With the announcement that Insurity has acquired Valen Analytics, the core and analytics landscape has changed again. We have been tracking M&A activity and outside investments in the core systems space for some time, and the past year has seen a marked trend toward the acquisition of data and analytics firms by core systems providers. Insurity and Valen are only its latest manifestation. Duck Creek acquired Yodil. In March 2016, Guidewire acquired EagleEye Analytics, and prior to that Millbrook. The momentum of these acquisitions and core providers’ other investments in expanded capability is morphing the core provider landscape significantly. The insurance industry is awash in data, and more and more data presents itself every day. Historically, insurers had three choices for how to extend data and analytics capabilities across the enterprise. Many contracted with outside providers, for example, SAS, SAP and IBM. Others chose to build their own data and analytics capabilities. Both of these options had expense and skill set considerations that put these paths beyond the reach of most small and mid-tier insurers. They most frequently turned to the third option: spreadsheets. The big players had the best options – and smaller insurers having to make do struggled to join their ranks. See also: Applied Analytics Are Key for Progress   When SMA surveyed insurers on their plans for becoming Next-Gen Insurers, we found out just how important data and analytics are. We measured insurers’ progress along seven “bridges” – initiatives that provide defined pathways upon which insurers can build transformation strategies critical to becoming a Next-Gen Insurer. The results were published in the recent report, Insurance in Transformation: Building 7 Bridges to the Future. The number one bridge was “majoring in data and analytics.” 95% of insurers are making progress in this area. It is imperative, therefore, that insurers look for ways to further their data and analytics capabilities. Based on insurers’ three options for data and analytics, smaller insurers have been at a disadvantage. Although they are well aware of the importance of data management and analytics, they are limited by resources and skill sets. While core systems have advanced in many areas the past 10 years, their data and analytics capabilities have typically focused on business intelligence functions, like operational reporting and data standardization. Predictive analytics and link analysis have not been within the scope. The analytics firms that we are seeing acquired by core solution providers, however, have the deep expertise in these areas that many insurers have never been able to access. Smaller insurers and others who depend heavily on the built-in capabilities of their core systems stand to gain the most from this trend of core providers acquiring data and analytics expertise. The benefits are significant. Insurers that previously were not able to gain necessary insights from their data will now be able to obtain them. New insights that will allow insurers to innovate will go a long way toward leveling the playing field. See also: Why Data Analytics Are Like Interest   Integrating the new acquisitions is a work in progress for the core providers. The major upside for insurers is that pre-integrating analytics into the core environment supports the trend of bringing analytics closer to real-time transactional processes. This is an important goal for all insurers to attain.

Jan. 20, 2017, Washington, D.C.: Donald Trump takes the oath as the president of the U.S. Something that was unthinkable even a year ago has actually happened. A lot has been written about this event in political terms and in economic terms, but what does it mean to us as human beings and as professionals? What does it tell us about the world we all live in and work in? It's the perfect postcard moment, the perfect imagery that captures the paradigm shift that has been going on for some time at a human level and a societal level. It tells us unmistakably that the world works differently now and values things differently now. Pithy Trumps Thorough. Our attention span is measured in seconds now. We rarely sit down for an hour or two at a stretch to read something and consider something deeply. We are drawn to pithy, memorable soundbites and no longer have the patience to go through a logical, comprehensive analysis of anything, even if that is of monumental importance. This is not just in politics; even the business world is awash with soundbites, fancy infographics and short-term tactics. Connection Trumps Content. If we like a leader -- if we feel a "connect" with the leader -- we support the leader even if the leader's ideas are not great or they don't have many ideas. If we feel a job-seeker is like us -- if we feel a connection -- we hire him even if he doesn't have the experience we said we wanted. If we like a brand, we buy its products and pay more for them even if they are not the best products. See also: What Trump Means for Best Practices   Confirmation Trumps Consideration. If someone says something that confirms our own preferences or ideas, we believe it. If someone says something that is contrary to our preferences or ideas, we shut the person out. We don't wish to spend the time needed to consider, to think, to examine, to perhaps change our minds. Conversations have become echo chambers. Again, this is not just in politics. Just think back to the last time you witnessed a conversation between business managers and risk managers in your own organization. Passion Trumps Perseverance. Our image of the last several generations is that of people persevering to achieve what they want. People starting out with very limited means but working their way up over the course of many years and decades. The current generations are more about passion. If we believe in something, we want everyone to know about it. We want everyone to know our passions and to experience our lives just as we are experiencing it. Fast and Fleeting. Everything seems to happen faster. Stories build up in hours -- globally. Leaders rise to the top in a few short months. New products and companies become dominant in a year or two. But things fade away faster, too. Stories become stale in days, and then no one cares any longer about the Syrian toddler or the burning cell phones or that game-changing corporate merger. Fifteen minutes of fame has become fifteen seconds of fame. Window of opportunity has become a small keyhole. Digital Unites Us. And It Divides Us. It is no surprise that digital technologies are making the world a smaller place. In politics, pundits and ideas and even fake news seamlessly travel from one country to another. In business, we routinely work with people scattered across the globe. In our daily lives, we use products and services coming from everywhere. However, at a micro level, digital seem to be separating us, putting us in our own bubbles. If you go to a restaurant or observe a family sharing a meal, more often than not their faces are awash in the digital glow of their own devices. The impulse each of us feels to "like" a post or send a message at that very moment is so much stronger than the desire we have to look into each other's eyes and have a real conversation. Just as technology has broken up and reorganized entire industries, it seems to be reorganizing the society -- earlier, we belonged to a family or a tribe or a city or a nation, but now we belong to a global, digital, amorphous, even transitory group of people who share our interests. What should we do? As professionals and individuals and as mentors and parents, we need to put more emphasis on these traits and skills:

• Be a marketer. Good work is important, but talking about it and selling it in a pithy, passionate, confident and catchy way is equally important.
• Connect with people. Learn how to understand, relate to and connect to people. Find areas of agreement. Appeal to their heart.
• Truly embrace change. Like it or not, change is happening and happening fast. Better to be on its side than to be complacent, comfortable or cocky.
• Use the power of digital. It is much more than devices and apps. It can help you find allies across the globe and collaborate with them. It can fundamentally change how your business or home or community operates today.

