As we collect more data, and become more sophisticated within our use of analytics, we can understand, manage and mitigate more emerging risks than ever before. In turn, our better-informed outlook changes how we approach risk. Instead of considering individual incidences, we now have the data to think about and build new approaches to understanding overall risk – including mitigation and management strategies. Enterprise risk management (ERM) provides a framework for understanding and responding to business uncertainties and opportunities with relevant insights that are delivered through common, integrated risk identification, analysis and management disciplines. Approaching ERM with analytics can provide a more strategic approach to holistically identifying, managing and mitigating risks. As a result, business leaders are not only looking at specific elements of risk anymore. It’s not just about single claims, like medical malpractice, which can be easily priced from an insurance perspective. Increasingly, leaders are looking at other risks, which have not been measurable or predictable in the past, but are becoming more so. When assessing the risk of, for example, property damage, risk managers have decades of data to draw on, data like incidence rates or average claim size, which helps model exposure profiles. Emerging risks, precisely because they are new, do not have this data. Emerging, big picture risks such as cyber security, damage to brand and reputation and supply chain are among the most pressing concerns that risk professionals face today. Few industries exemplify this better than healthcare. In Depth Why Healthcare? In healthcare, data has been critical in the education of practitioners and the treatment of patients – it has provided the necessary information needed to establish best practices and clinical protocols and provided the metrics that help increase the quality of care provided. Data can also predict, and even affect, medical costs. Across the globe, medical costs are rising. In the U.S. alone, healthcare costs are around $3 trillion – accounting for 18% of national GDP. These costs are only set to rise as the effects of aging populations and changing lifestyles make themselves felt. Luca Franzi De Luca, vice president, Aon Italy, says: “The state of healthcare is a truly global concern. More than ever, care providers need new ways to manage the costs – and risks – that coming years will bring.” Data will be key in addressing these issues. See also: The Current State of Risk Management   The Data Revolution and a Better Understanding of Risk The more parts of a system that you can observe – such as cost, quality, exposures to loss and population health – the more you can predict. And the more you can predict, the better you can understand, and price, risk. As such, ERM is becoming more of a possibility than ever before.

• Risk control and traditional operational risks: From malpractice claims to workers’ compensation costs to property exposures, the healthcare industry now has decades of historical data that enables it to better manage and price risk. However, emerging risk poses a more severe problem: relatively new threats such as cyber attacks do not have the historical data behind them to give organizations a proper understanding of their exposure. And as healthcare – both data and actual care itself – becomes increasingly digitized, whether through back-end services like databases or digital infrastructure, or through frontline services like robotics and smart health devices, cyber will become more and more important. This is already happening. In 2016, healthcare was one of the most attacked industries because of the value of patient records. And as with malpractice or workers’ compensation, as more data is gathered for cyber risk, we are better-equipped to build risk models to address this emerging enterprise risk.
• Population outcomes: One way for healthcare organizations to control their risk burden is to minimize the amount of illness in the world beyond their walls, and data is helping them to achieve this. For instance, big data, machine learning algorithms and better integration between public services is allowing more and more sophisticated forms of epidemiology and can help measure and control incidence rates in populations at large. This means a reduced risk profile for front-line care providers. “There’s a connection between keeping people healthy and enterprise risk. For example, malpractice claims will decrease if more and more individuals are healthy and not hospitalized,” De Luca explains. “Furthermore, analytics is enabling us to focus on 20% of the population that is driving 80% of the cost of care.”
• Quality of care: Medical malpractice is estimated to cost around $55 billion cost in the U.S. alone. Improving the overall quality of care that individuals receive could reduce related costs. Data has enabled organizations to better understand their processes and eliminate the inefficiencies and errors that can lead to litigation.
• Costs: Better data modeling processes can also give deeper insights into an organization’s total costs. For a hospital, keeping track of operating costs may be relatively straightforward. But other costs, such as those generated by supply chain risk, fluctuations in pharmaceutical or technology prices or business interruption from a cyber attack or pandemic, may be more difficult to grasp. Advanced data tools can give healthcare providers a better understanding of their total financial burden.

Data tells us about the world. The better we are at collating and analyzing data, the better we are at predicting how the world will behave. The use of data in the healthcare sector is providing greater visibility into all potential channels of risk – and also, new opportunities. Instead of looking at potential risks on an item-by-item basis, risk managers, senior management and the C-suite can start thinking about risk in macro terms. What is our organization’s total risk-bearing capacity? How does our current risk profile fit within that? And what strategies can we pursue to mitigate or finance those risks? Data technologies and methodologies are evolving all the time. Using these developments to gather and analyze more and more data around emerging risks is essential. This isn’t just important in the medical industry, but something that all industries can and must do. Only then will their strategies be able to deal with emerging, enterprise risk. “Organizations will be able to focus holistically on enterprise risk management, rather than focusing on specific liabilities as in the past,” De Luca says.

