The hard insurance market has made it difficult for agents trying to find adequate coverage for their clients – but hard markets don’t last forever. In fact, there’s reason to believe this hard market will be ending soon. While this is good news, it does not mean that agents should take things easy right now – quite the opposite. As the market begins to soften, brokers must take action to seize the opportunity, grow their books and position their businesses for a stable future. This window won’t last forever. Agents who manage to win customer loyalty now will build a solid foundation for stable growth for years to come.

 Sponsored by: Smart Choice

By integrating an insurance policy management system with other corporate tools, an insurance agency can further improve policy management processes. This article highlights the six most valuable integrations for insurance policy management software a company should consider setting up.

ERP

Insurance agencies use enterprise resource planning (ERP) systems to connect and centralize disparate business processes such as personnel, contract, finance, and customer relationship management, to name a few. 

ERP can consolidate and store vast amounts of data, including claim and payment histories. Integrating with an insurance policy management solution means agents can quickly access the required data stored within ERP without switching systems, enhancing productivity. 

For instance, an agent can quickly check on customer payment history and on related financial data to ensure the customer's financial credibility before issuing an insurance policy or when processing insurance claims. 

See also: 7 Must-Haves for Insurance Software Platforms

CRM

Customer relationship management (CRM) streamlines customer-facing processes such as marketing, sales, and customer support. What is more, CRM solutions consolidate customer data across diverse data sources and form comprehensive customer profiles.  

Integrating policy management software with CRM allows agents to use the information in the profiles about demographics and preferences to personalize insurance policies, boosting customer satisfaction significantly. Conversely, marketing specialists can use the integration to view data about clients' active and past policies (typically stored in insurance policy management systems) to create more targeted and efficient engagement campaigns.

Claims management

Integrating claims management software tools into the policy management system means agents can easily review the conditions and details of a policy when a customer files a claim.

Underwriting 

Integrating underwriting tools means information stored in insurance policy management software becomes available in the underwriting system. Underwriters can make informed underwriting decisions easily, improving accuracy.

Billing and invoicing

Companies can also integrate insurance policy management solutions with billing and invoicing software, allowing for automation of the calculation of premiums and speeding that process significantly. In addition, integration allows for the increased traceability of invoices, which facilitates the overall financial visibility within organizations.

See also: Underwriters Will Thrive With APIs

Data analytics

It is also important to set up an integration between insurance policy management and data analytics tools and enable smooth information exchange. Such an integration can help an insurer study all-rounded policy and policyholder data and generate insights.

For example, a company can assess business profitability and efficiency by analyzing key performance indicators (KPIs) such as policy renewal rates, customer retention rates, or claim rates. A company can predict future customer demand for its services based on policy data, thus improving financial planning. Insurers can also analyze policyholder demographics and craft more targeted and efficient marketing campaigns.

Final thoughts 

Insurance policy management software enables agencies to administer policy issuance, renewal, and cancellation, enhancing work process efficiency. By making this software an integral part of their entire tech ecosystem, insurers can maintain smooth data exchange and accomplish much more. 

Whether an insurer owns an out-of-the-box insurance policy management software or a bespoke solution, an experienced technological partner can help integrate it with other tools. Third-party consultants can assist an insurer with selecting a suitable integration approach, executing and testing integrations, and providing a continuous optimization plan to make integrations more cost-effective and secure.

As businesses grapple with unpredictable economic conditions, insurance premium rates will provide some relief, remaining steady through year’s end. For lines of business dealing with more complex risk such as auto, general liability, and property, an average increase of 6.9% still hit the middle market across the U.S. in Q3. 

With HUB’s Q3 Rate Report predicting stable rates heading into 2025, businesses across the risk spectrum will have a window of opportunity to tighten their risk management strategies, review coverage gaps, and evaluate disaster preparedness strategies. Many businesses are looking to minimize the effects of the real potential for business interruption, as the looming threat of natural disasters, cyberattacks, and geopolitical events continues to present significant challenges. Alternative coverages like captives and parametric solutions will help businesses do this, as well, as premiums push higher in catastrophe-prone regions next year.

See also: The Long Game of Inflation – Dynamic Portfolio Strategies

Navigating a stabilizing market

Planning will help companies strengthen their risk management strategies and secure more favorable terms. Here’s how to stay ahead:

• Refine your current risk management plan. Leverage this period of stability to thoroughly review your risk management program. Ensure your insurance strategy adequately covers exposure, including catastrophe risks. Your broker can offer the insights and support needed to enhance your preparedness for both current and future challenges.
• Stay informed on market trends. Staying updated on rate trends across different lines will empower you to make informed decisions. Engage your broker to prioritize risks and develop strategies that align with the latest market shifts, ensuring that you remain competitive.
• Evaluate your insurers. Recent insurer collapses in catastrophe-prone states such as California and Florida have left policyholders vulnerable. Work with your broker to identify top-rated carriers that provide reliable coverage, not just the cheapest option.

Industry rate outlook for 2024 

Despite the stabilization of commercial insurance rates, key industries continue to face varying challenges. Below is a summary of the projected rate changes as of Q3 2024, along with the main drivers behind them:

Construction: Flat to +10%

There has been some relief in builder’s risk coverage since Q1, but an active hurricane season could quickly reverse this trend, creating a more difficult insurance environment in catastrophe-prone regions. 

Healthcare: Flat to +10%

Rates are stable overall, although nuclear verdicts and rising claims costs may drive rates higher for certain clients.

Transportation: +7% to 12%

Rates continue to rise, especially for high-risk operations, as high as 25%. Strong safety records may mitigate increases.

Commercial Automobile (1-5 Vehicles): +5% to 10%

Rates are stabilizing for smaller fleets, but businesses with severe losses could face steeper increases. Improving industry competition could ease rates.

Commercial Property: -10% to +5%

Recovery is ongoing, but accounts with CAT exposure or non-renewals may still see significant increases.

Real Estate: +5% to +10%  

Frame residential risks continue to face challenges, while larger portfolios and commercial properties like warehouses and high rises are seeing more competitive rates. 

