This is the third in a five-part series. The first two parts can be found here and here. If you’ve been to a home improvement store lately, your experience may have depended on a few factors. For example, the process of buying a lightbulb is incredibly complicated. What’s the difference between a watt and a lumen? More to the point, does it matter, when all I want is to be able to read the newspaper at my dining room table? In addition, if you’ve purchased anything that needed assembly, you may have turned to YouTube for a video—ideally, that video should have been produced by the retail chain and used as an extension of its customer experience. Home improvement company—or media company? Insurers can learn a lot from the retail sector, which is under direct pressure from e-commerce, Amazon and other customer-centric, online-first organizations. For example, consider the role of video as part of the customer experience. Any home improvement store that wants to stay in the game will realize that it’s actually a media company, and that it won’t win customers with just its ability to attractively display nails, lightbulbs and 2x4s. Instead, its future hinges on its ability to produce high-definition video and to manage, promote and publish useful content. In action: Brilliant Basics and Cutting New Ground Accenture worked with a home improvement chain to support its digital transformation. This chain has more than 1,100 stores and about 80,000 employees. We started with a hard look at the Brilliant Basics it needed to get right. For example, it took nine seconds for its website to load, and online customers needed to click five times to make a purchase. It’s easy to dismiss these as trivial, but customer expectations are set by online giants like Amazon, whose customer-centric data capabilities can make tailored recommendations and one-click ordering (never mind one-day shipping) its standard. In comparison, nine seconds is an eternity. See also: Why Fairness Matters in Federal Reforms Next, we identified areas for Cutting New Ground: what it meant for the home-improvement industry, and where the opportunities lay for this retailer. It meant going back to some fundamental value propositions. I mentioned earlier the complexity of buying a lightbulb—the same goes for nails. That was the nexus of one Cutting New Ground initiative. We visualized the Shazam of home improvement parts, fueled by AI and visual search. Customers simply take a photo of the part they want and are directed to it online or in-store. That’s just one of eight innovations that the retail chain put in place. Three billion reasons to be brilliant Importantly, the retailer needed do both Brilliant Basics and Cutting New Ground. Brilliant Basics effectively transforms the core of the organization (enabling it to serve its customers better), contributes to the organization’s overall health and supports a more stable foundation. It also reduces the cost to serve and releases capital for Cutting New Ground. This particular project generated opportunities worth $3 billion, and the new initiatives generate 23% of the retailer's sales. This sales boost is new revenue, not produced by shifting customers from one digital channel to another. See also: Medical Homes Change the Game   Convinced? With this case study in mind, it’s time to think back to the insurance industry. Next, I’ll look at some of the Brilliant Basics opportunities for our industry, and how they can be a blueprint for digital transformation.

In the first of my four blogs on insurer playbooks, we looked at the consumer market from the vantage point of a pre-game analysis. This week, we’ll once again be taking a pre-game approach to playbook development, but we’ll focus instead on scouting out this highly coveted small-medium businesses market for opportunities that may lie in understanding SMB ownership and size. Playbooks are the core of game strategy. As many watched the Super Bowl, they saw well-honed playbooks in action, with some unique plays to leapfrog the competition and keep momentum — remember Nick Foles’ trick play touchdown! A playbook accomplishes several things at once. First, it gives the coach a group of testing plays that it will run against any team that it encounters. Once the coaches have a feel for the opposing team’s response to those plays, they are then free to quickly adapt their playbook to capitalize on opportunities the rest of the game. Every team’s playbook is different, and for good reason. Certain plays that work for one team will not be compatible with others. The universal truth behind playbooks, however, is that they are forward-focused. Understanding the NEXT opponent is always more important than looking at your past opponents. In insurance, the same holds true. Understanding where the market is going, rather than where it has been, will help insurers efficiently use their time in preparation. Playbooks unify the insurer’s teams behind the best responses to industry change, ensuring they are in the game to win. See also: Do You Really Have a Digital Strategy?   In today’s blog, we’ll focus on pregame analysis, and in our next SMB blog we’ll look directly at ideal offerings that insurers can use to target SMB businesses. SMB Segment Playbooks — Pregame Analysis An important first step in any pre-game analysis is to obtain a thorough understanding of the background and context within which the game is occurring. The context has been shifting dramatically and rapidly. Insurance 1.0 business models of the past 30-plus years have been based on the business assumptions, products, processes and channels primarily for the Silent and Baby Boomer generations, who built traditional small-medium businesses (SMBs) such as flower shops, retail and automotive repair. As the millennials and Gen Z mature and increasingly become entrepreneurs of new businesses or take over existing businesses, we see the next generation of SMB owners whose influence is growing and intensifying. They are shifting the fundamental business models of all businesses, including insurance, by demanding the use of digital technologies, new products and services that align to their demographics, needs and expectations … creating Digital Insurance 2.0. This will fuel tremendous growth for both SMBs and insurers. Adding to this growth momentum are unprecedented expansion opportunities for commercial, specialty and group/voluntary benefit insurers in terms of new risks, new markets, new customers and the demand for new products and services. So, having a scouting report to capture these opportunities before others, including new competitors from insurtech or greenfields launched by existing insurers, is more important than ever. Scouting Reports Driving that point home, the results from this year’s SMB research underscore an acceleration in changing behaviors and interest in using new business models and technologies that are reshaping insurance. When it comes to experience with these technologies and trends, there is a clear, strong interaction between business owner age (generation) and the size of the company (number of employees). Cumulative participation rates in the behaviors we asked about increase with company size; but within each company size category, they also are at their highest levels with the Gen Z/millennials group and decrease with increasing age for older generations. Given the strong interaction effect caused by these two factors, we grouped the SMBs in our survey into eight segments based on three generation groups (Gen Z & millennials, Gen X and pre-retirement Boomers) and three business sizes (1-9, 10-99 and 100-499 employees). Similar to our companion consumer research study highlighted in our last blog, we categorized our analysis of the segments’ participation in these behaviors into six key areas: gig economy, connected devices, payment methods, products, channels and other emerging technologies. Here are some of the highlights:

