Newly released findings from the Ponemon Institute and A10 Networks reveal that nearly half of cyber attacks in the past 12 months used encryption to evade detection and distribute malicious software. These findings challenge how we think about the powerful technology we use to protect privacy, security and authenticity. They also demonstrate very effectively how this security technology has been subverted into a powerful weapon for cyber criminals. This research is another damning piece of evidence that a significant chunk of enterprise security spending is not effective. Possibly half, or even more, of our security technology is doing little to effectively identify bad guys hiding within encrypted traffic. And because the increasing regulations around encryption will continue to drive a dramatic increase in the volume of encrypted traffic, the number of opportunities for bad guys to hide in plain sight is increasing exponentially. We’re fixing one illness but creating a new disease. See also: The Costs of Inaction on Encryption Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), encrypt traffic. TLS and SSL turn on the padlock in our web browsers—they are the most widely relied upon indicators for consumers that a transaction is “secure.” This technology is used to hide data traffic from would-be hackers, but it also hides data from the latest, hot-selling security tools. Because businesses now are being required to turn on encryption by default, encryption keys and certificates are growing at least 20% year over year—with an average of 23,000 TLS/SSL keys and certificates now used in the typical Global 2,000 company. Volume overwhelms security efforts As enterprises add more keys and certificates and encrypt more traffic, they are increasingly vulnerable to malicious encrypted traffic. Administrators simply do not have the tools to keep up with the growing number of keys and certificates. Venafi customers reported finding nearly 16,500 unknown TLS/SSL keys and certificates. This discovery represents a huge volume of encrypted traffic on their own networks that organizations don’t even know about. Sadly, enterprise spending on next-generation firewalls, sandboxing technologies, behavior analytics and other sexy security systems is completely ineffective to detect this kind of malicious activity. What does a next-generation firewall or sandbox system do with encrypted traffic? It passes the traffic straight through. If a cyber criminal gains access to encrypted traffic, then he is given a free pass by a wide range of sophisticated, state-of-the-art security controls. Inspection a formidable task The hard work of SSL/TLS inspection is at the core of today’s cybersecurity dynamics, but it remains largely overlooked in most enterprises. The challenge of gaining a comprehensive picture of how encryption is being used across enterprises and then gathering the keys and certificates that turn on HTTPS is daunting for even the most sophisticated organizations. See also: How Safe Is Your Data?   Throw in the challenge of keeping keys and certificates updated as they are renewed and replaced, and most enterprises can’t keep up. Even if multiple full-time employees are applied to the problem, they won’t be able to move at a pace that will enable them to identify bad guys hiding in encrypted traffic. Unfortunately, as an industry we continue to ignore this gaping blind spot. For example, when the federal government’s chief information officer issued requirements for protecting all government websites with HTTPS by Dec. 31, 2016, no guidance was provided on how to defend against cyber crime that uses encryption as an attack vector. As an industry, we’ve got to acknowledge and eliminate this blind spot. We need to be able to inspect traffic and automate the secure issuance and distribution of keys and certificates. The technology is available to solve these problems so we can use encryption safely. But before we can solve any problem we first need to admit that we have one. This article was written by Kevin Bocek and originally appeared on ThirdCertainty.

