The world’s largest sporting event of the summer kicked off (pun intended) in France this month and continues through July 7. According to Reuters, more than 1.5 million supporters are expected to attend the 2019 Women’s World Cup matches in the nine cities hosting the tournament. With record-breaking attendance, the rising popularity of women’s soccer also means an increase in crowd-related risks and the need for a comprehensive risk management plan. To ensure a safe and positive experience for all, host cities and venues must consider risks from all angles and think about how to prevent and respond to potential incidents. The responsibility for crowd safety goes beyond city and stadium officials, first responders and security staff. Members of the public – the crowd itself – also can and should take an active role in ensuring everyone enjoys the event without incident. Risk analysis First and foremost, city and venue officials need to identify and assess risks and have a plan ready to address them. This analysis requires total situational awareness and a thorough assessment of potential vulnerabilities, including everything from how many exits are available at the venue, to what can happen between the stadium and the parking lot, to understanding how crowds typically interact and move throughout the event. This kind of assessment requires thinking about the event in a broader context, beyond the stadium gates and the confines of the match itself. Risks are not limited to the main location or time of an event. Attendees should remain alert before, during and after an event, as well as inside and outside the venue. See also: The Globalization of Risk Management   Total situational awareness encompasses:

• Infrastructure
• Environment
• Crowd/human behavior
• Emerging technologies

Infrastructure Host cities and stadium officials need to consider what infrastructure exists to support the event. Is there a comprehensive map of the venue that includes all the entrances and exits? Are they secured? Is there an emergency plan in place for various crisis scenarios? If so, when was the last time it was tested it? Prior to a major event, every venue should do a practice run-through to make sure the plan is up to date. By going through the various crisis scenarios, you can identify gaps in the plan and figure out how to fill them, before an actual crisis occurs. Environment While security personnel are typically sufficient for the entrance into a big event, hostile attacks are increasingly occurring outside the main venue. For example, in naturally open spaces such as parking lots, perpetrators have easy access to large groups outside of the stadium’s protection. Also, think about the venue itself. Is the place/location of special significance to any group or cause? Does the timing coincide with a particular holiday or anniversary? When considering a potential attack, officials should also monitor social media, before and during an event, for clues and possible tips that an incident may occur. Crowd/human behavior Finding the right balance between creating a fun, entertaining atmosphere and a safe place for large crowds to gather can be tricky. On one hand, you want an open, inviting space; on the other hand, you must maintain order and some kind of control. With people from all over the world coming together, safety instructions and protocol must be visual and easy to understand. For example, emergency exits should be clearly marked and accessible. Security and other staff, such as concession workers and maintenance crews, should be trained to watch for body language, verbal cues and unusual behavior that might indicate potential threats. A “see something, say something” policy, where people are encouraged to report suspicious behavior, is helpful to enlist community vigilance to prevent incidents. Emerging technologies From passive surveillance to handheld apps and artificial intelligence, advances in technology are enabling a better understanding of risks. Closed-caption television (CCTV) cameras that allow a central command center to monitor crowds are widely used in venues today. Advances in facial recognition algorithms and AI enable computers to analyze faces and raise red flags when someone elicits extra scrutiny. With machine learning, computers are getting better at detecting bodies and objects in crowds. Whether it’s distinguishing between a flashlight and a firearm, crowds pushing each other and a fight, or a joke and negative intent, artificial intelligence is analyzing real-time video feeds to better identify threats. Proactive policing and passive surveillance, such as millimeter wave technology, can identify weapons (explosives, guns or knives) with nearly 100% accuracy. Mobile apps can turn any phone into a body cam, so that all staff (from concession workers to maintenance crews) can feed images to security. Stadiums can even set up “no drone zones” with equipment that can intercept drones within a periphery and turn them around. See also: Why Risk Management Is a Leadership Issue   For crowd safety, some stadiums offer apps that can guide event attendees through the venue or allow them to send alerts if a family member or friend is lost. These apps can also “crowd-source” security, allowing fans to provide real-time information on potential threats to the on-site command center. Using sensors placed strategically in and around the venue, exact locations can be determined and security personnel dispatched quickly and efficiently. Be part of the solution Public safety is everyone’s responsibility. It takes community involvement, and being aware of and caring about the person next to you, to make a positive impact. Everyone – players, fans, stadium employees and even the public at large – plays a role in keeping the peace. Whether you’re heading to France this summer or attending some other crowded event, my advice to you is simple: Pay attention, be smart and, most importantly, have fun!

I started writing yet another article trying to convince risk managers to grow their quant competencies, to integrate risk analysis into decision-making processes and to use ranges instead of single-point planning, but then I thought, why bother? Why not show how risk analysis helps make better risk-based decisions instead?

After all, this is what Nassim Taleb teaches us. Skin in the game.

