Amid all the stories about the death last week of Hulk Hogan, one point is overlooked: the impact he had in getting companies to break out of the straight-laced marketing of the 1980s and see the potential for offbeat characters, even including antiheroes. 

For insurers, I don't think it's a stretch to say Hogan was the father of Mayhem and perhaps the godfather of oddball advertising icons such as Flo, the gecko and the emu. 

I say this both as an observer of insurance and as something of a student of pro wrestling. For a front page article in the Wall Street Journal, I attended a school for pro wrestlers in 1989 and wrestled a match on cable-TV, and the experience left a mark on my curiosity, as well as on my vertebrae and ribs. 

But Hogan didn't just show the value of creative branding; he also showed how important it is to always protect the brand and how quickly you can lose your following. 

Here is what a State Farm commercial looked like in 1988, after Hulkmania had begun but before it spread broadly beyond the world of pro wrestling. The ad was earnest and straightforward, seemingly based on real people. 

I won't even bother to provide an example from today, because all you have to do is turn on your TV and you'll be pelted with all sorts of characters who couldn't exist in the real world, including Mayhem, who might as well be a clone of the early incarnation of Hulk Hogan — evil but powerful and someone you kind of like despite yourself. 

Yes, of course there were other influences on the evolution of advertising, but I think Hogan was especially powerful because he blurred the traditional lines in wrestling and became wildly famous for doing so. Historically, there have been heels and faces (the good guys) in wrestling, but the categories were fairly static. Yet Hogan began his career as a heel, with his long, platinum hair and horseshoe mustache, before becoming a face and then sometimes switching personas over his long career. He opened the way for a much broader array of faces — and marketers in insurance, as elsewhere, took notice. 

Hence: Mayhem, Flo, the gecko, the emu and so on. 

(I learned the power of the face/heel distinction in my one match, in a college gym outside Philadelphia. I never for a second even thought about whether I'd be seen as a good guy. I mean, I'm a nice guy. Ask anybody. But my opponent, Tricky Nikki, who had often performed there, was a face, and that made me the heel. As the match progressed, I thought I won some respect and heard the crowd start chanting, "Wall Street, Wall Street...." But when I got a copy of the broadcast a couple of weeks later, I realized that the 800 or so people there were actually chanting, "Bull-s**t, bull-sh**t...." Oops.)

The cautionary part of Hogan's tale is that, once you've established a popular brand, you have to maintain it constantly. The New York Times obituary quotes Hogan, whose real name was Terry Bollea, as saying, “The moment I come home, the headband comes off the bald head, and it’s just Terry: dad, father, husband, friend.... The problem is, the moment I leave the house, the moment I walk out the front door, the world doesn’t want Terry. The mailman goes, ‘Hey, Hulk.’"

Hogan damaged his brand badly when a tape surfaced of him having sex with a friend's wife. He won an invasion of privacy suit against Gawker and put it out of business for sharing part of the tape — though controversially, as billionaire Peter Thiel was revealed as financing the suit. But a tape surfaced of Hogan calling himself "a racist, to a point," and using the N-word during the sexual encounter.

For insurers, I'd say the lesson is that if you're Lemonade and brag about having once settled a claim in three seconds, you'd better be fast on every claim. If you're State Farm and have established a quirky, friendly personality with your ads, you'd better be careful about asking for huge rate increases on homeowners insurance after wildfires in California. 

Consumers don't forgive, and they don't forget, at least not for years. 

Hogan was eventually accepted back into the pro wrestling world, which can be quite forgiving for its heroes, but later alienated part of his fan base by appearing at the Republican national convention last summer. Whether you think that made him a face or a heel depends on your politics, but he certainly adopted a heel's affect by tearing off his suitcoat and shirt to reveal a Trump/Vance T-shirt. Being a heel had certainly worked for him before. 

Hogan was so popular when I did my wrestling story that I wanted my nom de guerre to be a play on his. Given where I lived at the time, I wanted to be Hulk Hoboken (at 5'9" and 160 pounds), even though the guy running the wrestling school listed me as the Wall Street Warrior. 

Hogan's death feels like the end of an era. But his impact — and, I hope, the lessons from his life about the power of creativity and the need for vigilance about maintaining a brand — will live on.

Cheers,

Paul 

P.S. While I've singled out Alan Demers's piece about Hogan and the insurance ecosystem as one of the six articles to focus on this week, I'd be remiss if I didn't mention it here. It's not only very smart, but it's what got me reflecting on the wrestler's influence on insurance. 

Prevention in Modern Underwriting: How to Shift from Reactive to Proactive Risk Management

Traditional underwriting still relies heavily on historical claims data. As a result, risk management can only be reactive, acting “after the fact”. As we face an industry where margins are tightening and climate-related risks are growing, this reactivity is no longer enough. Proactive risk management, which heads off these losses before they occur, rather than responding after the fact, is critical.

Below, we look at how prevention technology is transforming underwriting and how using a service like bolt’s Prevention Technology helps reduce loss frequency before it happens.

Traditional Reactive Models: Challenges We Need to Escape

In the insurance industry, traditional underwriting models rely mostly on historical claims data to predict future risk. While this retroactive approach served us well for many years, it no longer addresses some critical modern realities. Underwriting innovation, especially in prevention technology, is essential to reinvent how we think about doing business in insurance.

The reality is that many losses are preventable – if consumers are using the right technology to alert of potential risk. Data-driven underwriting and predictive insights in insurance open up many new possibilities.

Consider these sobering statistics:

• Water damage comprised close to 24% of all US homeowners’ insurance claims, with 32% noting they’ve experienced an “adverse weather event” over the last five years.
• On average, these damage claims exceed $12,500 per event, costing insurance companies more than $13 billion annually.
• Water/freezing damage is the second most frequent claim after wind and hail damage. 