• All segments are actively engaged in the gig economy, both as providers and consumers of independent contractor/freelancer services – averaging between 36% and 40%. The smallest companies are most likely to have been an independent business based on working as an independent contractor.
• There is strong, widespread use of apps and connected devices in buildings across most of the segments, with the highest use of 44% by Gen Z/millennials and Gen X in companies with 10-99 employees, followed by a third of those in the largest companies.
• Use of connected devices in company vehicles is less prevalent, but nearly a third of Gen X/millennials with 1-9 employees and Gen Z/millennial and Gen X in companies with 10-99 employees are actively using this technology.
• Use of ApplePay and SamsungPay is strong among all segments except pre-retirement Boomers with fewer than 10 employees. Overall, the increased use of digital payment capabilities is heightening growing expectations across these segments for all types of purchases, including insurance.
• On-demand insurance was particularly strong, with 13% to 41% already purchasing it for a specific event, and with high rates of usage among Gen X and pre-retirement Boomers. Between 30% and 50% of the Gen Z/millennial and Gen X segments are experienced with cloud-based subscription products, highlighting their comfort in purchasing products with this business model approach.
• Most segments have had experience purchasing insurance from a website, with Gen Z/millennials leading the use of this channel at 19%-39%.
• The Gen Z/millennial segments slightly lead the older generations in their use of drones and 3D printers (or items produced by one) with usage at 10%-13%. Interestingly, 30% of the Gen X/Boomer 100-499 employee segment reported the use of a 3D printer. These are two rapidly-growing technologies that create new risk implications and, as such, require new products and services.
• The behavior and expectation increases for Gen X and pre-retirement Boomers coupled with the already high levels for Gen Z and Millennials are driving significant interest in innovative products and channels for insurance, with millennials and Gen Z leading the way.
• A strong appeal among SMBs for reducing costs and risks through value-added services and social networking options stood out.

As new companies emerge and the leadership of companies, both large and small, continues to move to the Gen Z and millennial generations, use and expectations around digital technologies and activities will continue to accelerate, influencing new behaviors, needs and risks that require innovative insurance products and services represented by Digital Insurance 2.0. Time to Up Your Game Both traditional business insurers, intent on keeping pace, and startup insurers, intent on staying ahead, are grasping the tremendous gap in SMB coverage and its corresponding opportunities for growth. Digital Insurance 2.0 models are proving themselves to be more valuable and relevant to today’s SMB owners. To look more deeply at model impact, Majesco tested four business models within our survey group to find out which models would resonate with business owners. We also went one step further and examined 30 attributes that can be used to build Digital 2.0 models. Suffice it to say, the responses across these models reached 50%, and with the swing group up to 80% or more across many of the segments, highlighting the competitive threat posed by these new business models. See also: Linking Innovation With Strategy   In my next blog, we’ll look deeper at the survey results and see how our SMB segment playbooks confirmed the need for different market and product strategies. We’ll tie the most popular of the 30 attributes to specific SMB segments and suggest ideal offerings for insurers hoping to reach those segments. For an in-depth look at Majesco’s findings, download and read Insights for Growth Strategies: The New SMB Insurance Customer. Digital playbooks are essential to accessing the hard-to-reach SMB customers. Without shifting to a Digital Insurance 2.0 framework, they will be even harder to capture … let alone retain in the coming years, putting insurers stuck in Insurance 1.0 at risk. Are you ready to move to Digital Insurance 2.0 and capture your share of the $80 billion to $100 billion SMB opportunity?

This is the second part of a four-part series. The first part was "Investment in Insurtech Continues to Surge." 

Rather than viewing emerging insurtechs as threats, insurers are increasingly seeing economic opportunity with exciting startups. Strategic partnering with new players can yield benefits and challenges for traditional insurers.