No matter how hard I try, I have been unable to avoid being bombarded with news about the presidential race. While most of the opinions and assertions leave me wondering, the additional insights into the importance of super delegates fascinated me. It turns out that winning the traditional delegates was important, but having the super delegates on your side really swung the field in your favor. In one way, it doesn’t feel quite right that any delegate should have any greater impact than another. However, because no one asked me how to run party primaries, I suppose I’m left to live with my feelings and just “figure out how to live within these rules.” As I work with many of our commercial clients on strategies for their digital footprint (a concept I’ll discuss in a moment), I can’t help but think of our super delegate equivalent — the proliferation of insurance aggregators. Whatever you may call them — rate exchanges, quote engines, comparison sites, aggregators or digital agencies — these newcomers are increasingly important and relevant distribution channels, and, no matter how long we attempt to ignore them, they won’t be going away. They will simply be wielding their distribution clout, helping insurers to grow as they continue to rapidly expand their prospect pipelines. For commercial insurers who may not wish to pay attention to aggregator growth or for those who would like to reserve their judgments on the future of commercial sales, I would like to suggest that it is time to swallow your notions, accept the relevance of these super delegates and just “figure out how to win within these rules.” How quickly can an industry turn upside down? In politics, anything can happen. Approval ratings can rise and fall dramatically in 24 hours. Major players and influencers can come from nowhere. I think 2016 is proving my point. In 2015, we had no idea that our presidential race would look quite like this. What if, on Jan. 1, 2017, you awoke to find that most commercial polices were being sold online through digital agencies? If you hadn’t seen it coming, it would certainly hit your organization like a ton of bricks. If you had seen it coming and you hadn’t prepared, it would feel even worse. If you had seen it coming, and you had aligned your organization with some of these alternate channels, you might feel gleeful. The point is, the day of the digital agency is close upon us. If you aren’t preparing to sell in this space, you are probably being shortsighted. The super delegates have arrived, more are on the way through the insurtech movement and it is time to court them. See also: Commercial Insurers Face Tough Times   In the commercial space, we currently have companies such as NetQuote, CoverWallet and Insureon offering lead generation and quoting capabilities to commercial insurers as they offer real quotes to businesses in need of insurance. (Read more about new insurtech players in Majesco’s Future Trends report.) Insureon, probably the most-talked-about of the three, can quote on a fairly broad spectrum of business insurance. Insureon has tremendous reach and a good selection of insurers to bolster its offerings. If we see Insureon as our leading super delegate, what can we do to gain Insureon votes? The digital footprint Let’s step back for a moment and look at our high-level goals. Our goal is not to leave behind agent and broker service, but to embrace and prepare for new distribution channels by improving our digital footprint. As we often see, when it comes to digital preparedness, what’s good for one channel may be good for another. What is useful for the aggregators is likely to improve agent service, as well. Every step we take to become digitally ready, with the right back-end capabilities and integrations and the right front-end capabilities, will end up benefiting all channels, including traditional broker and agent capabilities. The real work of enabling the digital presence that these new channels require will prepare your organization for growth across channels by creating a consistent experience for both your delegates and your super delegates. If you have your digital footprint in position when a producer reaches out to your underwriter or phones in to your call center, they will capitalize on your improved capabilities, enhanced product offerings and simplified quote process. The role of the super delegate When I speak with clients, I often see how perspectives make all the difference. Insurers look at the existing distribution channels and all the technology options to further advance the agent and broker experience, and they see the newcomers like Insureon popping onto their scene. Most insurers seem to fall into two camps. Either they see aggregators as a threat or they view them as a smart option for distribution, reaching a broader set of customers and segments. This is the inside-out perspective. The insurer asks, “What can we do to engage or compete?” But the digital agencies themselves have taken advantage of starting with a fresh perspective to make the customer experience seamless and easy. They are taking the outside-in perspective, asking, “What can we do to make ourselves more appealing?” They start with business preferences and how businesses will want to buy something. In that practice, they have positioned themselves as extensions of our internal systems. They are funnels attracting businesses like flowers attracting bees. If done correctly, integrating with these third-party players can mean a material addition to our distribution model, with little change to the traditional agent/broker approach. In this way, the super delegate has not only become an aggregator, but has become a cheerleader. It is their marketing and their messaging that will drive insurers’ businesses. (Read more about perspectives and purchase trends in the blog, The Power of Observation for Insurers.) See also: How to Win in Commercial Lines   If I look at companies like Insureon as my super delegate (and cheerleader), I can see how I can tip the balance in my favor. I still have to win the affinity and loyalty of my agents and brokers, but having these new alternative distribution options could mean the difference between maintaining my business or breaking out to new customers, products and accelerated growth. In Part 2 of this series, we’ll look at possible approaches to preparing the digital footprint and some of the questions an insurer should ask itself before beginning. We will also look closely at why business insurers may want to begin by developing insurance products for small, niche businesses. This article was written by Robert Buhrle and originally appeared on Majesco.com.

