The massive distributed denial of service (DDoS) attack that cut consumers off from their favorite web haunts recently was the loudest warning yet that cyber criminals can be expected to take full advantage of gaping security flaws attendant to the Internet of Things (IoT). For much of the day, on Friday, Oct. 21, it was not possible for most internet users to consistently access Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit and PayPal. Using malware, dubbed Mirai, an attacker had assembled a sprawling network of thousands of hacked CCTV video cameras and digital video recorders, then directed this IoT botnet to swamp the marquee web properties with waves of nuisance pings, thus blocking out legitimate visitors. See also: Insurance and the Internet of Things   Mirai is designed to take over lightweight BusyBox software widely used to control IoT devices. The source code for Mirai can be found online and is free for anyone to use. ThirdCertainty asked Justin Harvey, security consultant at Gigamon, and John Wu, CEO of security startup Gryphon, to flesh out the wider context and discuss the implications. The text has been edited for clarity and length: ThirdCertainty: Why do you think these attackers went after BusyBox systems? Wu: Because Busybox is lightweight; it’s used on most IoT devices that have limited memory and processing. Busybox is a utility with lots of useful commands. Harvey: BusyBox is very standardized. It is highly used in the field, and it also runs Linux, so the internals are very straightforward and easy to duplicate in testing systems. 3C: How did the attacker locate so many vulnerable devices? Wu: Standard IP scanning would identify the devices, and then the attacker could use the admin interface to install the malware. These devices had weak default passwords that allowed hackers to install Mirai. Harvey: Cross mapping manufacturers with types of devices. Then using the website Shodan to get a list of open devices. Once they had the list of devices, they could create a massively parallel script to step through each and determine whether they used the version of the OS they wanted. 3C: How many devices did they need to control to carry out three waves of attacks over the course of 12 hours? Harvey: 300,000 to 500,000.  Wu: Probably a few hundred thousand devices. Because it’s distributed, there is no way to simply block all the IP addresses. 3C: Are there a lot of vulnerable devices still out there, ripe for attack? Harvey: Yes! Shodan specializes in noting which devices are out there and which are open to the world. The devices used in this attack were but a small fraction of open or insecure IoT devices. Wu: We don’t know exactly how many devices are still out there as sleeper bots. Mirai also is actively recruiting new bots. From what I understand, these IoT devices had open channels, and the users had practiced poor password protection for root access to install additional components. 3C: What do you expect attackers to focus on next? Wu: I would expect the attacks to get larger and more sophisticated. Mirai also is working in the background to recruit more devices. The next attack may not be as public because they’ve already shown what the botnet network is capable of. 3C: What should individual consumers be most concerned about at this point? Harvey: Consumers need better education on changing the default access and security controls of their IoT devices. Manufacturers need to take security seriously. Period. Congress needs to step in, conduct some hearings on IoT issues and perhaps regulate these devices.  Wu: Consumers need to be concerned if their device is one of the devices already compromised or at risk of being compromised. They should contact the manufacturer to ask if a security patch is available. A simple solution would be to take the device offline, if it’s something you can live without. 3C: What is the most important thing company decision-makers need to understand? Wu: If you are dependent on the internet for your revenue and business, you should be planning alternative communication channels. If DNS is critical to your business, you should look at backups to just one service provider. Let people know that, if email is down, you can still get business done over the phone. Harvey: Businesses need to understand the implications to running IoT devices within their companies and question the business need for using IoT devices versus the convenience. See also: How the ‘Internet of Things’ Affects Strategic Planning   This article originally appeared on ThirdCertainty.

Today, GPS makes getting directions easy. A successful trip, however, is much different and a greater challenge than just good directions. Today, as a passenger on Planet Earth, you are heading to 2020 with more than 7 billion other folks. Our destination is known – what we’ll find when we get there, is not. Your starting point is January 2017. You destination is January 2020. The journey is your road to tomorrow. There will be numerous hazards along the way. These are the difference between your current reality and the change that is tomorrow. The bad news of change is best defined by Machiavelli, “There is no more delicate a matter to take in hand, nor more dangerous to conduct, nor more doubtful to success, than to step up as a leader in the introduction of changes. For he who innovates will have for his enemies all those well off under the existing order of things, and only lukewarm supporters in those who might be better off under the new.” See also: 8 Exemplars of Insurtech Innovation   The good news is that in the hyper-competitive world that will be tomorrow, well-prepared Davids can compete with the Goliaths of yesterday. This requires innovation – anticipating customer (prospect) needs and providing FAST, HOT AND CHEAP delivery. “Different isn’t always better, but better is always different.” (Dale Dauten) Consider these sign posts you will need to spot on the super highway to tomorrow:

1. Who will be your customers?
2. What will be your offerings?
3. What will customers be buying?
4. How will you communicate?
5. How will you compete?

