Property and casualty insurers are as rich as Croesus, awash in capital and having a tough time figuring out where to put it. They can certainly invest (and largely do) in the equity and bond markets, but the paltry returns give deep pause for additional consideration. So a few insurers are stashing at least some of their cash in a venture capital fund.

As cash piles grow bigger, property/casualty insurers that have had limited success in launching new technologies to support their businesses are now choosing to buy rather than build. Over the last two years, roughly a half-dozen property/casualty insurers have formed venture capital funds, among them AXA, XL Catlin and American Family. Not only do these funds present the possibility of big winnings by betting on an investment in a unique start-up venture, these same ventures may be of use to the companies in their underwriting, claims management and sales and marketing strategies.

The industry has long been branded a technology foot-dragger, the perpetual latecomer to the digital party. Potential disintermediation by established technology players Google, Amazon and Apple is the 800-pound gorilla sitting in the boardroom. Few insurers were prepared, for instance, when Google launched Google Compare to sell automobile insurance. Even fewer imagined Zenefits, a start-up on track to displace insurance brokers in the provision of employee benefits. The company in May was valued at a staggering $4.5 billion.

Why didn't a seasoned insurance company or brokerage invent Zenefits, which allows small and mid-size businesses to manage employee benefits in a very simple way? Chalk it up to a pronounced lack of leadership and intellectual capital-visionaries and software architects with real technology chops.

Insurers simply have not grown their workforces to spawn the technology leadership of a Steve Jobs, much less the programming savvy of a Steve Wozniak (Apple's founders, of course). While many carriers are just now beginning to create digital ecosystems, they'd like to goose the process. That's where the venture capitalists come into the picture.

"We've been investing a lot of time and money in process improvements and digital technologies, but the truth is we weren't doing particularly well in getting access to new and innovative ideas in the insurance and technology spaces," conceded Manish Agarwal, general partner of AXA Strategic Ventures, a venture capital fund launched by AXA in February 2015. "We weren't seeing the ideas that could be game-changers."

Other carrier venture capitalists were set up for the same reasons. "Not all the innovation happens inside our company or inside our industry," said Dan Reed, managing director of American Family Ventures, the venture capital fund formed by American Family Insurance in 2013. "A lot of brilliant stuff happens outside the marketplace."

Just the stuff these carriers are looking for, too. Their venture capitalists are investing millions of dollars to buy small stakes in a stellar array of extremely innovative businesses, most of them creators of novel digital technologies that may be useful to the funds' parent companies in future.

"We're looking to fund or create ventures that can significantly improve the cost or the effectiveness of insurance," said Tom Hutton, managing partner at XL Innovate, the venture capital initiative launched by XL Catlin in April 2015. "These include new models for providing, distributing and capitalizing insurance."

As the old refrain goes, "If you can't build it, buy it." Besides, why should the venture capitalists at big firms like Andreessen Horowitz have all the fun and make all the money?

You Gotta Put It Somewhere

Property/casualty insurers may well be smart in their decisions to launch venture capital funds to invest in myriad tech and other startups. The challenge for the industry in recent years has been where best to invest its massive cash hoard, built up from years of low losses, particularly on the property-catastrophe side of the house.

Meanwhile, the pile is growing, according to a study by BlackRock last month (October 2015). With all this excess money lying around, the asset management firm believes that insurers are experiencing trouble determining where to invest it. That's causing more than a few insurers to simply sit on the cash, sticking it under the mattress like Grandma used to do.

Certainly, every insurer would like to buy more high-quality bonds, but there aren't enough to go around. Consequently, 40 of the insurer respondents to BlackRock's study plan to use derivatives to gain exposures to assets they'd like to buy but can't. Others are turning to alternative assets with longer-term yields matching their liabilities, such as infrastructure debt.

Then there are those placing their bets on a tech start-up becoming the next Uber or Zenefits. Not that this is unique. "Insurers have always made investments in areas that were either directly or tangentially aligned with their business models," said Robert Hartwig, president and chief economist at the Insurance Information Institute.

In the 19th century, insurers were heavy investors in railroads, Hartwig noted. In the post-war 20th century, they were big investors in real estate, "looking to both diversify their investments and generate an additional revenue stream off a physical asset-in this case property and buildings," he said.

Hartwig is not surprised that insurers have formed venture capital funds to invest in technology and other start-up businesses. "The industry has record capital to invest on a global scale and is suffering like any institutional investor from low yields on traditional investments," he explained. "It makes sense to look outside the traditional range of investments so long as they are not risking policyholder money."