See also: What Trump Means for Healthcare Reform   But remember to check the devices at the door, when you are with people who are important to you. Just like Trump, your most loyal and trustworthy fans and advisers are likely those you live with or those you often meet face-to-face.

I’m betting against Lemonade, the highly publicized insurtech startup. I’m not betting against its ability to make money. The venture capitalists who have invested $60 million in the company are better at assessing the company’s financial chances than I am. Lemonade’s backers are in it to get rich—or richer—and not to make insurance “delightful,” as the company’s slogan goes, and they may well succeed. I’m betting against Lemonade’s claim that it is “transforming the very business model of insurance.” Apps, bots and a giveback to charity just aren’t enough. Lemonade says it doesn’t operate like a traditional insurance company in many respects. Let’s test that proposition by measuring Lemonade against a standard of how customer-friendly insurers should operate. The standard is set by the Essential Protections for Policyholders, a project of the Rutgers Center for Risk and Responsibility at Rutgers Law School, which I co-direct, in cooperation with United Policyholders. (https://epp.law.rutgers.edu/) The Essential Protections provide a roadmap for states to follow in regulating homeowners insurance and a scorecard to evaluate states’ current systems of regulation. Although the Essential Protections are directed at regulators, they also can be used to measure how well an insurance company like Lemonade measures up. Here are some examples. See also: The Story Behind the Lemonade Hype   Buying Insurance Homeowners generally don’t know much about the policies they are buying except for the basics—policy limits, deductible, price, maybe a few essential terms. Lemonade has made a start at improving this process; it offers customers a copy of the policy before they pay for it, and the company issues transparency reports with some information about claims. But more is needed, and the Essential Protections suggest further steps that Lemonade can take. First, Lemonade should post its policies online, with easy-to-understand explanations of key provisions and comparisons to terms in other commonly used policies, like the Summary of Benefits and Coverages under the Affordable Care Act. Second, Lemonade has made a preliminary report on its claims (only six were filed in 2016). When it accumulates more claims, it should do what no other insurer does and give statistics on those claims: number of claims opened, closed with payment, and closed without payment, including amounts. How many claims were disputed? How long did it take to resolve major claims? Then consumers can begin to evaluate Lemonade on quality as well as price. Premiums and Renewals A big problem in homeowners insurance is what policyholder advocates describe as “Use It and Lose It.” A homeowner who has paid premiums for years suffers a loss and files a claim; the insurance company responds by dramatically raising the homeowners’ premium or even refusing to renew the policy altogether. Is Lemonade’s underwriting algorithm going to employ Use It and Lose It? Lemonade claimed (probably accurately) a world record when its claim bot, A.I. Jim, paid policyholder Brandon’s claim for a lost coat in three seconds. But what happens to Brandon when the policy comes up for renewal? Will Lemonade renew his policy? Will it raise his premium, now $5 a month? If Lemonade wants to transform insurance, it should commit to the Essential Protections standard by pledging not to non-renew or raise a premium because a policyholder submits a single claim in a three-year period. Some states require adherence to the standard by law, but as Lemonade goes national it can promise to treat all its policyholders at least this well. Claims Process Processing a claim for a stolen coat by bot is great, but people mostly buy insurance for protection against major losses. Lemonade hasn’t disclosed how it will process those claims. Does it have a claims staff who will go out and inspect a fire-damaged home or will it hire third-party adjusters? How will those people be compensated? What does their claims manual look like? Lemonade should tell us. Essential Protections suggest other standards Lemonade should follow. It should provide policyholders a clear explanation of all of their rights and obligations, copies of relevant state laws, and every piece of information that Lemonade uses in evaluating the claim. Their policies should give claimants at least two years to file suit if necessary and advance notice that any deadline is expiring. Policies also should have lots of other details often subject to dispute, including, for example, adequate Additional Living Expense, matching of undamaged to damaged property, and more. (Go to the Essential Protections website for details.) See also: Why I’m Betting on Lemonade Lemonade hopes that the claim process will always be problem-free. But often there will be disputes about coverage or scope of loss. Lemonade should provide for fair appraisal, mediation, and arbitration provisions. And if a policyholder is required to sue Lemonade because it has acted unreasonably and the policyholder wins, Lemonade should agree to pay the policyholder’s attorneys fees in addition to damages, so the policyholder is made whole. Conclusion For now, I’m betting against Lemonade transforming what policyholders care about most in insurance—having enough information to make good choices in buying insurance, being treated reasonably, and having their claims paid promptly and fairly. I hope I lose the bet, because if Lemonade does a good job and attracts customers, the market will force other insurers to do the same. So far, Lemonade hasn’t provided enough evidence to show that will happen.

