in part, through technologies that enable them to serve clients without any human involvement. But these are not enough to satisfy increasingly sophisticated demand, which is why China’s insurance regulator, the CBIRC, recently announced several significant measures to open up foreign access to the domestic market. 

As of the first of this year, foreign investors can now purchase a full stake in domestic Chinese life insurers. Look for the multinational insurers without an existing footprint in China to take advantage of this opportunity, potentially leapfrogging those that entered the market earlier via locally owned entities. Foreign entrants have frequently struggled to make headway in China’s challenging business landscape, but the cancellation of restrictions by the government represents a step change in the rules of engagement and will surely lead to more external investment in the sector.

See also: The Real Disruption From Robotics, AI  

Further changes – including the easing of requirements effectively limiting the access of foreign insurance brokers to just a handful of the largest firms – will start to have a lasting impact on the Chinese market during the coming year.

As China opens its insurance market to the world, Chinese insurers are eager to create their own growth opportunities abroad. Their internationalization has been accelerated by the demands of China’s economic development strategy, the Belt and Road Initiative (BRI). Since its launch in 2013, more than 60 countries have signed on to projects with China or indicated an interest in doing so, according to the CFR. Whether a new port, railway or power plant, each project has required insurance coverage, thereby creating a global portfolio for Chinese insurers. 

Last year, leading Chinese insurers such as China Re and ZhongAn went one step further and announced corporate initiatives with partners across Latin America, Europe and Southeast Asia — key growth corridors for the BRI. This year, look for a Chinese insurer to capitalize on the hardening reinsurance market and make a strategic acquisition in the service of the BRI. This will provide the insurer with a more stable platform to serve Chinese companies engaged in BRI projects, while also empowering them to support China’s growing investment focus in the international business services, financial services, retail and technology sectors.  

Ultimately, the international M&A activity likely to be driven by Chinese interests this year will give a new edge to the global insurance market. To some, these new entrants will appear threatening. To others, in particular those with an understanding of China and Chinese culture, the new entrants will rightly represent a stimulus for growth and expansion. 

In turn, Western insurers have centuries of experience to share with their Chinese counterparts. Infusing China’s already successful ecosystem with corporate processes that are transparent, progressive and responsive will help the market to benefit society and achieve sustainable growth. 

China has long been a strategic growth destination for the global insurance market, albeit a challenging one to navigate. But macroeconomic, regulatory and commercial trends now clearly indicate that the time has come not only for that to be a realistic prospect, but for Chinese insurers and their Western counterparts to work more closely together on a much broader stage around the world. 

The most preferred product design provides maximum coverage with a minimum price. As a result, the insurance industry consists of dozens of companies selling the same products at similar prices.

Fortunately, cheese manufacturers do not think like insurance companies. Otherwise, we all would eat the same, tasteless white cheese, and we would never experience Gouda.

The key reason for the monotony of the insurance market is that companies consider product development in quite a mechanical way. By contrast, while the iPhone is a wonder of technology, it was designed by an industrial designer, not by hardware engineers. I do not even want to imagine how a mobile phone designed by engineers would look.

In fact, you do not have to be the most creative person in the world to design an insurance product. Asking the right questions and getting real answers would be enough.

Let's consider an imaginary case study.

See also: How to Speed Up Product Development  

“Amisos Insurance” has been operating in the health insurance market, where competition is high. The company would like to develop an insurance product to differentiate itself in the market and gain a niche, loyal customer base. By answering the following five questions, in line with the company’s marketing strategy, we will be able to design a unique insurance product that meets customers’ needs and expectations.

Who Is the Target?

Regardless of what, start with the defining of a target segment. Designing a product without defining the target segment and not understanding their expectations is like trying to sell one size of dress during Paris Fashion Week.

Example answer: Potential health insurance customers, aged 22-55, moderately overweight.

What Is the Problem/Need?

If there is no problem, there is no need. No need, no product. Defining the product in depth is key for the determination of the solution.

Example answer: Most of these people need guidance, support and incentive to live healthier lives. In addition, being overweight triggers health problems, so the loss/premium ratio is bad in this segment, and premiums are high.

What Is Your Solution?

