A large U.S. cable television company recently sought to better understand how its employees were using cloud apps to stay productive. Management had an inkling that workers routinely used about a dozen or more cloud file sharing and collaboration apps.

An assessment by CipherCloud showed the employees actually were using 204 cloud services that posed a security risk: 78 cloud storage apps and 126 collaboration apps, many of which included file-sharing functions.

Emerging risk: A major concern for the cable company was that sensitive information about customers and employees could leak unnoticed beyond its network perimeter.

Free cloud file storage makes it convenient to share data quickly and widely. The company learned that sensitive files had been moved into folders accessible to people who should not have had access to the information.

Wider implications: Like many organizations, the cable company routinely stores customer transactions data as well as employee healthcare data covered by HIPAA privacy rules. The rising use of free Web apps by employees has created many more opportunities for data leakage and could lead to sanctions and fines - or, worse, an embarrassing, expensive data breach.

The cable company set up sanctioned accounts with a popular cloud storage service-Box-for employees to use. It also has begun examining other steps it can take to impose tighter controls around sensitive company records.

Excerpts are from ThirdCertainty's interview with Willy Leichter of CipherCloud. (Answers edited for length and clarity.)

3C: Can you outline how the rising use of cloud apps in the workplace is creating security issues?

Leichter: A typical process is one person sends you something from a Dropbox account, and suddenly you become a Dropbox user. Or, often, departments will say, "OK, we're going to use Dropbox or Hightail for this particular project," and it kind of grows department by department. It grows virally.

The challenge is the very nature of the whole file-sharing world. It's like Swiss cheese. It's designed to be very easy to share and to open up public links and to let another person in.

That's where this cable company approached us. They had about a dozen different things they knew about and wanted to standardize.

3C: You found a lot more than a dozen cloud apps in use.

Leichter: We found well over 1,000 cloud apps, what we call shadow IT apps, that they were using. We have about 20 different categories of such apps; it could be software development tools, or it could be social tools. In one category, file-sharing tools, we found more than 120 apps. This one category is probably the most actionable category because file sharing involves sending people documents.

3C: How did this discovery help the cable company?

Leichter: They were trying to do two things. They were trying to standardize on two or three different file-sharing services and use monitoring tools on them. And they also wanted to shut down the worst offenders, which you can do easily enough.

3C: In general, what kinds of malicious or worrisome activity are you seeing in shadow IT?

Leichter: It's kind of a spectrum. Officially sanctioned apps are being scanned in real time, using tools we and others make. That's kind of a new world. We can give you all kinds of detail about who's using all these apps. Then there's the other 90% of the apps in shadow IT.

Anomalies can be where someone is sending huge amounts of files to some strange apps. Or someone is downloading stuff they shouldn't be at two in the morning. Or it could be multiple people using the same account from different IP addresses. Someone is logging in from San Jose and then an hour later they're logging in from Beijing. You can spot a lot of these and take steps to shut them down.

3C: What else surprised the cable company?

Leichter: One of the things they learned is why people were doing this. For the most part, it was because the company wouldn't pay for them to use an account. So they were account hopping from one freebie to the next. It was because people just did not want to pay for stuff.

So now the company is trying to steer people to use better practices through outreach and education. And it also is buying them accounts.

Automakers will have to focus on women if they hope to make driverless cars mainstream, according to a NerdWallet survey that shows men are far more likely to express interest in the new technology. The survey of more than 1,000 Americans nationwide also exposes a sharp divide in views on self-driving vehicles between Millennials and older Americans.

Only 37% of women surveyed by NerdWallet expressed any interest in owning a self-driving car, whereas half of men expressed interest.

The survey also found that 53% of respondents ages 18 to 29 were "very interested" or "somewhat interested" in owning a self-driving car, compared with just 41% of those 30 and older.

Among key findings of the survey:

• Most women expressed concern about the safety of self-driving cars, with 55% citing safety as among the biggest drawbacks of the new technology. Only 37% of men were worried about safety.
• 44% of men were concerned that driverless cars will take the fun out of driving; only 23% of women felt that way.
• Consumers have a limited amount of trust in autonomous car technology. When asked whether they would put a child alone in a driverless car to go to school or a friend's house, only 6% of those surveyed would close the door and wave goodbye.
• While consumers are not yet ready to embrace a driverless world, they are interested in safety technologies that are paving the way for fully autonomous vehicles. Blind-spot detection was by far the most popular new technology, with 42% citing it as the most appealing feature of semi-autonomous cars, followed by emergency braking to prevent crashes, favored by 30%.

Self-driving cars are here

Self-driving cars, also known as autonomous vehicles, once seemed the stuff of science fiction, but they are already testing on the highway and seem certain to end up in dealer showrooms before long. Yet our survey of more than 1,000 Americans found a distinct lack of enthusiasm toward the prospect of driverless cars, with only a small minority "very interested" in buying one and nearly twice as many saying they were "not at all interested."

Nevertheless, a transition to autonomous cars seems inevitable.

Google recently announced that it will begin putting its self-driving cars on public roads in Mountain View, CA, this summer. Over six years of testing, Google says its cars have been involved in only 11 accidents - none of which was the fault of the Google car. In most cases, the cars were rear-ended.

A self-driving Audi recently completed a trip from San Francisco to New York in nine days, driving in automated mode 99% of the time, according to Delphi Automotive, which made the technology.

Tesla CEO Elon Musk recently announced a software upgrade for some of the maker's electric cars that will make it possible for the cars to drive from San Francisco to Seattle without human input - "from parking lot to parking lot," as he put it at a news conference. However, the full autopilot feature will not be enabled, at least initially, he said.

While our survey found Americans as a whole relatively unenthusiastic about driverless cars, men were far more likely than women to express interest.

Self-driving cars use GPS and a variety of sensors (cameras, radar and lasers) to scan and identify the environment around the car. A computer in the car processes data from the sensors to decide on driving actions such as steering, braking and turning. Cars would be networked, using vehicle-to-vehicle (V2V) communication to talk to one another. Ultimately, a human driver becomes just another passenger and would be able to sit back and do other things while en route.

The potential for reducing car accidents could be significant. After all, the computer never takes its "eyes" off the road, never gets distracted, never gets tired.

On May 13, Transportation Secretary Anthony Fox announced that the U.S. Department of Transportation will fast-track rules to require V2V communication in future cars.

Still, many people are firm in their resistance to driverless vehicles: 28% vow they will never purchase a driverless car. Only a very small contingent (3%) is ready to buy a self-driving car right now. The majority of those surveyed (51%) would wait three years or longer after such cars became available before considering buying one.

NerdWallet also wanted to find out what would be appealing about driverless cars that could potentially win over customers. While more than one-third of consumers (36%) did not find anything appealing about driverless cars, about the same percentage liked the ideas of saving on car insurance and letting the car handle routine driving tasks.

Notably, fewer than one-third of people found the potential for improved safety to be a compelling reason to own a driverless car.