2017 is here. Are you, your agency and your clients ready for the future? Are you managing your risks for the future like you have in the past? Are your advising your clients about managing their risks like you have in the past? Will this work tomorrow? Our industry is very good at “managing” static risks (those unchanged by society). P&C agents are great at providing counsel or products to address issues of lawsuits and damage to property and loss of its use. Life/financial services/group and individual benefit professionals can counsel or insure risk of death, unplanned aging, accident and sickness, unemployment and other contingencies (special needs child, etc.). See also: Risk Management, in Plain English   What follows focuses on some dynamic risks (those influenced by a changing society), including issues of politics, climate change, energy, economics, government intervention, math (sustainability and solvency), competition and demographics. In the Bible in Luke 4:23, we read, “Physician heal thyself.” Those of us in the insurance world need to take that advice. In a world of dynamic change, insure (and assure) yourself and your clients for the future. Consider these “risks”:

1. Politics — The election is over. Politics have changed. Two years ago, could you have predicted that the two presidential candidates in the 2016 election political blood bath would be very flawed candidates with 60% negatives? One who barely outran a democratic socialist, and the other who destroyed almost two dozen “traditional” candidates. Our country, economy and the world are dancing to a different beat.
2. Climate change/natural disasters — I won’t debate if our climate is warming or trending toward the next ice age. I know bad stuff has been happening. Hurricanes, tornadoes, earthquakes (traditional or fracking), the 2016 great flood, droughts, etc. are causing mega-damage, and we the people (as taxpayers or premium payers) must pay for these losses. Money paid to cover losses of yesterday are not available in next year’s budget.
3. Energy — This is a great place to work when oil is at $80 a barrel. At $40 a barrel, life is tough. Environmentalists think high gas prices are good. Many “working folks” don’t agree. The cost of the great debate on climate change will be paid by “we the people.” The cost will be high.
4. Economy — Economics will drive tomorrow. Wages, unemployment, marketplace expectations, addiction to government, incentives for innovation (entrepreneurship) or taxing success will be issues. Brexit proved some folks aren’t enamored with the “global economy.” The U.S. presidential election showed the divide between the “more” and “less” government camps. Some want to tax the 1%. Others see the world as 47% as givers and 47% takers. Still others only use benefits, while some pay for benefits they never use. Yesterday’s economy can’t get us to tomorrow’s demands or possibilities.
5. Government engagement is probably the biggest “insurance coverage” and expense we all pay. Think Medicare, Medicaid (as healthcare and nursing home reinsurer of last resort), VA, ACA, Social Security, NFIP and the U. S. as reinsurer of any disaster or “money need” that is not covered elsewhere. These “premiums” (taxes) are a huge drain on our resources.
6. Math (sustainability and solvency) — Government programs like the ones mentioned above are like a pipeline. Taxpayers’ money flows in the front end of the line, and benefits flow out of the other end. Because of the political nature of all government programs, there is a valve on the front end of the line that is used to limit the number of dollars flowing in (we don’t want to anger the taxpayers who vote) and a valve on the back end of the line is opened wide to ensure maximum benefits (don’t want to anger beneficiaries who vote). Ultimately, all such systems collapse. Just look at the national debt. (The ACA is one example of the non-sustainability of good intentions.)
7. Competition — Our industry was built on a Main Street model in a Father Knows Best world. It has survived and prospered. Unfortunately, some agents haven’t evolved while the world they live in has. We are in a Modern Family world shopping in a global economy where Main Street is not as much of an issue as Facebook, Google, Airbnb, Amazon, Uber, artificial intelligence (anticipating needs) and the next disruptive innovation.
8. Millennials — The greatest generation, the Boomers, is exiting stage left. Now, the Gen Xers, Gen Yers and millennials are taking their place at the wheel. They are as different from me as they can be. This will change what, where, how and when you sell and how you are compensated.

See also: How to ‘Gamify’ Risk Management   Think you’re ready for tomorrow? Think again… Carpe mañana.

The insurance industry is a massive market composed of many professionals with various backgrounds. When consumers consider insurance professionals, they typically think about either the sales or claims end of the business, but there's so much more. Generally, national property and casualty insurance carriers are made up of many different departments that ultimately support the sales and service sides of the company. Although the sales side of the industry can have frequent turnover, those who find a home in the various support departments lead amazing careers. But, as time moves on, and the Baby Boomers decide to start retiring, there is a growing army of retired insurance professionals. What is one of the best jobs for retired insurance professionals? The gig economy! Here's why. Retirement Flexibility Gig platforms connect people to paying clients. It's as simple as that. This includes freelancers, contingent workers, temp employees and the millions of digital nomads currently working from home on their own terms. The gig economy is the perfect retirement option for those wanting to remain social, earn supplemental income and maintain a flexible part-time job. Why do we say this? Gig workers make their own hours, choose their own clients, meet new people and bring in some extra cash. According to a study conducted in 2016 by Harvard University economics professor Lawrence Kats, nearly 24% of those between ages 55 and 74 were working in the gig economy in some capacity. Further, according to a study by JP Morgan, 67% of pre-retirement workers said they planned to continue working in retirement. However, only 25% actually did. Why not? Because most don't even know where to start. That's where we come in. See also: The Stubborn Myths About Older Workers The Best Retirement Gig: WeGoLook We think the best job for retired insurance professionals is WeGoLook, a popular gig platform that specializes in asset verification tasks, something all insurance professionals are familiar with! WeGoLook's gig workers, whom we call “Lookers,” engage in a variety of tasks that any insurance professional will understand. These include:

• Real estate verifications;
• Auto verifications;
• Heavy equipment verifications;
• Various insurance solutions;
• Courier services;
• Document retrievals; and
• Custom tasks and other field services.