Accenture’s recent report, The Rise of Insurtech, offers key insights and the latest thinking on how insurers are exploring opportunities presented by these disruptive new entrants onto the insurance landscape. In my last blog post in this series, I discussed the steady growth in insurtech investment in recent years and noted indicators that its rise is now a global trend. Our research indicates that, rather than viewing these emerging players as threats, innovative insurers recognize exciting new opportunities to work with insurtech startups to reach into new markets. With their expertise in emerging technologies, such as artificial intelligence (AI), the Internet of Things (IoT), blockchain, big data and analytics, insurtechs represent potential solutions for the kinds of challenges insurers are facing in this increasingly digitized and competitive space. The challenge lies in how to best take advantage of the opportunity. See also: Startups Take a Seat at the Table With their digital expertise, insurtechs can help insurers leverage emerging and cutting-edge technologies to reach their customers where they are—online, mobile and 24/7. There is also a cultural benefit to traditional insurers partnering with smaller startups that may be even more valuable in the long run. Startup culture generally eschews hierarchical, bureaucratic structure in favor of innovation and collaboration and may point the way forward for incumbent insurers to foster a top-down culture of innovation across their companies. The very factors that make insurtechs such exciting players on the insurance scene—agility, creativity, risk-taking—can potentially make for a challenging culture “fit” with traditional insurers. Insurance has been assumed to be slower to innovate across all levels of the enterprise and can be, by its very nature, a risk-averse industry. But Accenture research reveals that many conventional insurers have more in common culturally with startups than they have differences. Successful, smart partnerships between cultures can be mutually beneficial, if approached strategically. While insurtechs bring significant advantages to the table, traditional insurers don’t arrive empty-handed, either. What they may lack in technological innovation and hyper-agility, they make up for with deep institutional knowledge of the complicated insurance sector. They know common pitfalls and industry challenges and have experience navigating the complicated set of regulations that govern the sector. Our research also shows that cultural differences are not necessarily company-wide. Staff at large institutions tend to be aligned along similar values as employees of non-traditional startups, especially when it comes to entrepreneurship. My next blog post will explore some interesting examples of insurtechs that have recently emerged and the specific digital technologies they are leveraging to set themselves apart. See also: Solving Insurtech’s People Challenge   Read our full report: The Rise of Insurtech: How young startups and a mature industry can bring out the best in one another. You may also enjoy David-Goliath Culture Gaps: Accenture Strategy 2017

In our previous post, on claims, we highlighted the importance of claims as a customer touch-point – a poor claims experience is indeed a leading cause of customer churn. However, fraudulent claims are also a massive area of carrier losses. There is a tricky balance to be struck here. Treating every claimant like a potential criminal is an obvious no-no, but objective scrutiny must exist at some point in the policy lifecycle. Fraud is the dark matter of the insurance universe. Discovered cases cost insurers (and ultimately policyholders too) millions every year, and its full hidden extent can only be guessed at – it is in some sense the gap between how risk models should work and how they appear to work on the ground, with undiscovered fraud ultimately getting priced into premium costs. Derek Brink, VP and research fellow in information security and IT GRC at Aberdeen Group, recently estimated the cost of fraud at between 5% and 10% of insurers’ annual revenue, noting also that it takes firms a median time of 20 months to detect continuing fraud. Every penny saved on fraud is an additional penny back onto insurers’ bottom lines, and what defeating fraud would ultimately mean is that they could offer their policyholders more competitive prices.

"Fraud concern is no newcomer to the insurance industry, especially in the healthcare and motor lines of business. The fact that the internet is not attributable has made the fraud situation even worse as digitization proceeds at a pace." — David Piesse, chairman of IIS Ambassadors and ambassador Asia Pacific at International Insurance Society (IIS)

In this post, we assess both the size of the fraud problem and a range of approaches for containing it. The following stats and outside perspectives are drawn from our Global Trend Map; a breakdown of all survey respondents, and details of our methodology, are included in the full report, which you can download for free whenever you please. Download your complimentary copy of the full Trend Map here ... Who Wields the Sword in the Battle with Fraud? People most readily associate insurance counter-fraud with the claims department, because this is where fraudsters cash in and has historically been the point in the cycle where most frauds get unmasked. However, there is a limit to how far reactive approaches to fraud can take insurers, and stopping fraud closer to its roots is certainly preferable to focusing exclusively on the "final mile" (namely claims) for its interception. See also: Global Trend Map No. 5: Analytics and AI   It’s clear that the next generation of counter-fraud will be cross-functional, tracking potential fraud indicators across the entire insurance lifecycle. We asked insurance carriers to indicate which departments were currently involved in combating fraud within their organizations. Understandably, we see a large role attributed to dedicated fraud departments as well as to claims departments, and this is unlikely to change moving forward (the less than 100% figure for fraud departments may be due to the counter-fraud function sometimes being subsumed elsewhere). Other departments that stand out as having central roles are senior leadership, operations, analytics, underwriting and risk.

"If you stop fraudsters coming into the business in the first place then you have to spend less from the beginning, enabling you to improve the journey for other, genuine customers. But it’s difficult to get that balance in a competitive marketplace as the investment isn’t so obvious. It requires a change of mind-set." — John Beadle, head of counter fraud and financial crime, RSA

The fight against fraud is by no means limited just to carriers. Indeed, with the shift toward more active counter-fraud approaches, greater attention is being brought to bear on indirect channels. Historically, brokers and affiliate partners have been given incentives primarily on a volume basis and have directed plenty of bad business toward carriers. Insurers can therefore make substantial savings by educating their brokers and affiliates on best practice, to root out fraud at the application stage before it ever enters their wheelhouse – although they obviously need to tread a fine line between on-boarding bad business and turning away good customers.

"Part of the problem is the appetite for fraud detection in the broker channel. We’ve had to convince brokers to protect us against fraud because, by sending us that business, they ultimately end up suffering, too. Brokers see sales as a volume and growth business rather than one built on quality, and, as a company, we are always interested in quality." — Steve Jackson, head of financial crime at Covea Insurance.

A couple of general stats

• An overwhelming majority (92%) of our carrier respondents believed fraud is increasing, and we saw a similar level of concern from the rest of the industry.
• 29% of carriers believe that the majority of insurance fraud goes undetected, and 59% believe that some insurance fraud goes undetected (12% don’t know). The rest of the industry are in line with this assessment.