Who will be your customers? Your renewal customers will be older. Your new prospects will be younger, smarter, diverse, tech-savvy and less verbal than they are today. Fewer in your data base will be members of the Greatest Generation and the Boomers. Buyers may be less enamored with your 40 years of experience because they are only 30 (Millennials). The “old boys club” will have closed; decision makers will be more diverse (gender, age, culture/ethnicity, expertise, etc), may speak a language other than English and will make decisions as a team – not as one boss. Having your marketing team more closely “mirror” them in tomorrow may be a good first step. What will be your offerings? Today, we can use a 3D printer to “manufacture” an ear. With the possibilities in technology, your products sitting on shelves and the slow manufacturing process of today may not be enough for tomorrow. Also, with more data capture and artificial intelligence, many customers will understand the price/cost structure of your offering and those of competitors. You may not sell on price, but some will buy that way. Your value proposition must include a “differentiator” that brings value to the buyer. In 2020, health insurance may be part of a single payer system, or you may wish it was. The ACA is not sustainable. At current rate trends, this one product will be sucking out a majority share of every family’s income to cover premiums. Healthcare expenses may include unintended consequences in the pricing of workers' comp and liability policies. What will customers be buying? With a global market and unlimited competition and less regulated competition, it is possible that consumers will find new solutions to traditional problems that don’t include the products you’ve offered in the past. You may find yourself tomorrow selling against what you sold yesterday with something tailored to a single client. How will you communicate? My generation used speedy memos, the phone, Rotary Club and PTA meetings and lunch at the City Club as relationship-building and communication opportunities. Today, text messaging, Facebook and other social media platforms are used to bond and communicate. If you don’t believe me, call a Millennial and see if he calls you back. How will you compete? This is one area of tomorrow that is out of your control. Competition will be defined by the marketplace. Your question is how to respond to the demands and expectations of this new world. See also: Spending on Agents Beats Spending on Ads   My guess is that, for agents, many products and service offerings today will be the commodities of tomorrow. Your success will be in what you do differently from the unwashed masses. Offering to facilitate the strategic planning for your best clients may keep you ahead of your competitors. You’ll have arrived when your clients invite you in on most, if not all, serious issues in their lives. Trust will matter. Success will be in your ability to gain and retain client intimacy by exceeding their expectations and the offerings of competitors. Look who is gone and who is prospering in today’s world. Will you be good or gone in tomorrow’s bazaar? Carpe Mañana!