Let's break down a typical gig, or “Look,” for you: A customer in Idaho buys a used car on eBay but wants to make sure that the seller in Oklahoma City is legitimate and that the car is “as described.” Mr. Idaho places a quick order through WeGoLook, which is integrated directly into the eBay Motors platform, pays a fee, and a “Looker” (the future you!) is dispatched to the physical location of the vehicle. Acting as boots on the ground for the customer, a Looker will answer many questions about the item, snap some photos, check capability and then submit a secure report directly on the WeGoLook smartphone app for delivery to the client. WeGoLook has more than 30,000 Lookers across North America taking on these type of side gigs on a daily basis. You could, too! The services WeGoLook provides for insurance clients — and others — are ones that companies realize they no longer need full-time staffing for. Tasks such as property verifications, data collection, photographs and videos, asset condition verification, mobile notarizations, police and court report retrieval, etc., are easily contracted out to skilled on-demand gig workers. Insurance Roles: Potential in Gig Economy Although most insurers have departments that handle underwriting, actuarial, legal, licensing, marketing, claims and inspections matters, many contract with on-demand gig workers who are qualified to perform the service required. That's where WeGoLook comes in, connecting people to tasks. We are already operating in the insurance space. In fact, we were recently acquired by Crawford & Co. See also: How Telemedicine, AI Are Transforming Care   Final Thoughts As years of working in the insurance industry go by, like most workers, insurance professionals look forward to a comfortable retirement. But, like many other retired workers, insurance professionals want to supplement their retirement income by working part-time and remaining in the industry they know and love. Fortunately, technology today allows a retired individual to use their skills on an on-demand basis so they can work when they want and where they want — in the industry of their choice.

Two years ago, the New York State Department of Financial Services (DFS) released a report on cybersecurity in the insurance sector after surveying 43 insurers with more than $3.1 trillion in assets. The report revealed that 35% of these companies experienced between one and five data breaches within the previous three years. This statistic represents only confirmed breaches (not attempted attacks), and the consequences for affected insurers included actual financial losses from lost customer business, legal defense and damaged brand reputation. Fast forward to today, and it’s no surprise that the DFS is preparing to launch a new regulation on March 1 that requires banks, insurance companies and other financial services institutions it regulates to establish and maintain a cybersecurity program. The first of its kind in the U.S., this regulation aims to protect New York consumers and financial institutions from the ever-growing threat of cyberattacks. But, like any other industry-wide regulation, this proposed mandate is not without its challenges. See also: 10 Cyber Security Predictions for 2017   A key provision in the proposal is the requirement for encrypting non-public information (NPI) — such as payment card numbers, Social Security numbers (SSN), drivers license numbers and other security codes, both in-transit and at-rest. For insurance companies that routinely capture and store this information in their call centers and other areas of business, protecting NPI will be especially challenging. Most insurers record customer calls, thereby housing payment card numbers and other NPI in their physical and IT infrastructure. While many insurers utilize the practice of “stop/start” to block this data from recordings, this method creates additional security and governance concerns. Insurers that need to record 100% of calls to demonstrate compliance to other existing legislation and are using stop/start are now not recording the entire call. That not only means that they are not compliant but that they are also opening up opportunities for illicit activity to occur while the call is stopped. Yes, NPI is kept out of the call center’s infrastructure, but it is still exposed to agents — further complicating the entire effort to secure customer data. Data will also still need to be encrypted, meaning stop/start isn’t enough…. The most effective way to protect sensitive information, eliminate insecure practices and resolve broken processes to avoid potentially costly penalties and a tainted brand reputation is to abide by the saying: “They can’t hack what you don’t hold.” In short, keep NPI and other sensitive data out of the call center altogether. Insurers should implement a solution that encrypts data as it is collected and in-flight, as well as reducing stockpiles of data at rest that is just waiting to become exposed in the next big breach. Despite the undoubted challenges it will bring, the New York DFS cybersecurity regulation is a step in the right direction because it starts to create much-needed standardization in the way insurers and their call centers handle sensitive information. To emphasize this point, we recently spoke with call center agents at 10 of the leading U.S. insurance companies. We found that there is a lack of a uniform approach in data security measures, especially when it comes to how sensitive information is removed from call recordings (and those insurers using stop/start still have NPI data elsewhere in the estate and are now not recording 100% of calls). Agents gave a wide range of answers — from using stop/start, to redacting information after the fact, to deleting the full recording after 30 days. This is in sharp contrast to the U.K., where a growing number of call centers are adopting an operating procedure that uses dual-tone multi-frequency (DTMF) masking and a secure, separate environment for encrypting data. Shouldn’t all insurers handle their data in the same, secure manner? See also: Data Security Critical as IoT Multiplies   While the New York DFS regulation is the first of its kind, it most certainly won’t be the last. We will now likely see other cybersecurity regulations crop up in the coming years that help standardize how financial institutions secure their data. Because this regulation affects all who conduct business in New York, it draws parallels to the pending EU General Data Protection Regulation (EU GDPR). Taking effect in May 2018, the EU GDPR will affect all businesses that hold or process data pertaining to EU citizens — no matter where they reside. Indeed, we are seeing all signs pointing toward greater standardization of data security across industries and borders. Insurers in New York and beyond must begin looking at solutions — now — to help simplify their compliance efforts and protect their customers and their reputations.

