Cybersecurity best practices for digital businesses have been discussed ad nauseam. However, there’s comparative silence when it comes to securing non-digital businesses. Today’s reality is that every business has at least some digital components. Even if it equates to simple e-mail access, a CRM system or services that involve internet-connected devices, any instance of a digital footprint results in cyber risk, meaning even seemingly straightforward, non-digital industries like food and beverage, paper or janitorial aren’t necessarily safe. Take Target’s massive 2014 breach. Hackers infiltrated Target’s network by stealing networking credentials from a third-party HVAC vendor. Because the HVAC company had external network access -- and, even more shocking, because the vendor wasn’t restricted from Target’s payment system network -- hackers were able to inject malware into Target’s point-of-sale devices and collect card records from live customer transactions. Ultimately, the HVAC vendor-induced breach exposed upwards of 40 million debit and credit card accounts. Even Well-Intentioned Actions Can Create Risk Tactics as malicious and elaborate as the 2014 Target breach aren’t the only way vendor-induced breaches can occur. A paper supply vendor could easily become friendly with a client organization’s employees, for example, and see something on an employee’s desk they shouldn’t be privy to. Perhaps they borrow an employee’s computer to check their email and click on a nefarious link. Maybe the paper supplier is fired and retaliates by stealing one of the client organization’s laptops and connecting it to a coffee shop’s insecure Wi-Fi. See also: How Digital Platform Smooths Operations   Even well-intentioned, fundamental business tasks can cause a debilitating, vendor-induced breach. Say an electrician sends its client organization a digital invoice. This creates a digital path that automatically has the potential to be breached. E-mail phishing, too, can affect any third-party vendor and customer relationship. Posing as a trusted customer contact, hackers can leverage social engineering to trick vendors into voluntarily sharing sensitive information about their client organization. Cyber Insurance Mandates Require Education and Specificity Because of the serious cyber risk that third-party vendors like HVAC, paper supply or janitorial companies can introduce, more and more large enterprises are requiring their vendors to purchase cyber insurance. In fact, according to recent research conducted by my company, nearly half (46%) of small and medium-sized businesses are buying cyber insurance due to contractual requirements with larger companies. Not only can cyber insurance help lessen the financial blow of a cyber attack, it can also help reclaim an organization’s holdings if malware infects the company network or a hacker shuts down access to the server. Despite the clear benefits of mandating third-party cyber insurance, the majority of vendors -- especially ones not overly comfortable with technology -- don’t know where or how to acquire it. It’s no longer enough for large enterprises to simply institute a cyber insurance mandate; they need to also educate their vendors on the specific cyber risks they pose and explain why cyber insurance is so critical. Ideally, enterprises should also work with each third-party vendor individually to find cyber insurance plans that match their unique needs and role within the larger organization. See also: Global Trend Map No. 12: Cybersecurity   You’re Only as Strong as Your Weakest Link The adage, “You’re only as strong as your weakest link,” rings especially true when it comes to cybersecurity. Massive corporations like Target or even franchisers like McDonald’s can allocate all the resources in the world to cybersecurity, but, if they’re not also defending against the risks their vendors introduce, all it takes is one digital action -- even a well-intentioned one -- to wreak havoc. Take the time to educate everyone involved in an organization’s digital activity on the specific risks they pose, and protect everyone’s actions and assets by ensuring all vendors adhere to cybersecurity best practices and company-wide policies, invest in basic cybersecurity tools and implement comprehensive cyber insurance.

Insurance companies are at a crossroads. They have unprecedented opportunities to transform as consumers become increasingly digital-centric and demand seamless, personalized experiences, but they have historically been slow to adopt new technologies due to the conservative preferences of traditional customers as well as limitations of legacy infrastructure.

Organizations are beginning to invest in new technology to deliver heightened and highly curated experiences for digitally inclined policyholders. At the same time, they’re navigating the regulatory jungle to ensure end-to-end compliance. For example, at TCS we recently helped transform the contact-center experience for a large insurer using a combination of voice to text (V2T) and AI to help deliver next-best-action and next-best-offer services in real time. An agent who receives a call gets a 720-degree view of the customer, interaction history and top two reasons for the call within seconds—all before the call even begins. Upon answering the call, the agent can see a real-time transcript of a customer’s voice, is informed if the customer is happy or unhappy based on tone analysis and more. AI is also used to prompt the agent with contextual next-best offers. This provides the customer with unparalleled customer service and improves the quality of work and agent experience, as well. Successful digital transformation for insurers relies on their level of investment in four broad business behaviors of Business 4.0. They are: AI for actuaries (unbiased risk modeling); intelligent bots for brokers and customers; prediction and prevention of claims (through connected ecosystems); and balancing both traditional and usage-based pricing and underwriting (exponential addressable market). In fact, recent studies have shown that the banking and financial service industry (which includes insurance organizations) has more leaders in Business 4.0 digital transformation than any other industry. See also: And the Winner Is…Artificial Intelligence!   When it comes to bringing innovation to life, it’s no surprise that a key driver of this change is adoption of artificial intelligence (AI) throughout the lifecycle of the insurer-customer relationship. AI enables optimization and hyper-personalization at every stage of the relationship—from prospecting and planning, to customer service and beyond. A recent study shows that 70% of insurance providers in North America have already begun investing in AI. But AI is only as useful as the quality of data it receives. Therefore, other technologies—specifically V2T—are integral to aggregating the data needed for meaningful AI innovation in the insurance industry. Going Back to the Basics V2T provides both the agent and the customer with convenient, time-saving alternatives to traditional conversational interactions. On the provider side, V2T can take prerecorded voice notes and organize them as text emails to be sent instantaneously. Additionally, insurers can use V2T capabilities to prioritize all inbound inquiries from customers without having to listen to every call. But where V2T innovation begins to set itself apart, is when AI is used in parallel to V2T technology—bringing actionable data aggregated from V2T interactions to life in groundbreaking ways. Identifying and Targeting Experience Gaps Customer service capabilities are judged by the efficiency and accuracy of their responses. AI enables insurers to identify trends among recurring service requests and complaints—allowing them to produce templates for new solutions and capabilities that bridge these experiential pitfalls. Likewise, if insurers notice trends among customer service interactions that are relative to a specific product bundle, they can reshape product offerings to reflect customer preferences, driving long-term satisfaction and enhancing brand affinity. Whether it be in quality, pricing, CRM, user experience, etc., V2T provides AI with the necessary data sets to pinpoint areas for strategic investment. Pinpointing Potential Growth Areas V2T data isn’t solely beneficial for reactively fixing experiential problems. V2T-enabled AI will let insurers identify trends among prior V2T transactions to predict what technological innovation might increase customer satisfaction by understanding the attributes that customers appreciate about their insurance-related interactions. See also: Innovation: ‘Where Do We Start?’   For example, if an insurer realizes that most customers prefer to host agent-to-holder interactions online, then the insurer can develop digital tools to make other, more traditional aspects of the business a digital-first experience. V2T and AI are tightly knotted. V2T is essential in gathering data while AI is integral in successfully processing it. Both are necessary in providing insights and influencing key business decisions, especially when it comes to customer experience. Customer preferences for researching and buying insurance policies will continue to evolve – and possibly fragment even further – which means there can be no cut-and-paste solution. For instance, recent studies have shown that young adult consumers prefer in-person interactions when purchasing homeowners insurance, but prefer online interaction for auto and renter’s insurance. AI weighs the checks and balances of these behavioral complexities and generates intelligent solutions to best meet the needs of all existing and future customers. Through V2T data aggregation and AI integration, the possible solution-based outcomes are limitless.