So I sent a message to the Russian risk management community asking who wants to join me to build a risk model for a typical life decision? Thirteen people responded, including some of the best risk managers in the country, and we set out to work.

We decided to solve an age-old problem – win the lottery. With help from Vose Software ModelRisk we set out to make history. (Not really: It's been done before. Still fun, though).

Here is some context:

• Lotteries are an excellent field for risk analysis because the probabilities and range of consequences are known
• In Russia, as in most countries, lotteries are strictly regulated. There is a rule: When a large amount accumulates, several times a year it is divided among all the winners. This is called roll-down.
• If no one takes the jackpot before or during the roll-down, then the whole super prize is divided among all other winners
• So the probability of winning is the same as usual, but the winnings for each combination can be significantly higher if no one wins the jackpot.

We set out to test our risk management skills in a game of chance.

June 8, 2019

Whatsup group created. Started collecting data from past games. Some of the best risk managers in the country joined the team, 15 in total: head of risk of a sovereign fund, head of risk of one of the largest mining companies, head of corporate finance from an oil and gas company, risk manager from a huge oil and gas company, head of risk of one of the largest telecoms, infosecurity professionals from Monolith and many others.

June 9, 2019

Placing small bets to do some empirical testing.

June 10, 2019

First draft model is ready…

June 11, 2019 

Created red team and blue team to simultaneously model potential strategies using two different approaches: bottom up and top down. Second model is created…

June 12, 2019

Testing if the lottery is fair, just in case we can game the system without much math. Yes, some numbers are more frequent than others, and there appears to be some correlation between different ball sets but not sufficient to produce a betting strategy. The conclusion – the lottery appears to be fair, so we will need to model various strategies.

June 13, 2019

Constantly updating red and blue models as we investigate and find more information about prize calculation, payment, tax implications and so on. The team is now genuinely excited. Running numerous simulations using free ModelRisk.

June 14, 2019

Did nothing, because all have to do actual work.

June 15, 2019

After running multiple simulations, we selected a low-risk, good-return strategy. Dozens more simulations later, here are the preliminary results, using very conservative assumptions:

• probability of loss 9.8%; worst-case scenario, we lose 60% of the money invested
• probability of winning 90%; 80% of the time, winnings would be between 50% and 100% of the amount invested, after taxes (this means there is a high possibility to double invested cash at relatively low risk)
• potential upside significantly higher than downside

Red and blue team models produced comparable results.

June 16, 2019

Started fundraising.

If we manage to collect more than the required budget, we decide to make two bets: one risk management bet (risk management strategy) and one speculative bet with much higher upside and as a result greater downside (risky strategy).

Full budget collected within just a few hours. Actually collected almost double the necessary amount and, as agreed, separated 50% of the funds into the second investment pool. Separate team set out to develop the risky strategy. While I was an active investor in the risk management strategy, I decided to play a role of a passive investor in the risky strategy and only invested 16% into the risky.

June 17, 2019

Continued to develop the model, improving estimates every time. Soon, we felt the financial risks were understood by the team members, and we needed to take care of other matters before the big day.

First, took care of legal and taxation risks. Drafted a legal agreement clearly stating the risks associated with the strategy, the distribution of funds and the responsibilities of team members. Each member signed. Agreed to have an independent treasurer.

Then started to deal with operational risks. Apparently transferring large sums of money, making large transactions and placing big bets is not plain vanilla and required multiple approvals, phone calls and even a Skype interview. Five team members in parallel were going through the approvals in case we needed multiple accounts to execute the strategy.

Probably the biggest risk was the ability of the lottery website to allow us to buy the tickets at the speed and volume necessary for our low-risk strategy. This turned out to be a huge issue, and we found an ingenious solution. The information security team at Monolith did something amazing to solve the problem, and I mean it, amazing. I have never seen anything like this. It’s a secret, unfortunately, because, you guessed it, we are going to use it again.

The strategy that the lottery company recommended for large bets is actually much riskier than the one we selected. How do we know that? Because we ran thousands of simulations and compared the results.

June 18, 2019

The lottery company changed the game rules slightly. Ironically, this slightly improved our 90% confidence interval and reduced the probability of loss. So, thank you, I guess.

More testing and final preparation. The list of lottery tickets waiting to be executed.

In the true sense of skin in the game, team members who worked on the actual model put up at least double the money of other team members.

June 19, 2019

8am. We were just about to make risk management history. A lot of money to be invested based on the model that we developed and had full trust in. I felt genuinely excited: Can proper risk management lead to better decisions? I am sure other team members were excited, too.

By about lunch time, the strategy was executed. We bought all the tickets. Now we just had to wait for the 10pm game. Don’t know about the others, but I couldn’t do any work all day. I couldn’t even sit still, let alone think clearly. Endorphins, dopamine, serotonin and more.