The older the age group, the more likely respondents were to say they couldn't find anything appealing about driverless cars, from a low of 26% among those ages 18 to 29, to 44% among those age 60 and older.

Safety and cost are top worries

Safety concerns are a major drawback of self-driving cars, according to 46% of respondents, but cost was the biggest worry.

Concern about safety also bubbled up when we asked about car insurance rates. Typically, cars that crash less are rewarded with lower auto insurance rates. But only 41% of people think owners of self-driving cars should pay less for insurance.

As another measure of trust in autonomous car technology, we asked whether people would put a child in a self-driving car alone to go to school or a friend's house. Only 6% gave a thumbs-up to that idea. Most people (76%) said no, and the rest were unsure.

However, people did show interest in safety technologies such as collision avoidance, suggesting the possibility that they will eventually come around to self-driving cars if they can be sold on the cars' safety promises (and if men can still have a little fun). Only 9% of people said they had no interest in any of the technologies we asked about.

A few are ready to spend today

There's a very small, enthusiastic contingent of people who are ready to embrace driverless cars today: 3% of respondents say they would purchase a driverless car today if they could, and 6% say they'd be willing to pay more than $10,000 extra for a fully autonomous car over a regular car.

Another 15% say they would pay $5,001 to $10,000 more. (Experts generally predict that self-driving cars will cost about $7,000 to $10,000 more than regular cars when they are introduced, with the price differential decreasing in subsequent years.) But pessimism about the value of autonomous cars still prevails: 50% of people say they wouldn't pay a dime more.

Methodology

NerdWallet conducted a national, online survey of 1,028 randomly selected Americans ages 18 and older on May 12-13, 2015, via SurveyMonkey. Respondents were 52% female and 48% male. By age, 22% were under 30, and 26% were over 60. Margin of error: four percentage points.

For the full study, click here.

As you know, I'm not a fan of physician dispensing. In limited cases, there can be benefits from patient compliance and convenience and from immediate treatment. However, my opinion is that in most cases physician dispensing creates a motivation to continue prescribing (because revenue to the physician is at stake) and causes patient safety issues (by bypassing the people who really understand drugs -- pharmacists and pharmacies -- and possibly not taking into account drug interactions).

On top of that, physician dispensing can increase lost time by an injured worker, as documented in a study of Illinois. When evaluating the differences between physician-dispensed and non-physician-dispensed medications, the study found:

• For physician-dispensed, non-narcotic drugs -- medical costs ▲ 39%, indemnity costs ▲ 27%, lost-time days ▲ 34%, average total claim ▲ 31%, # of prescriptions = 2.99
• For physician-dispensed narcotic drugs -- medical costs ▲ 78%, indemnity costs ▲ 57%, lost-time days ▲ 85%, average total claim ▲ 64%, # of prescriptions = 3.20

Several states have tried to combat inappropriate physician-dispensing over the past few years, using fee schedule and rules and even felonies as countermeasures. Some efforts have been successful, while others have just created a continuing cat-and-mouse game for repackagers and physicians vs. payers.

Well, effective Jan. 1, 2016, Nevada instituted its own type of reform, specific to workers' comp. The bill does not appear to be ambiguous or up for interpretation. The bill (SB 231) was signed by the governor on May 27, 2015, but the intended (and unintended) ripple effects started last Friday. Read the entire act here. To highlight:

• Section 1.1.a - A "provider of healthcare" can only provide an initial 15-day supply of Schedule II or III controlled substances to an injured worker. Note that this excludes pharmacists and hospitals, both reasonable carve-outs. Any subsequent such controlled substances must be dispensed by a pharmacy. Excellent.
• Section 1.1.b - The "provider of healthcare" dispenser must include the original manufacturer's national drug code (NDC) on bills and reports. Good. This doesn't necessarily fix the issue of repackagers becoming "manufacturers" of unique (previously unnecessary) dosages and inflating prices, but ...
• Section 1.1.c - A repackaged drug must not be used. Booyah.
• Section 1.1.d - For outpatient care, a non-prescription drug will not be reimbursable. Excellent.

While not all dangerous or clinically inappropriate drugs are Schedule II or III, these new rules should certainly make a dent in direct dispensing of those that are. This bill does not outlaw physician dispensing, but it does remove revenue motivation so a "provider of healthcare" will focus on the most clinically appropriate care (which may not be a drug). Working as a team, the "provider of healthcare" and the pharmacist should determine what, if any, drugs are clinically appropriate for the injured worker/patient.

It will be interesting to see how the repackaging industry responds. For an example of the state of the industry in Nevada, check out this website. (Nine uses of the word "revenue" on the repackager's home page. Hmmmm.)

If you operate in Nevada, keep your eyes and ears open. And if you see reactions, please let us all know!

This list of worst doctors came to me via email, and I thought it was too good not to post. The origin of this is a Medscape article written by Lisa Pevtzow, Deborah Flapan, Fredy Perojo and Darbe Rotach. Please read the Medscape article in full. It's a gem. The Medscape article shows pictures of these offenders.

Here is a summary of the worst doctors:

1) In July, Farid Fata, MD, was sentenced to 45 years in prison in Detroit for administering excessive or unnecessary chemotherapy to 543 patients. Some of them he deliberately misdiagnosed with cancer. In addition to enduring needless chemotherapy, the patients suffered anguish at the possibility of death. The massive criminal scheme netted at least $17 million from Medicare and private insurers.

2) Ophthalmologist David Ming Pon, MD, was found guilty in October of cheating Medicare by pretending to perform procedures on patients who did not need them. A federal jury convicted Dr. Pon on 20 counts of healthcare fraud. The scam netted Dr. Pon more than $7 million, according to the Department of Justice.

3) Joseph Mogan III, MD, was sentenced to about eight years in prison in March for operating two "pill mills" in suburban New Orleans. He gave out illegal prescriptions for narcotics and other controlled substances on a cash-and-carry basis. Dr. Mogan might have received a longer sentence had he not previously testified against a former New Orleans police officer who gave advice on how to operate under the radar of law enforcement. Prosecutors said the officer helped Dr. Mogan and his co-operator, Tiffany Miller, because Miller provided sexual favors and thousands of dollars in cash.

4) Dr. Aria Sabit pleaded guilty in a federal district court in Detroit in May to conspiring to receive kickbacks from a medical technology company. In 2010, Apex Medical Technologies, which distributes spinal surgery instruments, told the surgeon that, if he invested $5,000 in the company and used its hardware, he would share in the revenue. Ultimately, he received $439,000 from his investment. Dr. Sabit also pleaded guilty to stealing $11 million in insurance proceeds after billing Medicare, Medicaid and private insurers.

5) A Virginia jury awarded a patient $500,000 in June after an anesthesiologist made mocking and derogatory comments, which the patient accidentally recorded on a cellphone while he was sedated. The case inflamed the public after the Washington Post reported the story. The recording captured anesthesiologist Tiffany Ingham, MD, commenting on the patient’s penis and making fun of him. The surgical team also entered a fake diagnosis of hemorrhoids into his medical record.

