Insurers often fail to embrace the cloud for three reasons—and all three are fallacies.

Accenture recently worked with a multinational insurer on its cloud implementation and helped it achieve an 80% reduction in costs of a particular environment of an application suite. However, many insurers have been reluctant to tap into the power of the cloud. In this Insurance Insight of the Week video, I’ll look at some of their most common hesitations—and how to overcome them. Three steps to help insurers capture opportunities unlocked by the cloud The cloud offers flexibility, agility and scale—key capabilities in a marketplace where traditional industry barriers have disappeared and customer expectations can change on a dime. In today’s digital economy, it’s a crucial technology that insurers can use to become more competitive. See also: Future of Digital Transformation   Learn more:

• Download Eighty percent reduction in insurance carrier costs? Cloud as rainmaker. (PDF)
• View other Insurance Insight of the Week videos.
• Email me to discuss how Accenture can help you embrace the cloud and become more competitive.

Innovation is critical for every organization, but it is complex and can be very confusing, too. Poor innovation management and ineffective execution are among the key reasons causing innovation failures in organizations. Many companies lack well-defined innovation strategy and alignment with business strategy, resulting in poor innovation delivery. While it takes time to build the innovation culture, companies must leverage the startup ecosystem, capabilities of partners to augment the innovation gaps and emerging technologies effectively to deliver innovation faster. Innovation silos within the companies are key impediments that dilute innovation and generate poor innovation results. It is the time for companies to get honest and acknowledge innovation gaps, prioritize top factors affecting innovation and develop clear innovation strategy and plans that are well-aligned with business strategy. This article covers key considerations, describes the current state of innovation within financial services and the insurance industry and provides recommendations for effective innovation delivery. Balancing Innovation, Startups and Emerging Technologies Today, there is lots of buzz on emerging technologies, startups and innovation. While the business environment, economic conditions, political situation and core capabilities of many companies have not changed dramatically over the past year, nevertheless the innovation agenda has taken the front seat in almost every organization. The big question remains: How effectively are companies managing innovation? Are companies focusing on business innovation or technology innovation or a combination? Which are the proven models for innovation that deliver results? Is partnering with startups sufficient to drive innovation? Which emerging technologies have higher potential for innovation? See also: Don’t Just Indulge in “Innovation Theater”   Well, there are no straight and simple answers to these questions. What matters today is: There need to be serious attempts of organizations toward driving innovation, commitment by senior stakeholders, collaborative culture across teams, alignment between top-down and bottom-up innovations, bridging innovation silos within organization and focus on customer-centricity. Business Values Are Driving Innovation Initiatives In my interaction with senior business and IT stakeholders of leading financial services companies in the last few months, one thing has emerged clearly: that business values and outcomes are the most critical element in getting innovation funding. I have met CIOs of leading insurance companies who have expressed concerns about getting buy-in from the business team for business cases as one of the key hurdles in delivering innovation. While a majority of innovation efforts are still technology-driven or technology-led, only a portion carries real potential to disrupt the business or push the organization to a rapid growth trajectory. Many organizations are still focusing on incremental innovation, while many others are burdened with operational priorities and legacy challenges. The good news is that financial services and insurance companies are not fearing experimentation. The partnership with startups, the pace of pilot projects using emerging technologies and the participation of companies in industry events, technology conferences and startup events has grown significantly in recent times. Many financial companies are sponsoring hackathons and are welcoming innovation of all types. A good number of companies within financial services and the insurance industry have already partnered with fintech and insurtech and are clearly finding value. The hunt for innovation is furious. The FinTech, InsurTech influence is pushing companies to innovate faster. Technologies Enabling Innovation Within Financial Services SMAC (social, mobile, analytics and cloud) technologies that were new a few years ago have become a new normal, with high adoption rate across industries. Emerging technologies include blockchain, artificial intelligence (AI), robotics process automation (RPA), Internet of Things (IoT), augmented reality (AR) and virtual reality (VR). However, companies are being pragmatic about adopting these technologies. For example, while it is true that in the last three years more than $1 billion of investment has gone into blockchain technologies alone, with 90-plus companies being part of blockchain consortia across 24-plus countries (according to recent World Economic Forum findings), many companies (insurers, banks and other financial companies) still struggle to identify suitable, viable use cases. The technical complexities and shortage of skills are another big hurdle for adoption of emerging technologies such as blockchain. While some of these technologies are still evolving, technologies such as AI and RPA are moving faster in terms of adoption within financial services and the insurance industry. For example, AI-enabled chatbot and robo-advisers are moving beyond delivering basic conversational response to enabling channel expansion, enabling cross selling, targeting new segments, delivering training and enabling end-to-end transaction processing within the financial services industry. RPA technologies are also gaining popularity and are in use within financial services and insurance companies, helping companies automate mundane, repetitive, manual, rule-based tasks or processes. The adoption rate and focus on IoT technologies has been hampered by increased fear of companies toward cyber security risks after various ransomware attacks in the recent past. AR and VR technologies are still hunting for viable use cases within the financial services industry amid the changing shapes and characteristics of AR/VR devices. Emerging technologies are the key enablers for delivering innovation and cannot be ignored any more. Bridging the Gaps and Making a Balance With Innovation While every company has a well-defined business strategy and IT strategy that are reviewed periodically, many lack a well-defined innovation strategy. It is time for companies to revisit their innovation strategy, align it to business strategy and make it an integral part of the operating model. The innovation silos, poor governance, complex organizational structure, lack of funding, talent gaps and organizational politics are a few known elements that hinder innovation delivery. Only a few innovation-driven companies take tangible actions to overcome these challenges and work toward building an innovation-centric culture. Agility, experimentation, customer validations, pivots, failures and talent development are integral parts of innovation delivery, and companies that understand that, will measure innovations regularly, reward teams and encourage open innovation. See also: Pursue Innovation or Transformation?   While corporate venturing, partnership with startups and acquisitions are some methods to fast-track innovation efforts and mitigate risks, without addressing the root cause that hinders innovation, companies are just postponing the real problems. Startups are a good catalyst for innovation, but many companies merely leverage them as a reference model or mitigation element, which they think they can mimic, buy or obtain through partnership using brand and financial muscles. If companies find many gaps with the existing innovation model, they must explore partnership and acquisition of appropriate startups seriously and integrate them effectively into the companies' ecosystem to ignite innovation delivery. Business model innovations that are market- or industry-driven typically deliver successful innovations that are disruptive. Companies that bring together the best elements of business and technology (talent, people, vision, insights, partners) at the right time, collaborate effectively internally and externally, learn from failures and involve customers in every stage of the innovation life cycle are the ones that are most successful in innovation delivery. In addition, emerging technologies offer numerous opportunities for companies to fast track innovation efforts when coupled with the right business case. Companies must balance the innovation, startups' influence and the power of emerging technologies for competitive advantage and market leadership.