On Jan. 1, 2001, it would have been beyond human ability to predict, with precision, most of what has happened in the first 20 years of the 21st century. Certainly, no one was expecting that following September to dramatically alter the geopolitical landscape of the world, nor was anyone expecting the U.S. to use UAVs (unmanned aerial vehicles) to eliminate targets, terrorist or otherwise. Perhaps more crucially, though, people were not expecting to have a substantial chance of having the security of their lives drastically diminished over the course of the following 20 years due to hardware and software engineers, some of whom were “dark knight” software engineers, hackers. However, more than any other occurrence since the start of this century, the cyber realm has, and will continue to have, profound impacts on nearly every aspect of our lives regardless of where we live globally. It is only fitting then, as we review the lessons we have learned, to examine their inextricable links to and impacts on cyber liability and technology E&O. Let us start with some numbers. Of breaches that have compromised 30,000 records or more, there have been at least 266 since 2001. Each year since 2001 there have been no fewer than 13 such breaches. In 2014, the global average cost of a data breach was $3.5 million. Today, the number stands at $3.9 million, based on an average records size of approximately 26,000. In the U.S. in 2018, the average cost of a breach was $7.9 million, and today it stands at $8.2 million. According to a 2001 CSI/FBI Survey, the aggregate loss for firms reporting data that year was close to $456 million. For mega breaches, the cost of losing 50 million records in 2018 was $350 million; this year to date it stands at $388 million. Essentially, two mega breaches today would likely equate to all of the losses that were sustained in 2001. In 2014, cybercrime cost the world economy at least $400 billion, and today the figure stands at $600 billion. Calculating the cost of any breach with exactitude is difficult, but the above figures are reasonable cost approximations. Certainly, it is clear from the information available that the cost of a data breach is significant. More concerning is that there is no foreseeable future in which the cost of a breach decreases. The future is also bleak where the amount of unwanted system intrusions is concerned. After all, as the cost of doing business in countries like China and India increases, those increases will have a direct upward correlation with the cost of data breaches. Furthermore, the number of people on this planet continues to rise, as does the number of devices connected to the Internet. The passage of privacy laws, like the General Data Protection Rule (GDPR) in the E.U. bloc, will also force the cost of data breaches upward. The numbers are rising in multiple ways, and they are not in favor of cyber liability and technology E&O insurers or their clients. Despite the staggering numbers, cyber breaches are treated with an uncommon tolerance. If San Francisco, New York City, London, Dubai, Singapore and Hong Kong all lost power for seven straight days each year, then the energy providers to those areas would be lambasted and perhaps face new, more reliable competition. However, despite all the damage that hackers are causing, not enough resources are being put into place to prevent the next cyber breach. The mega cyber breach of Capital One in 2019 would seem to validate this conclusion. We have also learned that the rule of law is far less bothered by data breaches than other types of incidents. After the sinking of the Titanic in 1912, governments and shipbuilders enacted major changes to try to ensure that such a disaster would never happen again. After the 1956 sinking of the SS Andrea Doria, training was mandated on the use of radar and a change to radar screens was required. Shipping accidents are now rare. Governments forced changes in the design and operation of nuclear reactors after disasters at Three Mile Island (1979) and Chernobyl (1986), and worldwide energy companies got the message. In contrast, each year since 2005 has included at least one major to moderate data breach somewhere. Some years, like 2013 and 2014, saw at least three major data breaches. Often the worst penalty the exposed organization faced was not levied by any governmental agency but by a private organization like American Express or Visa. (The E.U. has the strongest and most exacting data privacy legislation. The state of California also has admirable privacy laws. Elsewhere, strong data privacy laws are the exception.) Perhaps one of the most shocking aspects of the first part of the 21st century is the lack of accountability in the private sphere for CEOs, boards of directors and other senior individuals. If an entry-level employee were to take a photograph of a client’s banking records, even by accident, that would be more than enough for dismissal. The employee could even face civil and criminal penalties. In contrast, in the aftermath of the June 2017 NotPetya attack on the international shipper A.P. Moller Maersk, its CEO was not dismissed nor was he criminally charged even though the attack on Maersk cost the organization no less than $300 million. The CEOs of Marriott International and Target also retained their positions despite the data breaches those organizations suffered in 2013 and 2018, respectively. When a director or officer can neglect the legal duty of care owed to an organization, then the profitability and even the continued existence of the organization is at risk. Such failed diligence constitutes gross negligence! There is an interesting communication pattern with regard to data breaches as evidenced by Target (2013), Equifax (2017) and Capital One (2019). In this routine, a statement is released by the CEO. The CEO says how she or he understands that the company’s clients may feel frustrated or worried that their data is now in the public domain. Then the CEO expresses a bit of remorse for the breach. Finally, the CEO says that dutiful action will be taken to get to the bottom of things. Next comes the public outcry over how an organization, especially a large one, could be so irresponsible as to not screen its sub-contractors and segment its network (Target), or how an organization could be lax in its security standards, especially as they concern software patches (Equifax). Usually, the numbers of afflicted customers creeps up over the next few weeks, as was the case with DSW Shoes (2005), LexisNexis (2014). Or, as in the case of Maersk, the severity of the damage done becomes fully apparent over the course of days and weeks. By the time the last of the initial steps occurs, which is the providing of identity theft protection, clients are so numb with pain that the “freebie” of identity theft protection provides next to no solace for the clients. Still, to this day in the U.S. and many other countries, there is nothing on a national or multinational scale that compares with the E.U’s GDPR to help prevent data breaches and make it clear to organizations what the penalties are for inappropriate security standards. Another setback is the continued lack of recognition of how the data breach landscape changes with different attacks, or a severely delayed response to that change. To this day, many people are unable to appreciate how much side-channel attacks at the CPU level have altered the landscape, especially because more side-channel attack possibilities are being realized. When Stuxnet was made public in 2010, it forever changed the cyber breach landscape because it meant that every organization in the world could not only suffer damage in the cyber realm but that computer and networking systems could physically be damaged by a worm or virus, as well. WannaCry and NotPetya (the enhanced Russian strain) have NOT struck so much fear worldwide that organizations of every size are now only using variants of Windows 10, MacOS 10.15 or Fedora version 30. To this day, there are multi- national corporations that have not upgraded to Windows 10, even in the financial services sector. This is not even counting the damage of election interference in the U.S. in 2016 and the political fallout that is still afflicting the U.S. Also uncounted are the ways social media can be corrupted to negatively influence people. It certainly is possible to continue to list advances in breach technology that have altered the cyber landscape, but suffice it to say the ways in which a breach can occur and the sophistication with which it can happen since 2001 have significantly eroded the security of most people on this planet. Today, for a majority of people around the world, our health, financial, and even electronic identities are all compromised to varying degrees, and our privacy or collective societal independence has further been eroded by companies like Cambridge Analytica. There are two areas of further concern in the professional sphere, and these segments have grown less secure since 2001: medical data and servers that form the data backbone of organizations. Each year, more and more medical data has been put online, whether by primary care physicians, pharmaceutical companies, insurance companies or other private sector organizations. The vast amount of medical data that has been put online, though, has been done with a focus on ease of access without a similar regard for security, as evidenced in the consistent rise of medical identity theft since at least 2010. Sometimes, the information comes from a large-scale hack, like that of Anthem (2015), and sometimes it comes from a smaller one such as that made on Sutter Medical Center (2011). On the server side, the hack of Capital One is a reminder that cloud-based data is not beyond the reach of unauthorized users. Furthermore, Spectre and other side-channel attacks on CPUs continue to chip away at the safety of the cloud, as does the illicit alteration to products from a company like Supermicro. We are clearly not safer, overall, today than we were in January 2001, despite the rise of cybersecurity firms and cybersecurity technology. lt would be misguided to say that nothing has been done to advance our cybersecurity in the first 20 years of this century. Perhaps our biggest advantage in this century was the creation and success of cybersecurity firms, especially ones that publicly call out bad actors. Today such firms can offer a sorely needed layer of protection in the fight to defeat a cyber breach, and this layer can often be updated each day to account for the knowledge the cybersecurity firm gained in fending off attacks from its various clients. Advances in quantum encryption are also allowing nearly impenetrable discrete communication even over long distances. Internet browsers, like Chrome, are forcing organizations to have valid and up- to-date security certificates. Otherwise an organization risks being labeled as dangerous to online users. Private sector competition between internet browser makers is helping to advance the creative effectiveness, from a security standpoint, with which internet browsers are created. Similar competition in the cloud segment is also helping to ensure safety. When the Capital One breach was announced, Amazon was quick to point out that there was no indication that its AWS cloud had been breached, as well. We also have two-factor authentication for securing our e-mail and even our mobile devices. Card issuers, at least in the U.S., have finally moved almost entirely to cards with chips built into them. Now card users have a more secure method of making a payment than with the magnetic strip on the back of the card. On a much larger scale, Apple Pay, Samsung Pay and contactless technology built into credit and debit cards have been introduced over the past 10 years. They have made POS purchases much safer and easier today compared with 2001. 2016 saw the first mature version of the payment card industry data security standard (PCI DSS) framework, which helped to encourage merchants to install firewalls, segment networks and only retain credit/debit card information when necessary. Furthermore, financial firms often provide the option for a client to be notified in the event of unusual activity on a card or when a large purchase is made with a credit or debit card. Ultimately, despite all of the cybersecurity advances, the cost and number of cyber breaches has gone up consistently since 2001. Moreover, the ease with which societies and the rule of law accept such breaches remains high. Even today, CEOs are rarely held responsible, legally or otherwise. Furthermore, people and organizations of all sorts fail to understand how the cyber landscape changes on a continuous basis, and that failure reduces the responsiveness to the altered terrain, which consequently increases the chances of yet another cyber breach. Globally, almost all of us bear scars in one form or another due to the damage that our lives have suffered over the course of the past 19 years. Time and again, governments have failed to protect their citizens, and organizations often grasp for cybersecurity without the knowledge of what true cybersecurity is. However, even from this grim landscape we can find hope, direction, and ultimately a reliable path forward, such hope lying with cyber liability and technology E&O insurers.