General Liability: Flat to +10%

The outlook here is relatively stable, with most businesses seeing modest increases. Carrier positions vary based on loss experience, location, and program design.

Umbrella & Excess Liability: Flat to +10% 

Competition is growing in higher layers, but complex risks still face significant increases.

Catastrophic Perils: -10% to +5%

Rates vary by exposure, with severe weather zones still facing premium increases.

Cyber Liability: -10% to Flat

Cyber insurance premiums are declining, but recent high-profile breaches like Crowdstrike may signal tougher market conditions in late 2024 and into 2025.

Cannabis: -5% to Flat

Cannabis operations, including growing, processing, and retail, are seeing slight reductions in rates, particularly in more established markets.

Workers’ Compensation: -3% to +3%

Workers’ compensation remains relatively flat, but concerns about rising claim severity and workplace safety are prompting caution.

See also: How AI is Redefining Insurance Pricing Strategies

HUB’s rate guidance is based on proprietary data and insights from brokers and risk consultants across North America. While rates remain steady in many areas, businesses should capitalize on this period of stability to strengthen their risk management strategies. Early engagement with brokers and a thorough review of coverage options will help mitigate future price increases and ensure comprehensive protection against emerging risks.

Fortunately, these days, giving back has become more engrained into corporate culture. Companies are increasingly incorporating philanthropy and social responsibility into their core business strategies. Countless studies show that consumers want to do business with companies committed to social good and that employees want to work for them. 

With helping people at their time of need at the very core of insurance, ours is an industry deeply committed to charitable giving and volunteerism and one that recognizes the benefits giving back can lend to the community, company culture, and the business itself. Illustrating this commitment is the Insurance Industry Charitable Foundation’s (IICF) Philanthropic Index, which that found charitable giving by 120 insurance companies and businesses topped $1.1 billion in 2022, with 94,000 industry professionals dedicating their time to volunteer. Further underscoring the industry’s generosity is the more than $50 million in total community grants awarded by IICF, a milestone IICF will celebrate this year during our 30th anniversary. 

While the community need itself is compelling enough to sustain momentum, fresh thinking and creativity can go a long way toward keeping employees engaged, ready to roll up their sleeves, and willing to give to a good cause. At the IICF, we enjoy a unique perspective, as we exist to unite the collective strength of the industry to provide grants, volunteer service, and leadership in the communities where we live and work. We have learned of incredible philanthropic initiatives by insurers, brokers, and other partners across the industry, launched alongside our own initiatives. For executives looking for a little inspiration on how to engage and inspire employees, while supporting the community, the sky’s the limit. 

See also: Business Models, Product, Value-Added Services

The Top 10

Leaders, employee resources groups (ERGs), and other representatives are thinking outside the box to not only make sure a wide swath of their communities are served, but also so their employees remain engaged. Although it would be impossible to choose our favorites, below, in no particular order, are 10 of the more creative initiatives that companies in our industry embarked on over the past year. We are hoping these initiatives – large and small, hyper-local, regional, and world-wide – will serve to inspire others:

• Assembling solar lights for students in energy poverty: To mark World Humanitarian Day, team members at AIG built small solar lights and wrote messages to children living in energy poverty to help them to study after dark.
• Collecting and assembling career outfits for those in need: Volunteers at Burns & Wilcox participated in clothing donation events and organized 5,000 pieces to refill closets at the Dress for Success nonprofits in Orlando, Tampa, and South Florida. 
• Organizing a virtual 5k for women’s causes: Chubb hosts a virtual 5k annually where participants can compete from anywhere to support women’s causes.
• Participating in a veterans’ walk for suicide awareness: A Veterans ERG at CNA joins to participate in the Chicago 17-mile Veterans Ruck March every May in honor of veterans lost to suicide. 
• Hosting a golf tournament to raise funds for animal welfare: Falvey Insurance Group hosted Fore the Pets, a charity golf tournament benefiting the Rhode Island Society for the Prevention of Cruelty to Animals. 
• Coordinating a birthday buddy program for students in need. HUB partners with a preschool serving children facing food insecurity and serves as “birthday buddies,” ensuring the children receive cupcakes, decorations, and presents on their birthdays. 
• Organizing a team to work outdoors on habitat restoration: In Chicago, Intact Insurance Specialty Solutions volunteers spent a day outdoors helping with habitat restoration at the Blackwell Nursery for the Forest Preserve District of DuPage County, removing invasive plants, separating seeds, and more to support a thriving ecosystem. 
• Coordinating participation in a 9/11 Memorial Walk: New York City employees at Marsh get together annually for the 9/11 Memorial and Museum 5k Run/Walk to pay tribute to those who lost their lives on 9/11, including 358 Marsh McLennan employees. 
• Hosting a wheelchair basketball clinic and donation drive: The Hartford hosted a youth wheelchair basketball clinic and equipment donation drive with celebrity wheelchair basketball player Matt Scott, surprising youth athletes with 50 sports wheelchairs.
• Coordinating support for animal welfare at an area zoo. Members of the World Broker Network meet twice a year for a conference where they assist regional community organizations like the San Diego Zoo’s animal welfare program.

While implementing and supporting their own events, employees at these companies also took the time to take part in IICF’s industry-uniting events, including the following:

• The IICF Step Up Challenge, a four-week exercise challenge that has raised more than $420,000 for children in need 
• IICF’s Fill the Truck Events, such as our Atlanta Fill the Truck Event, which have helped provide hundreds of thousands of meals through regional food banks
• IICF’s annual Veteran Cemetery Service Project and Clean Up at the Dallas-Fort Worth and Houston National Cemeteries, where well over 100,000 headstones have been washed and grounds beautified in honor of our fallen soldiers
• IICF’s Share the Warmth Coat Drive, through which we collected more than 1,800 coats last year in support of One Warm Coat, an organization dedicated to providing free coats to children and adults in need
• IICF’s Share Your Thanks Campaign in partnership with Our Military Kids, where IICF’s industry supporters wrote motivational cards to the children and teens of parents serving in our military to help build their confidence and wellness

In addition to these events, is of course, IICF’s annual Week of Giving, now expanded to Month of Giving, in October, where individuals and groups of volunteers from across the industry take time to get out in the community and volunteer together or do so virtually to celebrate the industry’s enduring dedication to philanthropy and giving back.