How can you grow in a market that is flat or shrinking? This is a common problem faced by businesses. whether they are in insurance or manufacturing. It was the challenge my team faced immediately after I was promoted to lead Stryker’s EMS (ambulance) equipment business in 1999. The lessons we learned apply across a broad spectrum of businesses. Stryker EMS had grown aggressively following its 1994 launch by taking share from a monopoly competitor. But, as our slice reached 50% of that market, it was mathematically unfeasible to expect that the pace of expansion could continue meeting our parent company’s 20% growth requirement. We had to find other avenues to expand. The first prong of our approach was to extend globally. Nothing particularly original in that approach, but the second prong would challenge every bit of our ingenuity as we created three new market categories. The situation we faced is similar to that of many insurance companies. Industry experts believed that there was little opportunity for innovation in the EMS patient handling equipment space—resembling what many believe about parts of the insurance space. We proved the skeptics wrong; you can, too. The valuable lessons we learned while inventing three breakthrough market categories have direct analogies in insurance, where finding game-changing innovations brings unique challenges. First, we took a broad, strategic view of the issues facing our customer and partnered with industry leaders to uncover significant costs that were hidden in their financial statements. Simply put, we did our research. Insurance companies seeking to innovate could leverage their financial experts and actuaries in similar endeavors. Second, we focused on the root causes of those hidden costs, constantly asking what could be done to reduce or eliminate those causes. This is a mindset that the best insurance companies follow. Third, we invented technologies that enabled several of the breakthroughs; gaining patent protection and exclusivity in the process. In many of these inventions, we brought to bear crucial technologies that were being developed in unrelated markets but had application to what we were attempting to accomplish. This is similar to those in insurance looking to enhance quoting, claims processing, risk management and a host of other functions by applying burgeoning innovations in augmented reality and machine learning that are taking place in the computer, smartphone, and tablet markets. See also: 4 Hot Spots for Innovation in Insurance   This extract from the new book Commanding Excellence: Inspiring Purpose, Passion, and Ingenuity through Leadership that Matters tells the EMS story. While the challenges in insurance are distinct, applying similar thought processes and fundamental approaches from this innovative leader in medical devices could be the secret sauce to innovative breakthroughs. From Chapter 22: Purpose-Drive Creativity at Stryker The second prong was focused on solving significant problems facing EMS providers around the globe. Over the next decade, we developed three new product categories that dramatically improved patient handling in prehospital treatment. After several years in the business, my team realized that an emerging employee-injury crisis was facing our customer base. As patients were getting heavier, and the average EMTs lifting the patients were aging and included a higher number of females, on-the-job back injuries were soaring. In addition, the many safety issues that arose in the event of an ambulance crash were gaining awareness. Stryker EMS set off on a determined mission to provide technological solutions to these challenging issues. We worked closely with internationally recognized EMS services to identify the sources of injury, developed strong partnerships with ambulance manufacturers and regulatory bodies working on crash-worthiness, and dared our engineering and marketing talent to devise breakthrough answers to these difficult problems. First we launched the category of tracked EMS stair chairs. These were foldable/storable wheeled chairs that had an innovative friction-based track system that users could deploy to provide considerable assistance when transporting people down the stairs. The StairPRO was a game-changing product. Smaller EMTs gained the capability to safely transport patients down the stairs, dramatically reducing the risks of back injury to themselves while also improving safety for the patient. As we developed the product, many focus groups loved demonstrations of the prototypes but thought such a product would be far too expensive. To do it right, the chair would end up being three to five times more costly than the seldom-used, simple folding chairs most ambulances carried at the time. We knew the injury-reduction benefits were real, and the costs of such injuries far exceeded the cost of a fleet of tracked chairs. As it turned out, the StairPRO chair saw the fastest market uptake rate of any new product Medical Division had ever launched, even at the high price. Our second major breakthrough was a viable powered ambulance cot. Lifting patients from the ground to the upright position for moving the cot and then loading the cot into the ambulance was another source of heavy back strain driving high rates of injury. Stryker launched an innovative battery-powered, hydromechanical cot that allowed EMTs to lift patients with great ease with the press of a button. The product was a particularly challenging engineering feat, because it had to have the power and strength to assist lifting up to a 700-pound patient yet still be light and maneuverable and have no compromises in the time it took to load and unload from the ambulance. Several patented new technologies allowed all of these requirements to be met, and PowerPRO was another runaway success. The final major breakthrough was, perhaps, the most demanding and complex product Stryker Medical ever developed. We found it odd that in most of the developed world, the process of loading garbage from a customer’s curbside into a truck had converted from a physically intensive, back-injury-prone, manual operation to one where the sanitation companies issued customers customized wheeled containers that could be rolled out to the curbside and then picked up and hydraulically dumped into the garbage truck. This conversion involved a multimillion-dollar infrastructure investment all over the globe. Yet critically ill patients were still being loaded into the backs of ambulances by skilled EMTs and paramedics using simply their own brute force. It was an operation riddled with significant injury risks for the providers and patients. Not infrequently, patients were dropped or tipped over during loading or unloading, resulting in injuries and lawsuits. The situation begged for a technology solution. As with the PowerPRO, there could be no compromises. Load and unload times had to be equal to current methods; a complete and seamless manual back-up had to work in the event of power loss; battery management had to be automatic; crash-worthiness had to be best in class; operation had to be simple; and the device needed to be easily cleaned. In the process of addressing all these often competing requirements, the team invented and patented multiple technologies for the loading and unloading method, near-field communication techniques between the stretcher and the loading system, inductive charging between the trolley and the cot (to recharge the batteries) and a host of other mechanisms. At launch, the PowerLoad system was well received, and it is still in the process of transforming the industry’s infrastructure today. We look forward to the day when no patient has to be loaded by brute force. With the international expansion and three breakthrough new-product categories, the EMS business was a significant growth engine, delivering a combined annual growth rate of over 25% during the years through 2012, when I retired. There was nothing more rewarding than to have seasoned paramedics come into our booth at trade shows and ask to hug the engineers, thanking them for creating technologies that allowed them to do their jobs without injuring themselves or patients. The purpose-driven atmosphere unleashed creative energies to go after these game-changing innovations. Success continues in EMS. In 2016, Stryker acquired the world’s leading manufacturer of EMS defibrillation for over $1.2 billion to complement the company’s global market position in the prehospital market. See also: Innovation Executive Video – Pypestream’s Donna Peeples 