This is exactly what the product is; our solutions to people’s problems. The product you designed should provide the most possible benefit in the broadest perspective to people. Think beyond claims!

Example answer: In addition to classical health insurance coverage, the product includes a wellness program that aims to make people healthier; “Healthier Today.”  

• Insureds would be examined for their body mass index, blood pressure, EKG, etc.
• Nutrition and training consultancy would be provided based on measured value.
• Discounted nutritionist and gym services would be offered.
• Healthier life would be supported via mobile apps, wearable devices and cloud health monitoring services.
• Daily, weekly, monthly targets would be followed by using gamification methods.
• Small gifts and instant premium discounts would be provided depending on the hit ratio of customers.
• In this way, customer engagement, satisfaction and loyalty will be ensured. Also, loss/premium ratio will be improved.

What Is Your Difference?

This is a question that insurance providers often miss. It seems like most are unaware of the importance of differentiation even though it is the only way to get out of the bloody price competition in the market. 

Example answer: Beyond covering hospital expenses, the product offers free and discounted services to support customers’ healthier life, by using nudge and gamification mechanisms.

How Would You Describe the Product in One Sentence?

This is the easiest and the hardest question. If you gave the right answers to the first four questions, this one is a piece of cake. But if you had missing answers, it's not easy to generate a meaningful sentence.

Example answer: Amisos Insurance is here to support your healthy life today, beyond covering your hospital expenses.

It is possible to apply this case study to any company or any insurance line. With few exceptions, I think products developed in the insurance market are not able to provide answers for these fundamental questions.

See also: Bridging Health and Productivity at Work  

As you have guessed, product design in five minutes is a metaphor. To design a good insurance product, you must first have market know-how, empathy with the customer and knowledge of insurance principles.

The situation is a bit like this story about Picasso:

——

While Picasso was enjoying his evening meal at a restaurant, the waiter recognized him and asked, “Mr. Picasso, I am a fan of your work. Please, could you do a little drawing for me?”

Picasso drew a picture immediately, extended it to the waiter and said. “You owe me $100,000.”

The waiter objected, “$100,000? Why? That took you no more than five minutes to draw!”

“No,” Picasso said. “It has taken me 40 years and five minutes.”

The importance of driving innovation and adapting to change has never been more important. There are over 1,500 insurtech companies looking for ways to improve efficiency on multiple fronts. From the internet of things (IoT), robotics process automation (RPA) and artificial intelligence (AI) to wearable technologies, telemedicine and augmented reality/virtual reality training (AR/VR), everyone is looking for a way to automate and speed up processes. 

In 2020, insurance customers can now apply for a policy by answering a fraction of the questions they had to answer a decade ago. Why? Some data fields are now pre-populated using third-party data vendors or information captured by sensors, wearable technology and drones (e.g., a homeowner adds a pool, or assessing the condition of a roof, etc.). The insurance customer now receives a quote in minutes, as many carriers are attempting to leverage, in the insurance space, lessons learned from companies like Amazon, Uber and Netflix. 

This article will discuss Chesapeake Employers’ Insurance’s approach to innovation and why a top down/bottom up approach leveraging a corporate venture capital (CVC) subsidiary could help your organization stay ahead of the innovation curve.

CVCs and Investing Categories

Some of the largest companies in the world have used CVCs to enhance their organizations through technology scouting, innovation committees and acquisitions of startups. Examples include Amazon, Apple, Motorola, IBM, Google, AT&T, Verizon and Volvo. More recently, insurance companies such as USAA, XL Catlin and American Family have begun leveraging CVCs to help put the innovative technologies of insurtechs into the hands of their employees, agents, policyholders and injured workers. As noted in the book, Ten Types of Innovation, “Successful innovators analyze the patterns of innovation in their industry. Then they make conscious, considered choices to innovate in different ways.” 

Insurer-affiliated CVCs can leverage certain advantages over traditional venture capital institutions. Insurer-affiliated CVCs bring industry knowledge and expertise, significant volumes of data for testing and validating an insurtech’s solution and a network of users who can support the rollout of any product and ultimately provide references for future customers. This partnership, formed between a data-rich insurer and an idea-rich startup, helps both sides succeed. Nevertheless, to sustain a successful CVC program, efforts taken on by CVCs will need to align with either a strategic or financial corporate objective or strike a balance in between the two objectives. 