Because the sums are small relative to the insurers' overall investment portfolios, Hartwig is not worried. "Some of them will produce strong returns, but not all of them at the same time," he said. "Besides, these investments in technologies like next-generation [automobile] collision avoidance systems can be a hedge against current business risks." He's referring to the reduced automobile premium volume insurers have experienced as cars become increasingly safer and accidents fewer and less catastrophically severe.

Each of the venture capital funds has capital provided solely from its parent company. The money is earmarked to invest in start-ups or slightly older businesses with a unique product or service twist on underwriting, selling, marketing and distributing insurance, among other traditional insurance functions.

AXA Strategic Ventures, for instance, has two investment strategies: early-stage to seed money to a new company and later-stage to do the same for more established entities. AXA has allocated 200 million euros (about $290 million) to the venture capital fund for both purposes. The fund is set up in a separate general partner/limited partner structure, its returns not reflected on the parent company’s balance sheet.

Over the past year and a half, AXA Strategic Ventures has made seven investments in the U.S. (three of them made public) and 10 in Europe. Among them is PolicyGenius, creator of an online platform for consumers to review insurance coverages and research and compare quotes for term life, long-term disability, renters and even pet insurance.

"The reason we made the investment had less to do with the idea of buying something online, which is not really new or novel," Agarwal said. "What we especially liked was the great front end they had created to engage customers. It really stands out." (See for yourself at www.policygenius.com/.)

Another investment was in Limelight Health, designer and developer of a mobile, cloud-based technology that helps smaller companies simplify the process for providing health insurance and other benefits information to their employees. "Today this process typically involves a lot of work with an agent, with multiple paper-based quotes and a lot of faxing things back and forth," Agarwal explained.

He said that the technology enables brokers and carrier representatives and underwriters to immediately respond to customer quote requests, compare this information and model the different benefits provisions and quotes against real-time market data (a concept that sounds similar to the Zenefits model).

American Family Ventures has invested in approximately 30 companies so far, according to Reed. They fall into three categories: companies in the data analytics space; those that make technology tools considered of use in the insurance value chain; and those that provide Internet of Things (IoT)-type connectivity, as this relates to the insurance products and services of its parent company. With regard to the latter, Reed provided the examples of autonomous vehicle technologies and the smart meters turning on our air conditioners, lamps and appliances. "These are new digital signs of risk," he explained.

Among the investments (or "partnerships," as Reed called them) is ImageVision, a provider of visual search and analytics tools leveraging machine-learning technology, and SNUPI Technologies, a sensor and services company focused on home safety and security. "Its customers use a wireless device that alerts them when a hazardous event occurs in their home," Reed said.

XL Innovate is investing in businesses identified as offering new underwriting opportunities, such as New Energy Risk, a provider of data analytics and performance warranty products. The eight-month-old venture capital fund is in the midst of acquiring a cyber analytics company, whose name Hutton was not at liberty to divulge. "We're also in early talks about an investment in a property data company," he said.

Several life insurers have recently formed venture capital funds, among them Massachusetts Mutual Life Insurance. Many of the same reasons apply. "A lot of amazing innovation occurs outside the industry in the entrepreneurial community, and when there is equity ownership in these companies this tends to spur innovations faster," said Eric Emmons, managing director of MassMutual Ventures. "By partnering with these companies, it keeps senior management aware of what is coming down the road."

Small Steps, Big Gains—Maybe

Other insurance companies, like the Hartford and Transamerica, also have venture capital units but were unable to provide comments by press time. In all cases, the parent insurers are not dabbling-there's plenty of cash going into these activities, albeit nothing along the lines of Sequoia Capital, the Silicon Valley giant that has invested in start-ups that command more than $1.4 trillion in combined stock value today. (Source: "Inside Sequoia Capital: Silicon Valley's Innovation Factory," Forbes.com, March 26, 2014)

Still, the nearly $300 million invested in AXA Strategic Ventures and the reported $50 million invested in American Family Ventures isn't chump change. Neither are the sizes of their investments, with American Family Ventures typically investing between $100,000 and $2 million in early-stage companies. "We generally receive 5% to 10% [of equity] in return," Reed said.

Down the line, maybe one of these funds will become the equivalent of the next Uber, not to mention Google Compare or Zenefits. Not only would this be great for the insurers' investment income, but it may also help differentiate their value propositions, products, services and operations.

Besides, it would be a heck of a lot of fun. Who says insurance companies are stodgy? Not the folks running their venture capital units.

This article was originally published by Carrier Management.