The combination of artificial intelligence (AI), robotic processing automation and predictive data analytics is fundamentally redefining how businesses operate, how consumers engage with brands and, indeed, how we go about our daily lives. The field of insurance is no exception. Outlined here are three ways smart technology is affecting insurance, with a focus on identifying lessons learned and defining specific keys to success. Back Office Robotic Process Automation The impact of rules-based robotic process automation (RPA) on insurance operations has been well-documented. RPA tools are driving efficiency and productivity gains in generic back-office functions such as F&A and HR, and insurers are tackling processes related to claims administration and account management. One key challenge is scalability. In many cases, concept initiatives have failed to gain traction, resulting in isolated pockets of automation that yield limited benefit. In others, overly ambitious enterprise-wide projects struggle with boil-the-ocean syndrome. A well-defined center of excellence (CoE) model that develops and documents best practices and then propagates them across different business units has proven effective. Another critical lesson has been the importance of CIO involvement. This was lacking in many early RPA projects. For one thing, because RPA tools focus on process and business functions rather than programming skills, CIOs often weren’t interested. Business unit heads, moreover, feared that CIO involvement would lead to bureaucratic logjams and derail aggressive adoption schedules. Practice has shown, however, that CIO oversight is essential, to avoid both general shadow IT problems as well as specific interoperability, stability and security issues related to RPA functionality. See also: Using Technology to Enhance Your Agency   Leading early adopters have also continually pushed the envelope of automation levels. In a claims processing environment, 70% of claims may be simple and straightforward, and therefore ideally suited to an RPA application. At the other end of the spectrum, 5% to 10% of claims are complicated and unusual, and therefore require a human’s expertise and judgment to evaluate. While doable, automating these complex outlier claims isn’t cost-effective. The challenge then becomes to focus on the remaining 20% to 25% of claims. By analyzing the frequency of different types of claims, insurers can identify cases where the time and effort needed to configure a bot will yield a return. Applying Cognitive Capabilities to RPA RPA has delivered impressive benefits to insurance operations in terms of cost reduction, accuracy and auditability. That said, the tools are limited to the specific if/then rules they’re configured to follow. If a bot encounters a scenario that doesn’t align with what it’s been taught, it gets stuck. More advanced cognitive systems apply pattern recognition to analyze unstructured data to identify key words and phrases in context. This promises to take insurance automation to the next level. While an RPA bot can extract a specific piece of data such as a policy number from a specific form, it can’t interpret underwriting rules or aberrations from a form on which data is unstructured and organized differently. A cognitive application, meanwhile, can scan documents of various types and formats and apply machine logic and learning to identify relevant data in spite of discrepancies in how the data is structured or presented. This allows people to focus on policy/claim exceptions rather than formatting issues. More specifically, by injecting cognitive applications into operational workflows at key “intelligent gates,” insurers can more easily identify aberrations in unstructured data and highlight the policies and claims that require further human involvement. IoT, AI and Insurance Underwriting The combination of Internet of Things (IoT) and artificial intelligence will have perhaps the most transformational impact on insurance. By deploying networks of smart, connected IoT sensors, insurers can collect and analyze volumes of data at the point of critical business activity. Leveraging the pattern recognition and predictive analytics powers of AI, meanwhile, creates insights that insurers can use to refine actuarial tables and improve the rules of underwriting. Consider these examples:

• Sensors in vehicles ranging from commercial trucks to passenger cars monitor and document speed and driver behavior. Insurers can analyze data to calculate accident probabilities of safe vs. risky drivers over time. Based on those calculations, premiums could be adjusted. Smart sensors and cameras can also detect drowsy drivers or erratic behavior, triggering alarms.
• Smart home technology that monitors suspicious activity and automatically shuts off water pumps in the event of a burst pipe can lead to lower homeowner policy costs, particularly for premium coverage such as insuring valuable artwork from theft and damage.
• Pharmacies that store and transport medicines can deploy temperature and humidity monitors to ensure that supplies stay within required guidelines. Reducing the risk of tainted medicine reaching consumers could reduce liability risk.
• Smart video analytics can determine wear and tear of roofs, oil pipe damage from foliage and animal migration and levels of water and soil contamination. Such insights enable corrective action before catastrophes strike and reduce the level of unforeseen risk for underwriters.
• By monitoring pressure or fluid flow in an oil pipeline, sensors can trigger shut-off valves if limits are exceeded, thereby preventing costly environmental damage.

Innovative insurers are exploring how to deploy these capabilities into policy formulation. For instance, customers who adopt the technology could qualify for discounts. (Given the privacy issues surrounding driver monitoring, the voluntary aspect would seemingly be critical for auto insurance policies.) Another option: Insurers team up with technology partners to offer smart sensor services, thereby helping policyholders while creating revenue streams. See also: Smart Home = Smart Insurer!   The combination of sensor array and intelligent technology is refining underwriting and claims payment. Insurers can tune actuarial tables and pricing models to cover potential losses before they occur, as well as avoid incidents by advising policy owners to take corrective actions. In other circumstances, sensors can take action on their own. Ultimately, these capabilities will enable insurers to fundamentally redefine their operational and customer engagement models.