At the 2017 PRIMA Annual Conference, a session discussed development of a municipal risk assessment program. The speakers were:

• Dan Hurley – risk manager, City of Chesapeake, VA
• Marilyn Rivers – director of risk and safety, City of Saratoga Springs, NY

A threat assessment is designed to determine vulnerabilities of employees to physical harm. Public employees are particularly vulnerable due to a variety of exposures. Understand Internal and External Threats When it comes to workplace violence, most people think this is primarily internal and involves a disgruntled co-worker. However, particularly with public entity employers, the main threats are external. Someone is disgruntled about something and acts out violently against the public entity employee. Domestic violence is also a significant source of workplace violence. The violence can spill into the workplace and affect not only the domestic partner but others around them. Among the public entity employees at greatest risk for violence are:

• Public works/utility workers
• Inspectors
• Social workers
• Home health aids
• Animal control
• Anyone handling money
• Recreational staff
• Emergency response
• Law enforcement
• Risk management

Any public situation that can be confrontational or stressful has the potential to escalate into violence. See also: IT Security: A Major Threat for Insurers   Identify Threats You should develop a threat committee to help assess potential threats for violence against your employees. Members of this should include:

• Police
• Fire
• Social services
• Human resources
• Library
• Public works
• Public utilities
• Recreation
• Finance, risk and safety
• City attorney
• Code and licensing
• Collective bargaining units

It can be challenging to bring all these different people together on the same committee as they have such a wide variety of experiences and interests. It is important that everyone feels they have a voice on the committee and that their views are heard. Each group on your committee has their own specific risk factors. For example, libraries are in a variety of neighborhoods. They are not heavily staffed, and they are open late into the evening. If there are homeless in the area, there is a tendency for them to look to libraries as a place of refuge. The leading cause of workplace homicide for women is domestic violence, with 32% of killings related to a domestic partner. Only 2% of men killed were due to domestic violence. This leads to the question of whether you should require your employees to notify you if they have a restraining order against another individual that would escalate the threat of violence. Prioritize Threats As threats are identified, the next step is to prioritize them. Start by putting the threats on a grid, with one bar being the likelihood of the exposure and the second being the potential severity of the risk. If you have threats that are high likelihood and high potential severity, those are your priorities. Potential priorities include:

• Active shooter training
• Emergency evacuation plans
• Building security plans and building design for security
• EAP
• Work-alone procedures for both the office and field
• See something, say something
• Internet resource page

These priorities assist you in developing training and prevention programs to address your biggest risks. Active Shooter Training The standard now for active shooter response is RUN, HIDE, FIGHT. The first priority is to try and escape the situation. RUN Employees should be trained to think of what their escape path would be if faced with a shooter. People should have multiple options. You need an assembly point that is safe where employees can go and you can figure out who is missing. HIDE Train employees on places to hide. Can it be secured? Does it have good air circulation? An office with lots of cubicles can create very limited options both in terms of run and hide. FIGHT When you have no other options, be prepared to fight. Think of potential weapons you could use. Should you provide mace or tasers to certain employees who work alone and could be attacked? The stampede effect works best, as a shooter cannot target multiple targets at the same time. If one person attacks, others will usually join in. Announcing a police presence can also be useful, as many times active shooters kill themselves as police are closing in. Other Issues Building floor plans are a very important element of your active shooter program. You should provide building plans to local police and make sure those plans are updated as modifications are made to the building. See also: Protecting Institutions From Cyber Risk FEMA has online active shooter training programs that are very detailed and can be downloaded. Other Security Issues

• Periodically do walk-around inspections of your secured locations to make sure they are properly secured. Too often, employees prop doors open, especially around loading docks, cafeteria rear doors and smoking areas. The easiest way into your secured building is usually the back.
• Another area to check is the lighting around your building. Lights go out. Trees and bushes may grow to block lights or security cameras.
• Keypad locks can be a problem, as you need to change the combination every time you have employee turnover. Card swipes are much better.
• Police vehicles are a deterrent. Just parking their vehicles in a visible place aids in discouraging violence.
• Open access counters are necessary for public access, but they sometimes lack a retreat barrier. Make sure you have cameras in the area and ample panic buttons for employees.
• Having a security camera with a big screen facing outward can be a deterrent. People see themselves on camera, which can deescalate the situation, as they know they are being watched.
• Safe rooms need to have the ability to withstand time. Perhaps have water available in case people have to shelter in place for an extended period.
• Work-alone people are vulnerable not only to violence but a personal medical emergency or serious workplace injury. Have a way to track those people.