See also: A New Frontier for Venture Capital  

Investing at Chesapeake Employers

Chesapeake Employers has developed five categories to describe how it plans to invest and innovate through a subsidiary, iCubed Ventures, LLC. The focus will be on providing market intelligence for Chesapeake Employers and investing in opportunities that align with the core mission and while improving the speed to value experienced by customers.

1. Investing that connects to current business models (correlated investing) — Investing in insurtech-focused VC funds or insurtech/startup companies that align directly with Chesapeake Employers' core purpose of improving the experience of agents, policyholders, injured workers and employees. This type of investments is straightforward, as it is focused on strategic objectives. 
2. Investing not directly connected to how the company processes business (non-correlated investing) — Investing in VC funds or startup companies that do not directly map to the current business platform but present an opportunity for creating a significant return on investment (ROI). 
3. Socially responsible investing — Investing focused on the betterment of society, the local economy and improving relationships with government and regulators. The direct ROI on these investments can be lower than the previous two categories but should be enough for the efforts to be self-supporting. Chesapeake Employers believes that socially responsible corporate actions enhance the long-term success of all Maryland businesses.
4. Hot-spot investing — Investing focused on creating awareness and the opportunity to "try before you buy." With over 1,500 insurtechs funded by $29 billion in capital, insurance companies can serve as a beta site for startup insurtech companies. These activities provide additional sources of innovative ideas while helping to allocate resources to the opportunities most likely to succeed, enhancing the CVCs ROI indirectly. 
5. Non-CVC investing — Chesapeake Employers, with CVC assistance, may invest in self-developed efforts focused on creating speed to value with agents, policyholders, injured workers and employees. This area covers call centers, claims systems, underwriting systems, marketing, advanced analytics, robotics process automation, apps, IoT, etc. Given the rapid change in the marketplace, internally developed solutions are becoming more heavily influenced by external trends and insurtech activity. 

Bottom line, Chesapeake Employers is looking for opportunities to invest in processes and procedures that will improve operating efficiency, drive down costs and improve profitability while making a difference in people’s lives. These are forward-looking opportunities for the company.

Top Down/Bottom Up Innovation

Chesapeake Employers believes the innovation tone from the top is just as important as the passion and energy being displayed by employees from the bottom up, so it formed the Chesapeake Innovation Committee (CIC), composed of marketing, finance, claims, medical, underwriting, IT, actuarial, premium audit, subrogation and legal professionals from across the organization. 

The team of 20-plus employees analyzes deal flow reports from investments made with venture capital funds, monitoring departmental trends and innovations, networking with universities, listening to podcasts (e.g., Spot on Insurance, the Insurance Innovators Podcast, 11FS InsurTech Insider), attending industry conferences, monitoring LinkedIn and more. 

As Andrew Romans said in his book, Masters of Corporate Venture Capital, it is important to “[a]ccess business intelligence and innovation in order to understand technologies, business models and trends that impact core and peripheral businesses. Many corporations call this technology scouting. This activity can be viewed both as offensive and defensive.” 

The CIC helps take the pulse of the marketplace, allowing the company to scout technologies that could be differentiating. For example, at the 2019 RIMS Annual Conference & Exhibition, some CIC members had the chance to walk the halls and visit over 400 vendors sharing their innovative solutions. The vendors focused on work flows such as security monitoring, opioid addiction prevention, co-branding of products, claims analytics, claim adjuster metric measurement and monitoring, return to work, certificate of insurance tracking, durable medical equipment (DME) cost reduction, occupational medical services on the job site, social media detection for special investigative units and much more. The CIC created a recap of the top vendors of interest, including information from the company website, company contact information, key features of the solution shared at RIMS and the opportunity that would be created if Chesapeake Employers leveraged the solution in the future.

In an example involving LinkedIn, some members identified and viewed the 2019 Global Insurance Symposium video. CIC members provided a recap of the key points from the conference including comments made by guest speakers from the Global Insurance Accelerator (GIA) and the 10 insurtechs the GIA invested in during 2019. Watching the two-hour video led to booking a demo at RIMS with one of the insurtechs, with a solution targeting workers’ compensation claims adjusters. 