6) A former researcher at Iowa State University was sentenced to 57 months in prison in July for systematically falsifying data to make an experimental HIV vaccine look effective. The researcher, Dong Pyou Han, PhD, was supposed to inject rabbits with a vaccine and test their sera for HIV antibodies. Dr. Han not only gave the head of the lab false test results about the vaccine, but he also injected the rabbits with human antibodies.

7) The Washington Medical Quality Assurance Commissions suspended the license of Arthur Zilberstein, MD, in June for sexting from the operating room. The commission said Dr. Zilberstein "compromised patient safety due to his preoccupation with sexual matters" during surgery. He was charged with exchanging sexually explicit texts during surgeries when he was the responsible anesthesiologist, improperly accessing medical-record imaging for sexual gratification and having sexual encounters in his office.

8) An Ohio cardiologist was convicted in September of billing Medicare and other insurers for $7.2 million in unnecessary tests and procedures. Dr. Harold Persaud put lives at risk by performing stent insertions, catheterizations, imaging tests and referrals for coronary artery bypass graft surgery that were not medically warranted, according to prosecutors.

Alas, such patient mistreatment and fraud is not that rare, as my readers.

2015 was the year that InsurTech emerged from the shadow of Fintech. This story has been told through my last 40 research notes published on DailyFintech.com over the past eight months. Including 28 interviews with the CEOs and founders of InsurTechs, this story spans the globe from the U.S. to China, from South Africa to Estonia, and a few stops in between. So, what does this tell us about the next chapter of this story? Here, I give you my Top 10 InsurTech predictions for 2016. In no particular order... Prediction #1 Insurers will create lifestyle apps that provide additional consumer value on a continuing basis. Continuous consumer engagement will start to replace price as the key buying criterion. The result will be sticky insurance with strong brand loyalty. Prediction #2 The person-to-person (P2P) insurance business model will struggle to reach scale in its current form. This will drive the P2P insurers to find new ways to replace the traditional carrier model, and we will see signs of a completely new business model for insurance. That will scale. Prediction #3 Much greater levels of personalized rating will become widely available using new sources of data from technology such as wearables, the Internet of Things and smartphone apps. This will lead to variable premiums over the policy term to encourage better behavior (although insurers will hold back and not introduce corresponding punishments in 2016). Prediction #4 "All in one policy" cover (aka, all-risks insurance) will emerge for consumer protection. Policyholders will be able to insure their lifestyle (their home, motor, dog, holidays, iPhone, treasures, travel) in a single policy based on highly personalized risk assessment through a digital platform. Prediction #5 "All in one place" platforms (aka a concierge service) will replace traditional intermediaries with a digital broker. These services will consolidate multiple policies, converge with financial planning tools and provide robo-advice on gaps and duplication in cover. Prediction #6 New entrants will come into the market with highly sophisticated data modeling and predictive analytics solutions. They will exploit mass-scale technologies, high-performance computing and techniques developed in high-frequency trading. Prediction #7 Convenience and the ability to digitally turn insurance cover on and off as needed will be steadily accepted and adopted. As will microinsurance, sharing insurance and pay-per-mile. Unit premiums will be higher, but this will be outweighed by Millennial attitudes toward insurance cover and paying a price for convenience. Prediction #8 The poorest in our world are the ones who need insurance the most. In 2016, the insurance industry will (finally) start to better serve the massively underinsured populations in developing countries. This will be driven by a combination of the massive market opportunity that exists for insurance, global economic forces and a socio-political agenda. Prediction #9 There will be widespread deployment by traditional insurers of new digital solutions to reduce cost of claims and loss handling. Serving both ends of the insurance workflow, these tech solutions will enable better collection of data and evidence to improve risk rating at the front end and the claims handling processes, especially at first notice of loss (FNOL), at the back. Prediction #10 2017 will be the year of block chain and insurance. No list of predictions would be complete without reference to block chain, but IMHO it is going to take all of 2016 for the insurance industry to get to grips with what block chain is, what it can really do for insurance and (most important) why we should use block chain as opposed to any other database or enabling technology. Don't get me wrong, for I am squarely in the camp that believes "block chain is the next Internet." And we will continue to see a lot of block chain insurance activity throughout the year. But adoption in insurance won't take hold until we've seen 2016 out.

It has become fashionable to trash Millennials. They lack a strong work ethic, have no grit, aren't respectful or patient and definitely don't understand corporate culture. The trashing fits with how people romanticize the 1950s as the golden age of American culture, when everything was just somehow better.

I don't know whether Gen X is just irritated that they're getting older or whether people are forming their opinions solely based on Buzzfeed, but I think the stereotype is wrong - dead wrong. In fact, I will go out on a limb and state that Millennials may actually be the best generation of workers we've ever seen.

And I say this having hired hundreds of new college grads - and seasoned professionals - over the past 20 years. Here's why:

1. They're too big for their britches.

Today's young job seekers have grown up with a startup mentality. The value of embracing failure has been etched into their psyche by entrepreneurs and tech titans like Steve Jobs and Elon Musk. So, unlike past generations, they are not necessarily looking for stability. They don't dream of landing a job at GM or IBM. They approach positions with the understanding that they may have to put in 110% to succeed, even with the near certainty that their employer won't be around five years from now.

Put that in contrast to the stigma of entitlement attached to Millennials. It's true that many baby boomer parents have raised them with a perspective of possibility. They've been encouraged to follow their dreams and passions. And from watching Mark Zuckerberg or President Obama, they've learned first-hand that it's not just dogma; anything really is possible.

So where some see entitlement, I see greater authenticity and audacity.

Millennials will shoot for the stars - and if they fall down, they'll get right back up and try a different way.

2. They just don't communicate the way you do.

If you've watched "Mad Men," you've seen the fast-paced advertising world struggle to become more connected with innovations like... the speaker phone. Fast forward to today, where first-time job seekers not only understand and embrace collaborative technologies but don't know anything different.

While many offices struggle to get their workforce to embrace services like Yammer or Basecamp, Millennials have been doing those things for years. They've been learning with social classroom tools and chatting on Facebook, Twitter and Instagram every waking hour. As a result, they actually conceive of communication in a one-to-many paradigm, which is a huge plus for companies that are spread out globally and interact primarily in a virtual environment.

3. They expect things to happen instantly.

I don't know anyone over the age of 50 who doesn't complain about how fast the world is moving these days. However, in the case of job performance, that's a very very good thing. Think about it. Thirty years ago, everything took a lot more time. The data you needed to make critical business decisions was delivered weeks later by a mail truck. Someone had to physically be sitting in a predetermined location at the right time for you to call on the phone.

Our expectations for accomplishing tasks were, naturally, based on the resources and structures we had in place. Simply put, we moved much slower. And, God bless them, there are many professionals out there who still work the same way.