Global trade and investment have been great engines of progress for much of the world. Over the past two decades, poorer countries reduced the gap between themselves and their richer counterparts for the first time since the Industrial Revolution, in no small part because of the opportunities opened by global trade. Technology has the same transformative potential in industries as varied as energy, health care, transportation and education. Inventions that are imminent or already here could transform the lives of billions of people for the better. Yet, as we see in the 2016 U.S. election campaign, and as we have seen in Europe and elsewhere, rapid change has a dark side. If too many people are unable to adapt quickly and successfully to these changes, they will push back – blaming trade or immigrants or the elites – and demand a reversion to a simpler time. The task of governments is to help people manage these transformations so that they benefit many and do as little harm as possible. In the U.S., governments mostly failed at that task during the era of globalization; if the full benefits of the coming technologies are to be enjoyed, governments will have to do much better this time around. See also: ‘Interactive Finance’: Meshing with Google   The competitive pressures created by globalization should have been no surprise. About 45 years ago, President Richard Nixon’s top international economic adviser, Pete Peterson, warned him that rising competition from Japan and Germany, with much more on the way, “poses adjustment policy which simply cannot be ignored.” Americans have unquestionably gained by the lower prices and higher quality that import competition enabled. Apple iPhones and the latest Boeing jets are the result of the collective input of tens of thousands of collaborators in dozens of countries around the world. But many lost well-paid manufacturing jobs to import competition or outsourcing, and the U.S. government has made little effort to mitigate those costs, even in worker retraining. President John F. Kennedy promised in 1962 that the government would help American workers who lost out to trade competition as the U.S. lowered its barriers to imports. “When considerations of national policy make it desirable to avoid higher tariffs, those injured by the competition should not be required to bear the full brunt of the impact,” he said. But today, the U.S. spends a smaller proportion of its wealth on worker retraining than any of the other 34 member countries of the Organization for Economic Co-operation and Development except for Mexico and Chile. Too often, the attitude of the U.S. government has been deeply irresponsible, assuming that markets would simply sort everything out for the best. In the long run, everybody may end up with work and income, but, in the short run, as Peterson told Nixon, the failure to help Americans adapt to the new reality will “leave long periods when the transition is painful beyond endurance.” With technology change, too, we know well in advance exactly what is coming. Driverless technology, for example, will soon become the standard in the trucking industry. Driverless trucks can run 24 hours a day and won’t demand overtime pay. There are 3.5 million truck drivers in the U.S., and an additional 5.5 million jobs in related industries – roughly one in every 15 American workers. They could perhaps go to work for UPS or deliver pizzas, but many of those delivery jobs will be lost to drones. Personal-care robots will increasingly replace home healthcare aides, and self-checkout machines are already replacing retail-store clerks; these are jobs that filled some of the gap left by the disappearance of manufacturing jobs to global competition, but they, too, will soon be under siege. Automation is even hitting law and education, two sectors long thought immune to technological substitution. See also: How Technology Breaks Down Silos   These vulnerabilities necessitate something that too often was absent in the era of globalization: good public policies. Artificial intelligence will transform teaching, for example, but, without access to the highest-speed broadband, students in poor and rural areas will fall further behind their urban counterparts. And unless we strengthen social safety nets and retraining schemes, there will be far too many losers in the labor market. There is no way to avoid the huge impact that technology will have on employment; we have to prepare for it and help those whose skills it antiquates. Much more even than globalization, technology is going to create upheaval and destroy industries and jobs. This can be for the better, helping us create more interesting jobs or freeing up time for leisure and artistic pursuits. But unless we find ways to share the prosperity and help Americans adapt to the coming changes, many could be left worse off than they are. And, as we have seen this year, that is a recipe for an angry backlash—and political upheaval. This article was written with Edward Alden.

It’s supremely intuitive that customer focus is the key to business success. It is also something that industries that have typically focused on products or distribution are now aware they need to change. Bravo! However, how many leaders are really harnessing the full power of customer focus? If after reading that question you immediately thought “big data,” please stop, put your smartphone down and back away from the table. This is not the kind of power I am talking about. The type of customer focus that I am talking about is better referred to as customer care — not just caring for customers, but caring about them. Maybe a good way to describe this would be customer indebtedness. These are companies that truly live, breathe and feel grateful for their customers, and put them above all else. Very few companies actually do this. They may say it, but being it is completely different. See also: How to Bottle Great Customer Experience   I was inspired while attending a recent LIMRA conference in Barcelona. One of the speakers, Artemis Pantelidou, general manager from EuroLife, owned by the Bank of Cyprus, humbly told the story of how her company was on the brink of collapse during the economic crisis in 2013 when Cyprus faced an EU and IMF bailout. EuroLife was damaged by these market conditions. People were panicked. They wanted (and oftentimes needed) their money, and the company faced the risk of losing a significant amount of its customers, thereby jeopardizing its financial position for those who stayed. However, it weathered the storm by staying focused on the customer and doing everything it could to make sure its customers were taken care of. It was in constant, open, honest dialogue with its customers, employees, agents and regulators. The company asked for all constituents to stay focused on customers and find new and different ways to satisfy as many as it possibly could. While some suggested it shut down to prevent a “run,” the way banks and stock markets do, Pantelidou insisted that EuroLife stay open for business and deal with each situation one customer at a time. After all, an insurance company is there to help with risk, not run away from it. Once customers understood the situation and how it could hurt so many people, they were even more grateful the company did so much to help them. And the storm passed. When it was time for the Q&A segment of the presentation and attendees were looking for the magic bullet that helped EuroLife persevere, Pantelidou repeated that there was no more to success than doing what’s right for the customer — each customer. She gave credit to her leadership team and to everyone who worked together, but that was it. Without saying these words specifically, the sentiment was that the company owed a debt of gratitude to its customers, whether they stayed or didn’t stay. They emerged stronger than ever, with advantages in the following areas:

1. Leadership team's trust and respect for each other
2. Employee respect for leadership
3. Customer loyalty
4. Confidence in team's abilities to handle volatility and uncertainty
5. Regulators' trust
6. Public image
7. Ability to innovate solutions

While nobody wishes to have an experience like EuroLife's to achieve a competitive advantage, what lesson can be learned in the chaos of the everyday? See also: How to Get Broader View of Customers   If your company seems to be wrestling with any of the seven issues above, running around frustrated with leadership alignment, uncertainty or business barriers to innovation, perhaps adopting an attitude of customer indebtedness now could help your culture overcome those issues sooner rather than later. If you are longing for the everyday chaos to calm down before you can adopt this attitude, you’ll need a real crisis to break the cycle. Why wait?

With Halloween just past, it seems appropriate to blog about something thematic. Usually, the word “scary” isn’t used to describe insurance writings, but there is a twist to one important question that can be as frightening as things that go bump in the night. Often, a technology adoption discussion starts out with a question about why an insurer should adopt a specific technology. That’s a good question. But the more telling question may be: What happens if you don’t adopt it? It’s a scary way to look at technology adoption, perhaps, but it is important to assess the implications of not adopting specific technologies. When it comes to business intelligence (BI) tools and data warehouse modernization, there are some very frightening downsides to not putting these critical components of an enterprise data strategy first. See also: 4 Benefits From Data Centralization  

• SMA research shows that 53% of responding insurers believe establishing a data strategy should precede a core technology initiative. That still leaves a good percentage of insurers who see things differently. And simply believing a data-first strategy is the right way to go doesn’t mean that executing it is easy. However, insurers who put off data strategies until after core system choices have been made actually run the risk of choosing the wrong provider (architecturally), relative to a data and warehouse strategy that would work best for their organization.
• Migrating legacy data to modern technology has kept many an IT and business leader awake at night or has given them a data migration nightmare. In fact, the sheer magnitude of doing a legacy data migration has led many insurers to decide to leave legacy data alone, resulting in a myriad of work-arounds. This will most certainly lead to poor service for both customers and distributors. It can also lead to a great deal of added expense and employees who are frustrated by having to deal with work-arounds. A solid data strategy with BI tools and a modern data warehouse can make the migration of legacy data into the new systems significantly easier.
• Business leaders are clamoring for analytics. Most of the technology demos we see at SMA address (or at least mention) analytics value in one way or another. However, without a data strategy, there may be a disconnect between the data architecture of the technology and the data structures decided on in a later data initiative. The result: delayed analytics value. Waiting for analytics can make business partners feel they are only getting incremental value from the new technology.
• Many insurers have accelerated core modernization initiatives because of the pressing need for modern portals and expanded mobile capabilities. However, if customer and distributor data is still fragmented — not centralized in a modern data warehouse and not unified with a common data strategy — the full value of portals and mobile will not be attained. And no insurer can afford to fail at fully delivering in these areas.
• Across a whole host of technology categories, software with out-of-the-box reporting tools is fairly common. On the surface, this seems to be an answer to a lot of problems. However, while technology-specific reporting tools have value, without an enterprise BI reporting tool an insurer can be creating reporting silos... and no insurer needs more silos. Additionally, while software-specific reporting tools may be useful for a specific category of data, such as operational data (which can be very good), they may not be what insurers need to gain deep insights into all categories of data.

There are a lot of scary things in the world today — besides Halloween — that we can’t control: terrorism, cybercrime and global warming, to mention a few. But all insurers can, and should, take steps to minimize the things that provoke fear. Electing to decide on an enterprise data strategy, business intelligence tools and modern data warehouses — and doing so first — is a way to mitigate other worrisome outcomes. Remember when deciding on an enterprise data strategy, BI tools and warehouses was the scary thing? Fortunately, technology has matured. And modern data management tools can be the key to dealing with the next wave of scary things.