Anyone who was around in the early 1990s may remember that the mantra of modern globalization was that decentralized markets were good and centralized markets were bad. The math supporting the efficiencies of the comparative advantage economic model was, and still is, indisputable. Further back, the concept of laissez-faire has been the cornerstone of modern capitalism since the late 1600s. So we have seen this picture before, and it should be acknowledged that there is, in fact, reliable precedent to examine as we approach the era of machine-enabled decentralized governance called blockchain technology. Blockchain technology is incredibly interesting to me because many of the opportunities and concerns regarding the technology are similar to the conditions surrounding my involvement in the implementation of the NAFTA agreement more than two decades ago. Specifically, I worked on standards for the mutual recognition of engineering professionals between the U.S. and Mexico. While the effort largely failed, I was able to directly observe efforts to control a decentralized network. The effect was that markets were administered unevenly and rarely met the conditions of insurability. Today, the standing joke in the blockchain domain is that the “act of trying to control a decentralized market eliminated many of the benefits of having one in the first place,” Let history be our teacher. See also: Blockchain: No More Double-Entry Books?   Today, while we may face similar peril, it is much more serious. Blockchain technology is far more powerful than linear Comparative Advantage Theory. Blockchain promises exponential efficiencies or exponential deficiencies. The difference is that we also have the knowledge, foresight and profound responsibilities to get it right this time. We have a choice. In 1993-96, the mutual recognition of professional engineers was controversial and divisive. U.S. engineers were fearful they would lose their high-paying jobs to cheap Mexican engineers, whose salaries at the time were about one-tenth the U.S. engineers' salary. The fear was real. I saw something different. I saw an entire nation — an entire continent — that needed everything U.S. engineers create. Mexico, Central America and South America needed roads, bridges, structures and every manner of infrastructure upon which all markets depend. The problem was that infrastructure projects could not be financed. This was not for lack of money (NAFTA also liberated access to financial services) but for lack of insurance. Without a tip-to-toe insurance presence, Latin American economies continue to experience difficulties in bridging the capitalization gap. The capitalization gap is that strange period between the time when money begins to flow into a project and the time revenue flows out of the project — where the asset isn’t an asset yet and falls off the balance sheet. There is no title and no recourse if something goes wrong; risk is very high, and so is the corresponding cost of capital. In the U.S., it is well-known that soft costs can represent as much as 30% of the cost of a structure. We have also developed a professional engineering licensure system that serves as a financial instrument; a proxy for title, which fulfills the conditions of insurability. The combination of insurance and engineering is what maintains the asset as an asset on the balance sheet. Even when the shiny new office tower resembles nothing more than a pile of dirt, that pile of dirt is valued as a shiny office tower on the balance sheet. Banks and insurance companies depend heavily on engineers to verify the design, materials, processes, components and performance of all subjects they finance. In general, the construction process breaks down into a long and complicated series of events that all must be contracted, negotiated, ordered in time and verified in a secure manner — while also triggering payments to stakeholders. This is a textbook perfect application for blockchain technology. See also: Why Insurers Caught the Blockchain Bug   The consortium between engineering and insurance is critical to convert existing engineering and construction contracts into blockchain-adjudicated smart contracts. Engineers would validate conditions of insurability throughout the design, construction and the life cycle of the asset. The consortia between engineering and insurance already exists, and their impact on the cost of capital is abundantly clear. To formalize this on a blockchain initiative is not a radical position by any means. What is unique about this proposal is that insurance and engineering should be at the forefront of blockchain development, building the bridge that spans the capitalization gap upon which all derivative markets can travel, laissez-faire. (Adapted from; Insurance: The Highest and Best Use of Blockchain technology, July 2016 National Center for Insurance Policy and Research / National Association of Insurance Commissioners Newsletter)

Many self-insureds and carriers use third party administrators as their front-line adjusters. A set of instructions or guidelines from the actual check-writer is supposed to regulate the TPA's procedures. Anticipating every permutation of every possible situation is impossible, but every set of instructions should include guidance on when and how to use mediation. Recently, I had the opportunity to review a set of TPA instructions. The TPA was directed to “negotiate settlements of covered claims pursuant to the authority granted by” the contracting party. No further details were provided. However, another section of the agreement spelled out in minute detail a procedure for mediation should a dispute arise between the TPA and its client. The client knew mediation was an important tool for resolving its own disputes, but provided no direction about how to use it to resolve covered claims. See also: How to Find Patterns in Workers’ Comp Claims   The regional risk manager of one national account tried to get its local team of TPA workers compensation adjusters to try new dispute resolution techniques, but the adjusters refused. “If they want us to do that, they need to include it in their instructions.” What Should TPA Instructions Say About Mediation? Here is some suggested language: "At appropriate milestones in the life of a claim, adjusters and attorneys should take active steps to initiate mediation and report on the results. These milestones include:

• Approaching trial date
• The injured worker has reached permanent and stationary status
• The injured worker has reached age 61
• 70% of the indemnity reserve has been paid
• Four reserve changes within two years
• The case is more than four years old

"Additionally, claims handlers should attempt to close claims with mediation in: -- Death cases -- When the injured worker is acting in pro per (propria persona, or "for oneself") See also: Are You About to Hire Your Next Workers’ Comp Claim?  