At 9:30pm, we did a team broadcast, showing the lottery game as well as our accounts to monitor the winnings, both for excitement purposes and as full disclosure.

Then came the winning numbers. Two team members actually managed to plug them into the model and calculate the expected winnings. We had the approximation before the lottery company did.

You guessed it: We won. Our actual return was close to 189% on the money invested after taxes (or 89% profit; remember, our estimate was 50% to 100% profit, so well within our model). We almost doubled our initial investment. Not bad for risk management. (Good luck solving this puzzle with a heat map.)

June 20, 2019

More excitement, model back-testing and lessons learned -- and, perhaps the most difficult part, explaining to non-quant risk management friends why, no, this was not luck; it was great decision making.

In fact, our final result was close to P50. We were actually unlucky, both because we didn’t get some of the high-ticket combinations and, more importantly because five other people did, significantly reducing our prize pool.

Let me repeat that: We were unlucky and still almost doubled our money.

June 21, 2019

Job well done!

Ask 10 people what direct contracting (DC) is in healthcare, you’ll get 10 different answers. It’s not a clearly defined term. When doing research for her master’s thesis on "Employer-Provider Direct Contracting" at Georgetown University, Lisa Elder found that “there is no research on the effectiveness of direct contracting.” She had to rely mostly on anecdotal studies of DC and the marketing language of employee benefits firms that had tried it. Her takeaway: There is no consensus on how to define direct contracting in healthcare. This is a problem for employee benefits advisers who want to communicate what direct contracting’s benefits (previously referred to as direct-pay programs) are for their clients. What Direct Contracting Should Not Involve So, what should DC look like? Let’s begin by being very clear on what it should not involve. There are too many arrows. There’s nothing “direct” about this model. It’s a dishonest contract: a relationship of three (or more if a vendor is involved), not the two that the name implies. Yet many employee benefits brokers offer this type of arrangement, replete with the administrative fees that such an arrangement entails. Those fees can add up quickly. Say a benefits broker or vendor charges 10% of the cost of care for implementing the agreement and uses a TPA that charges 15% for facilitating the employer-physician relationship. See also: 4-Step Path to Better Customer Contacts   The cost of a $20,000 knee surgery replacement would balloon to $25,000 because of unnecessary third-party fees, leaving less value for the employer and physician. Yes, using a preferred provider organization (PPO) that discounted off a $55,000 charge for inpatient knee surgery would be even worse. But creating a less-bad PPO network via an improper “direct” contract shouldn’t be the goal for employers. The Right Way to Implement Direct Contracting A DC agreement should look direct⁠—like this. Think of it this way: Once a direct contract is in place, it should remain in place if you, the benefits adviser, were to disappear tomorrow. That requires a great deal of forethought in how the DCs are written, but it’s the right way to implement direct contracting. Establishing a DC this way maximizes and preserves value between your clients and their physicians. That, in turn, goes a long way toward demonstrating your value and commitment to transparency as an adviser. 3 Tips to Help Ensure “Direct” Contracting Real direct contracting has the potential to revolutionize the healthcare experience for employers by stripping out third parties that don’t add value. Your job as a benefits adviser is to ensure that DC is simplified, streamlined and truly direct. Here are a few tips on doing that:

1. Use Medicare prices as a benchmark for establishing reimbursement rates. 130% for physicians and 150% for facilities has worked well for Wincline in its DC client relationships. The true beauty of DC is that employers and physicians can sit down and discuss the price and value related to exchanging services.
2. Ensure that payment to physicians is timely (≤14 days). One of the biggest selling points for physicians on embracing DC agreements is that they won’t have to spend time and resources collecting payment for their services.
3. Make clear to employees that, under DC, member cost share is waived. Provide incentives to employees to use outpatient facilities rather than hospitals by eliminating their deductibles and co-pays if they do.

See also: 3 Major Areas of Opportunity   Have more questions on how to become a forward-thinking leader on direct contracting in the benefits advisory space? Check out our guide on direct contracting (be sure to download our whitepaper) and drop us any thoughts you have about DC.