Group and voluntary benefits providers vary in a hundred different ways. If you are a supplementary benefits provider that only provides one product to the group market, your data integration issues with multiple brokers and employers may still be complex. The more products you sell into the group and voluntary space, the more difficult your data integration will be.

Let's say that your organization carries group life, voluntary supplemental life, dependent life, LTC and AD&D products. Without modernization, it is likely that your organization will have several hurdles to surmount. The first is to develop one consolidated repository from all of the data that is likely held on multiple systems. The second is to make that set of data available to the many different people and institutions that have a vested interest in access. On the flip side, insurers need to be able to receive data efficiently, as well. Carriers must be able to import data received from various benefit partners into their source systems through a single point of entry. Without this, entry or import issues could lead to benefit integrity issues, where data is are correct on one platform but incorrect on another. These types of basic data errors will quickly erode relationships with employees and benefit partners.

One way to help alleviate potential data issues is for insurers to focus on providing simple products with simple rate structures. Focus on guaranteed issue limits. Anything that has to be approved or underwritten after payroll deductions begin will cause deduction and billing issues. An exception could be made if an insurer is able to provide automated underwriting decisions at the point of sale.

The data requirements for employers and enrollment partners vary widely (in part because no standards exist), which places more of the data integration responsibility on individual carriers to interact with individual employers or benefits companies. So, the easier it is for your IT teams or vendor partners to make those connections, the better off you are likely to be when it comes time for an employer to renew their contracts. It makes sense to pursue a course that keeps your systems agile.

What about a fresh start?

When it makes sense, we regularly recommend that, instead of attempting to migrate current and past business to a new platform, insurers start fresh with a new system dedicated solely to the one program. If an insurer is moving into a new market or launching new products, why not learn from past system issues and product issues and embrace a clean slate, eliminating the need to translate and carry cumbersome legacy programming into a new environment? Start with a brand new set of products and filings, a brand new marketing plan...perhaps even a brand new name to signify the difference.

Within group and voluntary benefits, this approach makes its case when looking at just a few of the benefits, including simplified testing, fewer resources required to launch, less expense, less risk to the old system and old data and dramatically increased flexibility in data usage, capability development and integration points. Managers who touch the system are far more likely to trust the data they see, reducing a "checks and balances" approach to billing, reconciling, correspondence and a dozen other areas where the need for clean data and quick visualization are essential.

We'll discuss more about data strategies in the coming months, including ways you can build effective technology bridges and keep a high level of data integrity.

The introduction of self-driving vehicles (SDVs) poses many questions. Working for Zurich, I'm often asked about the insurance and liability implications: "What happens if my SDV is involved in an accident, and who pays?" Increasingly, I am facing a line of more technical and legal questioning. For example, "Who homologates the vehicle, approves its circulation, certifies that it complies to safety standards?" Or even, "Am I allowed to operate an SDV to run my morning errands?" I expect these questions to become more complex as we get closer to the reality of our purchasing our first SDVs.

As a strong supporter of public transport, I am keen to understand how the path to autonomy will influence urban buses, trams and the like. Will the trend for car clubs, and sharing in general, extend to SDVs, or will vehicles be mostly owned by individuals and fleet managers? And if SDVs do become a shared mode of transport, how will customers react to boarding a two-seater "autonomous pod," left dirty by that nice gentleman who just stepped out?

No one has a crystal ball that can predict the potential legal, cultural and behavioral impact of SDVs, so it's important that we experiment and learn -- like the researchers at CityMobil2 are doing with a number of demonstrations across Europe. Zurich has just announced it will work with them and, we hope, other similar organizations.

Every big oak was once a small acorn.

At the 2015 California Workers' Compensation & Risk Conference, this panel of industry stakeholders weighed in on the overall condition, including cost drivers and legislation, affecting California's workers' compensation system:

Moderator: Mark Walls, VP communications and strategic analysis at Safety National

David North, CEO at Sedgwick

Kevin Confetti, deputy chief risk officer at University of California

Ann Schnure, VP risk management, claims, at Macy's

Dawn Watkins, AIC, PHR, ARM, director integrated disability management at LA Unified School District

Julius Young, partner at Boxer & Gerson

Richard M. Jacobsmeyer, founding partner at Shaw, Jacobsmeyer, Crain & Claffey

The first question was: How does the California's workers' compensation system compare with other states?