Little wonder why so many CEOs have restless nights. Europe and the U.S. are facing unprecedented political uncertainty, technology is developing at a breakneck speed and even the world’s biggest corporations are not safe from social media backlash. Against this backdrop, Aon’s 2017 Global Risk Management Survey (GRMS) found that brand damage, economic slowdown, increasing competition and changing regulations were the top four risks. Meanwhile, disruptive technologies, failure to innovate and lack of talent are the threats projected to increase in severity in the coming years. Are businesses prioritizing the right risks? According to the survey, the tech sector is most aware of the threat posed by failure to innovate, and other industries can learn from their industry’s risk rankings. More and more industrial sectors are getting swept up in the “Fourth Industrial Revolution” – where everything from machinery and household appliances to robots are being connected to the Internet of Things (IoT). The tech sector’s current concerns are important: What is affecting it today will likely affect almost every other company in the years to come. In Depth The need to innovate – together with disruptive technology – are high priorities for the tech industry, according to the GRMS. While staying ahead of the innovation curve is a daily mantra for the tech sector, many industries have not ranked innovation slowdowns as such a prominent threat – yet. The failure to innovate and disruptive technology, coupled with attracting and retaining top talent, increasing competition and brand risk, will maintain the Top 5 status for the technology sector for the foreseeable future. These factors will also increase for other industries that are going through digitization and digital disruption. Innovate or Fade Away So why are other industries ranking innovation slowdowns as a lower priority? As regulators scrutinize the "sharing economy" and "peer to peer" businesses like Airbnb and Uber, perhaps companies in more established sectors believe it’s just the disrupters that are vulnerable to new legislation. Could the low ranking also be a symptom of the complacency among established firms that inadvertently enable disruptive organizations to flourish in the first place? After all, many big brands – from Kodak to Borders – have disappeared partly because they failed to see the bigger picture. Borders, the established book retailer, according to Time magazine moved in a different direction despite consumer trends: late to the web, invested in CD sales as downloads were gaining popularity, and more physical stores emerged as consumers moved to e-commerce. Additionally, Kodak, the firm that invented the first prototype digital camera, thought photo sharing was going to help the printing business. As it turned out, digital photo sharing was the new business, the Harvard Business Review says. See also: 3 Major Areas of Opportunity   Established businesses can fail to anticipate disruptive risks because they are too focused on protecting market share – even if they recognize the importance of adapting to newer consumer trends. And while these companies may understand the theory of disruption – identifying and anticipating customers’ needs and responding to them in new and more efficient ways – they can lack the skills to identify the most effective ways to turn theory into practice. Failure to innovate and meet customer needs has been ranked 6th in the last four Aon surveys, but is predicted to rise to number 3 by 2020. In just a few short years, this risk is projected to be the top risk in Asia Pacific, and number 2 in North America, as these regions continue to compete for top talent in everything from consumer electronics to renewable energy technologies. Understanding the Core of Innovation and Disruption Disrupters are shaking up traditional business models by meeting customer needs in a more efficient and responsive way. From taxis and hotels to the music industry and newspapers, established businesses in almost every sector are at risk from mavericks who have found better ways of doing things. These revolutionaries can be start-ups like Airbnb or Spotify, or blue-chip firms muscling in on a new endeavor, like Apple and Google joining the race to develop driverless vehicles. At the heart of this is data and analytics. The growing commercial value of data describing a user’s online behavior – the core concept set to revolutionize the way the world works – is also core to the rapid rise of players like Snap. But where tech firms excel at gaining insight into customer needs from detailed data analysis, not every company has yet to find out how to gather, interpret and successfully apply data to help enhance, or even transform, their own business models. This is why businesses should closely monitor the tech sector’s forward-looking concerns. Those who understand and anticipate emerging risks will have a stronger chance of overcoming them. The rest risk being overtaken by up-and-coming rivals who better understand both consumers and the rapidly changing business landscape. A failure to innovate and respond to customer needs can directly impact an organization’s bottom line. In the last 12 months, it led to a quarter of firms reporting a loss of income, more than from cyber crime and hacking (reported by 10 percent), or political risk (reported by 23 percent). Companies also report less preparedness to remedy the problem. Today only 59 percent report ‘readiness’ for dealing with this risk, down from 64 percent in 2013. All this shows that perceptions of risk are changing. With this change in perception comes a need for new approaches to overcome such emerging threats. And to develop those new approaches requires the right people. Talent: The Ultimate Solution? In 2011 Apple overtook Exxon Mobil to become the world’s most valuable firm. And now four of the top five companies in terms of market capitalization – Apple, Alphabet/Google, Microsoft and Amazon – are from the tech sector. Investors have put their faith in ideas and creativity as much as natural resources and physical assets. Meanwhile, Microsoft’s $26 billion acquisition of LinkedIn shows the enormous value of a company which had quickly become a dominant talent and recruitment networking tool. Since innovation reflects forward-thinking , attracting and retaining the right talent to implement such strategies might be a company’s best bet to stay ahead. And potential recruits need more than competitive salaries: They are after a strong brand with a good reputation and workplace flexibility that recognizes good work. For those with skills in fields like cybersecurity, big data and predictive analytics, it is a seller’s market as demand outstrips supply. There has been a global skills shortage in these areas for the last few years, and this remains a serious challenge. Add to this a tightening labor market as unemployment falls in major economies, and the potential strengthening of borders in the U.S. and the U.K., which limits talent supply even further, accessing top talent becomes a greater challenge. Despite an appreciation of the rising challenge of skills shortages, failure to attract and retain talent dropped from 5th in 2015, to 7th in the 2017 survey results. But again, technology firms – who tend to be ahead of the curve – rate it at number 3. Talent Beyond Tech Skills shortages are not just an issue for tech companies, even if other sectors may not yet fully appreciate the importance of talent in their business plans. For instance, failure to attract and retain talent did not appear in the Top 10 for the energy sector in this year’s survey. “From my point of view, this makes it an underrated risk for the sector,” says Bruce Jefferis, CEO Energy & Mining, Aon. “Historically, talent retention coupled with innovation has been a key driver for the energy sector and it will continue to be a key risk in the longer term.” See also: 4 Hot Spots for Innovation in Insurance   With the Fourth Industrial Revolution likely to affect almost every sector, other industries should start to take note. With talent pipelines increasingly needing to be planned as much as 10 years out, failure to start planning today could lead to even greater disruption in years to come.