Not Millennial workers. With the pace of news, communication and responsiveness nearly instant, that's how they approach work. They know nothing else. Plus, they have the necessary tools to support them. Give a Millennial employee a research assignment on your competitors, and you’ll get the project back in 24 hours. Twenty years ago, the same project might have taken a month. One piece of advice: Just make sure you attach a deadline to the assignment.

4. They expect too much.

Studies show that young job seekers today are passionate about how their jobs affect the world. In fact, they value job fulfillment over monetary reward. Many balk at the traditional model of doing charitable good only when you have reached a certain level of economic wealth or solely in your free time. They want to reach financial well-being and achieve social good simultaneously .

What does that mean for employers? I would hope it could open the doors to two things. First, we have the ability to retain skilled and valuable Millennial workers by creating environments where social impact is lauded. That will reduce employee turnover and save companies thousands of dollars each year in recruiting, hiring and lost productivity.

More important, Millennials are a driving force toward significant, scalable and lasting social change that will benefit everyone, whether it's about the environment, socioeconomic diversity or just a healthier work-life balance. In case you've forgotten, the U.S. ranks the worst among all modern economies in vacation time and pay.

5. They think differently from you.

Millennials are the most diverse generation in U.S. history. Minorities, roughly a third of the U.S. population today, are expected to become the majority by 2042. So Millennials don't just embrace diversity on the job; they expect it.

From race and religion to gender and sexuality, they've come of age with a greater comfort of multiplicity of all kinds. They've entered adulthood with an African-American president and been the catalyst for many states legalizing same-sex marriage. Female leaders like Hillary Clinton and Sheryl Sandberg have shaped their views on gender equality.

Imagine how that translates in the workplace. The payoffs touch every single area of a business by opening the doors to increased creativity, agility and productivity, new attitudes and language skills, a more global understanding, new solutions to difficult problems, stronger customer and community loyalty and improved employee recruitment and retention.

6. They are obsessed with technology.

Today even the industries that historically have been slow to innovate are finally adopting a web- and mobile-first philosophy. Century-old brick-and-mortar stores are fighting to keep Amazon at bay; healthcare finds itself transformed by the Affordable Care Act. Job seekers with coding and programming skills from Java to Ruby to SQL are desperately needed at all types of companies right now. Big data analytics, video game design, app development, software architecture - the list goes on and on for highly sought Millennial workers with tech expertise. But the issue isn't just about the hard skills they bring.

If you've spent any time with a child lately, you've probably noticed that they can master an iPad within minutes. It's mind-blowing - and a little frightening - to imagine how future generations of consumers will interact with technology.

Millennial workers are the bridge to that future, through social media, mobile, the cloud and other real-time technologies that haven't even been invented yet. They are graduating with both academic skills and innate behavioral skills that companies will need to engage with customers in much more meaningful (and profitable) ways.

It's the way Millennials think about technology, and their relationship with it, that is changing everything. So, having Millennial employees on staff to advise on your customer relations strategy or spearhead innovative new mobile and social media programs is invaluable for any business of any size, place or industry.

Cyber attacks were once on the periphery of American business consciousness. That mindset changed over the past two years. A series of devastating events, including the 2014 cyber attack against Sony, catapulted cyber liability concerns from an IT department issue to a major priority for boardrooms across America. As U.S. government officials concluded that North Korea was behind the attack, many C-suite executives suddenly found themselves asking questions. Is this the start of a cyber war? Could we be the next victim? If we are, how will it affect our operations and our bottom line? Do our insurance policies cover any of these costs?

Today, many insurance buyers look to their cyber insurance policies to fill coverage gaps that often exist in other policies. For example, a property policy may respond to physical damage from a named peril, but it will likely exclude loss for non-tangible assets as a result of a cyber attack. Similarly, a commercial general liability policy will likely provide liability coverage for causing bodily injury because of negligence but exclude coverage for liability because of a failure to secure sensitive data from hackers.

Many policyholders may be unaware that some, though not all, of these cyber policies contain specific terrorism and war exclusions. As a result, gaps in cyber insurance coverage can exist in cases like the Sony breach, where government agencies, like the FBI, conclude that a foreign government or terrorist organization is responsible for the attack.

Is a Cyber Attack "Terrorism" or "War"?

Immediately following the Sony attack, President Obama referred to it by saying, "I don’t think it was an act of war . . . but cyber vandalism." Then, on April 1, 2015, President Obama signed the Executive Order on Cybersecurity with the goal of protecting the private sector against hackers and thereby bolstering national security. The order seeks to identify and punish individuals behind attacks, but it could also lead some to categorize an apparent hacking event or act of cyber terrorism as an "act of war."

Changes in government definitions trickle down into coverage disputes because many policies that exclude or include "war," "terrorism" or "cyber terrorism" either fail to define those terms or define them by referring to standard government definitions.

Government Definitions of Terrorism, Cyber Terrorism and War

THE TERRORISM RISK INSURANCE ACT (TRIA)

"Act of terrorism" is defined as any act certified by the secretary of the Treasury in concurrence with the secretary of State and the attorney general of the U.S. to be:

» an act of terrorism

» a violent act or an act that is dangerous to human life, property or infrastructure

» an act resulting in damage within the United States or Outside (on a U.S.-flagged vessel, aircraft or U.S. mission)

» an act committed by an individual or individuals acting on behalf of any foreign person or foreign interest, as part of an effort to coerce the civilian population, U.S. policy or the U.S. government.

The secretary of the Treasury may not delegate his certification authority, and his decision to certify an act or not is not subject to judicial review.

DEPARTMENT OF DEFENSE (DOD)

The DOD defines "terrorism" as "the unlawful use of violence or threat of violence, often motivated by religious, political or other ideological beliefs, to instill fear and coerce governments or societies in pursuit of goals that are usually political." The term "act of war" is understood to mean "a use of force [that may] invoke a state's inherent right to lawful self-defense."

DEPARTMENT OF JUSTICE (DOJ)/FEDERAL BUREAU OF INVESTIGATION (FBI)

The FBI defines "cyber terrorism" as "the premeditated, politically motivated attack against information, computer systems, computer programs and data [that] results in violence against non-combatant targets by subnational groups or clandestine agents."

DEPARTMENT OF HOMELAND SECURITY (DHS)

The National Infrastructure Protection Center (NIPC), (formally a branch of DHS), defines "cyber terrorism" as "a criminal act perpetrated through computers resulting in violence, death and/or destruction and creating terror for the purpose of coercing a government to change its policies."

Cyber Terrorism and the 'Act of War' Exclusion

Cyber policies are relatively new and manuscript products; as such, the wording varies significantly. Many policies contain a standard exclusion for "war, invasion, acts of foreign enemies, hostilities (whether war is declared or not), civil war, rebellion, revolution, insurrection, military or usurped power, confiscation, nationalization, requisition, or destruction of, or damage to, property by or under the order of any government, public or local authority..." An attack by the Taliban, for example, would probably fit within the exclusion as an act sponsored by a "public or local authority."