Data is powering the new economy and is the main driver behind much of the transformation of industry and society. According to multiple sources, 90% of the data in the world has been created in just the last two years. In measuring the volume of data, we have blown past exabytes and are now calculating volumes in zettabytes (a trillion gigabytes). Soon we will be talking about Yottabytes and Brontobytes. As valuable as this data explosion has been, it has brought along some major challenges. Insurance, just like every other industry, is grappling with three big challenges. Managing the Real-Time Data Flow Insurers already find it difficult to manage data at rest – the data they collect or acquire and store in databases. Managing the cost, cleansing and organizing the data for transactions and analysis, and governing data usage all require significant resources, technologies, and skills. Layer in real-time data that is beginning to flow from the edge, generated by sensors and devices connected to the things (and people) that are insured, and the management challenges grow by orders of magnitude. Managing data in motion and determining where data should reside (edge, cloud, on-premises) will be tremendous challenges in the decade ahead. And the sheer volume, velocity and variety of data will make governance and usage much more complicated. See also: Transforming Claims for the Digital Era   Securing Digital Data Data security is a huge issue today, with regular headlines regarding breaches of massive amounts of sensitive data from big (and small) organizations. Software and resources for security are already a big line item in many insurance CIOs' budgets. Digital data spread across the connected world will make that task even more difficult, requiring the significant deployment of automation and AI technologies. Insurers must be aware, not just of the potential for data theft, but also of the new possibilities of data alteration. For example, photos of property or vehicle damage could be altered to show a greater degree of damage or even to show damage where there really is none. Regulation on Data Usage We are in the early stages of a great debate over who owns data, who has rights to use it and how data may be used. The global tech giants that have built their businesses on data are under intense scrutiny regarding these issues. Insurers have the additional consideration of industry regulation dictating how data can be used in the industry. Government and industry regulations will continue to evolve, which in itself creates a challenge for insurers. See also: It’s Time to Accelerate Digital Change   Of course, there are other challenges like acquiring and training talented individuals who can address these three areas and harnessing AI technologies to make sense of all the data. Both of these areas are vital and the subject of much research and debate, but they rest on the foundational issues of managing, securing and regulating data. This blog may sound discouraging, but there will be solutions and opportunities related to these challenges. Perhaps the most important strategies that insurers can adopt is to focus on recruiting, training and retaining highly skilled data professionals, and partnering with world-class organizations that have the technology and resources to tackle these challenges and enable insurers to capitalize on the power of data and analytics.

Technology is the foundation of the insurance industry: the means to solve or approximate answers to questions about the cost and availability of insurance, in addition to ways to reduce risk, improve service and expand coverage. When technology makes it easier to track possessions, when people can see—in real time—the whereabouts of goods they pay to insure, when reporting a lost or stolen item takes minutes rather than hours or days, eliminating paperwork and the temporal hell of waiting to speak to a customer service representative, of having to endure music on hold, when technology increases efficiency and accountability, everyone wins. Winning translates into not losing your possessions. Winning is a product of technology: a product unto itself in which your smartphone or tablet is a source of intelligence, syncing with an accessory that is strong enough to thwart thieves and smart enough to alert you about attempts to steal your possessions. For consumers, these benefits speak for themselves. For insurers, these benefits speak to the need for a single voice—authoritative in its text and absolute in tone—that says, “Yes We Will.” That message is one of hope (and change), regarding the use of mobile devices such as Mimic Go, where people can enjoy much-needed peace of mind not only about their valuables but items of sentimental value, too. Items that cost little, financially, but whose emotional cost is incalculable. Items that insurers underwrite but often fail to understand, because a minor loss to an insurer can be a major—and irrevocable—loss to a person, couple or family. See also: Mobile Apps and the State of Privacy   To protect these items, whether they are on a shelf or inside a suitcase, starts with technology. Without that technology, insurers and policyholders are without—period. They are unable to learn what is otherwise knowable, the status of their private or professional possessions. They are, in a sense, dispossessed: blind to the status of their most prized possessions and dependent on chance, having been denied the chance to buy and install the tools that lessen theft. They are without the actual sense of sight—and touch—because they cannot see what they cannot tap on their screens to open: an icon that shows them, a symbol that tells them everything is okay. That a solution exists, that insurers can give people incentives to use it, that people are already eager to adopt it, that it can avert the villainous and assuage the virtuous, or at least hinder criminals and help lower specific incidents of crime, is a good thing; a great thing. Achieving that goal is a matter of awareness. Insurers owe it to themselves to inform the public about the relationship between mobility and safety. Put another way, insurers cannot afford to maintain the status quo in which people go about their lives—and go wherever their work takes them—without the technology to track and secure their possessions. See also: Innovation: ‘Where Do We Start?’   Insurers owe it to policyholders to further safety, not frustrate it. Insurers have a duty to do the right thing.

Back in 2015 and 2016, we heard from oh-so-many insurtechs whose business model hinged on having carriers buy their gadget and give it away to customers because of the benefits the gadget provided. This model was flawed from the outset because of the prohibition in the insurance industry against this thing called rebating.

Fast forward to 2019, and a lot of innovative companies are thinking about a similar business model, only in reverse. Instead of selling insurance and throwing in something of value, companies are considering selling something and throwing in the insurance. This time, the idea may pass muster.

The combination could be especially hard for regulators to turn down if it enhances consumer safety, which, after all, is a key goal for insurers. Let's say a transportation network company (TNC) such as Uber has a device like a two-way camera system that monitors driving behavior and offers free insurance to drivers who will install it. How does a regulator say no to safer drivers?