Slaying the Dragon: Approaches for Defeating Fraud We don't have scope here to explore specific counter-fraud solutions in detail. However, we did ask our respondents and industry contributors about different high-level approaches. These include before-the-claim strategies, data-sharing coalitions, the Internet of Things (IoT) and blockchain technologies.

"We can look at using smart technologies that look at probability and profiles of individuals’ past behaviors. If someone fits a certain profile, there is a higher probability they will be a fraudster. It’s an interesting area but also dangerous." — Steve Jackson

i. Before-the-Claim Strategies By identifying policies intended to facilitate fraud at the time of underwriting, insurers can prevent fraud advancing to the point of a claim being made; as a general rule, the more relevant data that can be pre-populated, the fewer opportunities there are for opportunistic fraudsters at the application stage. This directly reduces the amount of fraud that gets through the lines and helps also to unburden the claims department. Encouragingly: Two-thirds of insurers and reinsurers indicated that they had a before-the-claim fraud strategy. ii. Data-Sharing Fraudsters do not just recycle specific items of (fraudulent) data but also deploy the same distinctive methodologies against multiple targets. Effective data-sharing in counter-fraud means that, once unmasked, a fraud tactic is truly disarmed. Reassuringly then, we registered universal approval for this sort of initiative from the entire industry. 94% of insurers and reinsurers are in favor of a data-sharing coalition to prevent fraud. iii. Internet of Things When it comes to IoT, much of the attention is on preventative and value-added services (check out our earlier post on the topic). However, one of the more immediate boons of the technology is its role as a fraud deterrent. Take workers' compensation insurance in a factory or construction environment, for example. Installing IoT devices onsite for monitoring purposes makes it much more difficult to dress up instances of non-compliance for the purpose of inflating a claim (or making one in the first place), and means compliant clients can be treated accordingly. IoT also applies to personal lines: With full transparency over where a car has been and what motions it has undergone, auto customers are, generally speaking, less likely to lie about or exaggerate what has happened. At the same time though, IoT can also be a new attack vector for fraud. By hacking an IoT device, you could in theory spoof whatever behavior you want, to deceive your insurer – which would be particularly attractive if target-based discounts were in play. Imagine hacking your FitBit to show 10km of jogging a day while you remain safely ensconced before your television awaiting your health-insurance rewards. So cybersecurity is as important for the insurance aspect of IoT as it is for every other. See also: Global Trend Map No. 6: Digital Innovation   iv. Blockchain Another multi-faceted technology with clear applications for counter-fraud is blockchain: a distributed ledger for recording transactions between different parties without relying on a trusted (though oftentimes untrustworthy) central authority for verification. We spoke briefly to David Piesse, chairman of IIS Ambassadors and ambassador Asia Pacific at the International Insurance Society (IIS), to find out more: "The emergence of the new internet, commonly called the blockchain, means we no longer have to trust the internet but in fact can make sure it tells the truth. In Estonia, they wrapped the internet with a blockchain technology that has removed digital fraud from the healthcare sector in that country, and this is now being applied elsewhere. "It’s possible to map the blockchain protocol over the insurance combined ratio, with fraud and expense reduction on the top line and an increase in earned premium on the bottom line via new product and operational efficiency. This can give the C-suite an opportunity to see the effect of the new technology on their profitability before investment income." Blockchain continues its march into insurance apace. Indeed, Munich Re and Swiss Re last October founded the B3i Consortium with the express intention to "explore the potential of distributed ledger technologies to better serve clients through faster, more convenient and secure services." Blockchain clearly has massive implications for all forms of data and monetary interchange, and we look forward to seeing its continued application both in counter-fraud and more widely. This year's Global Trend Map did not contain a dedicated section on blockchain, but we look forward to including one in our 2018 edition, so stay tuned!  