See also: Top Employee Incentive Trends for 2024

Making Your Mark

The strongest insurance leaders and team philanthropic coordinators continue to devise robust giving programs that employees find compelling and feel a connection to every day. They understand that to keep the team engaged and eager to participate they need to offer fresh ideas and worthwhile, rewarding, inspiring, and somewhat convenient opportunities.  

To move forward with the right approach, leaders first need to understand the need in the communities around them, as well as the causes their team members feel passionate about. Then, leaders can start to cultivate a program and procure unique and flexible approaches for team members to participate in and design a thoughtful initiative that serves a real need in the community. A great place to start is by connecting with area nonprofit leaders to learn about their priorities to best meet the needs of those they serve. At the same time, gauge the interests and passions of employees through internal communication or a team survey.

In building or expanding a charitable giving or volunteer program, leaders should consider the following best practices: 

• Share stories of impact: A core component to a successful philanthropic campaign is sharing stories demonstrating the impact your organization’s generosity has made. Employees, and consumers for that matter, will want to see a tangible impact. Further, they will want confirmation that leadership is authentic about philanthropic initiatives and that giving back is truly part of the mission and priorities of the company. They want to know the company is not looking to simply check a box. 
• Communicate regularly: Communicating your initiatives broad and wide is critical, whether through emails, social media, or another channel. Keep in mind that people like to communicate in different ways. Where some are responsive to emails, others may prefer texts.
• Provide options and flexibility: With many employees working remote or hybrid or facing other challenges, it’s critical to take accessibility issues into account when designing a philanthropic campaign. Offer virtual volunteering or a donate-only component to cater to those with limited time or those who are unable to be there in person. Consider designating a volunteer time or a sponsored company volunteer day, allowing individuals to better plan to give of their time. Or consider incorporating a volunteer component into existing meetings, when many employees will already be making themselves available. 
• Offer incentives to employees: Employee matching programs have proven to be highly successful over the years, helping charitable giving campaigns reach new heights. Another means to encourage employees may be to offer special prizes. For example, AmRisc holds a drawing for prizes for everyone who attends their regular corporate citizenship meetings. 

While charitable giving and volunteerism have always been a focus for the insurance industry, it is now at the forefront as leaders define philanthropy as a core business goal. As new leaders enter the workforce, they continue to make it clear they are seeking meaningful work. In return, employers need to engage authentically with their employees and their communities by making giving back part of their everyday priorities. Support from the top and fresh thinking will help companies continue to breathe new life into their philanthropic programs, providing key resources for the communities where they live and work for years to come.  

Individual company applications can work against consumers by making it harder to shop for carriers. 

For example, you complete an application for a consumer for a specific life insurance company but don’t receive the rating the client deserves. Now what?

You now have an application, a paramedic exam, lab results, and medical records. You decide that, in the customer's best interest, you want to apply to another company for a more competitive rating.

You must complete a new application and start the process from the beginning. Why? Company #1 paid for the exam and medical records. The records belong to that company, not the agent or customer. Most of the time, the first company will not release these records.

As a result, agents, brokers, and consumers often settle for a less competitive company and rating and more expensive product. Who wins? It’s never the consumer.

See also: Revolutionizing Life Insurance Uptake in Younger Markets

What a possible solution would look like

• A universal application would provide the most comprehensive information because it would be redesigned to incorporate questions that the most conservative carrier would ask.
• A universal application could also be used as a preliminary inquiry form that can go to more than one carrier simultaneously, saving duplication of efforts.
• The medical records would belong to the broker/agent company that ordered the records and would be available to all underwriters who would review the application.

Obstacles that will need to be overcome first

• Would current HIPAA and compliance restrictions to personal customer information need to be revised?
• Who would pay for the paramedic exam, labs, and medical records, and where would these records be housed?
• Would carriers be able and willing to underwrite a “shopped” application in which they compete to win the business?

Pros and cons to each party

• Carriers: Less competitive carriers will not want this process. Carriers can use their captives to sell less competitive solutions.
• Captive and affiliated producers: This process will encourage and force these producers to consider alternative solutions when their company is not the best fit or offers the best solution.
• Independent producers: This would allow producers to comply with Reg 186 Best Interest Rule by ensuring customers a best-interest look at their options.
• Third-party intermediaries: Their productivity and ability to shop multiple carriers would increase drastically.
• Customers: There are no cons for the customer, only upside. This one application will streamline the process, speed up the underwriting and approval process, give consumers valuable alternative solutions, and comply with the best-interest methodology.

See also: Solving Life Insurance Coverage Gap

Life insurance companies, lobbyists, and regulators

• Who will lead the creation of a comprehensive, universal life insurance application? Will insurance companies be allowed to opt out and maintain their proprietary applications?
• How will HIPAA and compliance guidelines allow for the access and storage of confidential medical records, or will they be revised?
• How will the cost of client acquisition be handled? Who will pay, who will own, and who will be responsible for the compliance requirements of confidential medical and health information?

When public and private sector institutions depend on your data for critical defense and investigation contexts, there is very little room for error. And as a first principle of security operations, in particular, and information technology, in general, it is critical to set up, maintain, and re-evaluate standardized and replicable processes for situations like security reviews of new software requests from the rest of the company. This is especially true with software-as-a-service (SaaS) offerings that provide less visibility than traditional on-premises software.