What if the TNC gets clever with the bookkeeping to meet regulatory requirements? Just because a driver sees herself as buying a device and getting free insurance doesn't mean the TNC has to account for revenue that way.

Regulators will face some key questions, in new forms. Does an offer represent an inducement beyond what is reasonable? Are newcomers being given an advantage over incumbents? While regulators have traditionally been more protective in personal lines than in commercial lines, figuring that businesses have more expertise at their disposal, does the digital blurring of personal/commercial boundaries change the thinking? In a world of on-demand insurance and microinsurance, where the cover is increasingly tied to a physical device, how do you separate the two?

If some sort of bundling/rebating does work this time, the changes could be profound. Buy a cellphone from T Mobile and get a little life insurance with that. Agree to rent a property via Airbnb and get some homeowners insurance. The possibilities are endless.

In many ways, the history of the computer industry can be traced to the 1969 consent decree between IBM and the Department of Justice, which threw out the longstanding structure of the industry. In that case, IBM was no longer allowed to bundle everything—hardware, software and services—and sell only to those that would buy a whole package. The unbundling created opportunities for mainframe clones, services companies such as today's big consultants, etc., eventually including Intel, Microsoft, Google, Facebook and so on. Allowing for a rebundling of insurance could lead to similar innovation.

During the first internet boom, a Harvard Business School professor described to me what he called the Las Vegas business model—it's hard to have a normal restaurant or hotel in Las Vegas when casinos are giving away good food and rooms to entice gamblers. With the new possibilities of bundling/rebating, many in the insurance world may soon see just what the Las Vegas business model feels like.

Cheers,

Paul Carroll
Editor-in-Chief

Despite the troubling persistence of cybercrime, many organizations are not doing everything they can to protect themselves from the serious threat of data breaches and other cyberattacks. A Spiceworks survey of 581 IT professionals showed that 62% of organizations did not have cyber insurance policies. This can be attributed to a slew of reasons, but perhaps the most perplexing one is a lack of reliable policy offerings. As demonstrated by the percentage of uninsured organizations, the market for cyber insurance is essentially untapped. According to the Insurance Journal, 71% of the market for cyber insurance belonged to just 10 writers in 2018, and the National Association of Insurance Commissioners reported that only 500 companies offered cyber insurance in 2016, compared with nearly 6,000 offering commercial insurance. Additionally, a Ponemon Institute study of more than 1,000 IT professionals showed 80% of those surveyed said they believed it was likely that a successful cyberattack on their organization would occur within 12 months. Clearly, the need for cyber insurance exists. It just isn’t being addressed. The reason for this is that cyber insurance is a relatively new policy area. In fact, it’s still so new that it lacks the standardized terms and pricing that are so essential for creating baselines for policies in other markets. And even when those policies are created, it can be difficult to determine what qualifies as cyber coverage. If a breach occurs due to a stolen password, for example, is that considered cyber, crime, theft or general liability? This confusion also can lead to insureds making cyber-loss claims under different policies, even if the insurer doesn’t offer cyber insurance—underlining the importance of creating well-defined cyber policies to protect policyholders and insurers alike. This lack of established policy structure leads to uncertainty about how policies should be written, making it difficult for companies to confidently guard themselves against losses. As a result, many companies don’t offer cyber insurance because they’re unsure how to properly quantify risk and, in turn, price policies. This apprehension is understandable. It’s difficult and risky to try to provide estimates without a sufficient amount of credible information from which to infer. See also: Quest for Reliable Cyber Security   Still, cyber insurance is quickly becoming one of the most profitable and fastest-growing lines of coverage. Premiums increased by 8% in 2018 to $2 billion, and the market is projected to reach $14 billion by 2022. So, how does an insurance company find a way to understand cyber risks, calculate their costs and reliably predict the frequency of losses? By significantly reducing the likelihood of an event resulting in a claim. As obvious as it might sound, it’s important to remember that insurance ultimately comes down to risk, and when that risk is significantly reduced—or virtually eliminated—it benefits both the provider and the policyholder. To accomplish this in the cybersecurity arena, companies should recommend insurers use risk-reducing technology, such as tokenization and encryption, to better guard the sensitive data they are trying to protect and to reduce the risk and likelihood of a data breach or other cyberattack. By leveraging these additional security processes, insurance companies can more accurately build policies, knowing the risk of damages from a data breach is effectively nonexistent. Tokenization, such as that offered by the TokenEx Cloud Security Platform, especially excels at reducing risk through its use of pseudonymization and secure data vaults. Pseudonymization, also known as deidentification, is the process of desensitizing data to render it untraceable to its original data subject. It does so by replacing identifying elements of the data with a nonsensitive equivalent, or token, and storing the original data in a cloud-based data vault. This does two things. First, it allows tokens to be stored in a business system for future use without interrupting crucial business-as-usual processes. Second, it virtually eliminates the risk of theft in the event of a data breach. Because there is no mathematical relationship between the token and its original data, tokens cannot be returned to their original form. Instead, when detokenization is required, the token is exchanged for the original data, which can be done only by the original tokenization system—there is no other way to obtain the original data from the token alone. So if a breach occurs, the exposed data is worthless to cybercriminals. The original, sensitive data sits undisturbed in a secure cloud data vault. In effect, no loss occurs. Additionally, tokenization can further reduce risk by addressing many international regulatory compliance obligations. Influential privacy regulations such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act refer to tokenization specifically as an appropriate technical mechanism for protecting sensitive data. It also reduces the scope of Payment Card Industry Data Security Standard compliance by removing payment card information from organizations’ cardholder data environments. Because tokenization satisfies controls concerning the processing of sensitive data, it can prevent losses stemming from fines and other penalties as a result of noncompliance. See also: Paradigm Shift on Cyber Security   So when determining how your company should write its cyber insurance policies, consider recommending tokenization as a risk-reducing step for policyholders. It’s a small upfront investment for them that can better protect their data, their policy and your ability to provide reliable coverage.