California ranks #1 in costs compared with the rest of the U.S. California simply has more claims that cost more money. That is why California is the most expensive and complicated state. Every time California changes a law, the system gets more complex. What influences workers' comp is far more than just the laws, though. The social norms are different in California. It is a unique culture of employment that affects everything. There are a lot of things that employers and the healthcare community do that are driving these costs.

Why are claims costs so expensive in the Los Angeles basin vs. the rest of California?

Injured employees are transferred away at a larger rate from the primary treating physician of the employer's choice. There is a very different treatment pattern compared with other states, and this medical treatment is driving costs for employers. Litigation rates are higher, which is part of the culture in that area. Very often, LA attorneys try to take medical control and send the injured employees to the doctors that the attorneys prefer. Attorneys and physicians who have had long-lasting relationships are referring almost exclusively to each other. Attorneys are aggressively advertising to injured workers, and workers are responding.

What else is driving workers' compensation costs in California as a whole?

Once an employee gets an attorney referral, it is out of the employer's hands. The employer no longer has the authority to properly take care of the injured worker. California is the only state where, if you do not like what you are paid, you file a lien. This has nothing to do with the quality of care for the injured worker. The root of so many of these issues is the doctor community in the state. Maybe the doctors need to be trained on billing and medical treatment utilization schedule  (MTUS), but it's believed that some may be billing higher than the fee schedule to see if someone will actually pay the higher rate billed. The most important person in workers' comp is the injured worker. We should be spending all the money that employers pay on things like bill review on helping the worker heal. Too much of the costs that employers pay are not going to the injured worker.

What concerns do you have about current legislation and case law affecting the system?

We, mistakenly, have allowed legislation to tell us how to comply. It has become much more about the process rather than helping an injured worker get better. Doctors will say how they think they should treat, but have to send the case through utilization review, which sometimes contradicts the doctor's opinion. This deflates that injured worker's confidence on whether he is getting the best care. It is possible that doctors are not trained on the MTUS and keep trying to push things through the system that shouldn't be. We should focus on how to better train doctors on the system. The system is so complicated. What employers need to do is try to stop the employees from getting into the system. We need to intervene fast. Get the employees good, quality medical care quickly and eliminate the potential for them to get stuck in the system.

How do you improve the quality of benefits to injured workers in California?

The least-likely employee to file a claim is the employee who thinks her employer cares about her. Employees are much less likely to litigate cases if the employer is providing them with good care and communication. That's the gold standard for trying to decrease litigation. It is so important for employers to reflect on how they are treating their injured workers. Are you treating them like a member of your team or just another expense? Often, they are afraid that they are going to lose their job. Let them know what workers' comp is and what they should expect. It is so complicated. Make sure they are well-informed and understand that return to work means they are not going to lose their job because of an injury. Claims examiners in California have a tough job. We need to hire smart people and give them appropriate workloads. They are the glue that holds everything together. California currently has a shortage of qualified adjusters, and it is a large problem. The industry, as a whole, needs to contribute to this issue so we can get quality people interested in this career path.

While I continue another implementation of my Security Enterprise Risk Management Program (SERMP), I am also continuing to explore the program's flexibility, to help my colleagues in the information technology security field explain to others in the organization the level of risk they face and the progress being made in managing it. The SERMP tool and process can adapt to multiple frameworks, so I asked my colleague Steve Zalewski, a chief security architect, if he would share his thoughts on alternative frameworks that he might "drop" into the SERMP.

Steve:

The concept of SERMP is well grounded in practical experience, as you outlined in your previous article. It creates a great tool to start the dialogue between the two risk management functions: the established business risk team and the nascent IT cyber security risk function. You have accurately represented ISO 27000 with the 12 security domains outlined as a starting point to bring the teams to the table, providing a meaningful set of definitions to the IT security domains.

As these SERMP teams gain momentum and maturity, there are alternative security frameworks available that can provide additional perspectives for the business discussion. This will improve our outcomes against the ultimate goal of a balanced analysis of total risk based on the key business processes and business continuity plans.

Let me explain what I mean by this. Based on the "technical" security controls of ISO 27000 being populated into the SERMP tool, you have established a productive dialogue based on security capabilities, which is a bottom-up approach.

Grace:

Using a crowdsourcing approach, we have a diverse team that is gathering information and populating the SERMP tool, which is a "bottom-up approach," though I would liken it more to a "hunting gathering" approach, as we are collecting data and documentation related to governance, which is "top down." And, because we are seeking dialogue and information from various groups on the information that is readily available at the time, we are approaching the issue "sideways" too.

This might seem chaotic, but because of the SERMP tool and the disciplined procedure, we are able to make that tradeoff.