In our new consumer research report, The Rise of the New Insurance Customer: Shifting Views and Expectations, we captured the views and expectations of today’s consumers in the midst of the disruption and change rapidly unfolding in the insurance industry. Insurers, MGAs, reinsurers and others must embrace this shift by understanding changes at play and accept that everything we have known about insurance was good for yesterday, but not good enough for today or tomorrow. The trends are fueled by the insurtech movement that wants to take advantage of the disruption and by a rapid, perpetual shift in customer expectations. Our research took a deeper dive into the people component, to understand 11 key insurance industry perceptions across the spectrum of researching, buying and servicing, consumer response and the implications for the insurance industry. Specifically, the research dives into this shift with more insights on the move to digital, an expected shift by millennials and Gen Z — and highlights that Gen X is often dramatically aligning with the Millennial and Gen Z consumer behavior. See also: Dare to Be Different: New Ways to Communicate With Customers The Rise of the New Insurance Customer compares insurance against nine other industries across the spectrum of consumer experience. The resulting perspective is that insurance is not “easy to do business with.” Some key insights from the research are:

• Insurance is “dead last” in terms of industries that are easy to do business with and are a good value. Life and annuities is significantly lower than P&C compared with the other industries/businesses with which consumers regularly interact.
• The Net Promoter Scores across the industries/businesses show insurance as relatively low.
• No industry is perfect when it comes to creating customer experiences for research, buying and servicing, but online and national retailers set the standard for all industries. We refer to this as the “Amazon effect.”
• Millennials and Gen Z clearly show different expectations than the silent generation and baby boomers. Gen X often aligns with millennials and Gen Z, highlighting the gap between traditional insurance over the last 50 years to insurance today and looking forward.
• The generational gap reflects an insurance industry steeped in tradition, where business models, business processes, channels and products are becoming rapidly irrelevant for the younger generations. The result is an open door to fresh, culture-savvy competition.

The implications for insurers are enormous. Over the last decade or so, many insurers have focused on transforming their businesses by replacing their legacy core systems with modern solutions surrounded by digital and data solutions. But the rise of new customer expectations does not necessarily align with these transformations. Why? Because many insurers did not anticipate the needs of the rise of the new insurance customers by transforming their business models, channels, products, services and engagement to meet the new generation of buyers. The result will be a potential shift in market leadership, with customers selecting insurers that best meet their needs and expectations. In North America, for both P&C and L&A insurers combined, this puts $1.4 trillion of premium at risk. The large differences between the generations on many aspects of the insurance experience highlight that established insurance companies (decades or centuries old), were built for the two older generations, the baby boomer and silent generations, which are declining in size and revenue power. In contrast, the two younger generations, Gen Z and millennials (and increasingly Gen X) have different experiences and behaviors that are at the core of why insurers need to redefine and reinvent themselves. Loyalty is now influenced by how well insurers meet their needs and expectations for products, engagement and value. The five generational groups underscore a shift that insurers must make to be relevant and competitive. It is a fundamental shift of a decades-old traditional business model, products, process and technology that were built to support the focus on products, mass standardization, operational efficiencies and automation. These are no longer effective in a market that demands customer-driven, personalized engagement, innovative products, simplification, transparency and everything digital. It’s time for “it’s always been this way” thinking to go away. Each company must ask itself strategic questions, such as: “How do we bridge between the past, today and the future? How do we keep current customers loyal and engaged as we redefine our business for a new generation?” If traditional insurers don’t ask these questions and act, others will. Both existing insurance companies and new entrants are responding, as evidenced by the large amount of activity in the insurtech space. Many think there is a better way for insurance to work, and they are acting on this belief and getting significant capital to make it a reality. In so doing, they have the opportunity to steal substantial market share from those companies that don’t ask themselves and act on the same questions. See also: How to Get Broader View of Customers And while many of these are in the early stages and are yet to be proven, consumers are very interested in these efforts, as demonstrated by the early results of Haven Life and Lemonade. Consumers are looking for fresh alternatives to age-old formulas. They will note whether an organization is completely new, with an innovative idea, or whether the organization is established but progressive in its approach. They will also know which organizations may be established, but not willing to cater to their preferences. In all cases, they will be looking at value, service, ease and understanding. How should insurers proceed? There are alternative paths that insurers can take depending on their strategies and resources. But the bottom line is that, based on the perceptions, reality and implications outlined in the research, companies must stop talking about the opportunities and being digital, and start doing something about it by using the disruption and change as a catalyst for “real change.” This change requires companies to rethink their business model and realign it with the customer needs and expectations of those who will be their customers for the next 10 to 20 years, not those from the past 10 to 20 years. There needs to be a renaissance of insurance to capture the revenue growth potential presented by the rise of the new insurance customer.