New technologies like blockchain, artificial intelligence (AI) and the IoT offer insurers a better way to engage customers. One crucial enabler? The cloud.

It would be an understatement to say that insurers have many more tools at their disposal today: new technologies, advanced analytics, access to broader data sources, for example. But these new tools aren’t possible without one crucial technology: the cloud. In this Insurance Insight of the Week, we’ll look at how the cloud makes digital happen. The cloud makes digital happen New technologies like blockchain and connected devices can help insurers improve customer service, speed to market and the bottom line. Insurers that tap into the cloud—and the capabilities it can enable—can take advantage of these technologies to become more competitive. See also: Blockchain: Basis for Tomorrow   Learn more:

• Download Eighty percent reduction in insurance carrier costs? Cloud as rainmaker. (PDF)
• View other Insurance Insight of the Week videos.

In our last blog of our two-part series on the gig and the sharing economy, we looked closely at how the gig or “on-demand” economy will open up new markets to group and commercial insurers. You can read that blog here. In today’s blog, we look at the sharing half of the gig and sharing economy. How will a radically shifting market, where borrowing and lending are more prevalent, open doors for commercial and specialty insurers? More importantly, how can insurers fuel the growth of this market by making borrowing and lending more palatable? Is the Sharing Economy real? The sharing economy is not only real — it has enormous potential for insurers. RVs make a great example. Recreational vehicle owners use their RVs an average of 28 days per year. With 8.9 million U.S. households owning an RV, that’s nearly 2.9 billion unused RV days per year. RVs are remarkably underutilized, making them a prime market for sharing. RV sharing sites, such as Outdoorsy, help owners to profit from their RV, while helping non-owners to gain access to RV use. Multiply this idea many times over. ATVs are underused. Boats, chainsaws and generators are underused. Cars, homes, cabins, campsites, hunting property, musical instruments, bicycles, hockey rinks and electronics are all commonly underused. The only thing standing in the way of sharing them all is… insurance to cover a new type of risk. See also: Opportunities in the Sharing Economy   While some personal lines insurers are making a case for insuring some of these risks by adapting their personal lines products, it is commercial insurers that may have a leg up when it comes to understanding how to price risk for niche risks or groups and how to offer innovative products to these “small – medium” business owners. Majesco’s forthcoming consumer research report finds that the consumption of ridesharing and home- and room-sharing services has a strong and growing appeal. The year-on-year growth of these activities was between 5% and 15% depending on the activity, highlighting a growing interest and use across all generations due to the digitally enabled capabilities driving ease of use. (For a further look at sharing economy trends, read Changing Insurance for the Digital Age, a collaboration between Majesco and Global Futures & Foresight.) Experience is a factor The sharing economy is related to the experience economy. As millennials enter the middle class, they are owning less “stuff” and putting more emphasis on having greater experiences. The sharing economy is fostering their desire to do more by owning less. With less of their income tied up in ownership and maintenance, they have more to spend on borrowing and renting. They are concerned about risk, but they don’t want a confusing transaction to sit in the way between them and the experience. So, insurers must find ways to build simple insurance experiences into the front end of the overall experience, or hide purchase experiences within the usage itself. Insurance is the answer to some of the sharing economy’s most pressing issues. Before "sharing economy" was even a term, sharing was at the heart of insurance. So, it would make sense that insurance would fit well into the sharing economy. Insurance, however, has had a product focus, reflected in the organizational silos based on risks and products, by separating personal versus commercial, rather than a customer focus that shifts between different risks (i.e. personal vs. commercial) based on the behaviors or use. This is why sharing economy insurance incumbents may find themselves disrupted by Slice, Cover Genius