Traditionally, war exclusions were relatively narrow; they required an actual war or, at the very least, "warlike operations"; "for there to be a 'war,' a sovereign or quasi-sovereign must engage in hostilities." Pan Am. World Airways, Inc. v. Aetna Cas. & Sur. Co., 505 F.2d 989, 1005 (2d Cir. 1974) (finding that a Jordanian terrorist group that hijacked a plane was not a de facto government for the purposes of applying the war exception).

However, the events of Sept. 11, 2001, changed the way certain events and groups were perceived and classified, ultimately leading many to label the 2014 cyber attack on Sony an "act of war."

Litigation surrounding the Sept. 11 attacks led directly to an expanded view of the war exclusion. For one thing, the Second Circuit Court of Appeals ruled that the attacks were an "act of war." In re Sept. 11 Litig., 931 F. Supp. 2d 496, 512 (S.D.N.Y. 2013), an owner of a building near the site of the World Trade Center attacks sought to recover cleanup and abatement expenses for removing pulverized dust that infiltrated into the owner's building after the collapse of the Twin Towers. He sued under the Comprehensive Environmental Response, Compensation, and Liability Act [CERCLA], which allows strict liability claims in pollution cases, but the court applied CERCLA's "act of war" exception to strict liability.

In concluding that the attacks were an act of war, the court commented that "Al Qaeda's leadership declared war on the United States, and organized a sophisticated, coordinated, and well-financed set of attacks intended to bring down the leading commercial and political institutions of the United States," id. at 509, and that "as we learned in the twentieth century, and as has been true throughout history, war can take on a formal structure of armies in contrasting uniforms confronting each other on battlefields, and war can persist for years, fought by irregular, insurgent forces and capable of causing extraordinary damage," id. at 511.

This expansion of the legal definition of "act of war" to include acts by "irregular, insurgent forces and capable of causing extraordinary damage" could lead to attacks by hacktivist groups or foreign intelligence services being considered acts of war and therefore excluded from cyber policies.

Cyber Insurance and TRIA

The Terrorism Risk Insurance Act (TRIA) is a government program designed to provide a backstop for reinsurers in the event of large terrorism-related losses (more than $100 million). There is debate over whether TRIA applies to cyber policies at all. TRIA applies to commercial property and casualty insurance coverage, but some cyber policies are written as another line of coverage, such as professional liability, which is not included in TRIA.

Even assuming that TRIA would apply to cyber insurance, for TRIA coverage to be in effect, (1) there must be losses, resulting from property damage, exceeding $100 million; and (2) they must be caused by a certified terrorism event:

(1) Property Damage: For TRIA to apply, physical property damage must occur, and what constitutes "physical damage" in the context of a cyber attack remains an open question. What we do know is that TRIA will probably not cover business interruption or reductions in business income absent some physical loss or property damage. Many cyber attacks do not involve any physical damage, which would exclude TRIA coverage.

(2) A Certified Terrorism Event: For TRIA to apply to any event, the event would need to be certified as an act of terrorism. This onerous and political certification process requires the secretary of the Treasury, secretary of State and attorney general to agree that an incident was an "act of terrorism." Many political and economic issues factor into certifying a terrorism event, which can lead to counterintuitive results. For instance, as of the date of this publication, the April 2013 Boston Marathon bombing has not been certified as a terrorist act.

Conclusion

To ensure coverage for cyber terrorism and cyber warfare, buyers of cyber insurance will need to seek out a cyber risk insurance policy that explicitly includes this coverage in the broadest terms possible. As more insurance carriers enter the cyber insurance market, one must be wary that policy terms will vary from one policy form to the next, and some will have coverage terms superior to others.

When I Googled "should I buy the rental car damage waiver, I got 40.6 million hits. Needless to say, much has been written about this issue. But much of what has been written is BAD (aka horrible and dangerous) advice.

If you have auto insurance, is that good enough? What about credit card coverage? This article explores the issues and suggests some answers, at least one of which you might not like. (Note: This article builds on an article I first published in 1998, titled "Top 10 Reasons to Purchase the Rental Car Damage Waiver."]

The vast majority of consumer articles suggest that the purchase of the loss damage waiver (LDW) is not necessary if you have auto insurance or credit card coverage. For example, in a 2014 article in U.S. News & World Reports titled "7 Costly Car Rental Mistakes to Avoid," the very first "mistake" involves buying insurance you don't need. The article says your auto insurance policy "may" cover collision and quotes someone who says, "The credit card coverage will kick in for anything your personal policy doesn’t cover." Needless to say, "may" and "will" are two different things.

While many auto policies and some credit cards may provide coverage for damage to a rental car, it is almost certainly not complete, and four- to five-figure uncovered losses are not at all uncommon. The purchase of the LDW (with caveats), along with auto insurance, provides a belt and suspenders approach to risk managing the rental car exposure.

Let's explore the value and deficiencies of auto insurance, credit card coverage and loss damage waivers.

Personal Auto Policies

In the article I wrote in 1998 and have since updated, I enumerate many reasons why buying the loss damage waiver is a good idea. I won't repeat those reasons in their entirety, but I'll highlight the more important issues that have resulted in uncovered claims that I'm personally aware of, based on more than 20 years of managing such issues. We'll start with the current 2005 ISO Personal Auto Policy (PAP) as the basis of our discussion, with some references to non-ISO auto policies.

The ISO PAP extends physical damage coverage to private passenger autos, pickups, vans and trailers you don't own if at least one declared auto on your policy has such physical damage coverage. But physical damage coverage does not extend to a motor home, moving truck, motorcycle, etc. that you are renting.

Damage valuation is on an actual cash value (ACV) basis, while most rental agreements require coverage for "full value" (translation: whatever the rental car company says is the value), and most PAPs exclude any "betterment" in value.

Many non-ISO PAPs have an exclusion or dollar limitation on non-owned autos or specific types of rental vehicles such that rental, for example, of an upscale SUV or sports car may have limited or even no coverage.

Many PAPs limit or do not cover the rental company's loss of rental income on a damaged auto. There is often an option to provide increased limits for this coverage, but many price-focused consumers may decline such coverage. Even where this coverage is provided, many insurers may only be willing to pay for the usage indicated by fleet logs while the rental agency wants the full daily rental value. In one claim, the renter was charged $2,000 more than his insurer was willing to pay. In another claim involving a luxury car that was stolen from his hotel parking lot, the renter was hit with the maximum daily rental rate of $300, for a total loss of use charge of $9,000 (that he negotiated down to $4,500). In still another claim, following the 2011 tsunami that hit Japan, replacement parts for a rental car were unavailable for several months, and the renter incurred a $6,000 loss-of-use charge by the rental car company.

Probably the most significant deficiency in the PAP is the lack of coverage for diminished value claims. That's the #1 reason I always buy the LDW. I’m personally aware of uncovered diminished value charges of $3,000, $5,000, $7,000 and $8,000 and read about one from a reliable source that totaled $15,000 on an upscale SUV rental.