The king of rock and roll, Elvis, was famous for “Taking Care of Business” (the name he gave his band). But when it comes to your cybersecurity dashboard, do you have the right metrics and visibility to mount a proper cyber defense and take care of business? Or are your cyber optics just along for the ride? No matter how many news stories about hacks, information theft and cyber espionage surface within your Facebook or Twitter feed, the idea that a major problem could happen to your organization sometimes remains just that, an abstraction. Many companies do not devote the proper resources to safeguarding their networks, even though the global cost of cybercrime will reach $2 trillion by 2019, three times the amount in 2015. Don’t wait for cybercrime to find you — remember that the best defense is always a good offense. Maintaining a successful security strategy requires dedication and delivering on a strategy that supports all functions of an organization. Security is a company-wide issue, and quantifiable metrics not only unify language but also demonstrate success. Keep Your Eyes on the Prize Your team can’t catch what they don’t see. Sounds like a catchy song lyric, doesn’t it? Maintaining a comprehensive view of the entire organization means more than just access to networks and systems. It requires an understanding of typical user behaviors and data traffic patterns, plus an awareness of corporate protocols as they relate to remote users and servers. Proper visibility throughout an organization necessitates laser focus on: BYOD (Bring Your Own Devices) protocol and management: Most organizations have policies around personal devices brought from home. These may or may not be followed, so a closer eye on device usage throughout the organization is warranted. Email traffic: Did you know that in the third quarter of 2016 alone, 18 million new malware samples were captured? Viruses via e-mail remain a top concern for security teams. Social and internet traffic: It’s likely that most employees in your organization use social media, perhaps even to promote the business. Prevent them from becoming an avenue into committing fraud or damaging the brand. See also: Security for Core Systems in the Cloud   Unusual user behaviors: Understanding your organization’s user behaviors is key to spotting abnormal patterns. Communicate clear policies and expectations for employees and enforce compliance to avoid accidental missteps and catch genuine incidents. Cloud applications and virtual servers: Internet-based applications create functional and productivity tools for an organization, but they put data at risk. Careful monitoring and protective firewall construction prevent easy access for hackers. The Best Metrics: Keep It Simple Create a security plan with goals that are understood and supported by the whole company. Measurement offers a clear and concise method of presenting critical information, so it’s important to measure the right statistics. Communicate on stats and data aligned with business objectives to gain the support of your employees and create a common language that everyone can understand. Focus on answering the following questions: How are we doing compared with our peers? In today’s business environment, understanding how successfully your organization prevents data loss or theft compared with other companies in your vertical provides a clear perspective on how your strategy is working. How quickly are we able to respond to a breach? Your response plan to a potential security incident is a critical factor in recovering from a cybercrime. Remember, it’s not IF you are breached, it’s when. Recognition of an incident, isolation of a breach and recovery convey the crucial steps to preventing widespread loss of private data. Two of the effective security metrics Secure Anchor uses with our clients are “dwell time” and “lateral movement.” Dwell time answers the question, how long did it take you to find and contain a breach? Lateral movement describes how you were or were not able to prevent the cyber adversary’s movement throughout your network. Are we getting better? Cybersecurity is never “done.” Regular audits of security processes and breach protocols provide the opportunity to improve and excel. Make sure your executive board is cognizant of the evolving journey. Are we spending enough (or too much) money? Aligning security technology and human resources with return on investment can be tricky, but budget allocations are a realistic pain point for many security departments and must be addressed. See also: 2018 Predictions on Cybersecurity   Creating and maintaining a thorough view of an organization’s user, network and system traffic allows a security team to design a blueprint to a comprehensive security strategy. Communicating that plan and measuring its success require the right metrics to align IT with business and prevent widespread damage from information thieves. Be a cybersecurity rock star. Just like any musician, you’ll have your big hits and your flops. But when you can see where you're going, with the right visibility into your systems, you will be TCB, takin’ care of business.

This is the second part of a five-part series. The first part is here. We’ve all read the productivity articles about the world leader who eats the same thing for breakfast, repeats the same 40-minute workout and reads the newspaper in the exact same order. We’ve heard about elite athletes with rigid pre-game routines, down to the music they’ll listen to before the match. The take-home message from this is that you need a stable foundation if you’re going to do amazing things. And in the case of insurers, a stable, efficient core is essential to enabling innovation. A stable core is essential for innovation It’s easy to focus on the shiny, emerging technologies that promise to upend the insurance industry: artificial intelligence (AI), the Internet of Things (IoT) and blockchain, to name a few. Do these things have far-reaching implications for insurance? Yes. Are there startups leveraging new technologies that may eventually disrupt the industry? Of course. But when many insurers still struggle to provide real omni-channel customer service, or offer timely and transparent claims settlement, it’s almost irresponsible to be asking which company or technology will disrupt insurance. Part of the issue is that the industry tends to clump two distinct opportunities together. First, there are the core competencies that insurers must master: the user experience, personalized offers, timely and transparent claims service. Get these pieces right, and you may not win—but do them poorly, and you will inevitably lose. Separate from this are the new technologies that capture headlines; if scaled successfully, these cool innovations can pave the way to an insurer’s future revenue streams. See also: Core Transformation Is Not Negotiable Brilliant Basics and Cutting New Ground At Accenture, we call these two opportunities the Brilliant Basics and Cutting New Ground. By getting the Brilliant Basics right, insurers foster a stable core—the strong foundation that’s necessary to enable innovation, in the form of Cutting New Ground. By injecting new digital technologies to transform the core, it becomes cheaper and more efficient to do the Brilliant Basics. This approach is aligned with what’s recommended by the Accenture Disruptability Index, which identified insurance as being vulnerable to disruption and recommended optimizing to improve structural productivity. Successful core transformation can create efficiencies, reduce the cost to serve and improve growth—all of which frees up investment capital to fund Cutting New Ground initiatives. These innovation initiatives should be viewed like a portfolio of digital investments. Low-risk, low-reward projects may be more likely to succeed and deliver incremental growth. High-risk, high-reward projects may be less likely to succeed—but if they do, they can enable an insurer to establish a definitive competitive advantage. Given insurance’s risk aversion, it’s definitely a cultural shift to embark on a project knowing it may not succeed, so viewing Cutting New Ground as a portfolio of investments can be one way to mitigate cultural concerns. Consequently, insurers need both pieces. Brilliant Basics can enable a stable core and generate investment capital that make it possible for insurers to focus on Cutting New Ground. Brilliant Basics is the elite athlete’s pre-game routine; Cutting New Ground is the game-winning performance, and maybe a record-breaking one at that. To get started, insurers should consider the following questions:

• What are your Brilliant Basics, and what will it take to deliver them?
• What are the foundational capabilities required to both deliver those Brilliant Basics and to set up the organization for cutting-edge innovation?
• What is Cutting New Ground for the industry, in general, and your organization in particular?

