We are entering a new era for global insurers, one where business interruption claims are no longer confined to a limited geography but can simultaneously have an impact on seemingly disconnected insureds globally. This creates new forms of systemic risks that could threaten the solvency of major insurers if they do not understand the silent and affirmative cyber risks inherent in their portfolios.

On Friday, Oct. 21, a distributed denial of service attack (DDoS) rendered a large number of the world’s most popular websites — including Twitter, Amazon, Netflix and GitHub — inaccessible to many users. The internet outage conscripted vulnerable Internet of Things (IoT) devices such as routers, DVRs and CCTV cameras to overwhelm DNS provider Dyn, effectively hampering internet users' ability to access websites across Europe and North America. The attack was carried out using an IoT botnet called Mirai, which works by continuously scanning for IoT devices with factory default user names and passwords.

The Dyn attack highlights three fundamental developments that have changed the nature of aggregated business interruption for the commercial insurance industry:

1. The proliferation of systemically important vendors

The emergence of systemically important vendors can cause simultaneous business interruption to large portions of the global economy.

The insurance industry is aware about the potential aggregation risk in cloud computing services, such as Amazon Web Services (AWS) and Microsoft Azure. Cloud computing providers create potential for aggregation risk; however, given the layers of security, redundancy and the 38 global availability zones built into AWS, it is not necessarily the easiest target for adversaries to cause a catastrophic event for insurers.

See also: Who Will Make the IoT Safe?

There are potentially several hundred systemically important vendors that could be susceptible to concurrent and substantial business interruption. This includes at least eight DNS providers that service over 50,000 websites — and some of these vendors may not have the kind of security that exists within providers like AWS.

2. Insecurity in the Internet of Things (IoT) built into all aspects of the global economy

The emergence of IoT with applications as diverse as consumer devices, manufacturing sensors, health monitoring and connected vehicles is another key development. Estimates state that anywhere from 20 to 200 billion everyday objects will be connected to the internet by 2020. Security is often not being built into the design of these products with the rush to get them to market.

Symantec’s research on IoT security has shown the state of IoT security is poor:

• 19% of all tested mobile apps used to control IoT devices did not use Secure Socket Layer (SSL) connections to the cloud.
• 40% of tested devices allowed unauthorized access to back-end systems.
• 50% of tested devices did not provide encrypted firmware updates — if updates were provided at all.
• IoT devices usually had weak password hygiene, including factory default passwords; for example, adversaries use default credentials for the Raspberry Pi devices to compromise devices.

The Dyn attack compromised less than 1% of IoT devices. By some accounts, millions of vulnerable IoT devices were used in a market with approximately 10 billion devices. XiongMai Technologies, the Chinese electronics firm behind many of the webcams compromised in the attack, has issued a recall for many of its devices.

Outages like these are just the beginning.

Shankar Somasundaram, senior director, Internet of Things at Symantec, expects more of these attacks in the near future.

3. Catastrophic losses because of cyber risks are not independent, unlike natural catastrophes 

A core tenant of natural catastrophe modeling is that the aggregation events are largely independent. An earthquake in Japan does not increase the likelihood of an earthquake in California.

In the cyber world consisting of active adversaries, this does not hold true for two reasons (which require an understanding of threat actors).

First, an attack on an organization like Dyn will often lead to copycat attacks from disparate non-state groups. Symantec maintains a network of honeypots, which collects IoT malware samples. A distribution of attacks is below:

• 34% from China
• 26% from the U.S.
• 9% from Russia
• 6% from Germany
• 5% from the Netherland
• 5% from the Ukraine
• Long tail of adversaries from Vietnam, the UK, France and South Korea

Groups such as New World Hacking often replicate attacks. Understanding where they are targeting their time and attention and whether there are attempts to replicate attacks is important for an insurer to respond to a one-off event.

See also: Why More Attacks Via IoT Are Inevitable  

A key aspect to consider in cyber modeling is intelligence about state-based threat actors. It is important to understand both the capabilities and the motivations of threat actors when assessing the frequency of catastrophic scenarios. Scenarios where we see a greater propensity for catastrophic cyber attacks are also scenarios where those state actors are likely attempting multiple attacks. Although insurers may wish to seek refuge in the act of war definitions that exist in other insurance lines, cyber attack attribution to state-based actors is difficult — and, in some cases, not possible.

What does this mean for global insurers?

The Dyn attack illustrates that insurers need to pursue new approaches to understanding and modeling cyber risk. Recommendations for insurers are below:

1. Recognize that cyber as a peril expands far beyond cyber data and liability from a data breach and could be embedded in almost all major commercial insurance lines.
2. Develop and hire cyber security expertise internally — especially in the group risk function — to understand the implications of cyber perils across all lines.
3. Understand whether basic IoT security hygiene is being undertaken when underwriting companies using IoT devices.
4. Partner with institutions that can provide a multi-disciplinary approach to modeling cyber security for insurers, including:

• Hard data (for example, attack trends across the kill chain by industry);
• Intelligence (such as active adversary monitoring); and
• Expertise (in new IoT technologies and key points of failure).