Ever since the dawn of civilization, societies have organized around the technology of their time. Likewise, people and corporations will reorganize around this new type of data and value exchange system known as blockchain technology. Blockchain technology represents a new set of both positive and negative risk opportunities that may not pool appropriately with the common set of business perils upon which today’s insurance products are based. See also: What Problem Does Blockchain Solve?   The insurer is faced with four primary categories of concerns related to blockchain technology:

1. How different would it be to insure a decentralized business or business processes than a centralized business? What historic data are still valid, what data needs to be collected anew? How much can the insurer rely upon a management system composed of nothing but software? How does an insurer assert dominion over economic value denominated in cryptographic tokens that are neither money nor property, according to the law? Who do you call when things go boom?
2. The insurance industry itself is an administration-laden database – could it operate on a blockchain? What are the opportunities and implications of culling legions of brokers and staff? Ironically, would an insurer be willing to insure a company that had just culled legions of brokers and staff? If a company does not adopt blockchain technology and a competitor does, what perils are then imposed on the firm? How does the insurer preserve institutional knowledge in the wake of replacing brokers with software?
3. The purpose of regulation of any kind should be to encourage or discourage specific types of human behaviors. If the human is taken out of the equation, what regulations are still needed? Are there any regulations that stand in the way? Are new regulations required? Can regulations be bypassed or shifted to another segment of a process? How fast can regulators respond to an unanticipated condition?
4. Finally, everything about database management has very little to do with the thing actually being computed. Blockchain and crypto-currencies exist in a digital realm. Meanwhile, real people are doing real things in real life where real objects behave according to physical laws. How exactly will blockchain software reconcile or interact with the real world? How will risk transfer between machine and human and back again?

These are extremely important questions that are yet to be resolved. It is worth the time and effort to learn and understand the opportunities and implications of blockchain technology because the value of opportunities for adoption by the insurance industry are magnificent:

• Insurers may achieve extreme efficiency with internal processes
• Insurers may achieve great profitability insuring blockchain clients
• Insurers may discover vast new markets that were previously unviable
• Insurers may scale up or scale down (micro-insurance) at near zero marginal cost.

The insurer needs to know exactly what is being insured, the numerical probability that the peril will or will not manifest and the consequences of a failure or breakdown in the process. Problems may arise where an organization loses important institutional knowledge, adaptability and innovation due to the wholesale elimination of important administrative personnel. The insurance company must know the difference between what a blockchain can and cannot accomplish. See also: How Blockchain Will Reorganize Society   Most importantly, blockchain has the potential to augment people. Blockchain technology allows people -- whether staff or clients -- to be elevated to a higher order of productivity. This is where true wealth is generated. The net value of this technology cannot be achieved by just firing up some blockchain, knocking off staff and cherry picking risk classes. The great opportunity for insurance will be to mitigate risk from fault-prone processes, thereby reducing the need for regulation and eliminating friction from the financial system. This will help bridge the capitalization gap that currently hinders the great innovations that humans are capable of. Adapted from; Insurance: The Highest and Best Use of Blockchain technology, July 2016 National Center for Insurance Policy and Research / National Association of Insurance Commissioners Newsletter: http://www.naic.org/cipr_newsletter_archive/vol19_blockchain.pdf