Transform the core to enable innovation It’s no longer enough to talk about digital channel strategy or digital operating models. We live and work in a digital world, and insurers need an appropriately digital strategy, period. This double-barreled strategy of using Brilliant Basics to become more efficient and create investment capital can enable an insurer to place smart bets with Cutting New Ground initiatives. See also: Core Transformation – Start Your Engines!   Done properly, Brilliant Basics can help insurers better connect with customers. By layering successful innovations on top of it, they can begin to see the stepping stones to becoming a competitive, digitally enabled business. Many insurers are focused on how to innovate, but most do not have a stable, cost-efficient core to support and fund their innovation efforts.

Property/casualty personal lines are under pressure unlike at any other time in history. The risk landscape is evolving as some circumstances result in increased losses (distracted driving, increased catastrophes), while others hold the promise to dramatically reduce risk (autonomous vehicles, the IoT). Customer expectations and demands continue to change. Emerging technologies offer new opportunities to manage risk and improve operations. New competitors and partners are surfacing every day via insurtech startups and greenfield insurance ventures.

But the industry is not standing still. Personal lines insurers are pursuing a dozen strategic initiatives that are propelling them to a stronger competitive position.

The strategic initiatives include both traditional initiatives, such as business intelligence and core modernization, and new world initiatives like investments in insurtech and a digital strategy. Creating a unified strategy with the right blend of traditional and new world initiatives is the challenging task of senior leadership today.

See also: Insurtech in P&C: It’s Not About the Tech  

Three of the traditional initiatives are further along in the implementation and deployment lifecycle: core systems modernization, business intelligence and advanced data/analytics. In a sense, these are the most foundational capabilities needed by insurers for success in the digital age.

Two of the traditional initiatives are primarily in the strategy and planning stages: innovative products and services, and the restructuring of the workforce. Personal lines have not historically been known for product innovation, relying on tweaks to coverages and services for the same basic products for many years. Now, a new generation of opportunities is upon us with the advent of on-demand insurance, parametric insurance, episodic insurance and coverages for emerging risks such as cyber. From a workforce perspective, the industry is on the front edge of massive retirements of insurance professionals, leading to the need to introduce more technology to support the workforce (collaboration tech, AI), increase recruiting efforts and rethink business models.

While the traditional initiatives are vitally important and foundational, it is the new world initiatives that hold the promise for more competitive differentiation. Improving the customer experience and becoming more digital are the two initiatives that have been underway for several years at many insurers, and they continue to pick up steam. Newer initiatives such as investing in insurtech and emerging tech are earlier in the strategy and planning stages, but important activity is underway there nonetheless. Almost half of personal lines insurers are developing strategies to deploy new business models, an indicator of how much rethinking and transforming are actually underway.

This is a significant time of change and transformation for the personal lines sector. The next five to 10 years are likely to produce more than a few surprises, with new products, new competitors, new distribution options and the impact of insurtech and emerging tech reverberating across the industry.

Let’s talk about trust. The insurance industry is built on it. So why is there so little trust between consumers and the insurance industry? According to the 2018 Edelman Trust Barometer, financial services as an industry has improved in the percentage of those surveyed who trust the industry from 48% in 2014 to 54% in 2017. While the level of trust is at least moving in the right direction, financial services does rank dead last among all of the sectors polled. Last. Trust is not something that comes easily these days anywhere, much less in the world of insurance and other financial services. This is not great news for an industry in which we literally sell a promise to be there when bad things happen to consumers and businesses, such as car accidents, fires or deaths. Many insurers may think of data along these lines: Consumers trust and understand that, at the end of the day, insurance carriers are in the business of data. It’s at the core of what we do, the data is how premiums are decided, how to best protect assets and develop the fastest solutions when there is a loss, how products are marketed and much, much more. Of course, carriers can be trusted to protect that data and consumers’ privacy. As a regulator who often hears from consumers, I wouldn’t bank on that. Simply put, there is a lot of uncertainty around data these days. Cyber-attacks are in the news seemingly endlessly, from Home Depot, to Target, to Equifax. And if consumers know one thing, it’s that their data is out there, often on old systems that may or may not be properly maintained, and many big-name companies may not have succeeded in protecting that data, and thereby their privacy. Consumers also often are bombarded with long applications or questionnaires, sometimes with rather personal questions. Often, they are left baffled trying to understand, “Why would these people need this information?” See also: When Not to Trust Your Insurer   Many agents or brokers requesting the data may not know themselves. Data collected by insurance companies is input into complex algorithms in trade-secret black boxes to which few have access, much less full access. Simon Sinek provides great insight into why leaders and companies need to focus on answering the question of “why” to maintain the focus as anyone—leaders, product managers, agents and brokers—starts the process and as any of us review whether that vision is working. Sinek says that people should consider whether “Starting With Why” in innovation will instill trust and cooperation. If companies are transparent about exactly why data is collected, consumers can understand how it affects them. Transparency also can allow agents, brokers, consumers and others collecting the data to ensure it is as accurate as possible. This issue is being discussed inside insurers, at insurance departments and among consumers. There can be scary downsides to secret data black boxes in insurance and otherwise. Insurers could also use the data to provide feedback to help consumers better manage their risks. It’s important that, as new technology brings new opportunities, those asking for the information fully explain the “why” behind requests for data. Insurance is global, and changes in other countries may cause changes that affect U.S. consumers and companies. As the General Data Protection Regulation (GDPR) is on the eve of its effective date of May 25, 2018, in the E.U., the U.S. has the opportunity to learn from the experiences. When the Iowa Insurance Division addresses these topics with companies, we point out the obvious. These are your consumers. If consumers ask the question about what data is being used and from what point, they should gain a clear response so they can understand fully before they consummate the transaction. See also: 6 Lessons in Trust From Retailers  Those in the insurance industry are given and trusted with much data. Because of that, much is expected. It’s an incredible time to be in the business of insurance, and the expectations are high. The Iowa Insurance Division will continue to work with companies and consumers to discuss the proposed “why” for the benefit of all affected. After all, the insurance industry is built on trust.