Symantec is partnering globally with leading insurers to develop probabilistic, scenario-based modeling to help understand cyber risks inherent in standalone cyber policies, as well as cyber as a peril across all lines of insurance. The Internet of Things opens up tremendous new opportunities for consumers and businesses, but understanding the financial risks inherent in this development will require deep collaboration between the cyber security and cyber insurance industries.

Answering the growing demand for cyber risk insurance, many carriers have joined the market. But buying a policy for an organization, especially for the first time, can be a confusing process. Not only are insurance carriers inconsistent in the type of coverage they offer, but buying this type of insurance is different than the more common policies, such as general liability. “Businesses have a difficult time determining the probability of suffering a loss and the potential size of a claim,” says Bill Wagner, a partner in the Indianapolis office of legal firm Taft. “In addition, there are no standard policies.” One misconception among buyers is risk exposure. For example, who bears the liability if a third party — such as a payroll service, data warehousing or cloud provider — causes the breach? See also: Promise, Pitfalls of Cyber Insurance   “A lot of companies assume that by signing a contract with a vendor, they’ve outsourced or got rid of the liability — and that’s almost never the case,” says Dave Wasson, cyber liability practice leader at insurance brokerage Hays Cos. A common mistake is rushing to buy a policy without assessing the vulnerabilities first, says Christine Marciano, president and CEO at Cyber Data-Risk Managers, which specializes in cyber insurance. “Companies should know first where their data is residing, what type of data they are holding, and the security around their network and their employees,” Marciano says. Some of the main categories of cyber insurance coverage are:

• Security and privacy liability: Damages typically related to data breaches that affect a third party.
• Regulatory defense: Most policies cover fines and penalties, in addition to defense costs, for an investigation by a regulatory agency.
• Data recovery: Costs for restoring or recreating data that was damaged or stolen.
• Crisis services: Services necessary after an actual or suspected data breach; they could include computer forensics, breach notification, credit monitoring and public relations.
• Business interruption: Typically relates to loss of business income due to a cyber attack.
• Data extortion: Coverage for incidents such as ransomware attacks if the threat is deemed credible.

Not all insurers include these categories with the core policy. Some offer them as add-on coverage as well as impose smaller coverage limits. See also: The State of Cyber Insurance   What you need to know Based on tips from Wagner, Wasson and Marciano, here are some basic things organizations new to cyber insurance should know: 1. Policy conditions: Carriers may deny a claim if practices or minimum standards that were listed in the coverage application are missing or have changed. Know the conditions you must follow for the coverage to remain in effect. Wasson strongly cautions against buying the kind of policy that imposes the minimum standards or practices condition. He calls it “essentially a mistakes exclusion” and says it’s not common in other types of insurance. 2. Exclusions: Just as important as what’s covered is what isn’t. The list of exclusions can be extensive and can include such things as network negligence (e.g. unpatched software), chargebacks (such as when credit card numbers are stolen) and failure to upgrade technology. 3. Expert panel: Most plans come with a preapproved panel of crisis-response vendors. If you have an established relationship with your own vendor, the insurance company may be willing to approve that company for the panel. 4. Prior acts: It could take a long time for a breach to be discovered, which means cyber attackers could be lurking in the network for months — and sometimes years. Some carriers offer additional coverage for prior acts, incidents that the policyholder doesn’t know about yet and that happened prior to the retroactive policy date. 5. Jurisdiction: State laws are different and, in the event of a lawsuit, the location of the court will impact the interpretation of the contract and the damages. Wagner says the state law should be the leading factor in determining the type of policy and that the amount of coverage should be discussed with the insurance broker and legal team. 6. Policy amount: Since there is not enough actuarial data showing how much a loss would cost and the amount of the claim depends on various variables, there’s no golden rule for how much coverage you will need. Some companies look to research such as Ponemon Institute’s Cost of Data Breach surveys. But Marciano says it often comes down to what the company can afford. “(The limits) tend to be expensive, and the smaller companies often can’t go for the higher limits,” she says. See also: Cyber Rules May Be Only Weeks Away   Wasson says determining the adequate limit is the most difficult part of his job. “We know what a good policy looks like,” he says, “so sometimes the only question is: Is the insured willing to pay for the best policy, or do they want the cheapest thing that meets contractual obligations?” This article was first published on ThirdCertainty and was written by Rodika Tollefson.