Apple is facing accusations that it copied Chinese innovations in the iPhone 7. Indeed, China’s smartphone manufacturers released dual-camera systems and handsets without headphone jacks long before Apple did. And the stickers and animations that Apple is adding to iMessage look like a direct knockoff from China’s WeChat. This is quite a twist from the days when Apple accused the Chinese of copying its inventions. The reality is that America’s most innovative company is no longer the world’s most innovative company. Entrepreneurs all over the world are producing innovations that rival what you see in Silicon Valley. This is also evidenced in the numbers of billion-dollar technology start-ups, or unicorns, that are sprouting up all over the world. Of the 191 unicorns worldwide, 42 are in China and eight in India, according to CrunchBase. Yes, more than 105 are in the U.S., but you would hardly have found any blockbuster technology start-ups in Asia as recently as a decade ago. Today, Chinese Internet companies, such as Alibaba, Baidu and Tencent, are among the most innovative and valuable few in the world. The world’s entrepreneurs used to dream of coming to Silicon Valley because it was the innovation capital of the world and there were few opportunities elsewhere.  This is no longer the case, as I learned during my recent trip to New Delhi. There are start-up incubators sprouting up all over India, and the quality of the start-ups is second only to those in Silicon Valley and China, which are running head to head. See also: Insurtech Ecosystem Emerging in Asia I spoke to about 50 entrepreneurs at local incubators and meetups. Unlike earlier generations, very few had interest in moving to the U.S. Most said they believed the greatest opportunities were in India. As technology designer Himanshu Khanna said, “Why should I move to Silicon Valley when I have a market 10 times as large here?” Five years prior, Khanna had asked me to sponsor him for a long-term U.S. visa, which he could not get. The tide has surely turned. For decades, the U.S. invited the world’s best and brightest to come and study at its universities and provided them with temporary work visas. But it placed tight limits on the numbers of permanent-resident visas for those who wanted to stay, so the lines grew longer and longer. My research team at Duke, Harvard and NYU documented that there were, as of October 2006, more than a million skilled workers in “immigration limbo” in the U.S., with only 120,000 green cards being made available every year for their work categories. Ten years later, I estimate the number of skilled workers in limbo is roughly 1.5 million. I explained in my book, The Immigrant Exodus: Why America Is Losing the Global Race to Capture Entrepreneurial Talent, that this would lead to a reverse brain drain. That is exactly what happened. Hundreds of thousands of highly skilled workers as well as the graduates of top American universities have returned home because of America’s flawed immigration policies. They are in leadership roles at top research labs and at the unicorns in China and India. America has lost an entire generation of entrepreneurs and innovators and bolstered its global competition. That is also why the proportion of immigrant-founded start-ups in Silicon Valley fell from 52% in 2005 to 44% in 2012 and is probably even lower today. It is in this context that the Obama administration announced its last-ditch effort to reverse the tide. On Aug. 26, the Department of Homeland Security (DHS) proposed a rule to allow foreign entrepreneurs to enter or remain in the U.S. and work at qualifying start-ups. This uses the parole authority under which the president, through DHS, can permit certain individuals to temporarily stay in the U.S. But the president’s immigration authority is very limited, and this is a very short-term and very constrained fix. The start-up entity must have been formed within the three years before an application for entrepreneurial parole; the entrepreneurs must own at least 15% of the entity; only three foreigners can be employed by the start-up; and the applicant must prove that the start-up has “substantial potential for rapid growth and job creation” by receiving investments of capital totaling $345,000 or more from established U.S. investors with a history of substantial investment in successful start-up entities or at least $100,000 in grants or awards from local, state or federal government entities. This is not a slam dunk for entrepreneurs wanting to come to the U.S. — and it provides no clear path to permanent residency. Also, to become effective, the rule must undergo a 45-day notice and comment period in the Federal Register. Nevertheless, if it takes effect, it will be better than nothing: it will probably lead to several hundred start-ups moving to the U.S. and creating tens of thousands of jobs here. See also: A New Frontier for Venture Capital   What are needed even more badly are DHS rules that let foreigners on temporary work visas change jobs rather than be subject to abuse by their American employers. Present rules prevent employees from changing jobs while they wait for their green cards, which often take one to two decades to arrive. This disadvantages both the workers on temporary visas and American workers, because it allows employers to artificially depress salaries. The foreign workers also cannot start companies, so those who could have created jobs here are getting frustrated and returning to their country of origin. Immigration has become a toxic subject in the U.S., thanks to the xenophobia being served up in the election campaigns. Though the use of presidential executive privilege is no substitute for lack of governance on Capitol Hill, we do need to enact rules to improve the dire situation. The country’s competitiveness is at stake now more than ever. To quell the social disenchantment that is creating resentment toward immigrants, we need economic growth and job creation and we need to welcome those who would bring about both.