The ISO 27000 has been used for both of my implementations thus far, as this framework was chosen by the organization as the standard, but I'm eager to integrate other frameworks into the process.

Figure 1: Standard Technical Security Controls ISO 27000

Steve:

Compare this with the cyber security framework that was released based on security risk:

Figure 2: Cyber security Risk Function and Category Unique Identifiers. Source: NIST Framework for Improving Critical Infrastructure Cyber security Version 1.0

As you can see, this aligns to the notional information and decision flows as represented in the diagram below.

Figure 3: Notional Information and Decision Flows Within an Organization. Source: NIST Framework for Improving Critical Infrastructure Cyber security Version 1.0

Grace:

I can see incorporating the NIST framework by layering in additional categories with the current domains and functions. I would continue to document the strategies for each.

Note: The reporting houses the above information for each domain, plus how the organization is managing the program: Establish, assess, treatment, monitor, review activities and metric tracking for: risk statement, risk impact, key risk indicators (KRIs), risk remediation initiatives, current state (KPI), target state (KRI) and projects.

Steve:

Information security risk frameworks are still maturing as the practice begins to mature. No single security framework is correct, so be flexible based on the maturity of your SERMP implementation, and don't be afraid to experiment with the newer risk-based frameworks as the team gains confidence in the information security arena.

Grace:

Steve can you outline for me how you see the difference between a security risk assessment (SERMP) and an IT security assessment?

Steve:

A security risk assessment methodology is based on the guidelines found in:

• ISO/IEC 27001:2005, information technology - security techniques - information security management systems - requirements
• NIST SP 800-30, risk management guide for information technology systems
• BS 7799-3:2006, guidelines for information security risk assessment

A risk assessment scope is defined based on the most "critical" or "valuable" business information assets identified in regard to the potential impact to the business if the asset's confidentiality, integrity or availability was breached. Through data gathering and analysis, including business continuity plans, critical business processes analysis and critical business impact analysis, the assessment questionnaires, interviews and tests are determined. The observed organizational vulnerabilities to the threats, based on existing security controls, are assessed, and a risk analysis is performed.

The completion of a security risk gap analysis is to determine the organization's compliance with the appropriate regulations, laws and security standards. In addition, a security improvement plan is defined for each risk and "gap" identified, and the implementation of the risk treatment plan is prioritized according to the highest risk scores. The result is to reduce the organization's business risks to an "acceptable" level.

A security assessment methodology is based on the guidelines found in:

• NIST SP 800-53, security and privacy controls for federal information systems and organizations

The goal of an IT security assessment (also known as a security audit, security review or network assessment), is to ensure that necessary security controls are integrated into the design and implementation of a project.

A properly completed security assessment should provide documentation outlining any security gaps between a project design and approved corporate security policies.

Management can address identified security gaps in three ways:

• Management can decide to cancel the project
• Management can allocate the necessary resources to correct the security gaps
• Management can accept the risk based on an informed risk/reward analysis

In summary, the characteristics are: IT Security Assessment

• Narrower scope and current state focus
• Start and end date, with a final report
• Conducted by IT security experts
• Is a "point in time" assessment

SERMP

• Broader scope and continuous improvement focus
• Continuous review
• Has a periodic re-evaluation date with a "living document" report
• Conducted by mixture of personnel with varied backgrounds
• Focus on reducing business process security risk by analyzing the associated security risks

Grace:

Steve, that was very helpful in distinguishing between these two very important, but distinct assessments. For SERMP, we use the high-level findings of the IT security assessment as one of the sources of content, so the IT security assessment is critical to the SERMP process. The SERMP provides a high-level report of the current risk levels and the maturity of the mitigations in place that will drive improvement in the IT security assessment.

As always it is great to collaborate with you, and I encourage other risk professionals to work closely with their information technology colleagues.

About Steve:

Steve Zalewski has spent 10-plus years in the cybersecurity field and is currently the chief security architect at Levi Strauss, responsible for the company's enterprise security strategy. Before this, Steve was the enterprise security architect at Pacific Gas & Electric, leading the security architecture team responsible for the company's cybersecurity technical strategy and architecture. Other positions have included security manager at Kaiser Permanente and senior engineering/management positions developing storage networking, data protection solutions and operating systems. He has five patents in data protection and multi-processor operating system design and holds CISSP, CISM and CRISC security certifications.

In 2012, nearly 40,000 people were killed on U.S. roads, and 90% of those fatalities were caused by driver error.