Enter the artificial intelligence hype cycle and the glut of generative AI (GenAI) functions being shoehorned into nearly every application on the market, as well as entirely new GenAI-powered services not available previously. This new wrinkle of GenAI complicates the security review process for a number of reasons. Among them: 

• The novelty of the GenAI business sector compared with more traditional models brings with it uncertainty about some technology impacts and direct concerns about others.
• The complicated nature of GenAI data processing and underlying and often interweaving data flows in and out of multiple companies, increasing data exposure to multiple entities.
• The extractive nature of many GenAI services feeds all available data into training datasets as pristine training data becomes more scarce, and a regular disregard for user consent as GenAI models cannot consume their own output for training data.

Given these and other concerns, our security operations team has completed a large number of software security evaluations according to a general framework that seems to be working well so far. We’ll go into it here in the hopes that it can help other organizations inform their own software review processes and reinforce their security posture in an uncertain and fast-changing environment.

(For those SecOps practitioners looking solely for advice related to generative AI, you may want to skip directly to the section titled “Grab a Coffee and Hit the Books,” as it discusses specifics like data processing addenda.)

See also: A Reality Check for Generative AI

The Importance of Self-Evaluation

Any security review, whether it’s an internal vulnerability, geopolitical concern, or external new software request, must be rooted in a regular and accurate assessment of your own organization, company, or institution. There is no “One Size Fits All” risk profile - take a look at the industry you’re in and the threats it faces, as well as the data and services you’re responsible for protecting. A shoe sales company charged with protecting employees, customers, and commerce data has a very different footprint here than a company that provides intelligence feeds to investigators and defenders. A public safety agency has a very different footprint than a private incident response company. Understand where you sit and what the environment looks like around you, and let it inform your security posture.

Also prior to taking on the review of external software, ensure you understand the new request and its use cases. What data will be actively exposed to this new software, and how critical is it? Is it the crown jewels of customer data, proprietary source code, sensitive business operations, or is it aggregated open-source data available elsewhere? This is especially important when it comes to SaaS offerings that integrate with multiple other services. If the software wraps around Salesforce or Github, you’ve got to go deep.

Can I Get a Vibe Check?

Start with open-source research around the software and company. Ensure the product is actively developed or at least maintained as needed, with security updates prioritized. If it’s stale and the last update was a year ago, it should not be a contender for active use within any of your workflows. Threat environments and vulnerability ecosystems simply change too fast at this point. 

Evaluate the company’s response to security issues either in the media or through Github. Were they responsive or dismissive? Does their update cadence dovetail with your own risk profile, or is it too spaced-out to trust for your purposes? Also evaluate company maturity. If they lack a trust center and data processing documentation, or if their documentation or support system is through Discord, that is not a mature solution. Not every company possesses the resources for these steps, but always remember: Not every company is going to fit well with your company’s risk management posture.

See also: How Gen AI Changes Everything in 2024

Grab a Coffee and Hit the Books 

Now it’s time to focus on the deeper documentation that’s found in places like a trust center. Any software you’re evaluating should be able to make available documents like a SOC2 or ISO27001 certificate, recent penetration testing reports or attestations, and elements of their business continuity/disaster recovery plan. There are reasons some businesses may not be able to produce all of these, but if they cannot provide any, allow your skepticism to deepen. 

For the above-mentioned documents, be sure to check effective dates to ensure they're not years-old, but also, if the company provides multiple years of something like pentest reports, take time to leaf through them. See if the same vulnerabilities show up year after year; or if the company is serious and responsive enough that they act fast and remediate discovered vulnerabilities during the course of the testing period, which is no small feat. Pay attention to whether the software company retains formal pentesting firms, skips from one firm to another to another across multiple years, or only engages in unfocused and less-effective testing like bug bounty platform advertised testing periods. This will all speak on some level to what’s going on underneath the surface.

For generative AI, in particular, one of the most crucial documents you’ll have access to is the company’s data processing addendum (DPA), which should be public and easy to access and understand. This is a legal document usually established as an addendum to the terms and conditions of a service that covers data processing according to one or several geolocated standards such as GDPR. The DPA should also list all data subprocessors that a company has contracted with, their location, and a general description of their function in relation to your data. Pay attention to the geolocation and breadth of data exposure, and ensure it meets or exceeds your risk management needs. Some DPAs have five or six subprocessors; some have dozens. Some companies only contract subprocessors in the U.S. or E.U.; some include countries you may not want to come within miles of your data. 

For extra points, if you analyze the DPA of each subprocessor in turn, you see the first and second order of your data exposure. It’s not usually a pleasant sight.

Reading through the DPA, pay special attention to what standards data is held. More mature organizations will stick to U.S. and E.U. best practices, especially GDPR; whereas companies you should avoid will use boilerplate language that points to non-U.S./non-E.U. data processing and “equivalent standards.” If the implication of a DPA is that your data can be sent off to completely different regions of the world with no sworn legal protections, it is time to find a different solution. The DPA will also provide background information on the standards the software company holds its subprocessors to. In this section, what you want to see is language along the lines of “a written agreement with each subprocessor that imposes data protection obligations no less protective of personal data than those set out in our agreement with our clients.” Addenda lacking that kind of language often provide purposeful loopholes for subprocessors that are actually “data partners” -- and are probably extracting data for unstated purposes without your consent.

More than any other SaaS segment I’ve performed security reviews for, services with generative AI components have complex and problematic data subprocessor lists. Tracking back through third- and fourth-order subprocessor lists, you quickly find many of the smaller companies are just white label packages for the larger GenAI firms, and most of the larger GenAI firms are connected with each other. You also find recurring patterns and recurring single points of deep exposure, such as data warehouse Snowflake -- if that name sounds familiar, it’s because multiple Snowflake datastores were continuously scraped by unauthorized third parties, sometimes for months, resulting in a swarm of pivot compromises for companies storing data there as well as those relying on those companies as vendors. 

Before completing a security review, you should ensure you understand the data exposure caused by the new software’s subprocessor list, as well as specifics on data geolocation and any possible data shifts outside of approved regions. Also ensure the DPA specifies how and when the subprocessor list will be updated, and how notifications occur. Forthright companies email customers about subprocessor changes with proscribed periods to opt out before the changes take effect. Questionable companies require you to somehow monitor the DPA page for updates yourself.