and Metromile and similar entities that are popping up everywhere. Optimistically, however, the sharing economy is igniting an insurance renaissance with traditional insurers like Geico, Admiral, AXA and others asking themselves how they can serve people in the on-demand sharing economy … both personally and as a “business.” In the sharing economy, it’s all about protection for the shorter timeframes and meeting the uncommon, on-demand need … allowing the customer to fluidly switch back and forth from personal to “commercial” needs. And, it’s all about giving owners and businesses incentives to lend property or assets. Insurance can answer these issues. Insurance will fuel the sharing economy if insurers can build compelling value propositions Rental companies are familiar with the risk of lending. They understand what is at stake, and they price insurance into their products or create contracts to handle damage. A new round of entrepreneurs is arising, however, who are using technology to match peer-to-peer lending. Websites such as MyTurn are enabling anyone to launch asset-sharing organizations. These types of companies are unfamiliar with how insurance can offer them protection and how coverage should be handled for a broader segment of products and users. This is an area where insurers can fill a growing gap. The insurance value proposition in the sharing economy is to make both the lender and the borrower comfortable that the transaction can occur without the threat of loss. All that remains for insurers, then, is to determine where sharing is creating insurance gaps and how they can build, sell and service sharing products. Data is critical Consider how data is currently used in underwriting most products. For the most part, insurers pull from traditional data sources for underwriting purposes, and, though they may have reduced underwriting time, it is rarely real-time data. The sharing economy is different. It will require hyper-short underwriting loops based on real-time data because many aspects of sharing happen quickly and in a non-uniform pattern. The whole concept of on-demand insurance assumes the flip of a switch between being uninsured and insured. On-demand insurance products should have the capability to score based on evidence analyzed from many reliable sources. Sharing economy insurers may want at least some scoring related to social profiles and common pastimes and behaviors. These aren’t easy data points to collect, but the further down the road on-demand insurance progresses, the greater the demand will be for every type of character-based data. Cloud platforms are necessary In essence, sharing economy insurance requires on-demand micro duration insurance coverage and blurs the boundaries between personal and commercial insurance.  But insurers face challenges including: creating a micro-duration insurance business model; real-time pricing determination based on micro-segmentation and varied factors; mobile-first user experience; low transaction value but high transaction volume; and low-touch, end-to-end operations. See also: 4 Mandates for Agents in Sharing Economy   To support these new coverages requires a next-generation core platform that is a complete architecture redesign with an alchemy of data, analytics, digital and processing components; customer-journey-focused solutions; significant reliance on AI for pricing and underwriting; and a light footprint and auto-scale capabilities for high volume support on cloud.  Furthermore, there has to be a strong “find and bind” integration architecture to tap into an ecosystem of innovative services. As we highlighted in our Cloud Business Platform: The Path to Digital Insurance 2.0 thought leadership report, many of the new insurers providing these innovative products have such core platforms in the cloud to allow them agility, speed and innovation in a continuously changing market. Agility is (no surprise) highly necessary For insurers to grab the opportunities as they arise, they will need to understand what new technologies can do to facilitate sharing relationships. They will need to use a next-generation core platform that is scalable and allows for real-time data and agile product development. Cloud platforms will lend themselves to many of the necessary features, but expert data integration and “find and bind” ecosystems will also be vital. For a better look at growth opportunities within the sharing economy, don’t miss Majesco’s report, A New Age of Insurance: Growth Opportunity for Commercial and Specialty Insurance in a Time of Market Disruption.