See also: Insurers: the New Venture Capitalists  

The Drivers of Change

There are several themes affecting the world around us. In no order, these are some of the themes we feel will change the face of insurance as we know it for generations to come:

• Customers and agents want speed to value (S2V) as expectations rise with regard to customer experience and self-service capabilities.
• The "Uberization" of everything is all around us (i.e., replacing inefficient, outdated processes with ones that marry digital and customer experience).
• The human-machine partnership and augmenting human processes with artificial intelligence and robotic process automation are here to stay.
• The convergence of big data, advanced analytics and capitalizing on the "digital footprints" customers leave behind to nudge customers and change habits is more important than ever in the insurance industry.
• Transparency is all around us, and injured workers, patients and our customers will expect it going forward.
• The impact of apps and wearables is growing due to ease of use and easy access to information via gamification and GUIs.
• Wallet share and customer face time are critical.
• Outlier and anomaly detection techniques for identifying bad actors/fraud are becoming more powerful.

With the CIC identifying and researching innovation trends, and the CVC making minority interest investments through third-party funds, co-investments and direct investment channels, the company is well-positioned to stay ahead of the innovation curve. Each day, more employees are sharing innovative ideas via email and “water cooler” chats. These conversations, which discuss ideas and technology that could help the company achieve greater effectiveness and efficiency as a company, represent a culture of continuous learning, marketplace awareness and taking action. 

Conclusion

As Lior Arussy said in his book, Next is Now, 5 Steps for Embracing Change, “We cannot predict what the future will bring, but there is plenty of compelling evidence that those who embrace change will reap the rewards of financial stability and marketplace relevance.” It will be important for the entire insurance industry to measure and monitor innovations inside and outside our industry. For those that leverage CVCs and innovation committees, where all levels of the organization are evangelists for innovative change, we believe our industry will not only survive but thrive well into the future.

Amid all the investment activity in the insurance industry, I distinguish two types of startups by using a very straightforward – and I believe a black-and-white, legal – perspective: If a firm must comply with insurance regulations then it is an insurance firm, and not a technology firm, regardless of what technology it uses to get and keep customers.

Why all the activity? Why is the insurance industry a target for transformation or a destination for disruption for investors?

VCs, other investors and the startup entrepreneurs view the trillion-dollar global insurance industry as a group of (very) old companies using (very) old processes to conduct commerce. From their perspective, the industry is an extremely large addressable market of companies that are seriously out of touch with the realities of how commerce is, and should be, conducted in the mobile, digital, connected marketplace in the Internet era. 

For investors, it is an industry ready to be plundered!

Brokers: the sweet spot of many startups

Quite a few of the insurance startups are targeting insurance brokers as a sweet spot to be disrupted. And a sweet spot it is. Estimates from various sources put the number of agents and brokers in the U.S. insurance industry at between 300,000 and 400,000. 

See also: Agents, Brokers Are Dead? Not So Fast!  

[Note: For the purposes of this post, I will use the term "broker" to mean either insurance broker or insurance agent. I agree that I’m taking liberties doing that.]

Brokers: target for transformation

There is an important fact about insurance brokers: Customers can’t legally purchase insurance without using one.  

I believe that investors forget that brokers are legally required in the purchase of insurance, think that fact (i.e. the law) will change to the benefit of the startup they are invested in, are ignorant of the fact or willingly ignore the fact.

(If you’re wondering … Yes, I believe there are VCs or other investors who would willingly and illegally ignore insurance regulatory requirements and related laws.)

The key question is: Can the insurance broker space be disrupted or transformed?

My answer is no.

I believe the broker space can’t be disrupted, as in, broken apart, thrown into disorder or interrupted in their normal course or unity.

Customer-Broker Paths

However, I believe the broker space can be transformed. 

Specifically, the customer-broker paths can be transformed. In reality, through the applications of technology through the decades, these paths have been transformed, are being transformed and, I suggest, will continue to be transformed.

See also: What a Safer World Means for Brokers  

Consider the visual below. The visual captures past, existing and potential future customer-broker paths. But keep in mind two points:

1. Even through the process of transformation, the broker (whether person or algorithm) remains because the broker is legally required in the insurance purchase.
2. The transformation is about transforming the path between customer and broker but is not about transforming the role (or the essence of the role) of the broker.