Public agencies and organizations around the world are making cyber risk their top priority. North American policyholders dominate the market, but Europe and Asia are expected to grow rapidly over the next five years due to new laws and significant increases in targeted attacks, such as ransomware. Various experts predict the $3 billion global cyber insurance market will grow two-, three- or even four-fold by 2020. Deciding how much cyber insurance to buy is no inconsequential matter, and the responsibility rests squarely with the board of directors (BoD). Directors and executives should have the highest-level view of cyber risk across the organization and are best-positioned to align insurance coverage with business objectives, asset vulnerability, third-party risk exposure and external factors. See also: New Approach to Cyber Insurance   So, how much does your organization stand to lose from a supply chain shut down, a web site outage or service downtime? Recent data points from breach investigations help frame the discussion around risks and associated costs. Following a variety of high-profile breaches helps ensure that your projected coverage requirements match up with reality. Be sure to follow older cases for deeper insight into the full expense compared with insurance payout; related costs and losses are often incurred for years afterward due to customer and market response as well as legal and regulatory enforcement actions. In 2013, Target suffered a very public breach that resulted in the resignation of the CEO, a 35-year employee. Target had purchased $100 million in cyber insurance, with a $10 million deductible. At last count, Target reported that the breach costs totaled $252 million, with some lawsuits still open. Home Depot announced in 2014 that between April and September of that year cyber criminals stole an estimated 56 million debit and credit card numbers – the largest such breach to date. The company had procured $105 million in cyber insurance and reported breach-related expenses of $161 million, including a consumer-driven class action settlement of $20 million. These cases illustrate the need for thoughtful discussion when deciding how much breach insurance to buy. Breach fallout costs depend on multiple factors, are not entirely predictable and can rise quickly due to cascading effects. Cases in point: the bizarre events surrounding Sony’s breach and the post-breach evisceration of Yahoo’s pending deal with Verizon. Organizations need to review their security posture and threat environment on a regular basis and implement mechanisms for incessant improvement. The technology behind cyber security threats and countermeasures is on a sharp growth curve; targets, motives and schemes shift unpredictably. Directors may find it useful to assess risk levels and projected costs for multiple potential scenarios before cyber insurance amounts are decided upon. Most policy premiums are currently based on self-assessments. The more accurate the information provided in your application, the more protected the organization will be. Most policies stipulate obligations the insured must meet to qualify for full coverage; be sure to read the fine print and seek expert advisement. A professional security assessment can pinpoint areas in need of improvement. If you claim to be following specific protocols, but a post-breach investigation finds they were poorly implemented, circumvented or insufficiently monitored, the insurer may deny or reduce coverage. Notify your insurance provider immediately about significant changes to your security program. Review policy details regularly to ensure they match prevailing threats and reflect the evolution of crimeware and dark web exploits. Cyber insurance carriers continually adjust their offerings based on risk exposure and litigation outcomes. See also: Promise, Pitfalls of Cyber Insurance   As the industry matures, cyber insurance policies will become more standardized. For now, it’s an evolving product in a dynamic market; boards and executives need to keep an eye on developments. Simultaneously, they must maintain a high degree of visibility across their security program. Checking off compliance requirements, writing policies and purchasing security software isn’t sufficient. My advice is to lead from the top. Organizations need to ensure risk assessments are thorough and up-to-date, policies are communicated and enforced and security technology is properly configured, patched and monitored. Turning a blind eye to cyber threats and organizational vulnerabilities can have disastrous consequences. Cyber insurance may soften the financial blows, but it only works in conjunction with an enterprise-wide commitment to security fundamentals and risk management.