What I want to explore today are application programming interfaces, or APIs, but the term is off-putting—technical and perhaps even intimidating. So, let's start with two maxims from Silicon Valley that frame the issue in a friendlier way. Then, we'll look at how a radical approach to APIs has helped Amazon be a mega-success, how they are leading to redesigns for car makers and how they could drive broad innovation in insurance. Lemonade—surprise, surprise—offers an early example of what's possible.

The two maxims:

"Software is eating the world." — Marc Andreessen, a prominent venture capitalist who created the first commercial internet browser more than 20 years ago. 

"No matter who you are, not all the smart people work for you." — Bill Joy, a co-founder of Sun Microsystems who wrote the version of the Unix operating system that made it widely popular and who is now a venture capitalist. 

Looked at from an insurance perspective, I see Andreessen saying: If you want to be the eater, not the eaten, you need to turn your business into software. Stop thinking about having factories that churn out paper full of legalese and imagine insurance as software. I see Joy saying: Figure out how you can fit into an ecosystem and draw on all those smart people who work for somebody else.

Those two maxims lead to APIs, because they are the technical expression of how you turn your business into software and how you coordinate with all those other smart people. Get the API issue right, and other problems fall away.

APIs are really just definitions of how pieces of software will work with other pieces of software. You're writing an app that needs to include a calculator? You check the API for that calculator object and make sure your app talks to that object in the way it specifies. You don't talk the equivalent of English if the object speaks the equivalent of Spanish. You don't spell "favor" as "favour" if the object speaks the equivalent of American English, not British English. 

The magic of APIs is that they're so detailed that all the complexity behind them is hidden. If I want to collaborate with you on something related to software, I don't have to get into long conversations about governance or coordination. I can just say: "Here is my API." You then make sure that you meet the specs, and we're good. You get to draw on all my smart people, and I get to draw on yours.

That's the Joy's Law piece of the puzzle. The Andreessen piece requires specifying APIs for as much of your business as possible. Set up underwriting so that someone with a great bit of software for understanding some type of risk can just plug in once you share your API with the company. (Many APIs are public, but they don't need to be.) Set up claims so that someone with a new way of spotting fraud can just plug in.

Rethinking your business as a software platform or operating system will take some serious effort but will pay huge dividends. Just look at tech giants like Microsoft, Google and Facebook to see the benefits of being able to absorb others' innovations.  

Amazon may have taken the most radical approach to APIs. From its early days, Amazon had all parts of its business express themselves as APIs. In other words, they specified, in software, how they would export information and how they would import it, what capabilities they offered and what they needed, etc. All communication had to happen through these interfaces. The specificity simplified coordination both inside Amazon and with outsiders. And the approach seems to have worked out okay....

Car companies, which have always struck me as insurance-like in their determination to do everything in-house, are finding that they can no longer deny the power of APIs. For instance, historically, car makers designed every single detail of the dashboard -- the entertainment system, perhaps mapping, etc. Now, they are finding that people increasingly want an Ox Cord (a term that I assume began as "auxiliary cord," or "aux cord"). Customers want to be able to plug a smartphone into the dashboard to run their own entertainment, mapping, etc. Car companies are responding by designing dashboards that function more as a screen and speakers and by publishing APIs that define how those smartphone connections can happen. The companies will lose some control but wind up with far more robust systems -- and happier customers.