I was scanning the Insurance Thought Leadership site, and saw the Most Popular Article today is Insurance is not a commodity, by Chet Gladkowski. Number 10 on this same list was Lemonade – Insurance is changed forever, by Rick Huckstep. Both articles were well written and thought provoking (for us folks in the insurance industry). For the average consumer, I suspect both articles would probably not be read or certainly not rise to the top 10 list of non-industry professionals / consumers.  I believe the biggest threat to our future as agents and the insurance industry is not technology, generational change, a global economy, AI, innovation, etc. I believe it is, to quote Pogo – “we have found the enemy and he is us!” The Insurance, Financial Services and Risk Industries exist for customers / clients, yet we as the “vendors” or “service professionals” for this industry – all too often think it’s about us. We tend to define our business model in terms of products and services offered versus clients served. We are self- defined as P&C agents, Life and Financial Service professionals, Risk Managers, Bankers, Consultants, etc. We tend to be “product defined and product driven” versus “client defined and client driven.” What if we became experts first in our clients and their wants and needs and facilitated their buying versus being “sales reps” for the manufacturers – the insurance companies, banks, brokerage firms, etc. See also: Has Auto Insurance Become a Commodity?   Here’s reality – as I perceive it – sometimes buyers just need / want a commodity (term life), a product (BOP or group policy) or a service (a self-funder plan or retirement planning). My experience indicates that most consumers “want what they want and they want it now” on their terms and with their definitions.  Our industry will protect our future when we look more to the marketplace and spend less time looking in the mirror! Below is an article written months ago yet appropriate food for thought in light of the above - are you like Southwest Airlines or a bad gelato store? What did you do for me today?  I was flying back from Milwaukee. The bad news is that I had to spend time in airports and airplanes. The good news is that I got out before it got crowded and the best news is that I flew Southwest Airline (SWA). In my opinion, flying can be worse than a root canal. What makes SWA different is they use enthusiasm and fun to “sedate” you from the pain of the flying process (cramped space, bad weather, security checkpoints, etc.). If you haven’t flown with SWA before – try it you’ll like it. If you have you’ll understand what follows. It’s the simple things – a smiling face, a pilot and attendants who inject humor and song into the mundane process of telling us what we need to know but don’t want to hear. They even give you two small bags of peanuts (instead of one). I know this sounds insignificant until you’ve flown on airlines that don’t sedate you. When we deplaned in Atlanta I stopped at a Gelato stand in the Concourse. I was reminded of what a root canal without the sedation is like. The “lady” behind the counter came across as a Don Rickles’ type character without his charm. She served me a scoop of Chocolate Chip Gelato (about the size of a golf ball) in a cup the size of a single shot jigger. The Gelato was very good – the service and presentation weren’t. At $5.99 a scoop – I don’t think it’s wrong to expect a smile, kind word, or a thank you. In the name of full disclosure – I think I presented myself well to the “lady” – I think I was my cute, charming and polite Southern Gentleman self. She may have been having a bad day – which we all do. Nonetheless my experience is determined by what happened to me not what may have been happening in her world that day. I was the customer! Here’s the parallel to the agency business. I realize, whether you are an airline, Gelato stand, or Agency, customer service is not always easy. You have hundreds (thousands?) of customers that have to buy insurance or use the product they’ve already bought. Some have just had a claim, others an audit, others a loss control inspection and still others merely need to make a change to the policy. Some are nice people, some are nice people having a bad day, and some are not so nice whether their day is good or bad. Like an airport, dealing with the insurance industry is not the most exciting part of anyone’s day.  See also: Agents: What’s That Spot on Your Face?   Agents measure themselves against Best Practice Guides. These guides “count” what you did or will do. It measures “things” you do every day. Retention and additional sales of policies and clients – in my opinion – is the more important measure of success or failure. Are your customer’s “coming back for seconds” or will they be like me and “avoid your Gelato stand next time they need something sweet to eat.” About 35 years ago I wrote a column in national publication about “whether agents sell a product, commodity, or service?” Today I realize that I missed the point – it is not what agent’s sell, it is about what clients “perceive” (feel) they receive from what they buy. It is about the experience created for them in dealing with you and the carrier. Will their memories include a kind or comforting word you offered, the help needed, a smile, song, or a “second bag of peanuts? Will their experience keep them coming back for more, whether that is for a commodity, product, service or a similar experience?

Change is personal. So, change management has to be personal, too. No matter how we aim to motivate people to change, and no matter how organized we try to make our transformation plan, our change efforts will suffer if we don’t accept the reality of human emotion. People and their strengths, foibles, feelings and notions will be what determine the success of our transformation programs. Can we afford to ignore the human dynamic in organizational change management? If the answer is, “no,” then it means our change management plan must also positively influence individual mindsets. The benefit to a thoughtful approach will be lasting organizational impact during an era of digital transformation. What you, as a leader (everyone behind important changes) need now is what will become ingrained culture (forward-thinking teams and a company that permanently enjoys the benefits of a unified, flexible organization). That kind of corporate mental preparedness will help organizations respond to future digital shifts and growth with quick, fluid and unhindered movements. A change-ready culture isn’t as susceptible to the fears of unknowing. So, in this series, we are going to focus on the insurance organization itself and the various people who drive it. We will look at why insurance leaders should consider organizational transformation as an instrumental part of technology modernization. And we’ll examine several considerations that are in some way crucial to finding transformational success. These all share one trait: They each touch on the human element of change management. Leading outside the lines. When we talk about change and people, it’s natural to look to leadership strategies and recognize that a lot of real leadership happens outside of the org chart. On the org chart, executives and managers have defined roles and responsibilities. But leading outside of those lines is far more crucial when it comes to change management. Leading change requires “working within the white space” — ignoring some degree of authority and being more concerned with perceptions and personalities. If you think you can dictate change, you can’t. You need to bring people along understanding their pace. Change has to be effectuated in some way outside of official protocol. It is in the white space where penetrating change leadership will happen. We’ll discuss more on white space and leading outside the lines as we move through the articles in this series. See also: Can Risk Management Even Be Effective? Leaders should know what is driving change. It pays for leaders to know why they should be shifting their organizations away from traditional technologies and processes and toward flexible new technologies and processes that will enhance the customer experience. This understanding will help leaders communicate the relevance of change to the people who need to create change. The insurance business environment is in the midst of a radical shift. For a quick look at the factors involved, see the then vs. now chart below. (Source: Future Trends: A Seismic Shift Underway.) Understanding these concepts will allow leaders to operate and speak from a position of knowledge when they frame examples of the driving forces of change within the organization. Leadership should lead the change. “Change starts at the top,” is a phrase so common that it is cliché. But what does that really mean? Does it mean that the leadership accepts that change needs to happen and then delegates the work of change out to the various stakeholders? Certainly some delegation will occur, but, in our experience, the best change happens through the well-articulated, well-planned hard work of the leadership. Instead of “Change starts at the top,” perhaps we should say, “The work of change begins at the top. The oversight of change stays at the top,” and, “Leaders should be just as engaged on Day 51 and Day 201 as they were on Day 1.” In fact, it isn’t leadership if leaders aren’t engaged. Leaders must establish the driving force for change. The foundation you are building is important enough to clearly provide explanation around why the organization is going through transformation. When asked “Why are we changing?”, it is important and easy to be clear in this regard. Possible responses include:

• “We want to be more competitive to the marketplace. Change is a part of our core business strategy.”
• “Becoming a digital company requires us to change.”
• “We are striving to stay relevant to a fickle consumer.”

There may be a number of reasons. But establishing the driving force for change will allow those reluctant to change to see a clear correlation between change and company survival. Change is difficult, and many people will not be positive about it on Day 1. However, we shouldn’t assume that all people don’t want to change. Many times, people would love to change. It is simply a matter not knowing how to change. Change management helps your valued team members uncover a new paradigm and gives them a new context in which to grow within their role. They will learn how and will become more comfortable as you help them shift. Focus on outcomes — organizational and individual. To set the context and shift the paradigm, leaders should focus on two types of outcomes. Successful organizational outcomes are the focal points that every organization needs to stay on course. That focus will also help everyone in the organization release those time-honored, sacred approaches that may no longer be needed. Organizational outcomes won’t be hindered by a lack of understanding. See also: A Revolution in Risk Management   But people will also be looking toward their personal outcomes. People like to know where they are currently versus where they will end up. Remind people, “You are here. As the organization transforms, you will be here.” That answers their questions about where the organization is headed and where their role is headed (questions such as “Will I lose my job?”, “Will I have more responsibilities on my plate?”, “What’s in it for me?”) In fact, change leaders should do their best to continually answer the question, “What’s in it for me?”, because that is the context each individual needs. It’s like orienteering with a map and a compass. Hikers feel more comfortable when they can point to their current location on a map. Change management is helping associates grasp that new paradigm. Communicating the outcome for the individual is just as important as communicating corporate direction. In my next blog, we’ll discuss organizational change management from the standpoint of skills and understanding. Do we have enough experience to guide change? How do we mold change managers, grow understanding throughout the organization and conquer the fears and myths of transformational change? Please join me in Part 2 as we uncover the “How To” details of change management.

Innovation insight: Competency eats culture for lunch. If you answer no to any of these five questions, then it may be time to hire or outsource talent to fill capability gaps before doing anything with the optics of innovation. If your 2017 objectives include creating a more innovative culture in your organization, I invite you to learn from seven years of experience working with Goliath, who is gazing enviously at David and wondering how he would look with that hairdo. Over and over again, we’ve heard and experienced stories of companies declaring innovation and then focusing on the optics as a pathway to innovation culture. By optics, I mean the external aspects of disruptive entrepreneurs. Here are some examples:

1. Cool-looking office space with modular desks
2. Casual dress and flex hours
3. Open source idea generation software
4. Hackathons
5. The presence of millennials
6. Frequent use of the words blockchain, IoT and drones
7. A beer fridge

While all of the above are nice to have, with innovation, this is the equivalent of “fake it till you make it.” And unfortunately, Goliath never makes it unless he recognizes that the most innovative and successful cultures don’t focus on their culture; they focus on their competencies. In fact, they are not even aware of their culture or even that much impressed by it. Design strategy is the skill set of how to put your challenge into the right frame and describe it in a new context. This capability is different from business strategy. (Photo: Thinkstock) See also: The Questions That Aren’t Being Asked   Five Competencies You Need I must confess that when our firm went back across all the lessons learned over the last several years and connected the dots, it was like a Eureka moment for me. So what are those competencies?