As prices come down, virtual private networks (VPNs) are becoming a must-have tool for many small- and medium-size business owners. The growing popularity is a reflection of the chaotic times in enterprise computing, marked by malware and ransomware targeting vulnerable systems and a decentralized work force of globetrotting employees juggling several gadgets at once. More SMB data is now stored in the cloud, too, often leaving company executives at the mercy of the servers they don’t control. See also: How to Anticipate Cyber Surprises   SMB owners “need VPNs because the digital era is underway,” says Ruby Gonzalez, head of communications at VPN provider NordVPN. “People are working remotely. The work environment is much more flexible. Individuals are being targeted all the time with scams.” What is a VPN? A VPN is a group of computers and servers in a secured private network that allows users on the public network, i.e., the internet, to enter only after using a verified logon. The connection is encrypted, enabling authorized users to communicate securely and freely. It’s mostly associated with the private networks managed by companies for its employees working remotely. A company VPN runs on top of the private network used in the office. Others can access commercially available VPNs—whose servers often are in far-flung places—to hide their location through encrypted logons or get around geographical limitations, such as browsing Facebook in China, where the social network is not allowed. How does it work? The user accessing the VPN from a remote location must install a VPN client application to communicate with the network’s gateway. The communication includes logging in with a password, which the VPN gateway application authorizes for access. VPNs also encrypt data that is flying across the network. A SMB owner can set up a VPN with a suite of network protection software and servers. But popular off-the-shelf applications, such as Windows Server and some firewall software, also come with do-it-yourself solutions. SMB owners also can pay a monthly fee to subscribe to commercial VPNs. How do VPN types differ? For those looking to set up in-house VPNs, knowing there are a variety of VPN protocols could help in the process. They include OpenVPN, the IPsec-based VPN and Point-to-Point Tunneling. OpenVPN is an open-source software application for creating VPNs. For encryption, it uses the SSL protocol, which provides data and communications security in the network. The IPsec-based VPN is one of the most popular protocols currently in the market. It’s built into the hardware made by some of the largest companies, such as Cisco Systems. It’s often used with another protocol, called the Layer 2 Tunneling Protocol, that is built into some Windows Server software. They’re fairly easy to install, and many enterprises continue to use the combination as a default option. The Point-to-Point Tunneling Protocol (PPTP) was once popular since it came with Windows software. Its client applications are built into many computers. But many enterprises no longer use or support it because data is not encrypted. See also: Quest for Reliable Cyber Security   Why is usage growing among SMBs? Scary headlines of hackers scamming business owners is certainly motivating VPN purchases. But prices of commercial VPNs also have plummeted in recent years. Some are free or charge less than $10 per user per month. And many of these commercial options are cheaper—not to mention easier—than creating your own VPN at the office. NordVPN, for example, offers business accounts for less than $5 per employee per month, Gonzalez says. Its business accounts come with a dedicated account manager. “It used to be a very tech-focused service. But it’s now getting easier, prettier and user-friendlier,” she says. What’s important when shopping for a VPN? If possible, try to find out your prospective VPN vendors’ customer service. Generally, more financially secure vendors provide better customer experience. They have more servers, updated technology and more staffers. Larger VPN vendors also have servers in more countries, giving you a big basket of virtual logon options. “It’s also possible to get (your own) dedicated VPN server or a dedicated IP address,” Gonzalez says. “We have 1,000 servers in 58 countries. Our servers are everywhere except Antarctica.” Free services are fine for many individual customers, but may not be appropriate for business owners. They’re often loaded with ads. And data traffic, while encrypted, may be tracked for customized ads. This article originally appeared on ThirdCertainty. It was written by Roger Yu.

Near the start of every mediation, once each side is in their own caucus room, I spend time talking directly with the injured worker. There are at least three reasons to do so. 1. I want to build trust in the mediation process. The injured worker needs to feel part of and emotionally invested in the mediation process. The injured worker is probably unfamiliar with the mediation process and may be apprehensive. The parties may distrust each other. Empathy is one of the traits of a good mediator. I assure the injured worker that nothing will happen that the injured worker does not agree to. When the injured worker trusts the mediator and the mediation process to be fair, the likelihood of settlement increases. See also: A Better Reality for Injured Workers   2. Catharsis is part of the settlement process. The mediation may be the closest the injured worker will get to a day in court. Telling the story is a prerequisite to accepting settlement. I want to make sure the injured worker gets the chance to tell the story in a neutral setting. Letting out emotions is good, and crying not uncommon. Occasionally an attorney will intercede and take the place of the client to tell the story from the client’s viewpoint. This is a mistake. 3. Sometimes the injured worker’s concerns are not being addressed. At one mediation, when it looked like the attorneys had wrapped up all the issues, the injured worker asked me, “When will I be able to go back to work?” A return to work was not part of the attorneys’ deal, and I had to rewind the process to make sure the injured worker’s concerns were addressed. When the injured worker feels able to speak directly to the mediator, this type of omission-- which could lead to problems for all participants later-- is less likely to occur. See also: Time to Focus on Injured Workers   I participated in many workers compensation mediations before I became a mediator. I never saw a mediator take the time to talk to the injured worker. Instead, I saw mediators create a barrier between themselves and the injured workers that made settlement more difficult. I work hard to make sure no communication barriers exist.