The history of customer-broker paths is founded on face-to-face (F2F) meetings, whether in the customer’s home, in the broker’s office, at car dealerships or in banks. 

Beyond F2F paths, technology has acted as an interface that has eliminated time and distance between the customer and the broker. But whether at the other side of a computer screen, via a mobile app, through an email or using a chatbot on an insurer web portal, there must be a broker present to sell the insurance line of business. Even algorithms used as brokers have to comply with the requisite insurance regulations: no leprechauns, no pixie dust, no magic. 

Technology redefines the existing paths, introduces new paths and makes the activities enabling any of the customer-broker paths both more effective and more efficient. 

The technologies, whatever they are, do not, of course, replace the broker even if they make the broker appear in a virtual reality or in Second Life or "embed" the broker in a hologram.

The classical insurance business model has been successful for a long time but does not stack up to modern standards. Nowadays, just a policy no longer provides the best solution for managing risks. Why wait until something happens, when the technology and data are available to actually reduce the chance or impact of an unforeseen event? 

There is only one sensible way forward: to rebalance insurance and prevention. Integrate data, services and insurance policies and help customers manage risks in a way they feel comfortable with. 

I’ve named this the transformation from managing policies to managing risks. Connected Insurance, Smart Home/Smart Mobility or IOT-based insurance are relevant terms in this context. You would expect that insurers are well underway in preparing for this future.

The pressure to rebalance insurance with prevention is building

There are several drivers contributing toward the momentum for integrated, prevention-based safety and continuity solutions. Increased volatility and changing risks (related to climate, health, cyber, demography) are making safety and prevention particularly relevant and a traditional policy even less effective. The spread of connected devices and the rise of smart home offers significant potential to develop new value propositions. It’s becoming increasingly hard to explain to customers why "just a policy" is the best solution. 

Large-scale adoption is still something for the future 

I do see pockets of innovation in risk management and prevention initiatives. But the scale remains limited. It seems the devil is in the scale up. I have seen a lot of initiatives driven by motivated innovators that haven’t scaled up to serve a substantial portion of the customer base. Why? Let’s take a closer look at some barriers:

Barrier #1 – Not easy to find the right model

It’s one thing to set up a small operation or minimal viable product (MVP) safety and prevention concept that serves some customers. That already may be challenging for an average insurer, and scaling up requires something else: a sustainable business model, strong and stable partnerships and, not unimportant, insight to choose a scalable model that is attractive to customers. Too often, insurers take a plunge and create a safety and prevention solution with the best intentions, only to find it will never fly on a larger scale. That doesn’t mean safety and prevention concepts don’t work – it only proves that making the right design choices is not easy. If it didn’t work, you evaluate, regroup and try again with better design and implementation choices.

See also: A Self-Destructive Cycle in Insurance  

Barrier #2 - Chicken-and-Egg Business Case 

In decision making driven by business cases, a concept will get a fair chance when it makes financial sense within the current business model. That requires robust proof from actual data. Without data, no initiatives. Without initiatives, no data. That explains why so many risk and prevention activities remain largely driven from marketing and innovation budgets – that’s a different business case altogether. Large-scale adoption of prevention concepts is therefore limited to customer segments with high risks (e.g. young drivers), markets with mandatory safety requirements and those insurers that have a particularly effective internal prevention champion. Important, admirable but hardly fertile soil for building large-scale prevention concepts.

Barrier #3: Stove pipes blur the 20-20 view

What will be the total damages of a two-sided car accident? The actual impact may be much higher than is covered in the two associated car insurance policies. Indemnity, medical costs, inability to work, impact on employability, economic activity and personal life: The actual amount of the damage affects auto, health, income and liability business lines across multiple insurance companies. Different insurers handling parts of damages and liabilities not only increases overall costs but blurs the total costs to society of such an event. Prevention concepts should be judged with total costs to society in mind, not only by individual insurers from the perspective of an individual business line. 