Business is a contact sport. Some companies win while others lose. That won’t change. There is no way to guarantee success. Make the best decisions you can, and then fight the battle in the marketplace. Yet research into more than 2,500 large corporate failures that Paul Carroll and I did found that many big decisions are doomed as they come off the drawing board—before first contact with the competition. Why? The short answer is that humans are far from rational in their planning and decision-making. Psychological and anthropological studies going back decades, including those of Solomon Asch, Stanley Milgram, Irving Janis, Donald Brown and, more recently, Dan Ariely, consistently demonstrate that even the smartest among us face huge impediments when making complicated decisions, such as those involved in setting strategy. In other words, humans are hard-wired to come up with bad decisions. Formulating good ones is very difficult because of five natural tendencies: 1. Fallacious assumptions: If “point of view is worth 80 IQ points,” as Alan Kay says, people often start out in a deep hole. One problem is the anchoring bias, where we subconsciously tend to work from whatever spreadsheet, forecast or other formulation we’re presented. We tend to tinker rather than question whether the assumptions are right or whether the ideas are even worth considering. Even when we know a situation requires more sophisticated analysis, it’s hard for us to dislodge the anchors. See also: Downsizing: Common Sense in Decision-Making May Lead to a Trap   Another strike against expansive thinking is what psychologists call the survivorship bias: We remember what happened; we don’t remember what didn’t happen. We are encouraged to take risks in business, because we read about those who made “bet the company” decisions and reaped fortunes—and don’t read about those that never quite made the big time because they made “bet the company” decisions and lost. 2. Premature closure: People home in on an answer prematurely, long before we evaluate all information. We get a first impression of an idea in much the same way we get a first impression of a person. Even when people are trained to withhold judgment, they find themselves evaluating information as they go along, forming a tentative conclusion early in the process. Premature conclusions, like first impressions, are hard to reverse. A study of analysts in the intelligence community, for instance, found that, despite their extensive training, analysts tended to come to a conclusion very quickly and then “fit the facts” to that conclusion. A study of clinical psychologists found that they formed diagnoses relatively rapidly and that additional information didn’t improve those diagnoses. 3. Confirmation bias: Once people start moving toward an answer, they look to confirm that their answer is right, rather than hold open the possibility that they’re wrong. Although science is supposed to be the most rational of endeavors, it constantly demonstrates confirmation bias. Ian Mitroff’s The Subjective Side of Science shows at great length how scientists who had formulated theories about the origins of the Moon refused to capitulate when the moon rocks brought back by Apollo 11 disproved their theories; the scientists merely tinkered with their theories to try to skirt the new evidence. Max Planck, the eminent physicist, said scientists never do give up their biases, even when they are discredited. The scientists just slowly die off, making room for younger scientists, who didn’t grow up with the errant biases. Planck could just as easily been describing most business people. 4. Groupthink: People conform to the wishes of the group, especially if there is a strong person in the leadership role, rather than ask tough questions. Our psyches lead us to go along with our peers and to conform, in particular, to the wishes of authority figures. Numerous psychological experiments show that humans will go along with the group to surprising degrees. From a business standpoint, ample research, supported by numerous examples, suggest that even senior executives, as bright and decisive as they typically are, may value their standing with their peers and bosses so highly that they’ll bend to the group’s wishes—especially when the subject is complicated and the answers aren’t clear, as is always the case in strategy setting. 5. Failure to learn from past mistakes: People tend to explain away their mistakes rather than to acknowledge their errors, making it impossible to learn from them. Experts are actually more likely to suffer from overconfidence than the rest of the world. After all, they’re experts. Studies have found that people across all cultures tend to think highly of themselves even if they shouldn’t. They also blame problems on bad luck rather than take responsibility and learn from failures. Our rivals may succeed through good luck, but not us. We earned our way to the top. See also: How to Lead Like a Humble Gardener   While it’s been widely found that some 70% of corporate takeovers hurt the stock-market value of the acquiring company, studies find that roughly three-quarters of executives report that takeovers they were involved in had been successes. The really aware decision makers (the sort who read articles like this one) realize the limitations they face. So, they redouble their efforts, insisting on greater vigilance and deeper analysis. The problem is that that isn’t enough. As the long history of corporate failures show, vigilant and analytical executives can still come up with demonstrably bad strategies. The solution is not to just be more careful. Accept that the tendency toward decision-making errors is deeply ingrained and adopt devil’s advocates and other explicit mechanisms to counter those tendencies.