In one case, a Florida insured traveled to Colorado for a rock-climbing vacation. He passed on purchasing the LDW for his four-day rental because "I'm an excellent driver, and I've got car insurance and credit card coverage." Apparently, the driver of the vehicle that sideswiped his rental car while it was parked was not an excellent driver. The damage totaled $4,400 for repairs, $370 for administrative fees, $620 for loss of use and $3,100 in diminished value. Of the $8,490 total, $3,990 was uninsured and not covered by his credit card, the biggest component being the $3,100 diminished value charge. In addition, the driver ended up having to hire a Colorado attorney to assist in resolving the claim. The cost of the LDW for the entire trip would have been less than $100, a small fraction of the total cost of his vacation trip.

When insureds travel on business or vacation, a rental car is often valet-parked at a hotel or restaurant. The ISO PAP extends physical damage coverage for non-owned autos "while in the custody of or being operated by you or any 'family member'." So, the question is whether the vehicle is still in the custody of the insured while it's being valet-parked or otherwise in the custody of the valet service. If you don’t know and you’re relying on your PAP for coverage, the best advice is probably to not valet-park a rental car.

There are many other deficiencies in the ISO PAP that apply, and you can read about them in the previously mentioned "Top 10" article on our website. The last point I'll make is a reminder that the majority of auto policies in the marketplace are not "ISO-standard" forms. (To learn more about that, Google "independent agent magazine price check.") Despite what you may be led to believe by auto insurance advertisements or articles that imply that all auto policies and insurers are the same, there are potentially catastrophic differences, including coverage deficiencies with regard to rental cars. There are unendorsed non-ISO policies that don't cover non-owned autos, period; others that exclude business use of such autos or non-private passenger vehicles (this one shows up in policies of major national carriers, not just "nonstandard" auto insurers); others that exclude vehicles that weigh more than 10,000 pounds; and so on.

Conclusion? An auto policy simply is not adequate to cover the rental car physical damage exposure.

Credit Card Coverages

Read a few of the many articles on the Internet about using credit card programs to fund damage to rental cars, and you would think that little more is needed to adequately address the exposure. Unfortunately, credit card programs have as many, or more, deficiencies as does the PAP alone. Anyone relying on auto insurance and credit cards would be well-advised to study the credit card programs. In his article, "Rental Car Agreements, LDWs, PAPs, and Credit Cards," David Thompson, CPCU writes:

"Many major credit cards provide some limited, free coverage for rental cars. Most post the provisions related to rental cars on the card issuer's web site. While these can run several pages, three specific conditions [that] limit, restrict or invalidate the free coverage are show-stoppers. For example:

"The following conditions limit, restrict, void or invalidate the auto rental damage waiver (DW) coverage provided by your credit card:

"(1) This auto rental DW supplements, and applies as excess of, any valid and collectible insurance. For coverage to apply, you must decline the DW offered by the rental company.

"(2) The following losses are not covered by this auto rental DW coverage: (a) Any loss [that] violated the rental agreement of the rental company; (b) Any claim for diminished value of the rental car.

"(3) Any loss or damage to certain types of vehicles—see list."

In other words, (1) credit card coverage is excess over ANY collectible insurance, (2) you must decline the rental company's LDW, (3) violation of the rental agreement precludes coverage, (4) like the PAP, there is no coverage for diminished value, which we've seen can total thousands of dollars and (5) certain types of vehicles are excluded. Excluded vehicles may include pick-up trucks, full- sized vans and certain luxury cars.

And these are only part of the full list of limitations often found in these programs. Another common limitation is that loss of use is only paid to the extent that the assessment is based on fleet utilization logs. One major credit card only covers collision and theft even though the rental agreement typically makes the user almost absolutely liable for all damage, including fire, flood and vandalism. Some credit cards offer broader optional protection plans, but typically they also exclude coverage if there is a violation of the rental agreement and don't cover diminished value.

Another issue with reliance on credit cards is that the rental company may charge uncovered fees that max out the credit limit on the card. If you're 1,000 miles from home on vacation with a maxed-out credit card, that can present problems.

Loss Damage Waivers

Many people don't buy the rental car company's LDW because they think they have "full coverage" between their auto policy and credit cards. Many see what can be a significant charge and choose not to buy the LDW on the premise, "This'll never happen to me."

I rarely rent cars on business trips or vacation, but I experienced a major claim with a hit-and-run in a restaurant parking lot the night before a 6 a.m. flight. I had bought the $12.95 LDW for my four-day trip, so I simply turned in the vehicle at the airport with little more than a shrug.

Thompson, who rents cars fairly often, says he has walked away from damaged cars three times. Returning a rental at the Ft. Lauderdale airport, Thompson asked the attendant how many cars a month are returned with damage. She responded that, in her typical 12-hour shift, 15 cars are returned with damage and, in most cases, the damage was allegedly caused by someone else, not the renter. She estimated that only about 15% of renters buy the LDW.

The cost of the LDW admittedly can be significant, especially if you extrapolate what the effective physical damage insurance cost would be at that daily rate. But that's only one way to view the investment in peace of mind, not to mention the avoidance of what can be significant claims.

On an eight-day vacation last year, the LDW cost me more than the actual rental and, in fact, more than my airline ticket. But I considered the LDW part of the cost of the vacation.

Is the LDW all you need? Is it foolproof? Well, kind of, as long as you follow the rental agreement. If you violate the rental agreement, you are likely to void the LDW. Many rental agreements consider the following to be violations:

• Driving on an unpaved road or off-road (often the case in state or national parks or states like Alaska and Hawaii).
• Operation while impaired by alcohol or drugs.
• Any illegal use (parking violations?), reckless driving, racing or pushing or towing another vehicle.
• Use outside a designated territorial limit.
• Operation by an unauthorized driver.

This illustrates the advantage of using the belt and suspenders approach of the PAP plus the LDW. The ISO PAP does not exclude the first three rental agreement violations, and the territorial limit is usually broader than any restrictive rental agreement territory outside of Mexico.

As for unauthorized drivers, some rental companies may automatically include a spouse or fellow employee or authorize them to drive for a fee. More often, the renter never reads the rental agreement and presumes anyone on the trip can drive. In one claim, a father and son were on vacation, and the father rented a car. The son had a driver's license but was too young under the rental agreement to drive the car. The rental clerk made this clear at the time of rental. Despite knowing this, the father allowed the son to drive, and he wrecked the vehicle. Not only was the LDW voided, the father’s non-ISO PAP excluded the claim because the son was not permitted to drive the car.

A special case of unauthorized drivers could be-valet parking at a hotel or restaurant. Some agreements might except valet parking, so it's important to determine at the time of rental whether valet parking is covered.

A note on third-party LDWs: In 2011, a fellow CPCU rented a car through Orbitz or Expedia, which offered an LDW at the time of the reservation. He mistakenly assumed this was the same LDW offered by the rental car company, but it was underwritten by a separate entity. During his trip, the rental car was damaged by a deer on a rural Montana road. To make a long story short, the third-party LDW was not a true "no liability" LDW warranty of the type offered by the rental car agency, and the result was, after negotiations on the uncovered portion of the charges (including diminished value), he had to pay in excess of $1,000 out of pocket.