Lemonade is publishing APIs that will let it cross traditional insurance-industry boundaries and easily collaborate with outsiders that might help sell its products. Why just rely on agents or a website when you can have realtors, for instance, seamlessly direct people to you as part of a rental or purchase? 

What Lemonade is doing should be just the beginning of more fundamental innovations—at least, if I'm right that lots of the boundaries between traditional product lines will blur or even go away. For instance, life insurance has historically been sold as a separate product to protect a family if the primary breadwinner died but increasingly will, I believe, be incorporated into financial planning. Thinking of life insurance, investment vehicles, benefits programs, etc. as software, not products, and specifying APIs will greatly simplify the sort of combination and innovation that I believe must happen. 

If you develop an API-based strategy, you will greatly improve your chances of being the diner, not the dinner. 

Cheers,

Paul Carroll,
Editor in Chief

Insurance technology companies can be innovative, efficient, agile. They can delight their customers with modern user-experiences, impress them with low costs from reduced overhead and surprise them with swift service. But there is one area where they face an uphill battle to take market share from large, established insurance institutions. Trust. Why would a customer risk choosing an insurtech company with a young record in the industry over a traditional player with a long-held reputation for being well-capitalized? When the hurricane hits, can the insurer be trusted to honor the payout? See also: The Insurer of the Future – Part 9   The answer for insurtechs is not to focus on battling the behemoths to create equally huge capital backup. Insurtechs have to win the battle for hearts and minds. Insurance is about customers achieving peace of mind. But the industry is plagued by major misalignments of interest. Customers may well understand that the major players have enough money to pay their claims but they don’t necessarily believe they will pay out. There is a trust deficit. Large companies with capital have high costs and, unfortunately, making payouts can directly impact their profits. Regulators aim to protect customers and ensure fair payments. But, in the end, the cost of the additional compliance bureaucracy is passed on to a distrustful end-customer anyway. Insurtechs need to rely on their competitive advantage -- technology. That technology, and specifically blockchain, can be deployed to ensure customers receive their payouts automatically. As a customer, you can have no better peace of mind than knowing you will receive payment immediately with no questions asked. Insurtechs can provide “parametric” insurance policies where events trigger automatic payments, eliminating the burden of customers’ claims processes. Parametric policies can work, for example, for flight-delay insurance. If a customer buys a policy against a late arrival of an hour or more and a plane is indeed officially logged as behind the clock, then payment is made automatically. Blockchain technology has the power to create an unalterable database that can be trusted immediately by the insurer and customer alike, meaning the transaction is transparent and automatic. In this way, blockchain enables provable fairness to allay consumers fears over the industry’s misalignment of incentives. The same parametric insurance mechanism can be used for weather. A six-week drought can prompt payout to farmers who fear their crops will shrivel. The farmers do not have to prove their loss. The data executes the policy automatically. See also: 10 Trends at Heart of Insurtech Revolution It is possible to imagine a world of insurance with vastly reduced overhead - a world where payments are automatic and there is no need for cumbersome claims processes. This clearly means insurance policies can be cheaper - and cheaper policies opens the possibility of more granular policies targeted at the real lives of customers. This is another way the insurtechs can win the trust of customers - by being perceived as helping solve their actual, specific problems. A sports club can organize a tournament and insure its players against injury. That kind of specific policy is currently likely to be seen as low value for the big insurance companies. But with their lower costs, insurtech companies can use blockchain to design a bespoke policy that serves customers and creates profits.The insurtechs can use their cost efficiencies to provide bespoke policies that create an intimacy with a customer and that, in turn, builds trust.

Cyber-attacks see no signs of abating. In fact, deadly threats such as ransomware and malware have now become mainstream. Enterprises have no option but to expect cyber-attacks as a fact of life. They need to make their systems immune from such attacks. The State of Cyber Attacks Cyber-attacks increase in magnitude and scale with every passing day. A case in point is the WannaCry ransomware, which wreaked havoc in more than 200,000 systems across 150 countries in the world, during May 2017. This attack, the largest ransomware delivery campaign to date, held up everything from surgical operations to public information display systems, and from government initiatives to corporate work. And WannaCry is just one example. More than 4,000 ransomware attacks have taken place since the start of 2016. Ransomware damages will touch $5 billion by the end of 2017, a 15X increase from the damage levels just two years ago! Data-encrypting ransomware such as WannaCry is socially engineered malware. The hackers trick unsuspecting victims in many ways to install Trojan horse programs. They may:

• Compromise an otherwise trusted site on a temporary basis, to offer a malicious download link.
• Arrive as a rogue friend or application install request through mainstream social media.
• The innovation of their attacks is matched only by the ingenuity in the ways they breach the network.