Anonymous theft and abuse of business data is a growing risk for many organizations. Most security initiatives aimed at this problem begin with piecemeal technical controls, such as trying to block and account for things like USB drives or mobile devices with software and policies. However, zeroing in on technical countermeasures first is looking at the problem upside-down. Instead, companies should first and foremost ask whether their corporate cultures are inviting insiders’ malicious and risky behavior — or whether these cultures are functioning to deter it as a first line of defense. See also: How to Measure ‘Vital Signs’ for Cyber Risk   The continuing Wells Fargo controversy is a perfect case in point. Media accounts claim Wells Fargo managers pressured employees to meet aggressive growth quotas by signing up account holders for new accounts and financial services they never requested — reportedly netting the bank significant income in new fees and service charges. In effect, workplace cultures like this create a slippery slope, fostering a wider range of “fallout” insider threat behaviors. When an organization’s culture creates opportunities for abuse, motivated employees may be more disposed to comb through that organization’s data for a side business, copy records on behalf of a rival or sell files to cyber criminals. The sheer scale of this contributing risk factor becomes clear when you consider that  high-pressure sales environments exist in many companies — to varying degrees. This is yet another example of why security and data privacy risks always begin and end with business factors and people, not technology. Employees pressured into abusing data without penalty set an increasingly toxic precedent. Moreover, managers’ use of private, “unofficial” mediums outside of corporate oversight — such as text messages or personal email — to request or facilitate questionable conduct only reminds would-be malicious insiders that they will not arouse suspicion if they, too, use such tools in the workplace. How prevalent is this conduct? The answer matters because these behaviors are risk variables that are as important as patch levels and app permissions. Recent bank investigations are a reminder for CEOs and chief information security offiers (CISOs) alike that transparency, ethics and cybersecurity go hand in hand. As complex as fighting myriad cyber risks can be across companies’ changing IT assets, too few decision-makers recognize the power of healthy leadership and corporate culture as a scalable, enterprise-wide defense. See also: Better Way to Assess Cyber Risks?   Soul-searching in the wake of today’s headlines should include serious thoughts about making an ethical, highly visible business culture the first line of deterrence against ubiquitous insider risks. Accountability and leadership should play a larger role in safeguarding data and keeping business partners in line long before factoring in USB drives and mobile devices. More stories related to insider threats: Sophisticated email monitoring can help companies detect insider threats Inattentive employees pose major insider threat Insider threats pose major cybersecurity exposure This post originally appeared on ThirdCertainty. It was written by Dan Velez.

The term "the first 100 days" was coined in a July 24, 1933, radio address by President Franklin D. Roosevelt, who was referring to the 100-day session of the 73rd United States Congress between March 9 and June 17, 1933. As a board member, I think it is a great idea for a new CEO to think in a similar fashion and prepare a memo outlining what he/she will be doing for the first 100 days of the new job. The first 100 days is the time when the new CEO determines the culture of the organization, gets his/her arms around the finances and the budget and determines who has what skills and experience to help lead the organization and who he/she can rely upon to achieve the goals set by the board. There are several books on the market outlining the steps a new CEO should take in his or her first 100 days. See also: Insurance CEOs See Wave of Disruption   As a parallel to the first 100 days concept for the president of the U.S., when one starts a new job with a new company, the culture tends to give the person a level of credibility and deference from leaders in the organization that is not usually afforded to existing employees. I call it Teflon. For me, the game was to retain the Teflon beyond the first 100 days, or to work on my “Teflon renewal process.” I would do that by outlining my goals and expectations in a 100-day memo — and then I would achieve the goals set out in that document. Every time I was promoted, got a new boss, was involved in a restructuring or saw my role changed, I would prepare a memo for my boss (and myself) outlining my plans for the first 100 days. The document outlined my 100-day goals as well as my mid-term and long-term goals for my department. It also provided insight into my key performance indicators and into the strengths and weaknesses of the team. The memo outlined my expectations for what I would accomplish as well as the expectations of what I needed from my people to accomplish the goals. More importantly, the memo got me into the habit of doing what I needed do on a daily basis for me to be successful in my new role. This memo also resulted in establishing the way in which I would communicate with my boss. As a best practice, I recommend everyone consider preparing such a document when they get a new job or role. I also recommend that, as a manager or supervisor, you ask your employees to outline their goals and expectations in their own 100-day document. See also: CEOs Defy Common Sense on Wellness Now all I have to do is to prepare my 100-day plan for when I am at home — I need some Teflon with the wife. Here is an article that provides some detail on how to produce a 100-day action plan for a CEO.