Another specific callout is training data. If you are left with any questions whatsoever as to whether your data will be extracted or analyzed for training datasets, ask the specific question and get the answer in writing. More than a few companies provide robust-looking data policies that leave specific loopholes in place and avoid answering when asked -- make it a key piece of your inquiry, and make it clear that approval hinges upon the company’s answer. 

Repeat the process for any plugins, extensions, or other add-ons your internal use case inquiry identified. If you thoroughly vet the web app but the Gmail plugin is trivially compromised, your data is still gone.

Conclusion 

At a high level, the process of evaluating GenAI software requests takes the following form, adjusted to fit the particular organizational needs:

• Define your own organization’s risk profile and threat environment.
• Understand the software use case and request, as well as what data the software will touch and the scope of exposure.
• Confirm the software is in active development or at least active maintenance, and not stale/unmaintained.
• Research the vulnerability history of the software and company and their responsiveness to security issues.
• Access trust center materials to understand the deeper context (SOC2, ISO27001, pentest reports, BCDR).
• Analyze the company’s data processing addendum and its DPA update notification protocol.
• Repeat these analysis steps for any plugins or extensions.
• Ask specific questions about the extraction of data for training datasets.
• If no chart is provided, chart out the data flow between your systems and theirs to understand how complex the paths are, and how much attack surface area they represent.

We are in a liminal period -- the old signs have fallen before us, and new trails must be blazed as generative AI software and features crowd most markets. But we aren’t at a place of stability or certainty. While we move through what’s likely to be the horseless carriage phase of Generative AI, security operations and similar teams must move carefully and deliberately, ask hard questions, and analyze dull documents. Establishing flexible frameworks for software security reviews that pay special attention to trust-related and data processing documentation eases the burden and helps inform critical business decisions as we all adapt to changing conditions while seeking to arm our colleagues with the best technology available. 

The future is on-demand. The way we access services like taxis and purchase our groceries and pizzas has changed forever – and the on-demand economy is now exploding, expected to reach $335 billion by 2025, according to PwC research.

Our research has found that the number of hours that Americans are driving for on-demand economy apps has increased significantly over the past year. A majority of drivers (73%) say they are driving longer hours than just a year before – with 44% saying their driving hours have at least doubled. Yet, there’s still slow progress toward building suitable commercial auto insurance products and services for the drivers fueling this economy.

For on-demand economy apps, drivers in the U.S. may require additional insurance – which varies between rideshare and delivery, as well as by state regulations, meaning traditional insurance policies can struggle to satisfy the needs of individual drivers. Very often, the buying experience for commercial auto insurance is not in line with modern day experiences. Drivers who need to apply for commercial auto insurance often have to visit a brick-and-mortar store with a broker, who then submits the application to the underwriters at the carrier. Getting insurance can take days, meaning the driver is forced to stop working and earning.

Apps such as Uber, Lyft, Amazon Flex, and DoorDash have already made the purchasing experience for customers almost seamless, with embedded payments and transactions. However, we also need to cater to those who are driving the on-demand economy – the drivers. 

Just over a quarter of drivers (26%) told us they believe that on-demand platforms should make efforts to offer better pricing for insurance to their drivers, and 25% say the platforms should also offer advice and assistance when drivers are buying insurance.

For the on-demand economy to continue to flourish, on-demand drivers must have the right insurance products to match their on-demand driver needs – and yet their purchasing and claims experiences are often the complete opposite to those of consumers. 

What do do?

The answer is to embed insurance into the apps and work with insurance partners to develop products for on-demand drivers. Insurance companies need to start using data from these new sources, particularly from the platforms for delivery or trip data, alongside claims and other proprietary datasets relevant to the on-demand driver, such as speed, incidents, driving ability, and safety. Insurers must also use technology to complement their industry experience.

Why Embed Insurance for the On-Demand Economy?

While embedded insurance has become a popular concept for consumers, who now often tag on protection at the point of purchase for items like concert tickets, travel, health, and car hire, the commercial auto insurance industry is just starting to realize the benefits. 

By purchasing insurance products and making claims via apps linked to on-demand platforms like Uber and Amazon, drivers can receive a seamless, frictionless experience that quickly matches them to the appropriate coverage for the type of work they do (transportation or courier, for example), factoring in a myriad of data points, including duration and location.

Effectively, embedded insurance eliminates the need for drivers to go through additional manual steps or fill out complex forms to obtain auto insurance, as all the data is collated from the platform or app. Platforms offer insurers a direct link to the driver, sharing data that enables better underwriting, leading to improved loss ratio and competitively priced insurance products. Drivers are not only matched to appropriate insurance but also covered for risks they didn't realize they needed to insure.

As a result, drivers can simply ‘tap and drive’ with the confidence that they are comprehensively protected at the right price. The outcome is drivers getting more suitable products; platforms having more content drivers; and insurers getting better underwriting results, making it a win-win-win for all three: the platform, the driver, and the insurer.

See also: The Challenges of Embedded Insurance

Driving Innovation Through Partnerships

On the face of it, this sounds simple – but embedded commercial auto insurance for the on-demand driver requires a specialist skillset and deep knowledge of both insurance and technology. The two cannot work independently of each other. Capacity and reinsurance companies need to see proof that their partners understand the complexity of commercial auto insurance.

On-demand platforms provide insurance companies with a novel opportunity. The amount of data they produce creates an opportunity for insurance companies to assess risk in different ways and create new pricing models for potentially better results.

This data is extremely important when underwriting policies, especially in a country as complex as the U.S., with state, city, and even federal regulations. With many insurtechs focusing on the technology and not fully understanding the insurance element, loss ratios have taken an unprecedented hit, and capacity and reinsurance partners have become wary.