For security and compliance professionals, the announcement of new regulatory standards can be a stark reminder that the to-do list is long and the day is short. But with careful preparation and concerted, coordinated efforts to mature governance, risk management and compliance (GRC) activities, compliance and security teams can face new rules and standards with confidence. After many iterations and comment periods, the National Association of Insurance Commissioners (NAIC) announced the adoption of the Insurance Data Security Model Law in October 2017. The model law — which encompasses rules for licensed entities about data security and data breach investigations and notifications — establishes more rigorous guidelines for the insurance industry. It shares many similarities with the New York State Department of Financial Services (NYDFS) cybersecurity requirements for financial services companies, currently considered to be the highest bar — and a best practice — so the NAIC's model law is likely to be adopted by many states as the governing standard. The NAIC’s rules specify information security programs should be based on “an ongoing risk assessment, overseeing third-party service providers, investigating data breaches and notifying regulators of a cybersecurity event.” In particular, take a close look at Section 4: Information Security Program. It details implementing a program and the requirements for assessments, reporting, audits, policies and procedures. It sounds straightforward on the surface but grows in complexity the more you read; you need to not only identify internal and external threats but also assess the potential damage and take active, concrete steps to manage the threats. Section 4 also calls for more accountability when it comes to protecting data — each insurer must submit an annual statement by February 15 certifying compliance with Section 4 or identifying areas that need improvement, as well as remediation plans. See also: Insurance Is Not a Magazine Subscription It is important to note that the insurance industry has unique challenges around internal risk, third parties and intricately collaborative processes. Many entities and individuals are involved in a single claim: brokers, dealers, agents, actuaries, adjustors and claims processors. This creates more room for error, more potential gaps in security coverage and more difficulty managing contributors. Comprehensive procedures supported by integrated risk management technology solutions will help weave a tighter web. Renewed Focus on Third Parties As is the case with many of the major cyber security and data privacy frameworks (e.g., HIPAA, NYDFS, GDPR), the NAIC’s model law gives special attention to required oversight of third-party providers. Licensed entities are responsible for ensuring that third parties implement administrative, technical and physical measures to protect and secure the information systems and nonpublic information they hold or have access to. Meeting these requirements means licensed entities need to conduct assessments to ensure third parties are following security, privacy and notification guidelines. In Section 4.c.: Risk Assessment, it stipulates identifying threats by means of an ongoing assessment and an annual review of systems, controls, processes and procedures. Developing a comprehensive and streamlined system for vendor risk management is an increasingly critical component of both security and compliance programs — especially for large enterprises and those with complex partnership and outsourcing structures. Incident Response is Key The NAIC’s model law also specifies requirements for incident investigations and mandates that breaches are reported to the commissioner within 72 hours. In this notification, insurers must provide as much information as possible, including: the date of the breach; how the information was exposed; the types of information exposed; the period during which the system was compromised; planned remediation efforts; a copy of the company's privacy policy; and more. Additionally, licensees must notify consumers of the breach as their state's data breach notification law requires. It will be nearly impossible to meet these demands if your security information is outdated, incomplete or difficult to pull together. Expedient incident response can have a significant effect on outcomes. If you can quickly coordinate clear, accurate communications to regulators, third parties and customers about a breach or cyber attack, you can contain reputational damage, protect end-users and prove negligence was not a factor. See also: It’s Time to Act on Connected Insurance How to Become Prepared — and Stay that Way While some of the specific requirements of NAIC’s new model law might cause alarm, most insurance businesses already have well-defined processes and controls. The need to keep sensitive customer data secure and private isn’t new, and high-profile data breaches (e.g., Equifax, Anthem, Aetna) keep a spotlight on the consequences of failing to do so. Licensed entities are most likely to be challenged by the outer ends of the integrated risk management spectrum — the granular details of controls, policies and procedures on one end as well as the development of a sustainable security culture on the other. Both can be enhanced and reinforced through an enterprise-wide, technology-driven approach to GRC efforts. By implementing a centralized integrated risk management platform, insurance organizations can move away from fragmented manual processes (spreadsheets and email) and toward higher degrees of automation and analytics. The difficulty of meeting the NAIC’s requirements depends on the maturity of a company's security and compliance program. Companies that are already using an integrated risk management platform will easily be able to identify the gaps in compliance and efficiently make needed changes to achieve compliance. Those who do not have mature programs in place will have a longer path, from reviewing the requirements and identifying compliance gaps to the challenging goal of creating a culture of security.