It is no secret to commercial lines insurers that the market is hyper-competitive and has been so for years. There is very little to suggest that this is going to change. But there are other changes afoot, as evidenced by the new entrants, from the ranks of both traditional insurers and reinsurers as well as startups leveraging leading new technologies. And these new entrants are changing the commercial lines landscape. The startup impact was especially noticeable at the InsureTech conference in Las Vegas in October. While there are several critical success elements, few would argue about whether agents, brokers and MGAs are front and center. Unlike personal lines, where direct-to-consumer channels are growing, commercial lines are still dominated by the independent agent and broker channels. And due to risk complexity and the need for advice, this is not likely to change soon. At the InsureTech conference, Brian Duperreault, chairman and CEO of Hamilton Insurance Group, and past CEO of Marsh & McLennan, emphatically made the point that consumers do not want agents and brokers to go away -- they are critical to risk decisions. See also: The Uberization of Insurance   Given the imperative of having a strong agent and broker network, commercial lines insurers need to understand what it takes to ensure a successful outcome. Clearly, being easy to do business with is pivotal, and a key component of that is agency connectivity. To gain insight into what this means to commercial lines insurers and distributors, SMA conducted primary research. The recently released report Agency-Carrier Connectivity: Commercial Lines Insurers provides and explores the results. One thing was immediately clear. 90% of commercial lines survey respondents indicated that by 2020 new capabilities for agency connectivity will be a game changer. No insurer can ignore a game changer, but the road to a successful business outcome is not necessarily an easy one. 67% of survey respondents indicated that improving the agent experience is the No. 1 business driver for investing in agency connectivity. Yet four out of the seven barriers to investment revolve around a lack of business commitment and clarity. The good news about that result is that insurers are in direct control of these barriers! Survey results show the majority of insurers would prefer an automated exchange of data and information with distributors, with limited phone, paper or email pdf exchange. But legacy constraints, data mapping/inconsistencies and a “spaghetti bowl” of processing problems stand in the way. It would be easy to believe the issue is technology, but survey results point in a different direction. In fact, they point directly at culture and focus. Arguably, the most troublesome problem is that culture -- the idea that “We’ve always done it this way” -- stands in the way of an automated process. Given the age-old belief that commercial lines are seen as art and not science, culture is a huge issue that must be recognized and addressed. Acquiring new business is a serious problem in today’s competitive commercial lines market. According to SMA research, the No. 1 stumbling block to meeting production goals is quality and fit of submissions. Given this pressure, it would seem logical that investments would have been made to deal with this. But despite the fact that agency upload and download have been around for a very long time, commercial lines insurers still feel that their needs are either not being met at all or are met in only a limited measure. Important processes such as quoting, binding, policy documents, billing and risk management are either not being addressed through connectivity technology or there is neutral value attached to that technology. And with IT budgets stretched, technology providing only neutral value is tantamount to having poor value. See also: 3 Ways to Improve Agent/Insurer Links   More and more, agents' and brokers' decisions about where they will place their business are being driven by who is easy to do business with, even though underwriting expertise and claims capabilities will always be very important. Technology for connectivity is central to fostering incumbent loyalty and drawing the attention of a new generation of distributors. It is critical that all commercial lines insurers have a solid road map for investment around connectivity. Understanding what the potential barriers are and what peer company investments are being made will allow commercial lines insurers to move forward faster and with less overall risk. The commercial lines insurer report can be found here. Before the end of the year, the personal lines insurer view of connectivity will be published, as will the agent and broker view.  So, stay tuned!