In recent years, thought leaders in business, government and risk management have developed a sophisticated understanding of the bottom-line impacts of untreated mental illness in the workplace. For example, mental health and brain science dominated the agenda at the Davos World Economic Forum in 2015. And the National Business Group on Health held its first CEO Mental Health Summit in October 2015. Among the costs highlighted in these forums: worker productivity loss, high healthcare utilization rates, skyrocketing disability outlays and employment litigation. To further advance mental wellness in the workplace, it’s essential for legal and human resources to be part of this collective effort. Here, we explore this disparity in approaches, and discuss why it is so harmful to the interests of all – employers, insurers, employees and their families. See also: Language and Mental Health What most thought leaders know about workplace mental health, in a nutshell, is this:

1. Mental illness is common and treatable, with a 25% incidence rate and an 80% recovery rate, akin to chronic physical illnesses;
2. Early detection and treatment are the most effective and inexpensive means of helping employees get well and return to full productivity quickly; and
3. If an employee takes a leave of absence, the longer the absence, the less likely the employee is to return to work.

Thus, the organizational strategic imperative is to create workplace conditions designed to enhance early detection and treatment, restoring the status quo as efficiently as possible. In stark contrast to this organizational imperative, legal and human resources professionals often advise supervisors, managers and EAP professionals to treat potential emotional and mental health issues exclusively as a performance matter. This advice is usually driven by a desire to “avoid an ADA claim.” However, this approach usually postpones the inevitable and makes a claim under the Americans with Disabilities Act more, not less, likely. The result is often this pattern: a continuing decline in the employee’s condition and work performance, a severing of trust between employee and supervisor and isolation from others at work. Once a disciplinary action or performance improvement plan is imposed, both parties cut ties, and the result is a toxic cycle of leave of absence, disability claim, a request for accommodation, a failed interactive process, separation of employment and either litigation or a pay package. This is an expensive, disruptive and painful process that can often be avoided. Employers would do well to consider this as an alternative approach: Design a mental health policy that will unify executive leadership, legal counsel and human resources around the organization’s strategic approach to overall wellness.

• This policy defines the vision, and the business case, for improving the mental health of the workforce and using the ADA interactive process as an effective means of achieving early detection and treatment of these impairments.
• Training for supervisors, managers, legal counsel, HR, EAP staff and healthcare providers will highlight: A timely and collaborative exchange of information and interactive process maximizes success; the ADA does not require a fundamental alteration of any job; work teams and supervisors need to partner with HR on making accommodations work.
• The policy will establish a confidential process for employees to obtain affordable, accessible treatment (either through existing vendors or through curated referrals).
• Developing and implementing the mental health policy can stimulate and engage your organization in a discussion of the high incidence of emotional and mental health impairments and how these common, treatable conditions can be accommodated.
• Mental Health 101 Training should be integrated into total wellness programs, including how to mitigate and address stressors in the workplace, how to respond to a colleague or supervisee who may be struggling and how to seek help confidentially.
• Mental health champions should be designated, trained and made available as confidential resources to anyone at any point in the chain of command dealing with a mental health issue.

When executive leadership, legal counsel and human resources unify behind a strategic, business-savvy approach grounded in total wellness and ADA compliance, everybody wins. See also: Why Mental Health Matters in Work Comp   Insurance Thought Leadership’s continuing series of articles focused on suicide prevention is written by the Workplace Task Force of the National Action Alliance for Suicide Prevention, the public-private partnership championing suicide prevention as a national priority.