As senior security research engineer at security and compliance automation vendor Tripwire, Travis Smith spends his days studying the chess moves made by cyber criminals on the cutting edge. The hottest, most lucrative criminal activity of the moment is ransomware, the cyber detective says. The most common variant revolves around getting a victim to click on a corrupted attachment or web link that arrives in a legitimate-looking email message. If the malware successfully downloads to the victim’s machine, it’s game over. In mere moments, the malware will locate and encrypt sensitive files, then launch a shopping cart routine that guides the victim on how to use crypto currency, most commonly Bitcoin, to pay for delivery of a decryption key. Individual victims usually are required to pay a ransom of a few hundred dollars; business entities are routinely paying five-figure, and sometimes six-figure, ransoms. See also: Ransomware Threat Growing for Phones   How bad is it? A recent report from Arctic Wolf Networks estimates a 433% spike in ransomware attacks over the past year. And the FBI says ransomware attack victims paid $209 million in the first three months of 2016, up from $24 million in all of 2015. And that only counts complaints received by the bureau. Typically, the bad guys actually do deliver a working decryption key in exchange for the ransom payment, Smith says. Here is some other useful intel Smith shared in our recent video interview. Text edited for clarity and length. 3C: Why have healthcare organizations been so heavily targeted by ransomware gangs? Smith: Healthcare has a life or death connection to data. So it’s not a financial responsibility. Restoring lost data from data backed up and or reverting to some kind of paper trail takes time. And it’s not something that they’re really well-equipped to do. 3C: Any indication what sectors the bad guys are going to focus on next? Smith: We have been seeing that ransomware has been targeting IoT devices for consumers, as well, so they’re looking at thermostats and TVs and things like that as far as being able to encrypt those. And not only just encrypt them, but prevent access from the device. As far as businesses, the energy sector is definitely a big one, as far as critical components, and financial. Those are probably the next two markets that are going to see heavy ransomware attacks. 3C: Do you expect the bad guys to single out small and medium-sized businesses, because they’re less protected? Smith: Everybody’s going to be targeted eventually. Ransomware is just too profitable a business model for criminals. It’s a 1,400% return on investment, so the average criminal spends about $10,000 to invest in a ransomware campaign, and they get just under $500,000 back. So it’s very profitable for them. Every sector’s going to get targeted eventually. 3C: How has the availability of crypto currency come into play? Smith: Bitcoin provides the criminals with a completely anonymous way to get paid and get out. If you get hit with ransomware, they’ll usually change your desktop background and direct you to browse to a certain website. Then they’ll give you detailed instructions showing you how to pay to get access to your data again. They want to have a seamless transition for getting their payment, and they want to build a reputation for actually letting people access their data again. They want to instill confidence that if you pay the ransom, you are going to get access to your data. 3C: So they do supply working decryption keys if you use their crypto currency shopping cart tool? Smith: In every instance that I’ve seen, yes. I haven’t seen one instance where they haven’t tried to give access to the data. 3C: Couldn’t they just come after you again? Smith: Exactly. A lot of these things are completely autonomous; they don’t require action from the cyber criminal, especially these huge campaigns. If the business does not understand how they got infected, then that same email could still be sitting in the secretary’s inbox. If she opens up the attachment again, then she’s encrypted again with a different decryption key. 3C: What can businesses do beforehand to deter this? Smith: Ransomware can only encrypt files it can access. It only has the same access privileges as the person who opened the attachment or clicked on the web link. So monitoring employee access and granting the least privileges is vital. You want to give people enough access so they can get their job done, but not give them so much access that they have the keys to the kingdom, so to speak. See also: Ransomware: Your Money or Your Data!   3C: What about training? Smith: Employee awareness training is an important best practice. You want your employees to be aware these types of campaigns are out there. Don’t click on every link or every attachment, especially if you’re not expecting it. Always have your guard up, and try to verify from the sender before you open up any attachments. That’s usually how the ransomware is going to get in. 3C: Sounds like we can’t trust email? Smith: You can’t trust email from anybody. You can get an attachment and it’s ‘paystub.pdf.’ It looks like a PDF, it smells like a PDF, you say, ‘Oh, someone sent me my paystub.’ So you double click it to see what it is, and you get encrypted. This article originally appeared on ThirdCertainty.