Conclusions

When I rent a car on a business trip or vacation, I price the rental to include the LDW and make my decision, in part, on that basis. The peace of mind alone is invaluable, and, again, I consider the cost to be comparable to my decision to stay in a decent, secure hotel.

If you rent cars frequently, consider negotiating a price including LDW with one or more rental car agencies. Otherwise, caveat emptor. If you are an insurance professional giving advice to consumers about whether to purchase the LDW, it would likely be in your and your customer's best interest to recommend consideration of the LDW. Your E&O insurer will appreciate it.

In "Colin's Kaizen Corner"--a 26-part learning series, I explain the principles of kaizen, lean manufacturing and respect for people -- each a cornerstone for transforming a culture, improving productivity and implementing a continuous improvement program.

In addition, each week I'll digest a principle of kaizen to achieve these outcomes, explain what we're doing today, what happens when we get it wrong, what happens when we do it better and why it matters today more than ever, to stay on a continuous journey of improvement.

The value of a new corporate improvement or strategic acquisition is easily estimated for most investors. Calculating future anticipated cash flows, measured over a specific period in today's dollars, yields the improvement's net present value.

But leadership isn't so easily measured, nor is the future value that an effective or ineffective leader begets.

Sure, tools like return on investment (ROI) and earnings before interest and taxes (EBIT) help us measure whether executives are investing money wisely to maximize dollars that may sustain the future of the company. But the tools are based solely on what we know, not what we don't. Of course, there's no way to value something you don't know exists; that is, until someone discovers it does.

Valuing human productivity and the intrinsic satisfaction employees receive from being able to do their jobs well doesn't show up anywhere on even the most complex of income statements. Neither does the value created or destroyed from a lifetime of leaders who either nurtured man's most important attributes, or ruined them altogether.

The problem is that ROI, EBIT and similar tools do nothing to help place a value on, and encourage, man's discovery of the unknown. To identify and fix that which isn't broken. To look outside the box.

It is this intrinsic curiosity-our yearning for learning-that makes us unique within the mammalian class. We aren't just members of a "clade of endothermic amniotes distinguished from reptiles and birds by the possession of hair, three middle ear bones, mammary glands and a neocortex" (as Wikipedia defines mammals). Nor do we just survive on instinct as other mammals do.

We're provided with daily opportunities to detect and correct errors in our thinking. Our intrinsic yearning for learning constantly encourages us to explore that which we think we understand.

Man has the choice to continuously improve upon his own knowledge base, or demand that others accept pre-determined answers-a radical difference in leadership style between those who lead by kaizen and those who lead by control.

Like scientific discovery, effective leadership creates for the curious a culturally acceptable and true belief in the ignorance of experts.

But man's creativity and curiosity still don't show up as direct value or loss through the eyes of a customer. And they're certainly not measurable; that is, without the proper tools.

And that's why ROI and EBIT -- the preferred tools for modern investing and modern valuation -- are precisely the wrong tools for measuring human productivity, the value of an acquisition and the value of a business itself.

For if human capacity is assumed to be x, and man's true capacity is actually y, without regular corporate and personal discovery neither man nor machine gets its best chance at material improvement.

Using ROI and EBIT, we've created a culture of mind-numbed business robots. Really smart children, teenagers and adults, being robbed of their intrinsic motivation because of diminishing human valuations. It's as if they were rusting old farm equipment, with just a few years of straight line depreciation left on an otherwise highly appreciable asset.

Nothing could be further from the truth. People have exponential value.

Years of poor parenting, leadership, primary education systems and business school professors have finally brought our chickens home to roost. In fact, as Dr. W. Edwards Deming said nearly 50 years ago, if the U.S. wanted to destroy a country, then all it had to do was export its business management and leadership practices.

Today, we know the enemy even better, and it is still us.

An enemy where large lots of wasteful activities exist, yet few executives are visible to help employees improve; an enemy where waste prevents employees from doing their jobs with purpose, joy, accuracy and speed.

Sadly, more executives today than ever before are searching for value within a spreadsheet or income statement. We fail one another when we refuse to look for loss at the precise location where value is created and where crimes of waste are most frequently reported.

To create a better opportunity for human development and true personal productivity, let's turn to respect. Because respect leads productivity by a long shot as the single most important aspect of man's institutional existence.

Let's provide an institutional daily dose of improvement that is eloquently simple: Continuously help me change, and always help me make it for the better. Because good change nurtures and replenishes my mind, heart, body and soul's constant need for continuous improvement.

By appreciating systems thinking and human psychology-only two parts of a four-part system, but integral components nonetheless-we can easily find opportunities for mankind to improve.

An entirely new system, which identifies what value means to customers rather than stakeholders, can easily bring about a different culture. A culture that even our most seasoned leaders currently don't believe in, currently can't measure and clearly don't currently understand. A culture that should be helping everyone improve that which we cannot see or measure.

This keynote address was delivered to the EY/Insurance Insider's Global Re/Insurance Outlook conference at the Hamilton Princess Hotel in Bermuda.

It's a pleasure to be here this morning. I appreciate being invited to offer some thoughts on the state of our industry and where we seem to be headed.

If you'll indulge me for a few minutes, I'm going to look back at 2015 before I look forward to 2016. It feels like the right thing to do, given the year we've had.

I don't know about all of you, but for me 2015 has come and gone in the blink of an eye.

And what a year it's been.

You could invoke Dickens and say: It was the best of times. It was the worst of times.

This was the year that a youthful head of state swept into office in Canada on a promise of "sunny ways" - and it was the year that terror ripped through a nightclub in Paris, and a Christmas party in San Bernardino, CA, shattering our personal sense of security.

It was the year that the pope declared a Holy Year of Mercy, and it was the year that more than a million refugees streamed out of the Middle East and into Europe, in a desperate attempt to escape a jihadist war.

It was the year that almost 200 nations signed a landmark agreement to address climate change, and it was the year that another once-in-100-year flood lashed northern England for the second time in less than 10 years.

It was the year that the concept of "the singularity" - when human computing is overtaken by machines - became a distinct possibility.

It was also a year when driverless cars, packages delivered by drone and 3D printing became tangible realities.

Here in Bermuda, 2015 was the year that signaled the demise of a brand name close to my heart - that would be ACE - as M&A fever reshaped the island's market landscape. It was also the year that the Bermuda Monetary Authority pulled off a coup - seven years in the making - by getting the European Commission to grant us Solvency II equivalence.

2015 was the year when Millennials - the generation born between the late '80s and the turn of this century - became the largest demographic ever. Think about it. More than half the world is now under the age of 30.

And it was the year when we truly began to exit a world driven by an analog mindset and woke up to the fact that we're living in a digital age. Labels like digital immigrants and digital natives were used to describe two of the four generations now making up our labor force.