To capture the flavor of the pace and magnitude of change during 2016, we wrote a series of blogs where we compared the dramatic shifts in insurance to what happened during the original Italian Renaissance. In reality, the Renaissance was an upheaval. It was a rebuilding of an entire society, characterized by major developments in social and cultural behaviors, science, art, trade and thought. This shouldn’t surprise us, because the word "renaissance" means rebirth. As old patterns disintegrated, an entirely new realm unfolded. The fertile soil of fresh thought provided a period of growth in fields of opportunity. By the end of 2016, we could make a case that it was not only pivotal and groundbreaking, but it was historic on the scale of a Renaissance. At no time in the history of insurance can we find one year that includes this many game-changing events AND a rapid pace of continuing advancement. Where We Are The insurance industry is in the midst of profound change fueled by trends that are converging and pushing a sometimes slow-to-adapt industry into the digital age. This seismic shift is creating leaps in innovation and disruption, challenging the traditional business assumptions, operations, processes, products and more of the last 30 to 50 years. In 2017, we expect to see existing insurers and reinsurers increasingly looking for paths to grow their businesses by capturing the next generation of customers with new engagement models, products and services. As noted in the report, What’s Hot in Technology in 2017, by David Smith, chief executive of Global Futures and Foresight, “The raft of new technologies represents new ways of doing things yet the risk remains that many will simply attempt to overlay digital on old processes and systems. This danger, and the friction that can result from dynamic technology grafted onto static models will result in disruption and challenges. The opportunities that can flow from them, meanwhile, will continue to shape ecosystems and industries and the winners within.”  This is a strong word of caution and warning for the insurance industry because over the last decade or so, many insurers have focused on transforming their businesses by replacing their legacy core systems with modern solutions surrounded by digital and data solutions based on traditional business assumptions. But the generational shift in buyers and rise of new customer expectations does not necessarily align with these transformations. Why?  Because many insurers did not anticipate the converging trends and the shift created in expectations and needs of a new generation of buyers. The result is a growing gap between where insurers are and where they need to be for future relevance, growth and success … thereby opening the door to fresh, culture-savvy competition. See also: How to Transform: From the Outside-In Where We Need To Be Insurers, MGAs, reinsurers and others must be alert and responsive to this shift by understanding changes at play and accept that everything we have known about insurance is rapidly moving to a new normal. Underlying this shift is the customer, and in particular the new generation of buyers. In our Future Trends: A Seismic Shift Underway report, we outlined the five generations that are foundational to the shift, including the silent generation, baby boomers, Gen X, millennials and the emerging Gen Z. Our consumer research, The Rise of the New Insurance Consumer: Shifting Views and Expectations – Is Your Business Ready for Them?, dives into this shift with more insights on the move to simplicity, transparency, engagement and digital, expected by millennials and Gen Z but also highlights that Gen X is often dramatically aligning with millennials and Gen Z. The implications for insurers are enormous. Why? Because insurers’ business models, processes, products, services and systems have all been built for and around the Silent and Baby Boomer generations who have been the primary buyers of insurance during the last 60-plus years.  Gen X turned 18 in the mid-1980s and is entering their peak earning years and adapting to new technologies and digital. The millennials turned 18 in the early 2000s and are the first generation to grow up surrounded by digital, and Gen Z was born with digital technology. Furthermore, these two generations highlight behavior and expectation shifts in vehicle ownership, movement in jobs, embracement of the shared economy and much more, which have a huge impact on insurance needs and expectations. New entrants have been the first to embrace this shift … Trov, Slice Labs, Lemonade, Haven Life, Quilt and more, to bring innovative business models, products, channels, process and solutions to capture this market. This has inspired existing insurance companies like Shelter General Insurance, with the launch of Say Insurance, to Berkshire Hathaway’s launch of CoverYourBusiness, to Metromile’s move from an MGA to a full insurer and more. Moves like these are necessary to compete in a fast changing market inspired by insurtech. As evidenced by the large amount of activity in the insurtech space, many think there is a better way for insurance to work, and they are acting on this belief and getting significant capital to make it a reality. In so doing, they have the opportunity to steal substantial market share from those companies that don’t ask themselves and act on the same questions. This is where most insurers would like to be — modern, competitive, and built-to-capture business. How Do We Get There? Is there a way to rapidly and “safely” transform, using our current business as the engine to drive to a new business model? Getting to the competitive forefront requires companies to rethink their business model and realign it with the customer needs and the expectations of those who will be their customers for the next 10 to 20 years, not those from the past 10 to 20 years. It requires a new business paradigm in how we define and think about insurance, embracing business components that work in the new context of people, technology and market boundaries and discarding the pieces that are outmoded or irrelevant. Acknowledging the need, however, doesn’t offer a concrete platform for transformation to a new future … a New Normal. A plan is needed, and, in most cases, the plan must be practical. Most organizations can’t simply flip off one switch (traditional business model and products administered on traditional systems) and flip another on (new business model and products on modern, flexible systems that will handle digital integration and better data acquisition and analysis). So, the shift will require steps. Those steps will operate as both a bridge and a proving ground, while the traditional system is still operational as a firm foundation while the new foundation is being constructed. Majesco encourages insurers to think in terms of a three-pronged modernization.

1. Keep and grow the existing business, while transforming and building the new business.  

This is crucial. Marketing and distribution shouldn’t pull back from traditional business in anticipation of the launch of new business models, new products or new channels. Insurers shouldn’t stop pushing for more business of a particular type until or unless new products clearly nudge them out of existence. The current business is funding the future and needs to be kept running efficiently and effectively as the market shifts.

2. Optimize the existing business while building the new business.

A customer engagement improvement is ALWAYS an improvement. If your teams have been working toward placing digital front ends on the traditional business to engage customers, don’t stop in the middle of the bridge. Any process that can be optimized on the traditional side will help to maximize the existing business, reduce the cost of doing business and provide a bridge from the past to the future while beginning to enable realignment of resources and investment into the new business. These are very often the incremental changes that will also gently shift your customer base through new ways of doing business.

3. Develop a new business model for a new generation of buyers.

Some insurers have made the mistake of envisioning their digital front end as their big leap into the future, not realizing that they have only just touched the new landscape. They need a strategy with a plan for a new business model that supports simultaneous leaps forward that will create new customer engagement experiences underpinned by innovative products and services that will create growth, competitive differentiation and success in a fast-changing market dynamic. See also: 5 Topics to Add to Your List for 2017   These three focal points comprise “the new normal” for insurers.  Keep, grow and optimize the existing business during the creation of the business that fits tomorrow’s shift-on-the-demand insurance culture. A new generation of insurance buyers with new needs and expectations creates both a challenge and an opportunity. There is no clear path or destination. The time for plans, preparation and execution is now — recognizing that the customer is in control. Those who recognize and rapidly respond to this shift will thrive in an increasingly competitive industry to become the new leaders of a re-imagined insurance business that aligns to a rapidly growing, millennial, Gen Z and Gen X customer base. Insurance companies must stop talking about the opportunities and being digital, and start doing something about it by using the disruption and change as a catalyst for “real change.”  We are entering a new age of insurance. These efforts will carry insurers into that new age, where they will be prepared to capture the revenue growth potential presented by the rise of the new insurance customer.