Barrier #4: Important but not urgent

In many insurance organisations, a lot of change capacity is required to tackle legacy and regulatory requirements. A shift in business model is not something you can do on the side. Organizations should find the balance between innovation horizons and separate existing and new businesses, but that’s easier said than done. And let’s not forget: there might be an initial fear of cannibalization if premiums go down because of higher safety. 

Jumpstarting the shift toward building better solutions to manage risk 

Let’s create effective partnerships with players that jointly invest in safety and prevention. There must be a winning combination among insurers, re-insurers, Big Tech/IoT firms, players in adjacent industries, insurtechs, academic communities and non-profit organizations. 

Such a rich eco-system should be able to integrate data across traditional product lines, companies and other stakeholders to balance investment decisions with more weight attributed to the total costs to society. 

The recently launched OPIN initiative may provide the much-needed lubricant by developing open standards and API definitions for data exchange, enabling a coordinated approach across regions, markets and traditional business lines.

Transforming a business is always challenging, but even more so when you’re in it. No single player in today’s value chain is going to succeed on its own. The key is to create a collaborative solution combining the strength of several players. The future belongs to those who can forge such an alliance.

Although we hear a lot about major cybersecurity breaches in non-insurance organizations – Target, Experian, the IRS, etc. – there have been breaches in the insurance industry, too, albeit less publicized. Nationwide faces a $5 million fine from a breach back in 2012. Horizon Blue Cross Blue Shield is still the defendant in a class action suit over a 2013 breach that affected 800,000 of its insured. 

As hard as organizations try to secure their data and systems, hackers continue to become more sophisticated in their methods of breaching. This is why innovation in risk management and insurance is so important.

Can Machine Learning Improve Cybersecurity (and Vice Versa)?

The short answer is yes. Because machine learning can collect and process huge amounts of data, the technology can analyze historical cyber-attacks, predict types that may occur and set up defenses against them. 

Here is a very simple example:

An on-site employee has decided to use his computer to access some shopping sites during his lunch break. One of those sites has elements that alert the machine of a potential security threat. The security team is notified immediately. It is then possible to block access permission from that computer to any data that could be useful to hackers until a full investigation can be completed. 

See also: How Machine Learning and AI Reduce Risk  

This may be a rather far-fetched example because most organizations limit private use of their computers in advance. But consider the Horizon breach – two laptops were stolen from a facility, and access was obtained. Or the case of Target, where a third-party contractor did not have appropriate security in place, and hackers were able to access the company’s systems through this third-party. Machine learning can help to reduce these threats through a proper alert system, and remote shutdowns can then occur.

Common Types of Data Breaches that ML Can Help Thwart

1. Spear Phishing

Company employees receive emails every day, in their company inboxes. Some of these, from sources that may not be known, can include malicious links. 

There are now ML algorithms that can identify and classify language patterns – email subject lines, links, body content/communication patterns, phrases and even punctuation patterns. Anomalies can be flagged, and security analysts can investigate, even catching the emails before they are opened, if the system is set up correctly. Some of these emails, for example, may be very poor translations from foreign languages, certainly not professional translations from services like The Word Point. Poor translations will alert machines that spear phishing is a possibility.

2. Ransomware

Most everyone is familiar with this security threat. Users’ files are “kidnapped” and locked. Users must then pay up to get an encryption key that will unlock those files. Often, these files house critical client data, other proprietary information or system files that are necessary for business operations. The other type of ransomware attack will simply lock a user’s computer and not allow access until the demanded amount is paid.

To train a machine to identify potential ransomware requires some pretty deep learning. Data sets of historical ransomware files must be loaded, along with even larger sets of clean files, so the machine can learn to distinguish between the two. Again, so-called micro-behaviors (e.g., language patterns) are then classified as “dirty” or “clean,” and models are developed. A ransom file can then be checked against these models, and necessary action taken before files are encrypted or computer access locked.

3. Watering Hole

Employees, especially insurance agents who are out in the field, may have their favorite spots for coffee or lunch breaks. Or, suppose, a group of employees have favorite food joints from which they frequently order food for delivery or takeout. Whether they are using the Wi-Fi in that watering hole or accessing that business’s website to place an order, there is far less security and an ideal place for hackers to enter a user’s access/credentials through that backdoor. 

Sometimes this is called “remote exploitation” and can include a situation like what occurred with Target – a third party is used as the “door” to get in.