Almost all insurers have started digital projects, many have digital teams, but only a few have a true digital insurance strategy. To develop a coherent strategy for digital insurance, first an insurer must decide what the term means. There is a distinction between insurance digitalization and true digital business. Digitalization consists of taking existing processes, procedures and services and using technology to improve efficiency and effectiveness. Fundamentally, digitalization takes what an insurer is doing already, and applies digital. In this circumstance, there is no real transformation of the business. Digitalization is critical in a price-sensitive, highly competitive industry, but it is not enough to distinguish an insurer from the competition. In the context of insurance, true digital business requires the application of technology to offer new business value or move the insurer to a new position in the market. In many markets, the form this new digital business will assume has yet to be determined. See also: Maturing Use of Mobile in Insurance   Many different methods exist to evaluate digital business maturity. I prefer a five-level model, based on methodologies used by industry analysts and other experts.

1. The first level is digitalization, taking existing processes and applying technology. Many insurers began this process in the late 1990s or early 2000s, and, unfortunately, many have stayed there. Insurers initially saw large efficiency benefits in moving internal processes away from paper over to digital, but those returns rapidly drop off after an insurer migrates the highest-priority processes. An example of this stage is offering PDF copies of insurance documents on a customer portal.
2. The second level is to create new digital experiences, using the capabilities of digital platforms. An example is creating mobile applications for agents to improve interactions with the company, using geolocation to offer nearby preferred vendors and other options.
3. Level three is offering new insurance programs that would not be possible without digital technologies. One example is a company creating a travel insurance product in partnershipl with a travel mobile application and offering that product at the time a customer purchases a flight.
4. Level four is an evolution of stage three, and consists of embedding digital throughout the enterprise. An insurer thinks of all aspects of the business in terms of digital, even in departments such as compliance and daily operations. An insurer knows that it has progressed to this stage when even traditional analog functions such as the mailroom evaluate all processes with digital transformation in mind.
5. At level five, an insurer has repositioned to a new competitive space inside the insurance market. We are only now beginning to see a few stage five insurers, and these insurers are often born digital. An example is new peer-to-peer insurance models that have begun to gain acceptance in recent years, like crop insurance in Africa. This insurance is paid for by a surcharge on farming inputs such as fertilizer and seeds. Claims are automatically initiated when weather stations recognize severe weather events. This is a form of protection that could only exist in a digital world.

See also: 5 Accelerating Trends in Digital Marketing   The first step toward transforming into a digital insurer requires evaluating where your company is on this continuum, and where you need to be in the next three to five years. What amount of disruption can your business model sustain? What steps can you take now to build the skills and culture you need to compete in the face of this disruption? Crop insurance in Africa may be a small part of the overall insurance market, but consider what could happen if a major agricultural market such as the U.S. began this same transition. All insurers today have digital processes and procedures, but relatively few have progressed past levels two or three on this digital continuum. Eventually all insurers will be digital insurers, but this transformation will move in fits and starts, with the leaders gradually pulling out ahead of the laggards and gaining a lasting competitive advantage.

The Oklahoma Supreme Court's split decision to strike down the Oklahoma Option to workers’ compensation in Vasquez v. Dillard’s is based entirely on Oklahoma’s unique constitution. The court chose not to consider the facts of Ms. Vasquez’ claim. For more information on that claim, see this letter from an experienced Oklahoma workers’ compensation attorney. See also: What Happened on the Oklahoma Option?   The Association for Responsible Alternatives to Workers’ Compensation (ARAWC) issued “Oklahoma Option Performance Report,” showing that, despite the new court ruling, the Oklahoma Option has achieved all of its original objectives:

• Competition
• Employer Cost Savings
• Fewer Employee Disputes
• Better Benefits For Most Employees

This aggregate performance data is straightforward and impressive. Path Forward The court provided some guidance for a possible legislative fix to the Oklahoma Option. If employers and legislators in Oklahoma and other states find ARAWC’s Option performance report compelling, the pursuit of new Option laws will continue. The results of this two-year experiment in Oklahoma appear to be concrete confirmation that the meaningful successes achieved through the Texas alternative to workers’ compensation can be exported to other states.