Imagine an advanced autonomous system that could avoid those deadly motor vehicle accidents. Even a system that works only on the highway -- where the technology has already been developed and where trucks spend the majority of their time -- can make a significant difference.

A new report has analyzed the impact of driverless cars on the incidence of fatal traffic accidents and concluded that, by removing human emotions and errors from the equation, we could reduce deaths on the road by 90%. That's almost 300,000 lives saved each decade in the U.S., and a saving of $190 billion each year in healthcare costs associated with accidents. If you expand this to global figures, driverless cars are set to save 10 million lives per decade.

There are now some trucks on the road that begin to fulfill that promise. Daimler Trucks North America's "Inspiration" freightliner semi-truck this year became the first legally operated autonomous commercial vehicle operating on U.S. highways.

For now, the Inspiration is basically a limited take on the autonomous truck. The driverless system engages when the truck is on the highway and ramps up speed. It then maintains a safe distance from other vehicles and stays in its own lane.

If the autonomous truck encounters a circumstance it can't handle (e.g., heavy snow or washed-out lane lines) it will alert the human driver that it's time for him to take over. But what this technology can do is reduce traffic accidents, and that's why I'm pretty excited about the whole thing.

A human driver has limited situational awareness. Autonomous trucks offer an extra set of eyes that continuously monitor a broad range of sensors (e.g., visible and infrared light and acoustic, including ultrasound), both passive and active, with a nearly 360-degree field of view.

Therefore, driverless vehicles can more quickly determine a safe reaction to potential hazards and initiate reactions faster than a human driver. For example, traffic collisions caused by human driver errors such as tailgating, rubbernecking and other forms of distracted or aggressive driving would be eliminated.

Safer and more efficient driving is the motivating force behind this emerging technology. It's not about catching 40 winks on the highway or watching an episode of your favorite show. As cool as that might be to imagine, no one is replacing the human as the ultimate decision-maker.

When it comes to data security and the real-life impact of identity theft, public awareness is at an all-time high. But there is still great confusion and ignorance about what it is, how it happens and what can be done to avoid the pitfalls of life after a data breach or personal compromise.

Most of us still feel flummoxed--and perhaps a bit panicked--when we get a phone call, an email or a letter saying our data or identity has been compromised. Even if it's a situation that can be easily remedied, like a compromised credit card, where the problem is relatively small, it's still frustrating. Even if the only real-life consequences are a day or two's wait for a replacement card and the need to notify a few creditors that your billing information has changed, you feel violated. You wonder if it's going to happen again. And depending on the source of the compromise and what's been taken, it may well happen again. So, you stew and wonder some more.

The unfortunate part is that identity thieves understand this. In the mad dash to understand the full ramifications of what's happened to you, you may expose yourself to further trouble--for instance, by providing your information to a phony identity theft resolution expert, only to be guided through a process of information shedding that brings about further compromise by the very data wolves in sheep's clothing who ran the scam in the first place.

Taking a few simple steps will help you avoid crooked "helpers" like these, as I explain in my book Swiped.

Be Prepared

If you don't subscribe to an identity theft resolution service or lack a plan of action before you suffer a personal compromise (other than the theft of a payment card, which can be solved with a couple of phone calls), you will need to spend more time and more money than you are probably prepared to spend. Then, after you have worked your way through the maze of law enforcement, credit bureau, creditor and record-keeping requirements necessary to put yourself back together again, you will almost assuredly spend additional time--more than you thought possible--rearranging the way you make your information available both online and in your everyday transactions.

For this to really work, you need to be willing to make a few adjustments in the way you approach your identity and your data hygiene.

The Best Defense Is a Good Offense

What the great majority of current and future identity theft victims fail to understand is that they really must be their own first line of defense. Because identity thieves can't realistically be completely stopped, you can instead focus on making yourself a harder target, and on being readier when the attack comes.

A simple practice like shredding your personal documents can help, but it's not a solution. Identity thieves can be anyone from a dental hygienist pilfering patient files to small-time crooks breaking into mailboxes or stealing unshredded garbage or tax-related documents during filing season. The more you know what the bad guys want and need, the better you can practice proactive data hygiene.

The fact of the matter is that when it comes to international crime syndicates that breach the databases of multibillion-dollar international corporations and sell the liberated information, deploying a paper shredder is like bringing a knife to a gunfight.

The above is an adapted excerpt from Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves, which hits bookstores everywhere Black Friday.

At the risk of alienating most people within the workers' comp world, here's how things look from my desk:

Most workers' comp executives - C-suite residents included - do not understand the business they are in. They think they are in the insurance business - and they are not. They are in the medical and disability management business, with medical listed first in order of priority.