ML algorithms can be developed that will track and analyze the path traversals of an external website that employees may be accessing on devices they are using either on- or off-site. Users can be directed to malicious sites while they are “traveling” to a destination site, and this is what ML can detect.

See also: How Machine Learning Transforms Insurance

4. Webshell

A Webshell is nothing more than a small piece of code. It is loaded into a website so that a hacker can get in and make changes to the server directory. The hacker then gains access to that system’s database. Most often, hackers look to take banking and credit card information of customers/clients, and this type of attack occurs most often with e-commerce websites. However, medical practices and insurance companies are certainly at risk, too, because they house lots of personal data. When the insured set up automatic payments from their bank accounts, the activity is even more attractive to these hackers. Payments are simply routed somewhere else.

Machines can be trained to recognize normal patterns of behavior and to flag those that are not normal. Machines can also be used to identify webshells preemptively and then prevent them from exploiting a system.

The Requirement? Machines and Humans Must Work Together

Will machines ultimately eliminate the need for in-house or contracted cybersecurity experts? Highly unlikely. At this point, machines cannot engage in the deeper investigations that analysts perform once they are aware of potential breaches or once aberrant behaviors have been detected. But innovation in risk management and insurance should certainly include machine learning. Humans simply cannot gather and analyze data as fast as machine algorithms can. Incorporating ML as a solid part of cybersecurity just makes sense.

"Transformation" is fast becoming the next overused word in insurance, right behind "digital" and "innovation." But the fact that so many commercial lines insurers are talking about transformation indicates a reality – there is definitely fundamental change underway. It is true that the basics of the business remain the same, and many of the headline-grabbing initiatives are not yet driving big financial gains. But in those headlines and the behind-the-scenes strategies and pilots underway, there is a palpable sense of real transformation. And it is changing the industry for the better.

SMA’s recent research report, 2020 Strategic Initiatives: P&C Commercial Lines, provides more insight into this transformation. It addresses both what insurers are doing and why they are doing it. The why discusses the factors compelling insurers to embark on transformation, while the what covers insurer strategies and plans and their stage of development. Great progress is being made in the overall digital transformation as well as a dozen other initiatives ranging from improving customer engagement to building world-class data/analytics capabilities.

SMA’s observation from working on strategy with insurers is that there are actually two levels of transformation underway. We divide this bi-level transformation of commercial lines into approaches we call incremental and transformational.

Incremental transformation, Level One, is beyond business as usual. It is not just developing next year’s plans to improve the business on a continuing basis, with gradual, minor improvements to the metrics. It is more about harnessing innovation to generate ideas and approaches, take more risks, establish new roles such as customer experience or chief data officers and begin to change the culture. The objective is to accelerate the optimization of the business and achieve top-line and bottom-line results faster and at a higher level. However, at the incremental level, all activity is done in the context of the current business model and builds off of today’s growth and profitability.

See also: Commercial Lines Embracing Change  

At Level Two, the transformational level, revolutionary change takes place. The objective is nothing less than relevance and future survival. In this mode, insurers are looking at how to create value in new ecosystems, engage in new types of partnerships and achieve the next level of optimization. Considering new business models; rethinking the future roles of underwriters, adjusters and other industry professionals; and designing insurance products to address emerging risks are all part of this level of transformation. By definition, this more “earth-shaking” transformation is a greater challenge because it requires a broader understanding of the rapid changes taking place in the world at large and then translating them into likely scenarios for insurance. Bolder bets are required as part of the risk/reward equation.

What is clear is that many insurers that thought they were undergoing major transformation are now realizing that they are at Level One (incremental transformation). Leaders are trying to kick it into high gear as they launch initiatives to drive Level Two transformation. This is not to imply that the incremental transformation ends. On the contrary, it is still vitally important that insurers push forward with the incremental improvements to the business while working in parallel on more transformative activities. It is a difficult balancing act, but those that successfully move down these paths in parallel will be the winners in the next decade.

I have proudly worked in the North American insurance claims and information technology industry for over 30 years and have witnessed significant, albeit gradual, improvements in process and service. More recently, almost overnight, the switch of information gathering and distribution from analog to digital has transformed claims.