1. Design Strategy
2. Research
3. Co-creation
4. Experience Design
5. Communication/Storytelling

While some of these may sound like common business capabilities, there are some important distinctions that can make or break your innovation mojo. Design strategy is the skillset of how to put your challenge into the right frame and describe it in a new context. This capability is different from business strategy. It’s not about understanding your current business, your market or your competition. It’s about the human-centered trends that are the most important for you to focus on. Typical business strategists don’t have this skill — anthropologists, behaviorists and futurists do. Research is the capability to get at the heart of what the key players in your value chain really think and feel. Innovation research is different from market research in that it seeks to infuse the future trends into the learning so that you can actually identify and quantify a new target group of people and their unmet needs and design around them. Typical research analysts do not have this skill. This capability is part art, part science. Co-creation is the capability to design productive work sessions that generate useful and valuable output. When companies bring people together at a meeting table, oftentimes problems don’t get solved in the room; they are just talked about. Effective co-creation not only cuts through power struggles, it also builds in the support for execution of new ideas. People support what they create. Experience design is how you make new ideas real. It requires identifying what consumers value most and focusing on it to test, learn, then build. Insurance companies try to build every aspect of an experience to perfection before bringing them to market. In our experience, few insurance companies know how to prototype and test effectively and efficiently. Communication/storytelling is about inspiring internal constituents and consumers around your new idea. This is not your garden variety marketing and advertising. See also: Where Will Real Innovation Start?   Typical insurance company marketing departments are wired to focus on outputs (i.e., collateral, etc.), not outcomes. If the new product, service or business model isn’t communicated authentically and in keeping with the original intent, the campaign will fall on deaf ears. If you ask 10 people in the organization where your innovation opportunity space is, would they all give you the same answer? (Photo: Thinkstock) Five Questions To Ask Yourself If you are not sure how your organization stacks up against these five capabilities, ask yourself these questions:

1. If you ask 10 people in the organization where your innovation opportunity space is, would they all give you the same answer?
2. Does your organization agree on what consumer needs you should solve?
3. Do you successfully generate new, disruptive ideas?
4. Have you brought any disruptive ideas to market?
5. Are you getting new income streams from them?

If you answer no to any of the above five questions, then it may be time to hire or outsource talent to fill capability gaps before doing anything with the optics of innovation.Goliath needs a lesson from his mother: It’s what’s inside that counts.

We are facing a world that has more potential to transform than ever before. By 2020, CIOs in a Gartner survey have forecast that 77% of their processes will be digital. Transformation is certain -- and, if we are unable to keep up, VCs will be happy to fund companies that transform our industry for us. Insurtech is already attracting investor interest in record numbers (investments totaled $1.4 billion in insurtech firms in just the first three quarters of 2016). Further, transformation will affect all areas of the insurance value chain, from underwriting to customer engagement. In this article, I outline a 5C framework to help executives formulate their transformation plan. The 5Cs of transformation in insurance are – communication, customization, connection, cognition and consensus. Let’s look at each in turn: Communication At its core, insurance is a promise. Now, there isn’t much value in a promise if you can’t communicate it! The opportunity here is for creating interesting means of communication – think chatbots (SPIXII is a good example) and robo-advisers (Pi-sight) and those enabling the insurer to effectively use social media. There is also an opportunity for creating content – how can I better educate my customers about the benefits of my product? How can I become a source of valued and used content for my customers? Finally, the largest near-term opportunity lies in creating communication tools for intermediaries (agents and brokers). Think Salesforce applied to the insurance workflow. How can you simplify the tool so that an agent uses it and you get valuable data? See also: 4 Rules for Digital Transformation   Customization I’m sure my Amazon and Netflix recommendations are very different from yours. Yet, for insurance customers, the tools and recommendations we provide look remarkably similar, if not the same. And, when it comes to renewal, our prices will be roughly the same (assuming similar customer demographics for life insurance or post code for home insurance), regardless of the fact that one is a fitness enthusiast while the other binge drinks every day. As an industry, we have still not boarded the personalization bus. I see two distinct opportunities in this pool:

1. Building recommendation engines to customize risk coverage (like Knip or Clark) and
2. Generating data sets that can be used to change the basis of underwriting.

The potential for 2. is large – connected devices, genomics and even social media analytics are all generating enormous data-sets. How can these be used to supplant traditional underwriting tables and bring about true customization in insurance? Tomorrow’s leading carriers will embrace “real-time underwriting” as customers produce more capture-able data. As an example, Digital Fineprint has made excellent progress in this regard. Connection The key challenge for companies today lies in getting noticed. To get noticed, you have to be part of your customers’ conversation. The challenge is to engage without interrupting. It’s a tall order and insurance companies are particularly bad at it - we average only 1.44 customer interactions per year. It is hardly surprising that most customers feel no sense of connection or loyalty to their insurer and that insurance ranks near the bottom for customer satisfaction scores. The opportunity here lies in ancillary services. Potentially, digital solutions that increase the number of connections we can have with a customer along the following aspects:

• Health, emotional health, affinity group, or financial goal setting
• Social media analytics and other heuristics to identify key moments
• Ideas that drive connectedness, helping us establish a deeper relationship with our policyholders

The top digital companies like Tencent and Facebook have shown that their chief assets are connections and community. Increasing customer interactions and loyalty is truly a billion dollar plus opportunity. Sureify is building a great tool-set to increase connections. Cognition I use cognition as shorthand for the wider Artificial Intelligence and Machine Learning opportunity. Strictly speaking, cognition runs across the earlier Cs (communication, customization and connection), but due to its impact, I feel it deserves its own section. We are in the early stages of the artificial intelligence (AI) revolution. Learning algorithms, whose results improve with experience, will enable us to find patterns in large data sets and make predictions more effectively — about people, processes and entire systems. Ultimately, these technologies will completely transform the entire insurance organization. In insurance, I see AI/ML tools being used for:

• Fraud detection and monitoring
• Claims automation
• Marketing with customisation
• Behavioural analysis for improved pricing
• Preventive insurance using Genomic data sets

AI has to be part of your transformation toolkit. Consensus By consensus, I mean Blockchain(s) (consensus refers to the underlying algorithm that underpins their structure). For instance, a Life insurer is the epitome of the trusted intermediary – you expect it to honour its promises after your death. Needless to say, when you can encode this trust on to a blockchain in a DAO (decentralized autonomous organization), then the whole industry will look very different. However, in the near term, Blockchains can have significant impact on administrative costs by making processes such as KYC (Know your customer), fraud and other verification services (policy issue, claim filing etc.) cheaper. Ideally, the entire industry would collaborate on a Blockchain solution. However, that is challenging. So, you need to look at use cases that can transform areas of your business today. See also: Pursue Innovation or Transformation?   Collaborating with Start-ups Transformation in insurance requires significant digital fluency. The smart bet is to partner with start-ups. What are you doing to make it easier for start-ups to find you and to strike commercial agreements? How can you improve this process-flow? The insurer that can attract the right portfolio of start-ups will win the transformation race. An earlier version of this article appeared on Let’s Talk Payments.

While most carriers collectively understand that predictive analytics is necessary to remain competitive with other data-driven and VC-backed companies, progress isn’t as fast as it should be. Some are still not using analytics at all despite knowing its importance, while many others limit use to one area of the business. One main obstacle is a disconnect between the C-suite and analytics staff.

The C-suite will not invest in initiatives they cannot measure, manage and understand. Therefore, how a business handles the implementation of analytics is just as important as the predictive models themselves. This is why applied analytics programs are needed to push the insurance industry into the future.

Applied analytics recognizes the value of data in specific business processes and basing key decisions off the insights. Carriers must define their strategy and goals around the initiative, decide on an implementation approach and convey it successfully to the rest of the organization to ensure buy-in and adoption. Executing this can be difficult, often a result of balancing sound technical decisions against each individual organization's company culture.

Strategy and Goals

The first step a carrier should take when applying predictive analytics is building the strategy and selecting the goals. Beginning with smaller projects is often an excellent way to build confidence for future implementations across different areas of the business. In this phase, carriers decide which specific challenges they hope to tackle using predictive analytics. For example, a carrier’s main goal may be to improve risk selection and pricing, and a secondary goal would be to achieve underwriting consistency as the carrier grows its existing business in new states. By defining what the organization hopes to gain from a particular initiative, it avoids misunderstanding and confusion during the implementation and duration of the project.

See also: 3 Key Steps for Predictive Analytics  

Next, the carrier must choose their success metrics. Using the same example, if the target for a predictive analytics initiative is improving risk selection and pricing, loss ratio improvement is often the best measurement. If business growth is the primary concern, profitability and aligning price-to-risk is an important metric to use. The C-suite is results oriented and this step sets the foundation for the implementation that follows.

Implementation Plan

Once a project has been selected, its goals determined and success metrics defined, an implementation plan should be created to strategize the role governance will play within the corporate culture. The way a carrier must address this step largely depends on the type of predictive analytics initiative in place. If a commercial auto carrier uses analytics to improve pricing with its long-haul trucking business, it’s key to find the balance between the model score and your underwriters’ expertise. Don’t leave it to chance, carriers should develop clear rules for how to use the predictive model that matches each company’s weaknesses and strengths.

By using the predictive model, policies are scored individually and assigned to a specific risk “bin”.

As one example, a carrier may decide that the best performing risks for smaller policies (bins 1-3) are approved for straight through processing, the average risks (bins 4-7) must always be reviewed by underwriters, and the poorer performing segments (bins 8-10) should be avoided altogether. A common and more granular form of implementation is determining how much credit or debit can be added to each policy depending on the model score, before needing management approval. By implementing rules of engagement that correctly fit a specific organization, it will not only boost the effect of the predictive analytics project but make it easier to manage and make necessary adjustments long-term.

Organization Adoption

Even if a carrier has an excellent strategy and model, it means nothing if those who will be using it on a daily basis fail to do so correctly. During the implementation process, all members of the organization must be aligned with project goals and comprehend its importance for the company. This means undergoing training and support by those involved closely with the initiative -- whether the model is being built in-house, through a third party vendor or a consultant. There should be complete transparency throughout the process, and room for adjustment based on feedback from the staff. Predictive analytics is an imperative tool in its own right, but just like any tool, it requires a skilled individual to obtain the best results. In fact, Valen research shows the best results are found when combining human judgement and predictive analytics.

The graph shows the lift of a predictive model. The greater the lift, the more effective the model is for the carrier. The blue line represents the loss ratio improvement based on a combination of the underwriter and the model when making decisions on pricing policies. There is clearly a more significant lift here when compared to both the underwriter (green) and predictive model alone (red).

See also: An Opportunity in Resilience Analytics?  

In order to sustain long-term plans and goals, the predictive analytics strategy must converge with the overall corporate strategy. That can’t happen for any real length of time without executives confidently making important decisions using the insights that come from predictive modeling. Only when a carrier and all of its members fully understand those insights and trust in data are they able to become a data-driven organization.