Customer acquisition costs are a familiar problem throughout the business world. On average, businesses spend five times more to acquire a new customer than to keep an existing customer, according to Khalid Saleh at Invesp. Companies focus more attention on acquisition than retention, too: About 44% dedicate themselves to acquisition, while only 18% focus on retention. For insurers, customer acquisition is even pricier. “The insurance industry has the highest customer acquisition costs of any industry. It costs seven to nine times more for an insurance agency to attract a new customer than to retain one,” says Lynn Thomas, president of 21st Century Management Consulting. While customer retention strongly affects insurers’ bottom lines, new customers are essential to maintain a steady pace of growth and build a competitive edge. Controlling costs while still attracting new customers presents a challenge for insurance companies. How Expensive Are New Insurance Customers? When you compare the high price of customer acquisition with the low net margin of property and casualty insurance — which hovers between 3% and 8%, according to Mary Hall at Investopedia — It’s easy to see why acquisition costs are a concern. Direct insurers have had an advantage in this area for quite some time. As early as 2014, William Blair & Co. analyst Adam Klauber determined that direct insurers like Progressive and Geico paid an average of $487 to acquire a customer. Meanwhile, captive insurers like State Farm and Allstate paid $792 on average. See also: Who Is Your Customer; How Is the Experience?   When independent agents were added to the mix, Klauber said, the average cost of customer acquisition rose to $900 per customer. One reason new customer costs are so high in insurance is that the industry has lagged in adopting digital technologies that meet the expectations of today’s insurance shoppers, say Tanguy Catlin and fellow researchers at McKinsey. Customers want simplicity, 24/7 availability and quick delivery. They also demand clarity about pricing, value and services designed for the digital age, no matter what they’re shopping for. “They have the same expectations whatever the service provider, insurers included,” according to Catlin et al. Improving technologies also helps transform customers’ perception of insurance as an outdated, unapproachable industry to one that is personalized and consistently present. When insurance is easier to access, customers are more likely to see it as a valuable and important facet of their lives. KPIs in Customer Acquisition It’s important to differentiate between customer acquisition cost (CAC) and cost per acquisition (CPA). While they sound similar at the outset, Proof’s Drew Housman outlines the difference: “CPA measures the cost of an action, CAC measures the cost of acquiring a customer.” For example, if you want to measure the effectiveness of clicks on a digital ad or buy button, use CPA. To factor in every click a customer makes on the way to completing the transaction, use CAC. Tracking both CPA and CAC is important, however, because not all methods of acquiring new customers yield results in the same period, says Gordon Donnelly at WordStream. For instance, combining SEO and content marketing with Google and Facebook advertising results may make insurers think their SEO is overperforming while their advertising is underperforming. This is because SEO and content marketing “typically take longer to yield results,” Donnelly says. While a good customer acquisition cost varies by the type of insurer, one way to track CAC effectively is to balance it against customer lifetime value (CLV), Jordan Ehrlich at DemandJump says. Customers who offer a higher lifetime value may be worth more to acquire at the outset. Ideally, the ratio between CLV and CAC will always show a higher number for the former metric: A customer’s overall value will always be higher than the cost to acquire the customer. “The less it costs you to acquire a single customer and the more overall value that customer represents, the more profit you stand to make,” Donnelly says. Treating customer acquisition, retention and value as three facets of the same goal can improve insurers’ ability to attract, retain and profit from customer relationships. “Since new policyholders immediately become current policyholders, your improved customer experience increases the likelihood that they will stay with your company, refer you to others and so on,” Patricia Moore at One Inc. says. How to Lower Costs Without Losing New Customers Cutting customer acquisition costs won’t help an insurance company if it also results in fewer new customers. Fortunately, there are several effective methods for reducing these costs while improving the quality of new customer relationships. 1. Use Incidental Channels Incidental channels are products or services that deliver value separately from insurance but that build a customer relationship and gather data that ultimately support an insurance relationship, says Kyle Nakatsuji, principal at American Family Ventures. These channels can help lower customer acquisition costs and improve engagement by demonstrating value to customers early in the process. Customers are more amenable to an eventual insurance purchase because they’ve already received value from the service and have perhaps considered how insurance could further improve that value. These services can also perform data-collecting functions, making it even simpler for new customers to choose and purchase coverage, Nakatsuji says. 2. Leverage Retention by Seeking Referrals An added benefit of incidental channels is that they make it easier for your current customers to recommend your insurance services to potential new customers, says Srikumar Rao, author of Happiness at Work. For example, imagine an app that helps homeowners identify and mitigate the most common causes of household fires. When a loyal customer uses the app, benefits from it and recommends it to others, that customer “is no longer a supplicant when she draws the attention of her contacts to you. She is the enthusiastic and proud bearer of a gift. She has bounty that she will bestow on the deserving,” Rao says. Not only have you made it easier for your loyal customers to refer their associates to your company, you’ve made it gratifying to them to do so. 3. Recognize Why Loyal Customers’ Referrals Matter Customer retention has a profound effect on the bottom line. When customer retention increases by only 5%, profits increase by 25% to 95%, according to research by Frederick Reichheld at Bain & Co. Nurturing relationships with existing customers builds trust, allowing companies to offer additional products and services with a lower chance of rejection, startup adviser Yoav Vilner says. It also increases the chance of attracting new customers through referrals — by far one of the least expensive methods of customer acquisition. Referrals, or word of mouth, account for 20% to 50% of all purchasing decisions, say Jacques Bughin, Jonathan Doogan and Ole Jørgen Vetvik at McKinsey. Experiential word of mouth, in which existing customers share their own firsthand experiences with a product or service, is perhaps the most powerful. It’s also the most common: 50% to 80% of word-of-mouth marketing is based on a consumer's personal experiences. Loyal customers are more likely to speak highly of their insurance company when services exceed their expectations, according to Bughin and fellow researchers. As a result, insurance companies that underpromise and overdeliver stand a better chance of generating praise and referrals from their existing customer base. When should insurance companies ask for referrals? Sooner is better, says Eric Wlison, national account director at Kaplan. Waiting until a customer’s transaction is finished increases the chances that something might go wrong, spoiling the customer’s inclination to speak positively of the insurance company to friends and family. “Remember that it is human nature to want to help others succeed. If you don’t ask for referrals you’ll likely get zero, and if you ask and get zero you are still at the same spot as if you hadn’t asked,” Wilson says. 4. Embrace Digital Tools That Promote Loyalty Here is where customer loyalty and technology intersect to drive down the costs of acquiring new customers. Nearly every consumer-facing industry has grappled with how to meet evolving customer expectations. Any fast food restaurant will offer bundled meals as well as a la carte menu items from which customers can choose. Even change-averse airlines and cable providers have learned to offer customizable levels of service because that’s what their customers have demanded. See also: The Missing Piece for Customer Experience   This is the point the team at McKinsey is making when they say insurance customers want simplicity and quick delivery. Today’s customers want to be able to choose from any and all available product lines, regardless of which carriers provide them. This is what the BOLT Platform facilitates. Our users are able to offer and sell their own products alongside bundled products from other carriers because, ultimately, customers only care about getting the coverage they need. The best way to meet this need is to become a one-stop-shop for your customers. Insurance companies that embrace this will earn increasing customer loyalty. And, as new potential customers come forward, it will require less time, less money and less effort to convince them to buy.