For the insurance industry to truly meet the needs of its drivers and partners, it must successfully combine tech and data innovations with insurance incumbents’ decades-long expertise and partnerships with platforms like Uber and Amazon. This approach creates a symbiotic relationship among the platform, the insurer, and the insured (driver), meaning on-demand products can be developed, such as Amazon’s embedded wallet solution, Pay-as-you-Flex. Thanks to the embedded partnership with the platform, coupled with the quick capture of the market, the unit economics are extremely positive. A wallet solution like Pay-as-you-Flex ensures that drivers, platform, and capacity partners have peace of mind that the right policies are delivered at the right price.

Embedded partners can help insurers to gather bespoke data about customers’ driving experience automatically. For example, through Amazon we can access information about the shifts that customers are driving for Amazon, enabling us to combine claims data, inferred location data, and information provided by the customer to ensure complete coverage, as well as price the risk fairly for all parties.

Combining data from the platform, from claims, and from other proprietary datasets relevant to the on-demand driver, such as speed, incidents, driving ability, and safety, ensures that coverage is comprehensive and adaptable to the type of work the on-demand driver chooses to do. Embedded insurance offers on-demand auto insurers the opportunity to leverage all this data, including claims information. Claims play a huge role in insurance: By embedding the claims process into the app, insurers can capture even more data for future policies and foster driver loyalty.

Role of AI and Machine Learning

On-demand drivers’ commercial auto insurance requires a myriad of insurance data, including location, weather, vehicle type, how the vehicle is used, where it is parked, miles driven, hours driven, driver history, driver work location, and driver insurance claims. We also use the data from any telematics to assess driver safety and speed, for instance, alongside data from the apps on-demand drivers use. Then we have associated biases that need to be factored in to ensure the technology is supporting the underwriting team to issue fair policies for on-demand drivers and the platforms they use.

In the U.S., many insurance products operate in the admitted space, which essentially means a state’s regulator signs off on your pricing and underwriting. The regulator is generally hesitant to approve "subjective" pricing, which makes it almost impossible to add AI to the pricing side of the equation.

To address this, insurers should focus instead on using machine learning to help refine data models before they’re used in real time. For example, we model our data inside Google Big Query using AutoML as part of our pricing strategy where we can potentially identify pricing factors, such as historical driver behavior, environmental or geographical factors, and seasonal or temporal factors, that we may have not spotted before, as well as identify trends with fraud and higher claims volumes. These insights are analyzed by our actuarial team to allow them to apply their experience to adjust prices and underwriting criteria, as well as remove any biases. 

See also: Beyond the Hype on Embedded Insurance

Putting the Focus Back on Drivers’ Needs

Embedded insurance, when deployed effectively, enables drivers to access the exact level of coverage they need to match their work and lifestyles, and helps insurers make sure that coverage is comprehensive and adaptable to the type of work the on-demand driver chooses to do. This helps to mitigate any risk of alienating drivers who have chosen flexibility and financial control over traditional working patterns, as well as delivering insurance products where drivers can easily access them – keeping them on the road and earning.

Paul Carroll

We all hear agents and brokers complain about having to deal with compliance issues, but we also know how important compliance is. To start us off, how would you describe the main pain points for agents and brokers?

Jenn Knight

Compliance is essential, but complying can be quite difficult – largely because many processes remain manual, navigating regulatory nuances state-by-state is challenging, and engaging with carriers post-application can be a slow, black-box process. As a result, agents and brokers are often waiting weeks, or months, to get access to the products that best serve their client base – which hurts their clients and their book of business.

When the compliance workflow is streamlined, agents and brokers can focus on what they do best - supporting their clients in getting new policies, working through claims, or adjusting their coverage to better suit their needs. When it’s not, agents and brokers lose time with their clients to focus on the paper chase.

As you noted, compliance is critically important for the industry, and the ultimate question comes down to how to most efficiently manage that workload relative to client-supporting work.

Paul Carroll

How do recent developments in generative AI help address those pain points?

Jenn Knight

In my view, it remains to be seen exactly where generative AI will assist in compliance pain points specifically. Insurance regulation is complex, and specialized training will be needed for any models introduced in this space.

Overall, we do see an opportunity for generative AI to assist in areas that currently take a large lift in data review and analysis, particularly around many data elements that go into the regulatory profile for a producer.

Generative AI was made to take complex, disparate pieces of data and use pattern recognition to develop better, more efficient ways to sort and manage it, as well as surface insights and learnings to help inform decision-making. We believe leveraging generative AI as a part of the onboarding review process can lead to efficiencies for the administrative teams ultimately responsible for compliance checks. 

The administrator will still play the decision-making role, but when fed high-quality data, the AI can create great efficiencies for that individual. This will ultimately result in data-driven decisions happening more quickly, which results in faster onboarding and response times for the agents and brokers.

Paul Carroll

Are there other technological improvements that are also helping?

Jenn Knight

There are many building blocks that are required before the introduction of generative AI, primarily focused on high-quality capture of operational data. For any company evaluating the best tools to implement, they need to start by looking at the intersection of internal knowledge and contextualized data in the organization. In addition, any solution used for compliance, onboarding, or other distribution management will require some degree of maintenance as rules and regulations are constantly changing.

To unlock future efficiencies, it’s important to have a technology stack that creates a virtuous cycle of quality-data-in and quality-data-out. This can start with more basic features such as ensuring data is validated at capture and stored in a centralized database for further analysis. More complex features involve codifying business rules in a machine-readable format to move compliance knowledge from an individual into an accessible system. Investing in technology solutions with these building blocks allows for immediate efficiencies in today’s workflows and creates the baseline for future workflows supported by generative AI.

Paul Carroll

We hear a lot about AI’s “hallucinations,” which could be a disaster in a compliance setting. How do you prevent them?

Jenn Knight

Ultimately this comes down to AI best practices - training models on a controlled and validated set of compliance data and conducting rigorous quality assurance with compliance experts to flag inaccuracies.

With data, it’s “garbage in, garbage out,” and this can be amplified with AI models. The data needs to be accurate, updated, and well-organized for AI to deliver on its promise. If that is not the case, and the data isn’t high-quality, hallucinations and biases can result, alongside other inaccuracies. It’s one of the reasons we are so focused on getting the best data, especially in the area of compliance, ensuring it can be captured across the value chain so all stakeholders are able to reap the benefits of AI technology.