When most people think of “disruptors,” they think of startups entering an established sector – using technology in radical new ways, overturning existing business models and overthrowing long-standing sector leaders. Technology has become the dominant example, but there are other factors that can be just as disruptive to the established dynamics of a sector: shifting consumer sentiment and regulatory change. With customers increasingly voicing their opinions about products and services online, consumer sentiment is shifting faster than ever. At the same time, we are entering a fresh period of geopolitical uncertainty following the U.K.’s Brexit vote and the election of President Trump in the U.S. – which could prompt new approaches to regulatory frameworks, both nationally and globally. When such disruptions hit, how can organizations respond to minimize negative impact and refocus their strategies to maximize the positive? The food and drink industry offers a number of insights. In Depth “External factors – simply put, risks – impact organizations each day and influence their growth,” explains Ciara Jackson, Ireland-based director, Agri-Food & Beverage practice leader, Aon Risk Solutions. “Forward-looking strategic risk management is vital so teams can better understand what’s on the horizon and plan accordingly.” The trends affecting the food and drinks industry today have long been signposted by subtle (and not so subtle) shifts in consumer and governmental attitudes. The response of consumers, governments and businesses within the sector serve as a good illustration of how established organizations can identify and adapt to longer-term risk trends, without significantly affecting their operational effectiveness. See also: The Big Lesson From Amazon-Whole Foods   Reacting To Long-Term Trends Worldwide, a number of serious, non-contagious health issues have, for decades, become increasingly prevalent. Excess weight and obesity rose by 28% for adults and 47% for children between 1980 and 2013. The number of diabetes sufferers has nearly quadrupled since 1980. Health issues related to the combination of a rise in sedentary lifestyles and higher-calorie diets are hitting the working-age population. As a result, health care costs are increasing, and the productivity levels of businesses are suffering. Awareness of the problem is growing. In a number of countries, a cultural shift toward healthier lifestyles has begun, and efforts to improve health have encompassed individuals, school systems, companies, non-governmental organizations and governments. In many regions, the shift in perception started with awareness campaigns designed to promote the voluntary adoption of healthier habits. Today, the public’s understanding of the impact of having too much sugar in their diets or being overweight is greater than ever before. Soda and fizzy drink consumption, for example, has been dropping in the U.S. for more than a decade. Demand for organic, vegetarian and vegan diets has risen. According to the International Food Information Council (IFIC) Foundation’s 2016 Food & Health Survey, ever more people understand that beverages with low-calorie sweeteners are a good option for diabetics, can reduce calorie intake and help people lose weight. For governments, following the public mood on such issues makes sense politically, socially and economically – in an age of rising healthcare costs. “Consumers are moving toward healthier eating with a view to combating obesity, heart disease and other illnesses. That, in turn, should reduce the burden on public health services,” Jackson explains. Employers are also keen for action, says Stephanie Pronk, senior vice president, National Health Transformation, Aon. “By focusing on three major risk factors, employers can save an average of $700 per employee per year in healthcare costs and productivity improvements.” These complementary desires and changing consumer preferences have led to a growing trend toward legislation designed to encourage the industry to respond. Legislative actions include new restrictions on levels of sugar and types of fat in foods, obligations to make packaging more informative and taxes on consumables considered unhealthy – from carbonated drinks to salty snacks. This trend has begun to cause significant disruption to the food and drinks industry – at least, to those who failed to see it coming. Reacting to Changing Consumer Sentiment Disruption can inspire a search for new technologies, products and services. As consumer tastes shift, companies are shifting product mix and investing in research for new products. According to Jackson, the food and drink sectors “are reformulating their products, for example by reducing their sugar and fat levels, diversifying their product range and allocating their research and development budgets toward healthier options.” In 2010, Nestlé founded its Nestlé Health Science division to research ways that food can not only get more healthy, but actively improve people’s health. This response has helped the company retain its industry-leading position, and even opened up new markets. Its new range of healthy frozen foods launched in 2015. Nestlé’s research promises more breakthroughs. In 2016, it announced its scientists had discovered how to create hollow sugar crystals containing fewer calories, reducing the sugar content of its chocolate by as much as 40% when they are introduced next year. Yet while companies will often react to changing consumer sentiment, sometimes regulators still feel the need to step in. Reacting to New Taxes and Regulations The IFIC’s 2016 Survey revealed that food companies are the least-trusted source of information on food safety and recommendations – calling for more transparency on nutrition, ingredients, sustainability and their supply chains. Lack of transparency can pose a serious risk to food brands and associations. In January 2017, Coca-Cola became the target of a lawsuit alleging that the company had spent “billions of dollars on misleading and deceptive promotions” designed to hide the impact of its sugary drinks on health. In the European Union, regulators have rejected hundreds of unjustifiable nutritional claims on food packaging, while consumers have continued to demand easy-to-understand, transparent information about these products, continuing the pressure on legislators to force the industry to comply. Beyond simply ensuring that the public is equipped to make an informed choice, demand from consumers for new taxes and regulation on unhealthy food and drink has gathered pace around the world. Fat and sugar taxes have been implemented in countries including India, Denmark, France, Hungary and Mexico – with similar announcements in Ireland and the U.K., both planning to introduce such taxes within the next few years. Although New York City was the first in the U.S. to try to pass a soda tax, the action was blocked by a judicial order. U.S. cities that currently have a soda tax in place include Berkeley, Oakland and San Francisco as well as Boulder and Philadelphia – with Cook County, IL, the U.S.’s second-most populous county, recently passing a sugary beverage tax. There is also demand for more tax and regulation from multilateral organizations. The World Health Organization (WHO) has called for a reduction in premature death from non-communicable diseases (such as weight-related diabetes and heart-disease) of 30% by 2030. WHO Member States have agreed to work toward limiting salt intake to 5 grams per day per person by 2025 and to reduce the marketing of foods high in saturated fats, trans-fatty acids, free sugars and salt, to children. The Complexity of Emerging Risks Sugar, fat and salt taxes are another weapon in the fight against food-related diseases. But their effectiveness depends on how consumers and companies react. Philadelphia’s recent sugary drink tax includes drinks that contain sweeteners, including artificial sweeteners, sugar substitutes and products listed as “diet” and “zero calorie,” which despite lower calorie counts than traditional soft drinks have been linked to obesity. The tax is imposed on distributors – but is being passed on to consumers, who have seen prices rise. “Tax will put even more pressure on margins from retailers,” Jackson says. In some cases, the tax has been more than the cost of the beverage. Retailers are working to make this clear to consumers, with some showing two prices on the shelf – the cost of the beverage and the cost with the new tax included. Some retailers have said they are seeing a decrease in business as customers are buying outside of the city limits now. It’s easy to blame regulations, but such price changes are a natural part of doing business and can be coped with if organizations have appropriate risk strategies in place. “From a risk perspective, sugar taxes put pressure on already depleted margins, but it is no different from the kind of volatility in sugar or other raw materials which manufacturers are used to coping with,” says Richard Broekhuizen, head of Client Service, Aon Risk Solutions, UK. He points out that taxing unhealthy food gives companies an incentive to increase investment in healthier product lines and “diet” products – the best way to hedge against this new trend. But there are still challenges. “Do they have a bandwidth of sugar-free products that protect revenue that can offset potential new costs? I know they all have diet products, but do consumers believe they are lower in sugar?” Broekhuizen asks. Furthermore, Jackson points out that if margins are being pressed “in a business with multiple units, capital allocation may be an issue, as business may be inclined to invest in units that have a more positive image”. Responding to Change Like the rapid pace of technological change, the global cultural shift toward a desire to live a healthier lifestyle is unlikely to reverse. Food companies will continue to face demands for healthier options, and governments are likely to continue to respond with new regulations and taxes. Over time, it will become clearer which techniques are the most effective in altering consumer behavior – and winning people’s trust. See also: New Era of Commercial Insurance   During a period of disruption, the one thing organizations cannot afford to do is nothing. Those brands in the food and drink sector that spotted the trend toward healthier lifestyles earliest – and prepared accordingly -- have not only managed to avoid the worst of the impact but have in many cases opened up whole new revenue streams. Chief commercial officer of Aon Risk Solution’s Specialty Group in EMEA, Alex van der Wyck, states: “Because there is such consistent change that impacts the global and local economy, food and beverage companies, in general, are prepared for the unknown. What differentiates good companies and leadership from ‘the best’ is in how flexible they are in addressing change and quickly reacting.” Not every new product will be a success. But when your industry is facing seismic changes, if you do nothing you could find your existing products are no longer viable either.