Self-learning machines and intelligent sensors will radically change the insurance industry of tomorrow. Insurance companies will only be able to tap into the full potential of digitization if they abandon their old processes and ways of thinking. Here are four theses on how the insurance of the future will differ from the insurance of today. Tomorrow's insurance is digital More and more people in Germany are online today; and this behavior is also reflected in customers' expectations of insurers. The days when printed insurance documents filled entire filing cabinets are over. Rather, today's customers expect to be able to access information and services anywhere, anytime and at the touch of a button. More and more insurers are relying on online sales channels, chatbots and digital language assistants to help customers 24 hours a day. Insurtechs are one step further: They already offer insurance products that are completely operated via smartphone. Claims can be easily reported via app and data, and insurance coverage can be changed and managed in real time. Standardized cases can already be processed automatically - with payments often on the insured person's account 24 hours later. This trend will continue. Simple claims will then be settled within minutes; For complicated claims, it will be possible to check the status online - just as customers can conveniently track parcel delivery via smartphone. In this way, customers will benefit from a vastly improved insurance experience. Tomorrow's insurance is data-driven Companies such as Amazon, Google and Netflix are proving that data is the currency of the future. Those who know the needs and behavior of their customers can offer better products and services. Insurance companies also have an important peculiarity: The product itself is based on probability calculations and empirical values, i.e. on data. Until now, tariffs have generally been calculated on the basis of a small amount of data, usually older data. However, the more data an insurer has on the life situation and behavior of its customers, the more it can refine risk profiles, reduce the fraud rate and adjust prices in a targeted manner. In short: If you have more data, you can change the core of the product. See also: How Robotics Will Transform Claims   This benefits not only insurers but also customers. Those who pay their bills on time and are classified as trustworthy on the basis of certain criteria could receive cheaper premiums and have their claims reimbursed quickly and easily. The conclusion of a contract itself is also massively simplified by data. Anyone taking out life or disability insurance usually has to answer a long list of questions. Providers are already experimenting with so-called Smart Underwriting. Applicants are asked a few basic questions and a few supplementary questions tailored to their individual needs. The result: Clients without health restrictions can complete the risk assessment in just a few minutes; the others receive in-depth questions based on their information. All in all, the entire risk assessment process is faster. The insurance of tomorrow is forward-looking The insurance of tomorrow will not only regulate damage but will not even allow it to occur. With improved data, it will not only be possible to calculate the probability and amount of loss more precisely. Possible damage can also be prevented by digital systems and sensors. In industry, this is referred to as predictive maintenance. The principle is simple: Technical systems are maintained and repaired in such a way that expensive production down times do not occur in the first place. Predictive maintenance is not new -- the wear and tear of components or machines could already be predicted well in the past. However, digital systems analyze machine functions and production processes in real time and immediately detect errors or deviations. This approach can also be used for private risks. Sensors on the washing machine report as soon as water escapes. Intelligent smoke detectors automatically alert the fire brigade. The evaluation of weather data could help to warn people of storms or natural disasters in time to protect travelers from dangers. In addition, the insurer could try to reward customer behavior that counteracts certain risks. Some health insurers, for example, reward a healthy lifestyle and subsidize preventive measures such as sports or vaccinations. Telematics tariffs in motor vehicle insurance are already moving in this direction by promoting a prudent driving style. See also: Pricing Right in Life Insurance   The insurance of tomorrow is holistic Thanks to digitalization, it is also possible to develop offers that are better-suited to customer needs - away from standardized and inflexible policies. If the insurer can better assess the customer's needs on the basis of the customer's history or behavior, it is in a position to put together tailor-made insurance packages. In the long term, insurance will therefore become increasingly holistic: While in Germany every resident over the age of 18 has an average of six insurance policies, in the future people will only have one risk partner covering all the risks in an individual policy. Just as people nowadays put together their breakfast individually in a restaurant, they will also choose their insurance cover from various modules. A father of a family who like to holiday on the North Sea and go mountain biking would then have a different service package than a father of a family who prefer to holiday in the Mediterranean and climb once a year in the Alps. Conclusion: From a guide folder to a smart insurance app Tomorrow's insurance will be a digital companion that understands customers and their needs. Digital use via smartphone and personalized insurance cover will become the norm. Intelligent digital systems will draw customers' attention to risks, point out suitable countermeasures and help prevent damage in the first place. And if the customer's life situation changes, the insurance cover will adapt automatically -- without the need for any human intervention.

Southern Californians found themselves earlier this summer dealing with some of the largest earthquakes and aftershocks to hit the area in 20 years. Although the earthquakes weren't devastating, they did serve as a reminder about earthquake insurance and whether its cost, high deductibles and exclusions make it the best route to go to protect your home or business. Following the quakes, which included nerve-shattering aftershocks, questions and confusion abound, particularly on the subject of insurance. Many believe inaccurately, state Insurance Commissioner Ricardo Lara would later emphasize, that a moratorium had been placed on all new earthquake policies. "While we have Californians' attention, insurers should not create barriers to homeowners or renters who want to protect their assets from earthquakes," Lara said, promising to send notices to insurers reiterating that the standard 15-day waiting period for coverage after a seismic event in no way means they should decline to write new policies. And there is plenty of interest. Glenn Pomeroy, CEO of the California Earthquake Authority, reported traffic to the not-for-profit’s website had increased tenfold since the earthquakes. See also: Preparing for the Next Big Earthquake   But the vast majority of California residents — 87% statewide, according to the California Department of Insurance — don't opt for earthquake coverage. The number with insurance rises to only 20% in Los Angeles and Orange counties. What gives? The answer most often lies in the deductibles, says Consumer Action, a San Francisco-based education and advocacy nonprofit founded in 1971. Simply put, combine modern building codes with the fact that you would have to suffer catastrophic home damage for a policy to kick in, and the odds are probably in your favor without insurance. "Even on the West Coast, earthquake insurance is not for everyone," Consumer Action spokeswoman Linda Sherry says. "It can be prohibitively expensive and come with large deductibles." High cost, large deductibles put coverage out of reach For example: If a $500,000 home with a replacement value of $300,000 was struck by a quake, you'd have to cough up $45,000 to meet a 15% deductible. That's a lot of earthquake damage before the policy would help. Throw in the fact that many California residents have little if any equity in their homes after the housing bust, and it would be tempting to walk away from a mortgage if such a calamity occurred. Ultimately, whether to opt for earthquake coverage is a case-by-case and individual budget decision, Sherry says. Rather than spend money on extra insurance, some homeowners invest it in a preventative approach — reinforcement bracing and securing homes to foundations. A "brace-and-bolt" program administered by the California Earthquake Authority has thus far distributed grants of up to $3,000 to retrofit more than 5,000 high-risk houses built before 1979. "After the Napa earthquake, I saw quite a few houses that slid off their foundation," California Earthquake Authority Chief Mitigation Officer Janiele Maffei says. "A brace-and-bolt retrofit beforehand could have made the difference." See also: A Troubling Gap in Earthquake Coverage   A retrofit typically costs $3,000 to $7,000, according to the CEA. Hazards to people come mostly from man-made structures, and the Federal Emergency Management Agency says many injuries can be prevented by securing tall or heavy items, such as appliances, with nylon straps or closed hooks, moving them away from beds and seating and making sure gas appliances have flexible connectors to prevent fires. This article was originally published on insurancequotes.com.