Mobile consumer technologies have been adopted rapidly, disrupting sales and distribution models and their supply chains. Instant gratification has become a natural expectation.  

Insurance Claims Process Evolution

In insurance, claims remains the “moment of truth.” Claims represents the best single opportunity for an insurer to engage personally with its customer, satisfy the coverage promise and foster loyalty. But claims has begun to evolve. It has been a highly complex, labor-intensive, stubbornly long, expensive and customer-unfriendly process. But it is benefiting in a big way from new and exciting technologies, and investors are eager to place bets on a new generation of entrepreneurs who shun working for large corporations (at least until those companies acquire them for mind-boggling amounts).  

The “Amazon effect” (immediate delivery of virtually anything from entertainment to information to merchandise to food through a simple, digital interface) drives consumer expectations even for insurance claims service, no matter the behind-the-scenes complexities involved. In the fiercely competitive personal lines market, traditional carriers are responding by transforming the claims process to make it more “Amazon-like.” In the process, carriers are lowering claim costs, producing savings that can then be reinvested in lower, more competitive, insurance premiums. 

See also: Breakthroughs Finally Appearing in Claims   

The claims process is still complex. It involves many disparate technologies and services, and firms that range from very large corporations to smaller, more local providers. Integrating and streamlining all of the related interactions is not trivial. But new, low-cost computing capabilities and information management technologies are enabling the interoperability of this ecosystem, leading to an array of profound changes, including these 12.

Claims in 2020 and Beyond

• Control over first notice of loss (FNOL) will be contested as technology enables real-time accident notification. The change will allow for new influences in claim process response, resolution and the customer relationship 
• Average cost of auto repair will rise further, exceeding $3,600, as more late-model-year cars enter the car park loaded with costly accident avoidance and self-driving technology that requires post-accident scanning and recalibration. A $5,000 average repair cost is already in sight. This trend will be reinforced by strong consumer preference for more expensive light trucks and SUV/CUVs, now representing 70% of new sales, and, soon, more electric vehicles (EVs)
• As cost of repair climbs, so, too, will total loss frequency. It is now at 24% for some carriers, increasing claim costs and placing added stress on valuable claims-adjusting resources. Tech-enabled processing solutions will emerge to compress cycle times and ensure compliance, but deployment and integration will take time 
• The collision repair industry and its traditional direct repair program (DRP) relationships with insurers will change in more fundamental ways as OEM repair network certification programs gain traction, with support and encouragement from trade groups, consumer safety, legal and regulatory advocates. This, in turn, will add upward pressure on average repair costs  
• Growth in claims self-service, including auto photo estimating, will outpace other methods of inspection. The change will upend staffing models and disrupt appraisal work forces as well as the traditional collision repair referral process
• A culture of speed and transparency will develop and attract new talent, filling an important gap
• AI, including computer vision, machine learning, data analytics and automation, will begin to streamline and compress the insurance claims process, identify and deter fraud and remake related work forces and skill sets 
• Digital imagery and measurement from aerial to drone to ground-based will permanently alter the property claims estimation, settlement and repair process. The change will create new strategic partnerships between carriers and third-party providers and transform the property claims field and desk appraisal
• On the journey toward touchless claims, carriers are realizing that they need to deliver empathy at scale. They will leverage intelligent platforms while recognizing and deploying emotional data – and achieving a proper balance between digital and human touch 
• CEO-led diversity and inclusion initiatives will become critical to attract talent in claims and boost organizational performance across the enterprise as well as increase competitiveness in the market
• Emerging technologies getting greater attention and testing in claims use cases will include virtual and augmented reality (VR/AR) for staff training, field service and support
• Success in the art of developing and managing effective strategic alliance and partnerships and collaborating with others, including competitors, will become table stakes for innovation 

Collaboration in Action

Now, more than ever, cross-industry collaboration across the vast claim ecosystem is critical to delivering an efficient, high-quality, low-cost claims experience to policyholders. One excellent forum for such collaboration is Connected Claims USA Summit, taking place this year in Chicago on June 24-25. As chairman of this exciting event, I invite you to join us this summer to discuss and learn how to move from strategy to action and implement the future of claims today.

See also: Future of Claims Intake for Insurance?