Twenty years ago, during the initial internet boom, innovators argued loudly that the game was all about disruption, that incremental improvement was for wimps. "Faster, better, cheaper" was for those not bright or bold enough to seize the future.

Over time, the idea that digital would completely replace commerce in the physical world moderated, and the hybrid notion of "clicks and mortar" emerged. People also realized that it wasn't just those who came up with breakthrough business models that merited attention. There was also a class of "arms merchants," including Sun Microsystems and Cisco, that made gobs of money by outfitting the pioneers—in fact, more than almost all the pioneers.

The analogy was: If you try to name a miner who won big in the Gold Rush of 1849, good luck. But you know many of the outfitters, including Levi Strauss, who supplied blue jeans to miners, and Leland Stanford, who made his fortune mostly on the railroad that connected the miners to the rest of the country, before founding his eponymous university.

In insurance, we seem to be revisiting the disruption vs. incrementalism debate, as Lemonade, Trov, Slice and some other truly new business models stretch our thinking and throw shade on those merely looking for "faster, better, cheaper."

Having watched the initial internet cycle at close range and having lived through some other innovation cycles, both before and since, I side in this debate with ... both groups.

The Lemonades of the world will be the most important and will transform insurance. In time. If they work. (Some will, but, if history is any guide, many others will fall by the wayside.) 

In the meantime, there is an awful lot to be gained through incremental improvement. Insurance is such a paper-heavy, process-based, inefficient industry that the potential efficiencies from digital improvement exceed those in perhaps any other industry.

The two forms of innovation go hand in hand: Companies need to generate as many productivity gains as they can to finance efforts at disruptive innovation. As our chief innovation officer, Guy Fraker, will tell you: Every company needs a portfolio of innovation projects, ranging from the simple and short-term all the way out to "moon shots" that, while speculative, could change your whole company and maybe the industry. Managed as a whole, that portfolio only needs some seed money and then can be self-financing. 

The pressure is certainly on. Marsh reports that global insurance prices have, on average, now declined for 17 consecutive quarters, and you certainly aren't going to make up the difference based on investment income these days. Meanwhile, many insurers say they worry that they could lose as a significant chunk of their revenue to startups—a call both to protect customers from competitors and to become wildly more productive. 