Close on the heels of socially engineered malware are password phishing attacks. A good proportion of the unsolicited emails try to pry out login credentials from gullible account holders. Despite the best anti-spam software, good phishing replicas of legitimate emails slip in. All it takes is a single careless employee for the hackers to breach the corporate network. Countermeasures Cybersecurity has been fighting a losing battle against cyber attackers for many years now. Traditional security approaches, such as firewalls and antivirus suites, are now inadequate to protect against the entire gamut of attacks. Many enterprises realize this fact and now invest heavily in security. Gartner estimates information security spending to exceed $86.4 billion in 2017. However, many enterprises go after the latest tools and technologies, while neglecting the basics. See also: Quest for Reliable Cyber Security   Time-tested basic security hygiene is the basics of any countermeasure against cyber threats. Some of the basics include:

• Installing advanced anti-malware suits
• Regular patching and updating key software
• Regular data backups
• Controlled access to resources within the network
• An Enterprise-wide whitelist of authorized apps and software.
• Strong two two-factor authentication (2FA), with smartcards, biometrics, or OTP through SMS.

Another key component of basic security hygiene is training users on safe browsing. The ideal end-user education is ongoing. It covers the latest threats, and make employees aware of what to do in the face of various eventualities. However, all these basics serve only as a foundation on which to construct sound security architecture for the enterprise. These basics alone are no longer effective in keeping cyber criminals at bay. Patch Management: Vital for online security Socially-engineered malware such as WannaCry spread across the organizational network without user interaction. The malware exploits latent vulnerabilities in the operating system of application software. Browser add-on programs such as Adobe Reader are especially rife with vulnerabilities, and hackers exploit it at will. In WannaCry’s case, the malware exploited “EternalBlue,” a known Microsoft Windows vulnerability. Software vendors and cyber criminals are locked in a never-ending battle. Cyber criminals are always looking to unearth some vulnerability. The “good guys” try to beat cyber criminals to the game, to identify vulnerabilities before cyber criminals discover it first. Either way, the software developer releases a patch as soon as the vulnerability becomes known. But, it is rare to find any enterprise with perfectly patched software. Enterprises do not install the patch updates even when one becomes available, owing to many reasons, such as: Operational constraints and exigencies Concerns about whether a newly patched version would contain some other bugs, rendering the system unstable. Continuous Monitoring: Around the clock website check-ins Today’s cyber criminals are sophisticated, and the attacks they launch are unpredictable. Enterprises would do well to ensure continuous monitoring of the network environment. They would also do well to manage the implemented security controls on a proactive basis. An effective network monitoring system offers end-to-end visibility of the network traffic. It:

• Understands legitimate traffic patterns in the network, and issues prompt alerts when discovering unexpected traffic flows.
• Triggers automated responses, such as shutting down the network, or blocking the user, on detecting anomalies.
• Integrates threat intelligence capabilities, aggregating threat information from multiple sources.

Large enterprises could consider setting up an in-house security operations center, with robust incident response capabilities. Smaller firms could consider enlisting the services of a managed security services provider, to monitor their network and respond to incidents in real-time. Either way, proactive network monitoring is essential to keep the network safe. See also: Paradigm Shift on Cyber Security   Security Assessment: Third party independent security reviews Network security does not work in isolation. An effective security set-up offers tight integration, without leaving any loose ends. Enterprises would do well to conduct a thorough security audit to ensure such a state. A sound and comprehensive review compare the existing state of cybersecurity with best practices, in terms of:

• The integration of basic and advanced controls to the security architecture
• Integration of the existing security environment architecture with the business and IT vision
• How the security framework leverages latest technologies, such as Machine learning, behavior analysis, and threat modeling, to detect and mitigate identified threats
• The scalability of the security architecture to defend against future threats
• The preparedness of the architecture to deliver Intelligent and flexible responses

The state of cybersecurity is fluid. Enterprises need to adopt an adaptive and evolving approach the security. They need to re-evaluate security processes, practices, policies, platforms, and tools, on a regular basis. With cybercrime damage estimated to touch $6 trillion annually by 2021, the stakes have never been higher.