It’s a topic that gets much buzz – how will the cloud of legislation surrounding recreational and medical marijuana use affect businesses, specifically when it comes to compensability for workers’ compensation? I am sure you have all caught up on news about additional states voting to legalize marijuana for medical use and adult recreational use during the November 2016 election. Let’s take a look at those changes, as well as what action they may prompt to shake up the state and federal status quo. After receiving certified results of a state recount, 2016 closed with Maine Gov. Paul LePage issuing a proclamation of the Referendum Question 1 vote that allows recreational use of marijuana by those at least 21 years of age. Maine joins Alaska, California, Colorado, Massachusetts, Nevada, Oregon, Washington and the District of Columbia in voting to legalize marijuana for adult recreational use. Arizona was the only state where voters rejected a legalization measure during the November election. With the passage of ballot initiatives in Arkansas, Florida and North Dakota, medical marijuana is now legal in 28 states and the District of Columbia, Guam and Puerto Rico. An additional 17 states have laws that only allow the use of “low THC, high cannabidiol (CBD)” products for specified medical conditions. The National Conference of State Legislatures provides a summary of those state laws here. Stickiness in the states Despite the increase in the number of states that have legalized the medicinal use of marijuana, the impact on workers’ compensation claims was limited until about three years ago. In 2014, New Mexico became the first state to have a state appellate court order a workers’ compensation insurance carrier to provide reimbursement to an injured worker for medical marijuana. The New Mexico Workers’ Compensation Administration began requiring employers and insurers to reimburse injured workers when the state’s healthcare provider fee schedule took effect Jan. 1, 2016. The trend continues. In two recent decisions, the Appellate Division of the Maine Workers’ Compensation Board affirmed two different administrative law judge (ALJ) awards reimbursing workers for their medical marijuana expenses, Bourgoin v. Twin Rivers Paper Co. and Noll v. Lepage Bakeries. See also: Marijuana and Workers’ Comp   On Dec. 15, 2016, an administrative law judge in New Jersey issued an order in Watson v. 84 Lumber requiring reimbursement of an injured worker for medical marijuana payment. It should be noted that this is a division level case, so this decision is not binding on other New Jersey courts. The case is not being appealed. It is noteworthy that in each of the above cases:

• Marijuana was recommended by physicians only after other treatment regimens for chronic pain were attempted without success, and
• These judges were not persuaded by the fact that marijuana remains illegal under federal law.

Federal haze While there has been some activity on the federal side over the past year, it has not changed the fact that marijuana, even for medicinal use, violates federal law. Marijuana remains illegal under federal law because it is listed under Schedule I in the Controlled Substances Act (CSA), along with other drugs such as heroin. Schedule I substances are illegal to distribute, prescribe, purchase or use outside of medical research due to “a high potential for abuse” and “no currently accepted medical use in treatment in the U.S.” As a result of this status, physicians recommend the use of marijuana instead of prescribing it. On July 19, 2016, the Drug Enforcement Administration (DEA) denied two petitions to reclassify marijuana, concluding that it continues to meet the criteria for control under Schedule I because:

• Marijuana has a high potential for abuse. This is based on the Department of Health and Human Services (HHS) evaluation and additional data gathered by DEA.
• Marijuana has no currently accepted medical use in treatment in the U.S. Using an established five-part test, it was determined that marijuana has no “currently accepted medical use” because, as detailed in HHS evaluation, the drug’s chemistry is not known and reproducible; there are no adequate safety studies; there are no adequate and well-controlled studies proving its effectiveness; the drug is not accepted by qualified experts; and the scientific evidence is not widely available.
• Marijuana lacks accepted safety for use under medical supervision. At present, there are no U.S. Food and Drug Administration (FDA)-approved marijuana products, nor is marijuana under a New Drug Application (NDA) evaluation at the FDA for any indication.

Interestingly, the DEA noted that marijuana could not be placed in a schedule less restrictive than Schedule II in view of U.S. obligations under international drug control treaties. Although marijuana is not being reclassified at this time, on Aug. 11, 2016 the DEA announced a policy change meant to increase research by expanding the number of DEA-registered facilities allowed to grow and distribute marijuana for FDA-authorized research purposes. Currently, the U.S. Department of Justice (DOJ) marijuana enforcement policy is to allow states to create their own “strong, state-based enforcement efforts,” but DOJ reserves its right to challenge the states’ legalization laws at any time necessary. Congress passed the Consolidated Appropriations Act (CAA) of 2016 that in Section 542 restricts federal law enforcement activity in states that allow medical marijuana cultivation, distribution and use. Now that voters in half of the states have voted for legalization of medical marijuana, will Congress take action to change its scheduling? The new administration may change the broad leeway states have been given to regulate marijuana usage and sales.

• President Trump has expressed varying views regarding medical and recreational marijuana over the years.
• Attorney General nominee Sen. Jeff Sessions, a former federal prosecutor, has expressed opposition to medical and recreational marijuana.
• Tom Price, a physician and nominee for Health and Human Services Secretary, has also been a vocal opponent of legalization.

If the conflict between federal and state law is not resolved politically, the U.S. Supreme Court may have the last word. The high court last weighed in on marijuana in 2005. In an unsigned opinion issued March 2016, the high court refused to hear a request from Nebraska and Oklahoma to declare Colorado’s legalization of marijuana unconstitutional because it is against federal law and therefore violates the Constitution’s supremacy clause, which states federal law trumps state laws. Justices Alito and Thomas dissented. Will President Trump’s nominee to the U.S. Supreme Court make a difference? See also: How to Think About Marijuana and Work   Yes, the future of federal marijuana policy and enforcement remains hazy. What is clear is that employers contending with this complex and rapidly changing issue must understand the laws and relevant legal decisions pertaining to marijuana in each of the states where their business operates. In such an uncertain time, we will continue to provide updates and perspective. We recommend seeking legal assistance to develop a sound company policy addressing the use and reimbursement of medical marijuana for on-the-job injuries.