I was invited to speak at a number of different venues this year, and, at each, I tried to describe this sense of being between two worlds.

I'd like to share some of the highlights with you, as I think these issues are going to be key to transforming our industry.

The first speech I gave this year was called "Risk in 140 Characters."

I was speaking to a group of Millennials in London, and I used Twitter as an example of stripping out inefficiencies to get to the core of a business model. I challenged them to figure out how we can leverage technology to make our industry more efficient.

I also challenged them to spread the word about the industry to their peers. Millennials don’t think much of insurance as a career. With 400,000 positions opening up in five years in the U.S., this lack of interest is creating a talent crisis.

The next speech was "Can We Disrupt Ourselves?"

I spoke to the International Insurance Society in New York a few weeks after I spoke to the Millennials in London, and described some of the game-changing forces our industry is facing - driven by disruptive technology.

I challenged this group - who represent executive management - to figure out how to attract a new generation to our industry, AND to figure out how to work with them. The solution to our disruption will come from the digital natives among us.

Then there was "Where Are the Women? One Year Later."

In 2014, I gave a speech called "Where Are the Women?" I asked why there aren't more women in the C-suites and boardrooms of the insurance industry.

This year, I looked at whether much has changed in a year - the answer is no - and what might be done.

The short answer is that people like me - the white males who dominate our industry - need to make gender parity and diversity a priority, and mean it.

A speech I gave to St. John's University's School of Risk Management was called "The Canary in the Coal Mine."

St. John's organized a day-long conference on issues facing the industry. I talked about M&A, alternative capital and the changing roles of brokers, cedants and reinsurers.

I also addressed the talent crisis, making the point that Millennials are the canaries in the coal mine.

If we don't pay attention to what they're telling us about our workplaces and work policies - and this includes our attitude toward diversity and inclusion - they're going to continue to snub our industry. And we can't afford to let that happen. Not only are they our future workforce, they're our current and future customers.

An address to 400 top producers of a brokerage firm was called "Do You Know How to Think Like a Unicorn?"

In Silicon Valley, companies backed by a $1 billion or more in capital are called unicorns, and those backed by more than $10 billion are called "decacorns." There are more companies with this level of capitalization now than at any other time.

And remember, most of these are tech start-ups, many of which are behind the disruption that's transforming our world.

I told the brokers that, in the digital world, they need to know their clients' business, and their clients' risks, better than the CEO does.

There's currency in knowing how to interpret data, and brokers have a great opportunity to develop specialized skills that they can monetize.

That's where the real value-add is.

According to a recent study by IBM, C-suite executives around the world are kept awake at night worrying about being ambushed by so-called digital invaders.

More than 5,000 executives participated in the IBM study. More than half of them told researchers that, above all else, they fear being "Uberized" - blindsided by a competitor outside their industry wielding disruptive technology.

While loss activity, interest rates and pressure on terms and conditions will always affect underwriting and financial performance, it's now a given that technology and talent will determine who will succeed and who will fail.

So, I asked the brokers: do you know how to think like a unicorn?

I was told later that this firm is now describing itself as a technology company whose product is insurance - so I guess they took my suggestions to heart.

So this year, I focused on five main themes:

• We still have rampant inefficiency in the way much of our business is conducted.
• We're threatened by technological disruption.
• We have unprecedented risks for which there are no actuarial data.
• The roles we play are being reinvented in real time.
• And we have a looming talent crisis.

Not a pretty picture, and not for the faint of heart.

But what scope for innovation!

I really do believe this is one of the most exciting times to be working in this industry in the 40 years since I joined it.

We enter 2016 with the hope that terms and conditions will improve, and the expectation that industry consolidation will continue.

[The recent increase] in interest rates could mean that our capital may take a hit, but we're likely to earn greater investment income over time, leading to increased revenue.

But these are the traditional hallmarks of a market cycle. This is the easy stuff.

There's nothing easy or traditional about what's facing our industry right now. Those of us who cling to the old way of doing business aren't going to make it.

It's the manner in which we navigate from the analog to the digital - how we move between two worlds - that will set our future course. This is going to take bold, courageous moves, some leaps of faith and a willingness to fail as often as we succeed.

I think it's telling that [in November] about 200 industry representatives and entrepreneurs gathered in Silicon Valley to figure out how to change the traditional insurance model.

They felt we need to flip the value proposition from protection to prevention, using data analytics to define the characteristics of a risk and identify how to avoid it.

A report on this conference described it this way:

"One of the biggest challenges for successful executive teams is to reframe a company's purpose away from its past greatness, and toward a different future."

We've been an industry where past is prologue. But for many of the risks we're facing, there is no past.

It really shouldn't matter. We're awash in data, but data pure and simple isn't the point.

We need to harness data to predict the future - in other words, adopt the prevention mindset.

The issue isn't simply gathering massive quantities of data. We need to take the data we have and know how to ask the right questions, and refine the right algorithms, to get the analysis we need to provide our products quickly and efficiently to a world doing business on smart phones.

To create the best risk solutions, we need to redefine the relationships we have with each other and build new organizational ecosystems. This is no time for staying in our traditional comfort zone.

And as an industry whose purpose is to secure the future, we have a collective obligation to address the massive protection gap between the developed and emerging economies.

In 2014, there were an estimated $1.7 trillion in losses. $1.3 trillion of that number was uninsured.

With collaborative undertakings like Blue Marble, the microinsurance consortium that was launched this year, we can begin to close this gap. This not only helps prevent disaster for the underserved, it helps build a sustainable planet.

I know we can figure out how to re-create our workplaces, finding ways to meld the experience and traditional perspective of Baby Boomers like me with the open, diverse, purpose-driven focus of Millennials.

This might be one of our greatest challenges, because it aims straight at the heart of our industry's old-school DNA.

By the way, I like that Millennials are purpose-driven - because what industry can more rightfully lay claim to purpose than insurance?

As I said in one of my earlier speeches, insurance should be catnip to a Millennial.

Several of us are banking on that being true by supporting an awareness program to let the younger generation know that this is a great career choice.

I've been joined by Marsh's Dan Glaser and Lloyd's Inga Beale in signing a letter urging our fellow CEOs to put their companies' weight behind this initiative.

The first phase of this plan is an Insurance Careers Month that will be launched in February 2016. This is primarily a U.S.-based project because that's where the urgent need is, but other markets will be participating, too. We were aiming to enlist the support of at least 200 carriers, brokers, agents and industry partners - and at last count we had almost 260 signed up. The response has been great.

So, in closing:

It HAS been quite a year.

The way we live and work is changing faster than I think any of us thought possible. We have some amazing challenges and opportunities ahead of us - here in Bermuda, and in the countries where many of us do business.

I'm excited about where we're going and how we'll get there, and I hope you are, too.

I believe it's the best of times.

In the meantime, I hope you all have a great morning of provocative thought and discussion, and I wish you a safe, happy and healthy holiday season.