A great concern today is the impact of damages associated with wrongful conviction claims. Last month, two local entities in Illinois were sued by a wrongfully convicted young woman. After spending nearly 10 years in prison, then being released due to an advancement in science/knowledge of shaken baby syndrome, Jennifer Del Prete could be one of the most sympathetic claimants imaginable. She could potentially collect $20 million. In this case, two local villages have exposure, both belonging to a single “cooperative purchasing program.” It is estimated that one inmate per week is released due to new evidence related to scientific advancements, and the legal recovery averages $10 million per inmate. DNA evidence and renewed scrutiny of court cases by legal think tanks is driving the push toward reconsideration of these cases. In the Del Prete case, new medical evidence was overwhelming, and a Northwestern University investigative journalism center found exculpatory evidence suppressed by the prosecution. See also: How Underwriting Is Being Transformed   This is more food for thought regarding underwriting, overall exposure to wrongful conviction, available limits (per member and reinsurance pool aggregate) and the potential impact on current immunity or tort caps. The trend toward justice for wrongful convictions will continue to gain strength as science and technology advance. These advancements will be embraced by justice advocates like the Medill Justice Project at Northwestern University.

As the sale of cyber policies grows and other types of policies are extended to include cyber coverage, the industry is taking on a massive amount of new risk. Although it is true that auto, workers compensation, environmental policies and so many others were all new offerings at one time, there are some things about cyber that make it more unusual, more uncertain and more potentially dangerous for the insurance industry than new offerings of the past. Simultaneity It is entirely possible for hackers to plan and launch simultaneous attacks on a large number of targets. Those targets may be corporations, infrastructure such as power plants, government bodies, hospitals, or any other type of entity. If a successful, very harmful simultaneous attack, whether ransomware, malware, or any other type of IT weaponry, was to be made on a sizeable number of entities, the losses occurring at one point in time could create serious liquidity pressures and even jeopardize solvency for an insurer. See also: Urgent Need on ‘Silent’ Cyber Risks   Individual insurers are modeling their aggregate exposures, but are they doing it comprehensively enough? Analysis must take into account not only the limits and reinsurance on their cyber policies (including such add-ons as contingent business interruption or other enhancements) but also what level of coverage is afforded in existing casualty and property policies as well as any other policies that may be triggered (such as D&O, E&O, reputation, etc.). In addition, correlated risks that have nothing to do with claims liabilities per se should also be considered. For example, what will they do if their contracted vendor networks, which are supposed to help insureds after a breach, are not resourced sufficiently to handle simultaneous attacks. Ubiquity Given the global nature of the internet, attacks may be not only simultaneous but ubiquitous. The entities affected may be all over the world. An insurer that relies on geographic diversity to protect its capital can lose the benefit of diversification when it comes to cyber. A global event or series of events could have significant capital implications for insurers that have considered their cyber portfolio in part rather than in whole. Unpredictability There is scant history upon which to base underwriting and pricing decisions when it comes to cyber. The earliest policies were geared toward system failures, not cyber attacks. More recent policies were focused on data breaches and stolen data and the actual cover involved handling some of the expertise needs and certain expenses post breach. Now, cyber policies are dealing with ransomware attacks and cover business interruption and other loss. This is heady stuff when there are no historical patterns to use in predicting frequency and severity as there is with property or workers compensation. Ransomware attacks continue to escalate at a rapid pace. Who knows how much faster or greater this trend line will grow. Some cyber attacks have been targeted while others are random. In either case, they test the ability of insurers to make predictions. This, in turn, makes it difficult for actuaries to price the product appropriately. How much business should an insurer write of a particular kind until it can be sure the business is priced correctly for the exposure? A random attack might seem to better fit the principle of insuring against fortuitous events, however, it does mean that an insurer that relies on customer segment diversity to protect its capital can lose the benefit of such diversification. This is similar to the situation mentioned above in connection with geography. A targeted attack will likely strike an entity (or entities) with the most money, records or other treasure worth capturing or destroying. Hence, the losses generated will be greater. Initial attacks were focused mostly on retailers with hospitality and with banking and healthcare following. The great fear is that power and infrastructure will be next. The impact from attacks on power and infrastructure could be catastrophic in the extreme. The flexibility to strike randomly or with fixed intent leaves underwriters in a quandary about which classes of business are riskier than others. How, then, can they manage their customer mix as do with other lines of business? See also: What if You Had a Cyber Risk Score?   Sponsorship Hackers can work alone or in groups. They can also be actors for foreign governments. When Marissa Mayer spoke about the Yahoo attack, she commented on the unevenness between a company’s attempts at IT security versus an attack potentially perpetrated by a nation state. This phenomenon is something insurers must consider when parsing the words in their contracts. To what extent should there be exclusions, as there are in terrorism policies or other policies that exclude acts of war? To what extent is a future federal backstop needed? Conclusion This is not to say that cyber insurance should not be offered. Society has a protection need, and insurers have been answering that need since the first handshake at Lloyds. In addition, this line of business has been streaming new revenues into an industry that, in recent years, has had excess capacity. Rather, it is to say that insurers must put robust and innovative solutions in place to manage aggregation risk.