Insurers have not been noted for offering innovative services or for the quality of the product and service they do offer. Contrary to this general perception, insurers have, indeed, consistently innovated new service offerings, especially in the personal insurance space. This would include everything from on-line quoting to competitive rate comparisons, from 24-hour call centers to on-line bots, from electronic safety alerts and tips to electronic policies and from roving adjusters in technically equipped cars to digital appraisals. Most of these service innovations have been a win-win for insurer as well as customer because they increase efficiency and timeliness for both. In terms of the quality of insurers’ service and product, a lack of: 1) clear wording and contract certainty, 2) transparency, 3) timeliness, 4) accuracy and 5) flexibility continue to trouble insurance buyers in both personal and commercial insurance spaces. However, technology, regulation and customer demand have all conspired to move the needle toward improved service delivery throughout the industry. As the new millennium progresses, insurers will need to innovate in the service space in a more customer centric way. In other words, they will need to truly understand what the customer wants or values and will need to offer some of these things even when the benefit is more heavily weighted in favor of the customer. Of-course, insurers will achieve the vital benefit of growing or maintaining market share by doing so. It is not a simple task to understand what the customer truly wants. That is because the means of collecting this information is not without pitfalls. Focus groups generally amount to too small a sampling to be meaningful. Futhermore, overall input is often skewed by what moderators or overly assertive participants say or do. Questionnaires typically have too few respondents to be statistically significant and tend lack original customer input, but rather, a ranking of what has been supplied in the question. Customer councils and advisory boards can provide some insights but members can be reticent to express all their true complaints or wishes due to the fear that they will become personae non gratae or any number of other reasons. See also: How to Exceed Customer Expectations   Among additional types of devices for identifying what customers are experiencing or looking for are: 1) customer satisfaction surveys done right after a service has been provided, 2) innovation lab experiments with actual customers, 3) extrapolations from best-in-class competitors or similar types of providers. As stated in a McKinsey article, “The main reason so many companies fail to improve customer journeys is that understanding what customers value is not an easy task. Identifying what drives customer satisfaction and translating it into operational performance improvements requires deep customer insights, solid analytics and modeling the most important customer journeys, with cross-functional ownership and multichannel, end-to-end management.” The same article provides some bottom-line numbers showing exactly how important customer service acumen is to insurers, “For example, in the past five years, U.S. auto insurance carriers that have provided customers with consistently best-in-class experiences have generated two to four times more growth in new business and about 30% higher profitability than firms with an inconsistent customer focus, in part because satisfied customers are 80% more likely to renew their policies than unsatisfied customers….” The McKinsey data is similar to that compiled by J D Power in its review of property claims satisfaction in 2015-16, “The study finds that 81% of highly satisfied claimants (overall satisfaction scores of 900 or higher) say they “definitely will” renew their policy and 81% say they “definitely will” recommend their current insurer, while only 14% of displeased claimants (scores of 549 or less) say they “definitely will” renew and 7% say they “definitely will” recommend. Strikingly, 13% of displeased claimants indicate they have switched insurers due to their claims experience and 40% indicate an intention to shop within the next 12 months.” This data strongly suggests that insurers have a great deal to gain by finding the best combination of techniques to get adequate customer feedback and input, whether the input is about current satisfaction levels or future service innovations, and acting effectively using the knowledge. Importantly, input needs to be from the right set of customers, i.e. from the unique customer segment (s) being targeted. Some customer service enhancements may have universal appeal but others may only appeal to subsets of customers. This holds true for personal as well as commercial consumers. When planning service innovations, it may be helpful to think of these within three broad benefit categories that the service should satisfy: 1) price to value, 2) ease of doing business, 3) psychological positivity.

• Price to value – the service is worth something
• Ease of doing business – there is no frustration going through the process
• Psychological – it feels gratifying to do business with the company

Looking at some examples should help to explain these categories further. Progressive’s, and now many other insurers’, use of telematics, which helps customers reduce premium cost or, at least monitor it, is a “price to value” service innovation. FM Global’s scientific and engineering services form a “price to value” proposition that is differentiating, their newly announced global flood risk mapping is a case in point. Metromile’s pay per mile model is more of a “price to value” related innovation whereas its announcement about handling some claims in one hour, is more of an “ease of doing business” innovation that is transformational. Slice’s on-demand commercial policy for those who do home-sharing is also an “ease of doing business” play which is also a “price to value” play (on-demand cost vs an annual premium). Lemonade’s policy to give profits to charities selected by customers is a “psychological” type of innovation. What customer wouldn’t feel good about profits emanating from his or her purchase going to a worthwhile cause. In Germany, Friend, a peer to peer insurer, is using its name and business model to make customers feel good about doing business with the organization. See also: Next Generation of Underwriting Is Here   These are today’s examples. The future requires new ones that will answer evolving customer needs and wants. Insurers should be thinking about emerging trends and the opportunities they present. Among the questions to be asked are the following: what follows the sharing economy, how will driverless cars change the insurance landscape, what needs will climate change generate, how will unmanned aviation progress, how will robotics revolutionize manufacturing and construction, what new technologies are in development, will threats, such as terrorism, increase or decrease. Insurance is a complex business. There are many counterparties involved and many stakeholders including: insurers, customers, agents, brokers, reinsurers, lawyers, courts, vendors, medical care givers, shareholders, investors, regulators, etc. The fact that service delivery and innovation have been on the upswing in the past decades is a testament to the insurance professionals who serve the customer in a variety of capacities. Yet, there has been and will continue to be room for improvement and creativity.