That statement is bound to lead more than a few readers to conclude I'm the one who doesn't know what I'm doing. For those willing to hear me out, press on - for the rest, see you in bankruptcy court.

Twenty-five years ago, the health insurance business was dominated by indemnity insurers and Blues plans; big insurers like Aetna, Travelers, Great West Life, Met Life and Connecticut General and smaller ones including Liberty Life, Home Life, Jefferson Pilot, Time and UnionMutual. Where are those indemnity insurers today?

With the exception of Aetna, none is in the business; the only reason Aetna survived is it took over USHealthcare, or, more accurately, USHealthcare took over Aetna. The Blues that became HMO-driven flourished, as did the then-tiny HMOs - Kaiser, UnitedHealthcare, Coventry. Why were these provider-centric models successful while the insurers were not? Simple: The health plans understood they were in the business of providing affordable medical care to members, while insurers thought they were in the business of protecting insureds from the financial consequences of ill health.

The parallels between the old indemnity insurers and most of today's workers' comp insurers are frightening. Senior management misunderstands their core deliverable; they think it is providing financial protection from industrial accidents, when in reality it is preventing losses and delivering quality medical care designed to return injured workers to maximum function.

That lack of understanding is no surprise, as most of the senior folks in top positions grew up in an industry where medical was a small piece of the claims dollar. Medical costs were considered a line item on a claim file or number on a loss run, and not "manageable" - not driven by process, outcomes, quality.

Think I'm wrong?

Then why is the industry focused almost entirely on buying medical care through huge discount-based networks populated by every doc capable of fogging a mirror (and some who can't)? Even with those huge networks, why is network penetration barely above 60% nationally? Why has adoption of outcome-based networks been a dismal failure? Why do so few workers' comp payers employ expert medical directors, and, among those who do, why don't those payers give those medical directors real authority? Why do non-medical people approve drugs, hospitalizations, surgeries, often overriding medical experts who know more and better?

Because senior management does not understand that success in their business is based on delivering high-quality medical care to injured workers.

At some point, some smart investor is going to figure this out, buy a book of business and a great third-party administrator (TPA) for several hundred million dollars, install management who understand this business is medically driven and proceed to make a very healthy profit. Alas, the current execs who don't get it will be retired long before their companies crater, leaving their mess behind for someone else to clean up.

At the 2015 Paradigm Innovation Symposium, Renée-Louise Franche, PhD, RPsych, clinical psychologist and consultant in work disability prevention and occupational health, presented a session discussing why mental health issues are so important in workers' compensation.

Mental health issues in injured workers can no longer be ignored. These conditions are increasingly being recognized as potential risk factors for prolonged work absences, and even for no return to work within the context of workers' compensation.

Why mental health matters in work disability prevention?

• One-year prevalence of mental disorders in North America ranges from 12% to 26%. For depression, this is 4% to 7%.
• Worldwide, mental health conditions are the leading cause of disability in high-income countries, accounting for one-third of new disability claims in Western countries.
• Mental health-related disability is more frequent in young adults.
• Workers with mental health conditions have earlier retirements than those without.
• Studies show that mental health issues have a significant impact on claim duration.
• Another study showed that, within the first 12 months post-injury, more than 50% of workers experienced clinically relative depressive symptoms at some point during their claim. This is highest during the first month following the accident.
• There is a significant spillover effect to the families of injured workers. Family members of injured workers are three times more likely to be hospitalized three months after the injury than three months before the injury. It is speculated that the distraction of the injured family member leads to unsafe behaviors.

What works in return-to-work interventions?

• It is important to focus on ability and function rather than disability. The symptoms and diagnosis need to be deemphasized.
• Worker expectations of recovery are the single most-determining factor in the ability to return to work. Attitude and state of mind are important.
• Suitable and safe modified work and return-to-work coordination must be available.
• A workplace culture of respect and support helps to promote return to work.
• Claims-related stress/perceived injustices have a very negative impact on return to work.
• Purely clinical approaches lead to purely clinical outcomes. There needs to be an integrated approach between the physician and the workplace.
• There must be considerate early contact with the injured worker and continued contact to maintain job attachment.
• There should be a return-to-work coordinator to facilitate labor/employer cooperation and ensure the healthcare provider understands the return-to-work goals.

What needs to improve for workers with mental health issues?

• Access to care is a concern. A quarter of Americans have inadequate access to mental health services.
• Healthcare for mental health conditions is NOT work-focused. There are limited tools and published standards around return to work.
• Workers feel stigmatized and disrespected, and that there is suspicion about the legitimacy of their condition.