A few years ago, it was estimated that in a normal day another 127 devices are connected to the internet each second. This trend toward an Internet of Things is growing exponentially. Many global insurance companies are working on integrating IoT-based services into their insurance offers. Unfortunately, how to use this technology has been largely misunderstood. I’ve been lucky to work with some of the few players that have been successful in their usage of IoT. Through traditional distribution channels, these players are selling products that are bundles between insurance coverages and IoT-based services. Many have been able to get the service paid for by the policyholders, according to research by the IoT Insurance Observatory, an insurance think tank that has aggregated almost 60 insurers, reinsurers and tech players between North America and Europe. Those that have managed to develop a product with a portfolio of a significant size and considerable penetration have had a very specific approach. They first use interesting storytelling about successes that justifies additional fees. This is the case with car telematics in Italy and with the South African Discovery Drive, which represent global best practices in terms of telematics use in auto insurance: The customer pays an annual fee for telematics-based roadside assistance and a range of other services.

  Sharing Value With Clients All the insurance products that have succeeded with an IoT approach share economic value with customers. See also: 3-Step Approach to Big Data Analytics   In auto insurance telematics, for example, data is needed to provide assistance, to provide traffic information and to find a car. This data can also be used to manage claims better and avoid fraud, to influence the customer’s driving style or to establish more accurate pricing. On top of that, if you focus your storytelling on some tailor-made services, you can encourage lower risks to select your product. All these elements – I call them five value-creation levers (fees for services, loss control, change of behaviors, risk-based pricing and risk self-selection) - boost profits. All the successful products have shared the value with policyholders through discounts, rewards, cash back…. The same is going to happen with homeowners insurance.

  Dynamic Pricing on the Basis of Behavior In the life sector, the discourse is different. The IoT Insurance Observatory mapped more than 20 initiatives over the course of 2018, and there are more failures than successes. However, there is a best practice that has managed to integrate data from wearable devices, with contextual data on customer behavior that is collected in a variety of ways. This best practice is the South African Discovery. They have created life insurance products where the client's price increases year by year as a result of age, but could stay stable or even decrease if the customer's physical activity is sufficient. A U.S. company has implemented a process where a customer who requests a quote finds the option to share the data he has collected on his physical activity, to obtain a personalized offer. Commercial Lines Still at an Experimental Level Many successful IoT-based approaches in personal lines can be applied to commercial lines. However, applications are still experimental. I expect these experiments to end in complete IoT insurance products in the U.S. before Europe, but it will take a few years before significant portfolios are created. The most interesting experiments are in workers’ compensation and commercial property. In the world of SMEs, it will be necessary to specialize by sub-sector: It is one thing to talk about schools, another about residential skyscrapers and yet another about offices. Another area with potential is manufacturing, because of what is being called Industry 4.0. This megatrend is not yet mature, but some members of the IoT Insurance Observatory are scouting 4.0 technologies. The need for installation and tailoring of the technological and service components on the premises of a company will be a key. The World of Ecosystems The largest international insurance groups are closely monitoring ecosystems. As of today, IoT usage is sold as a closed option: The insurer chooses its own black box, the set of sensors, the app or the specific wearable items and obtains the data necessary to optimize its own use cases. To understand how an insurer could interact with emerging ecosystems is a key issue that will be addressed in the coming years by the IoT Insurance Observatory. I think that, rather than imagining which insurance product to offer, the first issue to address is how to sell customers products related to offers that come from the ecosystems. See also: The Dazzling Journey for Insurance IoT   Insurers cannot stop the IoT megatrend. They can only decide to leverage this data or to ignore it.