The healthcare business is broken for consumers and taxpayers in America. And we can expect to see more mergers, acquisitions and large alliances in the coming months and years, all forming in the name of trying to control rising costs and taking better care of patients. The question is: Will they? Unfortunately, the answer usually is generally no. Let’s take a look at two recent headlines, starting with the CVS acquisition of Aetna. While the CVS acquisition of Aetna makes financial sense for shareholders, the same cannot be said for consumers. CVS and Aetna, which individually represent severe conflicts of interest, together create an even larger systemic problem. American consumers need healthcare intermediaries to clearly represent the interests of either the patient or provider — they can’t do both. Maybe we’re suffering from amnesia because we’ve forgotten why the Pharmacy Benefit Manager (PBM) industry exists in the first place. Years ago, insurers managed drugs themselves. However, the conflict of interest and the resulting price gouging was so bad that the PBM industry took off in the 1980s and became the de facto broker (intermediary) for the drug industry. Over the next three decades, the PBM industry “evolved,” and, today, the PBM business model looks worse than the insurance industry it once set out to fix. Considering the conflicted business models involved, it seems highly ironic that today’s largest PBM is buying one of the largest health plans. This was a bad idea 30 years ago, and it’s an even worse idea today. See also: How Amazon Could Disrupt Care (Part 3)   So why isn’t this going to control costs? Because it really is just a mechanism to switch roles from the “broker function” to that of the supplier. In this case, there is the added benefit that Aetna can get over the 85% Medical Loss Ratio (MLR) limitations by paying themselves as a supplier. All this does is further reduce choice, lock out competition and increase profitability for itself while increasing costs for purchasers. Planning on larger mergers to control costs is a fool’s errand. Take a look at UnitedHealth Group (UHG), which owns UnitedHealthcare (UNH) and OptumRx. The company’s structure and scale is on par with a combined CVS and Aetna. UHG owns one of the largest health plan providers and one of the largest PBMs, and UHG continues to aggressively acquire other health care services companies.  Many corporate customers will tell you UNH is one of the most difficult insurers to work with because of restricted data sharing and lack of transparency. UNH also makes it nearly impossible to use services other than their own.  This is not a recipe to control costs, and it’s going to get worse because UHG recently announced the purchase of Davita’s Medical Group, which has hundreds of care facilities and about 30,000 affiliated physicians. Another major issue with this acquisition is that it enables the combined entity to collect even more patient data and constrict its availability and use. CVS CEO Larry Merlo stated, “By integrating data across our enterprise assets and through the use of predictive analytics, we will create targeted interactions with patients to promote healthy behaviors and drive adherence, and this will further improve the quality of care for patients while also resulting in healthier outcomes.”  Mr. Merlo fails to acknowledge that the data the company integrates, uses for its benefit and sells for its profit is their customers’ data — to which the company claims ownership and restricts for others’ use. After the CVS-Aetna deal closes, restrictive data hoarding will stifle potential health benefits and further limit innovation opportunities. Just a few weeks ago, another headline about an alliance forming to control rising costs captured our attention. Intermountain Healthcare, Ascension, SSM Health and Trinity Health announced they are joining forces to create a new generics drug company. Again, on paper, the announcement seems like it could help control costs and benefit consumers. But taking a closer look at the match, the marketing value to the hospital chains has already vastly exceeded the cost reduction of the generic drugs in question as well as the pressure this places on big pharma by at least three or four orders of magnitude. Big Pharma isn’t in the generics business. As egregious as the examples are that we keep talking about with Valeant and Turing, those are rounding errors in aggregate compared to the global sales of just one brand drug, Humira, which brought in $14 billion last year, alone. Big Pharma is laughing all the way to the bank as the press keeps writing about how big a deal this is and how four hospital chains are going to change the landscape. These large monopolistic systems get the great publicity as they try to lay claim to the moral high ground. More importantly, we have, yet again, given providers of services (a.k.a hospital systems) who already have the reputation for marking up medicine such as Tylenol the power to mark up these new generics they will manufacture. The most important announcement of the past few days is the one from Amazon, Berkshire-Hathaway and JP Morgan. While there are few concrete details, the message from the top is clear that these companies have decided to take matters into their own hands to control costs as all the intermediaries they have relied on haven’t delivered. As those who represent consumers, benefits professionals have a crucial role to play as we continue to learn about more mergers, acquisitions and large alliances. As such, there are three things each of us as HR benefits professionals can do to help tame the M&A beast. First, insist on transparency. This starts by making sure intermediaries (insurers and PBMs) never control supplier performance data. You should have the right to see whatever data you need about your suppliers — just as you would in any other industry. Stop working with intermediaries and suppliers that restrict or refuse to provide data. You should also require intermediaries to provide all supplier contracts they have in place. Trust, but verify. See also: The PBM vs. the Drug Manufacturer   Second, require your suppliers to pick a side — yours, or theirs, but not in between. You, not an intermediary, should be able to choose who provides services to you. You should never be penalized for choosing a supplier that isn’t your intermediary’s preferred choice. Third, demand independence. Intermediaries must represent the company and customer interests. There’s an obvious conflict of interest when an intermediary also represents a seller of goods that constitutes a significant source of the intermediary's revenue. Stop doing business with intermediaries who have such conflicts. Congratulations to all the CVS and Aetna stockholders out there; there’s a big payday headed your way. Because one person’s profit is another person’s cost, expect the price of health care to increase in this brave new world. However, in the long run, the rest of us are going to bet on the new Amazon/Berkshire-Hathaway/JP Morgan model from Bezos, Buffett and Dimon to lead the charge of purchasers taking control of their own destinies.