Best practices for return-to-work for workers with mental health conditions:

• Facilitation of access to clinical treatment for those who need it. Too often, this treatment is delayed. Delays in treatment will, ultimately, delay recovery.
• Work-focused clinical interventions.
• Facilitation of navigation of the systems involved.
• Improved processes, leading to improved sense of fairness.
• Early identification and screening to identify workers who are high risk for psychosocial complications, and assigning those claims to specialized adjusters.
• A case manager who plays an important role in humanizing communications, decreasing adversary feelings, clarifying the claim process, decreasing delays and developing more accurate expectations in the worker.
• Judicious use of independent medical exams. Injured workers view these as a very adversarial experience, which usually leads to litigation.

Best bets for future investments:

• Perceived justice. Perceived injustice leads to longer disability, higher pain complaints, more depression and increased narcotic use. It is important to fully explain the workers' compensation system to injured workers, including the benefits that they will receive and the role of the injured worker in his recovery. People need to be treated with respect and receive information that is clear, accurate and timely.
• Development of soft skills in the front line claims team. This includes communication skills, conflict-resolution skills and training related to identifying potential mental health issues.
• Early screening for psychosocial issues so that appropriate intervention strategies can be implemented.

This is part of a series of interviews by Shefi Ben Hutta with insurance practitioners who bring an interesting perspective to their work and to the industry as a whole. Here, she speaks with Stephen Applebaum, managing partner, Insurance Solutions Group, and senior adviser at StoneRidge Advisors, who describes the implications of the "torrents of data that will flow from connected cars, homes, buildings and people."

To see more of the "A Word With Shefi" series, visit her thought leader profile. To subscribe to her free newsletter, Insurance Entertainment, click here.

Describe what you do in 50 words or less:

I provide consulting and advisory services to participants across the North American auto and property insurance ecosystem, which leverage my experience, industry contacts and understanding of innovation and emerging technologies to drive meaningful, measurable improvement in revenue, market share, process, profitability and user and customer experience.

What led you to your career in insurance?

Serendipity, actually. An early management consulting engagement with a technology-based startup providing insurance claims solutions to P&C carriers led to a full-time operational and management role and ultimately a very exciting and rewarding 30-year career spanning several different companies that continues today.

What emerging technology will change how insurance is sold?

Prescriptive analytics applied to the torrents of data that will flow from connected cars, homes, buildings and people - enabled by mobile devices and embedded sensors - will transform virtually every aspect of how insurance products are developed, priced, packaged and sold, and how risk is managed in general.

A carrier you highly value for its innovative culture?

Among the many top-tier carriers that have invested in and developed innovative cultures, USAA stands out because of its highly focused and fierce dedication to pursuing constant improvement and technological innovation in the pursuit of providing superior service excellence to its "members" in insurance as well as the full range of its financial services.

You recently published an article on "Disruption in the Automotive Ecosystem." What tip do you have for companies looking beyond their core value to offer innovative solutions in the auto ecosystem?

I suggest that auto insurance carriers focus on leapfrogging current incremental innovation around connected vehicle and data technologies and begin designing and developing the auto insurance products and services of the future. These will likely be very different than anything offered today and will be enabled by enormous amounts of data flowing from not just connected cars but the broader Internet of Things. They may include personalized, utilization-based micro auto insurance coverages, ride-and-car sharing insurance solutions for owners, drivers and passengers, risk management services from behavioral driving modification assistance to location-based and contextual alerts for commercial favorites as well as navigational, traffic, roadside assistance and weather conditions.

You've had more than 25 years of consulting experience in the P&C space. What piece of advice have you found to always be relevant regardless of the subject matter?

I regularly ask myself, "What am I doing, and why am I doing it, and is this the best possible use of my time and talents?" It sounds so simplistic, but if you do it honestly you will find it very valuable.

You are a frequent chairman in industry conferences. In fact, you are the chairman of a coming event on IoT in Miami in December. Who should be attending and why?

Anyone who plans to work, invest and succeed anywhere in the insurance ecosystem over the next decade and beyond should attend. This includes insurance C-level executives, heads of innovation, strategy, claims and innovation, underwriting, business development, product development, strategy, design and innovation, heads of IT, technology and digital, IoT technology companies and startups and regulators.

When you are not consulting on insurance or hosting insurance events, you are most likely...?

Reading, watching and listening to anything and everything that relates to my work - which is, in fact, also my hobby.