Paul Carroll

If you project out two, three, or five years, what is your vision for how compliance will be handled in an agency or brokerage?

Jenn Knight

As I look ahead to the coming years, I am excited about a future where compliance workflows at an agency or brokerage transform from a manual, siloed process to a data-driven, integrated workflow that can drive additional value to the agency and agent beyond the baseline of meeting the obligation to sell products. Compliance data is rich and informative, but it is currently locked in spreadsheets, PDFs, and people’s minds. Moving that data into structured forms will allow us to unlock insights for the agency and agent on where to best spend their time and can move us away from the paper chase and to a model where the more an agent participates, the more value they receive from the process.

Paul Carroll

Any concluding thoughts?

Jenn Knight

When we started AgentSync almost six years ago, it was with a simple premise — the industry needed better infrastructure to align all the disparate points of the value chain to more effectively and accurately share information. After all, insights are only as good as the data going in. This is especially true when it comes to compliance.

We keep data up to date with a two-way daily synchronization to the industry source of truth and can integrate that data through the system – surfacing licensing and appointment data in commission payment systems, background checks, agent management, and other areas. There is increased visibility with smart automation integrations that can stop compliance violations before they happen – which also makes for better distribution relationships.

As technology advances, we believe it will represent meaningful opportunities for progress. I’m reminded of a customer who told us, “We were self-reporting licenses to all 50 states, which took six weeks to do manually through the NIPR website, one agent at a time…. That same thing would have taken less than a week to do with AgentSync.”

Many of the challenges still stem from poor infrastructure, which is what we’re solving — capturing data effectively and using it to build efficiencies that improve workflows.

Paul Carroll

Thanks, Jenn.

Turbocharging the Modern Insurance Agency

About Jenn Knight

Jenn Knight is Chief Technology Officer and co-founder of AgentSync, where she leads the product and engineering teams as they develop a frictionless, modern solution to some of the biggest pain points associated with producer management – broker onboarding, contracting, and compliance management. Jenn and her co-founder and husband, Niji Sabharwal, believe that using technology to solve back-office bottlenecks will empower scaled innovation across the massive, fragmented insurance industry. As one of the industry’s leading Salesforce developers, Jenn has helped solve back-office problems for leading technology companies including LinkedIn, Stripe, and Dropbox.

GlobalData’s recent "Big Data & Personalization in Insurance" report was revealing. It highlighted how advancements in technology and changing consumer preferences are leading to a greater focus on personalizing policies. According to the report, personalization has the potential to transform the relationship between sector and customer, something that’s desperately needed when you consider waning trust scores globally.

Personalizing policies is what insurers try to do, and in many ways often achieve. I’m a good example. I have two car policies with the same insurer, both at the same core level of insurance.  Each vehicle serves a different purpose and has distinct usage, requiring tailored insurance., like adding a courtesy car option for one but not the other. This is a good example of adapting a policy product to meet my specific needs.

But here's the thing. Personalization requires vast amounts of technical complexity, stitching and integrating into systems through mainframes and so on. The legacy problem is well documented. Monolithic, unscalable, and constraining technologies and architectures make change in insurance an almost impossible task. 

The result is that truly valuable policy adaptation and personalization is where constraints really start to bite.

The tapestry of technology and connections makes changes to policies and experiences much more complex, especially mid-term or in renewal. Simple things like windscreen repairs become disjointed experiences when you move into the claims process. As a customer, you realize that personalization was just an illusion of digital.  

Despite vast amounts of potential, we still just fill in online forms that were once offline forms. Try to move into the call center experience to clarify any questions you might have on the quote, and you’ll likely have to start the process from scratch.

No, adding our names on top of cross-sell emails or sending me birthday wishes does not count. 

The problem is that insurers are set up as value chains focused on policy production and sales, not as customer-centric systems capable of adapting to people's lives.

See also: How to Customize Insurance for Gen Z

Insurer or E-Commerce Business Selling Insurance? 

During a recent conversation with an insurer client, I was struck that they now sit firmly in the middle of a scale where the operational design of an insurer is at one end and an e-commerce business model is at the other. My client displays both characteristics.

Sure, they "manufacture" insurance and have all the core skills - underwriting, pricing, product, and so on - but, they are built around customers, data fluidity, and turning insights into actions through a different working model.

They demonstrate an enterprise design change. The operational capability and the working model are both transformed to be highly collaborative, multifunctional, data-led, customer-first, and technology-capable, Their teams move from idea to outcome seamlessly in comparison with their peers. They create value fast and with far lower barriers to change. The difference is profound.

Like an e-commerce business, they:

1. Are built around the customer and not just capable of thinking of the customer first.
2. Treat data as a perishable asset, constantly mining it for insights and acting on those insights holistically (no sticky plasters).
3. Collaborate through a working model akin to that of a software developer business, which means managed innovation or continuous change.
4. Reduce the time span for change, for things like genuinely new products, from months to weeks. They do this based on key performance indicators (KPIs) that are constantly improving, shifting from lagging indicators to leading indicators. Everyone starts to look forward at what's possible rather than backward at what's wrong.

These four characteristics are defining for competitive success in insurance. They underpin what it means to be more adaptive.

This is the essential element: Adaptation will become increasingly fundamental to insurers, which need to face changing environments, customers, businesses, and regulation at ever-increasing rates.

Orchestrating Value Into Customer Relationships

Personalization becomes built in, not something we try to build on top. It’s hard-coded into the system and business. The customer has the flexibility to operate self-sufficiently or engage in human-to-human support systems. 

This all begins to make them feel very different about insurance. 

Relationship orchestration is about moving beyond policy selling, annual retention, occasional cross-sell, or, God forbid, a claim, to cultivating a deep connection with the customer. That connection is achieved by becoming active in their lives, capable of providing a holistic view of their insurance needs, and exploring the creation of completely new propositions. These new propositions are then delivered at low cost, in a short time, through high-learning-based cycles. 