Very few entrepreneurs can go from idea to success without a team of people supporting their projects. Besides hiring people in-house for human resources, marketing, production and service jobs, they may need to hire virtual employees and contractors to fill these positions. Either way, they need to create and foster a team-based environment to create a feeling of accountability and responsibility within the shared goal of success. Creating a team atmosphere can be very difficult with virtual staff, whether employees or contractors. It’s a growing issue because technology opens up so many options for people around the world to work together as a team. According to Gallup, as many as 37% of workers were telecommuting as of 2015. But there’s more to teamwork than simply working together on the same project. Teamwork involves a sense of camaraderie, support, respect and cohesiveness that can’t always be manufactured simply by the process of a shared project. See also: The Keys to Forming Effective Teams   Remote teams are not at a disadvantage in terms of overall performance. In a study conducted by MIT, it was found that teams of dispersed, remote workers often outperformed teams composed of workers within the same location. In part, this is due to the increased productivity that employees and contractors enjoy while working on their own, within their own ideal environment. But to truly harness that productivity, entrepreneurs with dispersed teams must learn to effectively manage those teams and create a sense of teamwork within them. This can be done by:

1. Having at least one face-to-face or screen-to-screen meeting. Even virtual face-to-face communication, such as through sites like Skype, helps build relationships and foster trust within the team. People like human contact.
2. Encouraging collaboration. There is a difference between true collaboration and simply working together. Collaboration allows the team to get excited over a shared goal and inspiration, rather than simply doing their part to achieve an end to a project. Schedule occasional brainstorming chats or conference calls to foster a collaborative environment.
3. Being clear about expectations, guidelines and standards. One of the best ways to undermine a team is to give every member a different set of rules to play by. Assume that your team members are going to talk and share information outside of scheduled meetings. Keep all their expectations, guidelines and standards uniform so there is no jealousy, competitiveness or implied favoritism.
4. Giving the team a place to collectively debrief. Create a “virtual water cooler” so that remote employees and contractors can talk, exchange ideas and have an informal place to bond outside of meetings, Harvard Business Review suggests. You can do this by setting up a private group on a social networking platform or by using a program that has group chats or forums.

In a world where more and more employees are working remotely, it is important to take extra steps like these to create a team environment among people who don’t work in the same location. The result can be a sense of community and loyalty that cannot be quantified. Feeling like you’re part of the team leads to lower employee turnover, greater job satisfaction and higher productivity and creativity. See also: How to Pick Your Insight Team   So why not schedule that weekly team call? And allow the same technology that enables us to work apart to bring us together.

My mom called me last night to say her car insurance is going up from  £340 to £370  (from $420 to $457) in the year ahead. She can't get it any cheaper and is genuinely worried about why the price is increasing.  Her rationale is that she isn't driving very much, is getting older and hasn't made a claim, so why has the price gone up? For me, this highlights part of the problem. My mom has never made a claim (thankfully), and she is basing her experience on cost, convenience and fit for her driving needs, instead of value. Yet, her car insurance is going to get more expensive next year. I don't think that she is unique here in any way, (other than being my mom; I could list plenty of ways she is unique) because when it comes to motor and home insurance, this is the typical journey for many. I explained to her that there has been an increase in the Insurance Premium Tax (IPT) to raise more revenue in the insurance sector. In reality, the price of her car insurance hasn't gone up much (only 7%). But because of the additional IPT, it may feel like the price has gone up. To me, the provider missed an opportunity here to share what has changed and why. Providing customers with a simple insight, in this case on the IPT, could be very beneficial for both sides. See also: Microinsurance Model in Non-Standard Auto?   As I sit here getting ready for my next trip, I've had two emails. One from the airline and one from the hotel. I've since checked in for my flight and checked into the hotel, received my boarding pass, chosen my seat, selected my room and enabled my digital door key – all in less than five minutes. This is proof that the digital experience just gets better and better. Over the years, table stakes have kept on rising, so the bar is pretty high – people must continually create better, new experiences and more barriers to entry. In my words, this whole experience is becoming more and more frictionless! I continue to challenge all of us on how we can apply the same idea to our world of insurance – making car insurance frictionless. Related to this, at Deloitte we have just released our European Motor Survey, where we interviewed more than 15,000 people across Europe, Middle East and Africa (EMEA). This year, we explored how digitally enabled motor insurance products could provide insurers with a great opportunity to increase the contact points with their customers and dramatically improve the understanding of their needs. You can download a copy of the survey here. We estimate that by 2020 the market share for digitally enabled motor insurance issued in Europe could reach 17%. Some highlights have been included below in the infographic. Given my experiences this weekend, from both the preparations for my trip and m mom's renewal, the opportunity to continue to leverage digital still remains. As always, I welcome your feedback, thoughts, insights and discussion!