Two more stunning disclosures from self-styled internet watchdog Chris Vickery underscore how organizations continue to routinely expose sensitive data in the cloud, risking dire consequences. “My findings clearly demonstrate that data breaches happen more often than the general public realizes, and companies are quick to deny and cover up these issues,” Vickery says. Vickery has revealed how Habitat for Humanity of Michigan had been making use of two backup virtual hard drives without taking steps to block public access to those drives, which contained “lots of background/credit checks for volunteers and applicants, as well as thousands of Social Security numbers,” he says. The nonprofit organization helps build and renovate affordable housing for needy families. Leaked files show grim reality In mid-October, Vickery broke news at IDT911’s Privacy Xchange Forum 2016 describing how a California law firm similarly neglected to restrict access to an internet cloud storage location where it kept copies of case files. (Note: IDT911 sponsors ThirdCertainty.) The legal documents Vickery located included notes and surveillance footage that appeared to show guards at a police holding cell in La Habra, CA, failing to take any action as 49-year-old prisoner Daniel Oppenheimer hanged himself. See also: Why Exactly Does Big Data Matter?   The notes of the lawyer — whose firm specialized in defending alleged police misconduct — revealed that he looked at the surveillance video and saw “shadows” of a person twice walking past Oppenheimer’s cell during the strangulation, Vickery says. The shadows weren’t noted, however, in the district attorney’s report investigating any wrongdoing by police in Oppenheimer’s death, and Vickery questions whether the person walking past the cell could have stopped the suicide. Oppenheimer strangled himself with a telephone cord and the zipper of his jail-issued jumpsuit on Jan. 2, 2015. Earlier that day, Oppenheimer was arrested and charged with attempting to strangle his wife at their La Habra home. Vickery says he contacted the city lawyer’s firm and an attorney representing Oppenheimer’s daughter who filed a wrongful-death lawsuit against the city. The firm wanted Vickery to delete what he found on the internet, and the attorney representing Oppenheimer’s daughter said he would subpoena what was discovered, Vickery says. Vickery hopes some official will be appointed to review what happened at the holding cell. “It’s important to see that justice was done,” he says. Helping patch problems Who is Chris Vickery, and what motivates him? Vickery is a longtime IT staffer. His recently left his full-time position at an Austin, TX, law firm, on good terms, to move to California. Because of his profession, Vickery possessed working knowledge of tools, such as Amazon S3 buckets and Rsync servers, which companies and agencies increasingly use to store copies of business documents. He also was familiar with Shodan, a search engine that finds and indexes computing devices connected to the internet, such as smartphones, webcams, power plant controls, routers and servers, including servers that lack minimum safeguards, such as a password. Working in his free time from his home in Austin and using his personal computer, Vickery began hunting for unprotected data as sort of a hobby. He realized, of course, that anyone else, including those with criminal intent, could be in the hunt for the same things he was looking for. So he adopted a personal policy of notifying organizations of any major exposures he found, giving them the opportunity to rectify the oversight. “It feels good to find a million log-ins and know that I helped this company shut this down, and these million people aren’t going to have to worry their email address is being stolen, or their Social Security number is getting out there or something else bad is happening to them.” Vickery says. “I can imagine my grandmother getting caught up in something like this. And if I can prevent something happening to somebody else’s grandmother, it’s a nice thing to do.” In January, Vickery announced a partnership with MacKeeper — an international IT investment and development company — to establish “the best security and privacy practices.” Vickery assists with security auditing, discovers potential cyber threats, provides solutions for future vulnerabilities and writes a blog about security and data breaches. Locking down data not a priority In an environment where companies amass mountains of data, while also looking to reduce data storage and handling expenses, poor security practices have become the rule, Vickery says. Typically, an organization might have its live production database up and running in real time but might also need to have a backup version available for the IT staff to tinker with — troubleshooting, testing new techniques and the like. “The developer team takes a copy of the live production data and puts it in a development server,” Vickery says. “But for convenience sake, or because of a mistake, they’ll forget or just simply not put a password on it.” Vickery emphasizes that he is not a “hacker,” in any technical sense. He is simply conducting internet searches using free tools anyone can learn to master and then using human intellect to connect the dots. See also: A Renaissance, or Just Upheaval?   “I’ll find this staging server or development server, and because it has a full copy of the live production data in it, it might as well be the live production database; it’s got all the data in it,” he says. Other unprotected information Vickery has found on the internet includes registration information of voters in the U.S. and Mexico, Social Security numbers for millions of people and at least 10 law firms’ client files. Vickery estimates that he spends at least 30 hours per week “crawling around the far corners of the internet looking for unsecured data troves.” He concludes that companies’ sloppiness about data protection can be shortsighted. “I think that companies seem to be so careless because less security equals more profit,” he says. “Worrying about good security requires hiring the right people and being willing to not only pay those people, but also to allocate budget funds for their software and appliances.” Security, Vickery says, “also slows down the research and development process. Many companies appear unwilling to give up the first-to-market advantage just for the sake of security.” This article original appeared on ThirdCertainty. ThirdCertainty’s Gary Stoller contributed to this story.