As you search for those efficiencies, you need to track the "arms merchants" that could help you—perhaps through a subscription to our Innovator's Edge, which tracks nearly 2,000 insurtechs and a network of almost 60,000 related companies. You will find a host of companies that can help: Pypestream, which provides chatbots that slash costs in call centers; WeGoLook, which provides a network of more than 30,000 "Lookers" that can make the claims process more efficient; RiskGenius, which uses AI to compare language in policies and provide nearly instant analysis; and many, many more. 

(Much) faster, (much) better, (much) cheaper is a worthy goal. In fact, it is an imperative.

Cheers,

Paul Carroll,
Editor-in-Chief

My business school professors managed to hammer a single idea into my head about corporate strategy, and that is that there are only two ways to build a sustainable competitive advantage. You can be better, or you can be cheaper. That’s it. A company can approach these strategies from many different directions, but, at the core, these are the options. To create a long-term advantage over the competition, a company has to build a coherent strategy and create an organizational structure dedicated to that strategy. A company that plans to beat the competition with technology must invest in R&D, and a company pursuing a low-price strategy shouldn’t spend millions on lobby artwork. Existing companies are not blank slates. This is especially true in the insurance industry, which largely consists of established companies with established ways of doing business. Those established methods are sometimes focused on price, sometimes on product, but all have a coherent strategy and organization. Startup culture looks at insurance and sees lumbering dinosaurs. In some cases, this view may be accurate, but it’s important to remember that dinosaurs ruled the earth for 180 million years because they were very good at being dinosaurs. Insurers today are very good at being the kind of insurers they are. See also: Insurers Must Adapt to Digital Demands   For these reasons, I believe that some insurers have been looking at digital disruption in the wrong way. In some areas, digital has the potential to transform the insurance market, but, in much of the market, digital is more of an environmental transformation rather than a world-shattering meteor. This question about the ultimate impact of the digital and technology revolution on the insurance market is the single most important one facing insurers today. Each insurer must look at his or her market, products and organization and decide if digital is a meteor or a slow warming. If this change is a meteor, it may be time to look at acquisition strategies. If this change is environmental, then the considerations are different. No digital strategy is going to fundamentally change an insurer’s nature. Most insurers need to use technology and digital strategies to reinforce their current strengths, not attempt to be something that they are not. An insurer’s already-determined strategy and focus should set the stage for who they are digitally, not the other way around. Using this approach, let’s consider some traditional insurer structures and strategies, and ways that digital can fit into what these companies are already doing. Focus on Price The first and most obvious insurance strategy is a focus on price. A low-price strategy is common in personal lines, because most automobile and homeowner’s insurance does not differ widely between companies. Innovation in personal lines tends to be more focused on creative distribution and service delivery, rather than on innovation in the insurance product itself. There is potential for disruption on the product side, most notably in the areas of autonomous cars, telematics and “pay as you go” products. However, a company that is focused on price rather than product innovation has some interesting digital strategies to pursue. Automation and efficiency are traditional rewards of technology investments, and in this situation each insurer must decide which technologies have the highest potential return. Blockchain is a common topic of conversation, but realistically how useful is an unbreakable public ledger of transactions to a company that sells automobile policies? Cognitive computing, on the other hand, could fundamentally transform the cost structure of such a company by automating the routine administrative tasks that occupy so much of insurers’ cost structures. What does an insurance company that fully embraced cognitive computing look like? No one really knows, but my best guess is that it would not much resemble the companies of today. Focus on Customer Experience The second common insurance strategy in personal lines is a focus on customer experience. The idea behind this strategy is that if products do not differ between competitors, then service can be a key differentiator. This customer-focused strategy is not a new idea in insurance, but traditional distribution channels create major challenges. Direct writers sell over the web or through the phone, both of which are traditionally low-touch, low-experience channels. The major alternative distribution channel is through independent agents. In this second channel, insurers have outsourced much of the customer experience to these agencies, over whom the companies have limited control. In either case, if an insurer is focused on improving customer experience, then that insurer must have a strategy that both maximizes customer touchpoints and ensures that each of those touchpoints is positive. Technology has a major role to play in this strategy. For agency writers, building a new distribution channel is not feasible, and the digital strategy has two parts. One, enable agents with technology to provide customers the digital experiences those customers want. Two, build direct contact with those customers through mobile and web. For direct writers, technology provides the only contact channel, so these companies must focus on improving what they are already doing. In either case, technology investments in customer communications are critical, because most insurance customers do not have routine contact with their insurer. Insurers must maximize the value of these outbound communications, because these communications may be the only available touchpoints. See also: Insurers Must Finalize Digital Strategies   These two approaches are far from the only viable ones available to insurers. Insurers focused on product or underwriting excellence will take advantage of the revolution in data analytics to create new kinds of insurance products and price those products more precisely. Insurers focused on distribution innovation will use digital technologies to deliver their insurance through new channels to new customers in new markets. Not Whether, but Where In all cases, insurers that are not facing complete market disruption should adapt their current structures to this new environment, rather than attempting to become something that they are not. To build an effective digital strategy, all insurers must evaluate their market, their organization and their goals to decide where to invest in digital, and how best to profit from those investments.