Health insurance is more a question of what, rather than how. As in: What programs and prescriptions should insurers cover? What services outside the U.S. should insurers support, if the science is strong and success substantial? What should the insurance industry do, in particular, about the rise of medicinal cannabis? The questions are of a piece. Which is to say the questions involve issues both the ethical and the economic, the political and the personal, the fiscal and physical. The questions raise a larger question: If insurers agree to cover cannabinoid medicines, because it is less expensive to travel outside the States than it is to transport these medicines across state lines, if what benefits patients is also beneficial to insurers, by what right should insurers deny coverage to an American seeking medical treatment in Australia? Location is central to this issue, based on Australian advances in the development and use of medicinal cannabis. Free of the conflicting state and federal laws that make medicinal cannabis legal in one city but criminal in another in the U.S., free of the battles between patients and insurers, Australia is true to its positive stereotype: a proto-America, with similar systems of language, culture, institutions, literature, history and tradition; a member of that English-speaking alliance of nations whose customs extend across the vale of years. Medicinal cannabis is also legal throughout Australia. See also: What Are Other Marketers Doing? According to Asaf Katz, chief operating officer of Cannvalate, Australia is central to innovation and investment involving medicinal cannabis. All the more reason, then, for insurers to champion that fact. The alternative is to deny coverage and alienate patients, which is not conducive to winning the insurance industry friends or improving its ability to influence people—people whose collective influence registers in polls and at polling places, where they use ballots to reject the way insurers do business. Avoiding that scenario is in the interests of all people. If coverage for medical care in Australia is the price insurers must pay, if covering medicinal cannabis is the burden they must bear, it is a hardship they can meet. In contrast, the cost of doing nothing is no small thing. The cost manifests itself in legal fees. The cost can be ruinous to an insurer’s reputation and its relationship with consumers. In turn, it can take years if not decades to undo a bad decision; so bad as to prove decisive to an insurer’s loss in revenues and drop in profits, resulting in protests from patients and investigations by politicians. Better to take a more holistic approach to subsidizing medicinal cannabis. Better to look abroad—to look to centers in Australia—than to look away, while people suffer from chronic pain or struggle with the side effects of inferior and toxic medication. Better to go down under than to go under, as the former lessens the probability that the latter will happen. See also: Best Practices for Predictive Models   Better for the insurance industry to have an international outlook to challenges within individual nations. Better to solve these challenges—and stay solvent—than do nothing.