Celebration of International Women’s Day 2019 in March highlighted both how far we’ve come in the past year and how far we still have to go. CNN published an article quoting the World Economic Forum's 2018 Global Gender Gap Report as predicting that it will take 108 years to close the gender pay and opportunity gap, and pointing out that companies wanting to create a gender-diverse workforce need to make big changes. Last month, that number was updated to 204 years. The insurance industry might substitute any number of goals/initiatives in the paragraph above, as the slow pace of urgent and necessary change has become a hallmark of the behemoth industry. Innovators are jumping up and down, having convinced enterprise companies of the need for big changes, but not making progress quickly enough. Some even question whether industry giants will survive or die in the next phase of the marketplace, giving birth to a cottage industry of companies selling innovation services. Re-creating the workplace to optimize the value of men and women working together in leadership is itself innovation and will not succeed until it is treated like a business imperative rather than a social cause. Perhaps the single most relevant pillar of innovation is the understanding that one cannot generate new ideas from the old mindset. “Stuck in the weeds,” “in the quagmire,” you name the cliché, the concept applies. Innovation requires people to let go of entrenched beliefs and push through boundaries to reposition in a new perspective. Sometimes just a small shift can make a huge difference. From this new perspective, thought leaders emerge who can create a culture of innovation within an organization, even a really big organization. See also: 3 Keys for Building Women Leaders   Women face a number of particular barriers in the current mindset. Just to name a few, recent research shows:

• Women (in general) are afraid to speak up and afraid to take risks. The consequences of failure for women are much harsher than for men;
• Women are afraid to share their ideas, even when one might be a breakthrough, because their colleagues are not listening or will take the idea and make it their own;
• Women feel more isolated the further up the organization ladder they climb, both because there are few women at their level and because they feel cut off from women at other levels;
• Women and men don’t like it when women step out of gender stereotypes. Being liked is important to women, which amplifies the effect of attacks that result from breaking away from traditional gender roles. This is sometimes called “unconscious bias,” but is a powerful barrier for many women regardless of how it’s labeled.

All of these barriers have a chilling effect on innovation. When women step back, companies (and the world) lose 50% of their population of thinkers. When women step back, a much larger percentage of relevant expertise is lost for efforts to innovate. A mindset shift, a new perspective, is necessary for men and women; the results will be amazing. The recent explosion of effort to bring women together and to change the way women fit into the world is evidence enough of a strong desire to make change. The lack of progress is just as strong evidence that women don’t know how to make change happen. Stuck in the status quo, facing the same barriers day by day, women do not know how to change their circumstances and how to create the environment in which we are truly listened to and our ideas truly valued. What we need as a first step is a mindset shift, a way to free women from the ties that bind them to old ways of thinking. Anecdotally, successful women executives tend to agree on a few structural requirements before they would change their mindset:

• A safe environment. The last thing women who have “made it” want to do is highlight that they are women. Participating in an innovation project regarding gender diversity at work does not feel safe. A third party or outside forum is necessary;
• They need to be with other women to find common ground and shared experiences. Deciding to leave her comfort zone (the status quo) and jump the abyss without knowing what’s on the other side is HARD and is deeply personal for women. Being in the company of other women who can be trusted to keep shared stories confidential is critical;
• Women need a common language and a common mindset as a foundation for innovating and re-designing the workplace; Few women are in top leadership roles, so expanding the scope of who should come together itself requires a break from the status quo. Women from different companies, industries, job titles and ages must come together to learn a common language and share a common mindset.
• Like any innovation project, changing the workplace to better use the strengths of women in leadership requires an open mind and a willingness to abandon old beliefs and create without boundaries. Like any innovation project, the change requires dedication of resources, clear measures of success, sponsorship from top leaders and a safe environment for new ideas.

See also: How Diversity Can Stoke Innovation   Unless organizations commit themselves to addressing the creation of the workplace of the future as a pressing business imperative rather than a social cause, this, like other innovation projects, will stall. If you want to engage in conversation, if you want to explore how women can move forward, breaking through the tangles and making transformational changes for themselves and those around them, we would like to talk with you. Please reach out to us or check our website at www.hightidesgroup.com.

Participating in a panel last week in Orlando at the WCI360 event brought into focus two ideas about innovation in insurance that aren't understood fully enough yet. One is that workers comp will lead the way, because innovation can happen in so many more ways than is true for other parts of the insurance industry. The second is that many of the innovations won't occur in what we have come to know as insurtechs.

That second point may be the harder one to accept. We're in the insurance industry, so we view innovation through an insurance lens—but that doesn't mean our customers do. Kodak executives thought customers loved physical prints in yellow boxes as much as the executives did and now probably reminisce about the good old days by texting photos of themselves and their families to each other.

Just talk to the risk managers who were part of the panel that Chris Mandel of Sedgwick moderated at the 74th Annual Workers Compensation Educational Conference and the 31st Annual Safety and Health Conference, which brought together professionals from around the world at the largest workers comp conference. Soubhagya Parija, chief risk officer at New York Power Authority, and Brad Waldron, vice president, risk management for Caesars Entertainment, are innovating hard—but not through insurance. While many risk managers still see theirs as largely an insurance function, Parija and Waldron would rather eliminate the risks than tie up capital for them.

Waldron opened more than a few eyes when he said that, because of the sort of spectacular entertainment that Caesars does, "On any given week, I have to quantify the risk of some guy pancaking on a street in front of our marquee performing a 30-story BASE jump, then complete the same risk analysis for two motorcyclists jumping through a 40-foot ring of fire indoors." He'd much rather ensure the safety of the performers, even though, he said, "I realize most of the people in this room are from insurers."

Parija said NY Power is strategizing on how to provide vehicle owners incentives to dramatically increase the number of electric vehicles so that this utility giant can temporarily store power in the cars—not exactly an insurance-based approach to risk management. NY Power is also embracing new technologies that reduce injuries for line workers as well as those performing other high-risk tasks.

While insurers are innovating on traditional issues, such as getting an injured worker back on the job as quickly and empathetically as possible, risk managers such as Waldron and Parija are focused on getting rid of injuries/loss events entirely.

In thinking about innovation, workers comp insurers need to cast a far wider net than in other areas because of my other point: that innovation can come from anywhere. Consider robotic fish. Yes, robotic fish. Risk managers at Whole Foods, with a non-insurance focus, jumped in as early adopters of robotic fish from Aquaai Research to provide aqua farms with the option of keeping divers out of dangerous situations in North Atlantic salmon farms. Worker injuries dropped 85% for two consecutive years.  This example is particularly relevant as an open opportunity for an insurer. (Send me a note at the email below, and I'll provide details.)