Products that operate in real time (e.g., usage-based), are seamlessly embedded in experiences or can be easily activated or deactivated as life changes. Products can be combined to add further value. 

This is the essence of relationship orchestration. It’s where the potential lies for insurers to form trusted, more meaningful relationships with customers. 

The trust issues in insurance today are largely overcome when customers feel supported, in control, and able to choose their experiences rather than endure them.

See also: How AI Can Lead to Personalized Medicine

Let's Get Personal

According to McKinsey, 76% of consumers expect personalized experiences and 71% get frustrated if they don’t get them. Bridging the gap in insurance between technological possibility and customer expectations isn’t an option, it’s an imperative. 

The benefits for insurers are often more profound than in other sectors. Retention, as an example, has a far greater overall impact on the way insurers can price and operate their businesses than is true of other industries. Acquisition is hard, and often has pricing implications across the board. 

Increased engagement can lead to risk mitigation and higher revenue. Equally, moving from one-off policies to multiple holdings massively reduces the cost of a customer in relation to their overall value. Yet cross-sell rates and value-added, multi-product offerings are in woefully short supply.

This all means that personalization isn’t optional or desirable. It is mandatory, and key to insurers' corporate strategic goals. With the right foundations, it's also entirely possible.

The recent CrowdStrike outage and disruption to businesses of all sizes has refocused attention on the value of cyber insurance for non-malicious losses. While cyber insurance is known to protect organizations against the financial losses associated with a cyberattack, most cyber policies go further and extend coverage to business interruption loss when technology fails to work as intended. This is called “systems failure” coverage. 

See also: Embedded Artificial Intelligence (AI) in Financial Services

What Is Systems Failure Coverage?

Systems failure coverage has been provided by insurance companies under cyber policies for years. This coverage grant provides indemnification for net income loss and extra expenses associated with a degradation or failure in technology – a systems failure – not caused by a cyberattack. Some policies also extend coverage to include dependent or contingent business interruption losses associated with a systems failure. This extends coverage to loss by the insured if a vendor of theirs is affected by a technology failure or degradation, and, as a result, the insured suffers a net income loss or incurs extra expenses.

How Were Companies Affected by the CrowdStrike Outage?

In July, CrowdStrike introduced a faulty software update affecting its users’ ability to run the Windows operating system. Organizations across multiple industries – aviation, healthcare, financial services, even Time Square billboards – experienced the Windows BSOD (blue screen of death), rendering their computers unusable.

The outage even affected organizations that were not direct customers of CrowdStrike, due to the interdependencies that exist in today’s technology supply chain. Hence, organizations that depended on vendors that used CrowdStrike to run their business also suffered from the outage. In both instances, the cyber insurance policy may have been triggered via the systems failure or dependent/contingent systems failure coverage provisions. As such, coverage for lost revenue and remediation expenses may have become available under the policy.

Impact on Cyber Insurance Carriers?

While many saw the CrowdStrike outage as the most significant cyber accumulation-loss event since 2017, that has not proved to be true. Several factors mitigated the potential total insurance cost, which ranges from $400 million to $1.5 billion. To understand how policies may have responded to this event, the following coverage terms should be considered:

• The waiting period must be met. This is 12 hours on most cyber insurance policies.
• The retention (deductible) must be met, which varies by policy based on how it applies in relationship to the waiting period. Approaches fall into the following categories:
  • Waiting Period and Retention - After the waiting period elapses, the retention applies to all losses.
  • Greater Amount of Loss Incurred – Either the retention or the amount of loss incurred during the waiting period applies, depending on which amount is greater.
  • Qualifying Period – Once the waiting period elapses, the retention applies back to the start of the loss.
• The period of interruption, which is a defined term referencing the period from the start of the interruption/degradation through its conclusion, may cite a computer system or network outage only, or may extend to a disruption of “normal business operations.”
• For a vendor to be recognized as a dependent or contingent business under the policy, a contract may be required to be in place between the insured and the vendor.
• Sublimits for dependent or contingent business interruption systems failure coverage became market standard during the 2020-2022 hard market but have largely been eliminated.

While these considerations may have applied to losses from the CrowdStrike outage, many organizations were able to restore their computer systems within a brief period thanks to significant investment in incident response, business continuity, and disaster recovery processes. 

Currently, the CrowdStrike outage has not affected cyber insurance pricing. Cyber continues to be a buyer’s market.

See also: An Often-Overlooked Business Interruption Risk

What Can Companies Do to Maximize Recovery?

To make sure they are getting the broadest available cyber insurance coverage, companies should partner with a specialty broker that is an expert in cyber insurance – both from an underwriting and claims’ negotiations perspective. The market for cyber insurance is dynamic, so policies should be reviewed annually. Additionally, companies should use risk quantification and loss modeling, not just peer limits benchmarking, when making decisions on cyber insurance limits.

Given that organizations continue to rely on technology vendors, it is imperative that they carefully review and negotiate contracts, especially with regard to limitations of liability and indemnification provisions. These provisions transfer risk within the scope of the contract, in terms of if and how each party is financially responsible. Companies should also consider which vendors in their technology supply chain are critical to their business operations and contract directly with those vendors. 

Lastly, failing to plan often ends badly. Well-drafted incident response, business continuity, and disaster recovery plans can limit downtime. These plans should include a list of information needed to maximize insurance recovery. Plans should be updated regularly, as well as practiced and refined through training that includes all relevant corporate stakeholders.

The Takeaway

A comprehensive approach to cybersecurity involves not only policies, people, and procedures but also regular investments in technology infrastructure and partnerships. Companies should routinely assess their cyber insurance policies and vendor contracts to ensure their balance sheets are safeguarded against technology disruptions. Understanding how much risk can be retained versus transferred via insurance is key, given the variation in policy language. Developing strong incident response, business continuity, and disaster recovery plans is essential to maximize recovery. The CrowdStrike outage should serve as a warning for organizations to up their game and avoid striking out on financial loss recovery.