Way back in 1975, geochemist Dr. Wallace Broecker of Columbia University published his article “Climatic Change: Are We on the Brink of a Pronounced Global Warming?” Today, almost 45 years later, the debate has intensified but still rages, even as some believe the clock is running out. The U.N. Intergovernmental Panel on Climate Change warns that we have only 11 years to limit the chances of a climate change catastrophe. I see very strong parallels between Dr. Broecker’s warnings and those related to our loss of personal data privacy. Society is facing the threat of climate change, which some experts say will reach a tipping point; we may be reaching a similar tipping point with privacy and cyber security. In their paper presented at the 1965 Fall Joint Computer Conference titled “Some Thoughts About the Social Implications of Accessible Computing,” E. E. David, Jr. of Bell Labs and R. M. Fano of MIT warned that “the same technology which has given us new dimensions in communication has been used to implement eavesdropping equipment.” They went on to say that “the very power of advanced computer systems makes them a serious threat to the privacy of the individual”. See also: Untapped Potential of Artificial Intelligence   Just as we continued to contribute to climate change, we continue to surrender personal privacy in exchange for the lure of instant gratification delivered through simple, easily accessible technologies. Insurance Industry Opportunity The insurance industry is uniquely positioned to take the lead in safeguarding data privacy; few other industries have the same depth and breadth of personal information or the same level of dependency on the trust and loyalty of their customers. Many insurers of property, life and health, along with numerous supply chain intermediaries, are employing a wide range of connected digital technologies to gather individual data and store, analyze and use it to train AI and use it to offer new, different and attractive products and services. And, as of now, there is no easy way for customers to reclaim their data. People may consciously understand the trade-offs of using digital services, but few understand how extensively their data is captured, used and shared. And that data exists in digital form and therefore virtually forever, most certainly long after we are gone. Without applicable data laws, we’re left with a decentralized patchwork system, devoid of human control. Privacy concerns are surfacing almost daily now, but successful, high-profile applications of analytics are drowning out the cautionary voices. Facial recognition, which is not unlike taking your fingerprints without your permission, is being used by China to keep track of all of their citizens and has been deployed by law enforcement agencies all over the world. Too Little, Too Late In a relatively small victory for opponents of this rapid adoption, San Francisco recently became the first U.S. city to ban the use of facial recognition by local agencies. And California’s tough new law, the California Consumer Privacy Act, which takes effect in January 2020, will significantly limit how companies handle, store and use consumer data. The law will require businesses to be more transparent, give consumers the ability to delete and download collected data and give them the chance to opt out of the sale of their information. Still, according to a new survey by TrustArc, most companies still aren’t ready to comply. See also: 3 Steps to Demystify Artificial Intelligence   Elsewhere, the European Union’s General Data Protection Regulation (GDPR), a set of new privacy laws, went into effect in May 2018. And Hawaii, Massachusetts and Washington are all considering their own state privacy laws, while Brazil passed its own regulations, which will take effect in 2020. Insurance Industry Call To Action What we really need, however, is a standardized, global set of rules and regulations on the permissible uses of personal data and a process governing and enforcing them. The global insurance industry would gain much by taking the lead in this effort – and sooner than later.