Auto insurers know they need to track developments in driverless technology, but they don't need to worry about advances in genetics or exoskeletons. Workers comp insurers need to track all of the above—and a whole lot else besides.

Our Innovator's Edge data base tracks some 35,000 early-stage efforts, roughly 11% of which are insurtechs. These are the startups attacking problems that are recognizably about insurance and are the core of what most insurers need to track; for workers comp insurers, these companies focus on issues such as rating and recovery. But workers comp insurers may be affected by just about all of that remaining 89%, too. They have to think not just about insurtechs but also about what might be called risktechs, companies that are changing the nature of risk itself. Risktechs manage risk through prediction and prevention, cannibalizing the loss itself, or significantly extending the time before an inevitable loss.

Here is a table showing the number of early-stage companies in Innovator's Edge by categories aligned with the current model of insurer-based workers comp:   

CLAIMS MANAGEMENT	95
FUTURE OF WORK	47
HEALTH AND WELLNESS	396
SAFETY	953
TELEHEALTH	61
WELLNESS	835
WORKERS COMP	36

Source: Innovator's Edge

 

 

Risk managers who aren't looking through an insurance lens are asking, "What if we could…?", and they may just get their wishes through robotics, life sciences or any number of other innovations in the categories listed above. So, workers comp insurers had better be asking those same sorts of questions, based on the whole panoply of innovations that may come from the full list of 35,000 early-stage companies we are tracking, spanning 173 countries.

At the moment, most insurers are not. I've been inside eight major workers comp carriers making presentations to boards or corporate leadership teams. Only one is gearing up to prepare for a world where the nature of risk has changed.

After the panel, three attendees approached Waldron and me and posed a tough question: "How do you get existing companies to grow their appetite for risk and innovation?" Waldron responded: "I knew how our organization approached managing risk, and everyone knew we were struggling. I went to our corporate leadership and challenged them to eliminate as many rules of the road as they could. We needed a new rule book."

When customers are offered a choice between expedited recovery and eliminating the need to recover, they will have been provided a new rule book, insurers had better get one, too.

Guy Fraker
Chief Innovation Officer

Let’s take a brief trip down memory lane. In days past, whenever consumers wanted to make a major purchase—say, for a large appliance or the latest electronics—they had to leave the house and visit their local retailer. If they were concerned about the well-being of their new investment, they’d add a warranty plan once their transaction was complete. If something with their new fridge or stereo system went wrong, they’d need to pick up the phone to schedule a service visit. Things have changed. Let’s take a look at just how much technology is influencing purchasing habits and changing the warranty experience for consumers, retailers and providers. Click for Coverage Today, when consumers need to make purchases both big and small, they’re often opting to make them online. For big box retailers, incorporating additional warranty protection on their websites to accompany those purchases is no sweat; they’ve got the capability and budget to do so. But what about smaller retailers? According to a report by CBRE Group, about 30% of e-commerce retail is sold by small and midsize companies. While many of these companies might want to offer online consumers the benefits of product protection like their big box counterparts, integrating third-party warranty protection with a retail e-commerce platform can be cumbersome. But some providers have cracked the code and developed apps that allow smaller retailers to level the playing field and easily establish and manage valuable warranty programs. Another technology solution being explored is blockchain. For as long as anyone can remember, returns, warranties and service contracts have required proof of purchase. Blockchain capabilities can eliminate that need by decentralizing record-keeping, so all relevant parties can instantly access a digital proof of purchase, as needed. Innovative companies are already jumping on board and using blockchain to improve industry collaboration, increase customer satisfaction, boost efficiency and reduce prices. Make the Connection As the Internet of Things grows and consumers replace their obsolete, non-IoT devices, the true benefits of connectivity will continue to be revealed. For example, smart home technology will take the guesswork out of claims. Service providers and technicians will no longer be forced to rely on a customer’s diagnosis of the problem, because devices will accurately relay data about malfunctions or damage in real time. See also: How Tech Is Eating the Insurance World   Administrators will be able to better identify issues and potentially help the customer find a resolution via phone or chat, without a service visit. If a service visit is needed, the customer representative can approve repairs and estimate out-of-pocket costs in advance simply by using the data already available. But before the advantages of this new technology can be enjoyed to their fullest, there are some obstacles to overcome. The complexity of connected devices can be a lot to tackle for many consumers. Without the help of a professional, new device setup and network connections can be time-consuming. Recognizing the opportunity for increased customer satisfaction, streamlined processes and lower costs, service contract providers are stepping up their game to offer plans that not only cover repair and replacement but tech support, as well. This kind of 360-degree service plan can help simplify the consumer transition to the fully connected home experience. Go Custom Thanks to the intimate connection to products and data offered by IoT, the opportunity to customize service contracts and protection programs has never been greater. Driven by constant data collection, warranty analytics can be employed to create extended protection plans that categorize failures, identify customers who are most affected by these failures and key in on potential causes. These “intelligent” plans can help determine and customize proper coverage levels guided by each customer’s risk profile. The opportunity to apply the data extends beyond the connected home to products on the road. Now with the help of analytics, the failures, causes and costs that affect drivers most can be identified to help create intelligent protection programs for automobiles. Known as telematics, these systems facilitate the transmission of vehicle diagnostic data. Telematics can record a vehicle’s condition to provide quick, efficient analysis that can isolate an issue before it becomes a real problem. This technology can also simplify next steps by alerting the provider to the issue and directing the vehicle owner to the closest repair shop with relevant parts in inventory. This kind of efficiency can help consumers remedy potentially dangerous and costly situations early on, while also reducing expenses for service contract providers. See also: Common Error on Going Digital   While some may long for the old days, the benefits of new technology offer a chance to look on the bright side. For providers, retailers and customers, advancements have changed the warranty protection experience for the better and will continue to do so for years to come.