Then there’s the real kicker: weather-related catastrophes where damages cross the billion-dollar mark have risen from 3.3 events per year to more than 17 annually since the 1980s.

There’s a pressing need for underwriting innovation, as this escalation exposes the weaknesses in traditional insurance risk selection processes. The missing key? Real-time visibility as risk conditions evolve. If underwriters are confined to assessing risk at only a single point in time – such as when policies are taken out or renewed – they have no chance to influence risk outcomes over the policy lifecycle.

New Proactive Risk Management: The Solution to Traditional Underwriting Weaknesses

Proactive risk management is a key facet in modern underwriting innovation. And it’s being driven by new technology offerings. Traditional underwriting and its dependence on historical claims data fails to address preventable losses, driving up claim severity and frequency.

However, by integrating real-time monitoring, IoT sensors, and better use of predictive data, underwriters can help prevent claims – before they occur. This proactive risk management helps to return profitability to underwriting, reducing claims costs and allowing more accuracy in pricing strategies.

IoT Sensors in Underwriting

Until now, we’ve only had historical data to rely on. With the growth of the Internet of Things, or IoT, underwriters can now benefit from continuous and real-time information about insured assets or properties.

Smart sensors, for example, detect early warning signs of potential damage, such as water leaks or frozen pipes. They can even detect subtle issues, like electrical anomalies and structural weaknesses. This helps facilitate intervention before minor issues become major claims.

There’s significant interest in using IoT sensors in underwriting, alongside other AI-powered solutions. Even in 2019, 44% of the Top 100 insurers had already introduced this kind of intelligence into their operations, with 39% piloting it actively. Large residential property insurers indicated a massive 70% were interested in these solutions. However, while 42.8% of those using machine learning have already implemented it for auto insurance, there are only 8.6% who can say the same in home insurance. 

However, real-time sensor data can improve damage assessment accuracy by up to 40%, reduce fraud by roughly 35%, and cut claims processing time by up to 50% while improving response times by as much as 70%.

But this level of impact is only achieved in an actively managed program. Otherwise, the carrier is reliant on self-selection by engaged policyholders, which limits results. Bolt has found that with managed engagement and rapid response it is possible to meaningfully lower non-weather water risk. In fact, our revised rate filings show a three to eight times increase in effectiveness compared to passive approaches.

Data-Driven Underwriting

Data is king for effective underwriting. Being able to bring data from connected devices alone has value, as we noted above. Now add the ability to crunch data on weather patterns, analyze building specifications, and even introduce data on behavioral indicators. 

Together, this gives underwriters embracing underwriting innovation almost unprecedented insights into risk profiles. With these predictive insights in insurance, carriers can more accurately segment customers by:

• Identifying high-risk properties that may appear deceptively “normal.”
• Recognizing low-risk properties that conventional underwriting may misclassify.
• Developing dynamic pricing strategies, reflecting real-time risk conditions.
• Incentivizing (and rewarding) risk-reducing behaviors among policyholders.

Prevention Technology in Action with bolt

This growing need for proactive risk management and smarter underwriting innovation was one of the key drivers behind bolt Prevention Technology, which integrates seamlessly into underwriting, claims, and even policy workflows, offering actionable risk insight to reduce water-related losses at every step.

bolt Prevention Technology has been proven to decrease water loss claim frequency by 39% and severity by 12%, helping insurers cut costs and improve profitability. As bolt CEO, Jon Walheim, notes, many sensor programs fail to drive policyholder engagement or integrate risk insights directly into carrier workflows.

Historically, it has been challenging to unite sensor adoption and policyholder engagement for sensor providers alongside carriers. What sets bolt Prevention Technology apart is the ability to leverage bolt’s integration to carrier systems create our unique and effective loss mitigation experience.  We help insurers bridge that gap, ensuring actionable prevention data, targeted follow-ups, and better compliance, leading to lower risk and measurable claim reduction for better underwriting performance.

Additionally, bolt Prevention Technology provides automated notifications and guidance, ensuring sensors are used properly to minimize non-compliance and remove inactive devices. Carriers can also work with a range of sensor partners, allowing insurers to customize and scale as needed by different risk profiles. 

With simple integration into existing underwriting workflows, there’s no need to overhaul operations. bolt’s Prevention Technology will fit into current processes, offering new prevention capabilities through:

• Stronger Risk Selection: Identify optimal candidates for prevention programs, using property characteristics and risk algorithms.
• Dynamic Risk Assessment: During the policy lifecycle, real-time data allows carriers to update risk profiles continuously, for more precise policy administration.
• Pricing Optimization: Using relevant and specific data for each property or asset helps keep pricing optimized and realistic.
• Risk Intervention Opportunities: Education and adoption change the fundamental risk profile as sensors increase awareness and can detect policy impacting concerns, then automatically alert policyholders so minor issues don’t escalate.
• Claims Integration: In the event of a loss despite these preventative measures, data history offers adjusters the insights they need to streamline the claims process and carriers insight to future prevention.

Using tools like bolt Prevention Technology to foster proactive risk reduction alongside underwriting innovation helps insurers deliver value throughout the insurance lifecycle. The result? Improved outcomes for both carriers and customers.

Implementing Proactive Risk Management in Your Underwriting Strategy: Actionable Steps

For carriers looking to improve their proactive risk management, the path can seem overwhelming. However, with the help of bolt’s Prevention Technology, implementing predictive insights in insurance needn’t be a headache.

We suggest that carriers start by assessing their portfolio to identify where the highest loss ratios or more preventable claims occur. For many, that will be water damage in residential properties, as we’ve examined, and also specific commercial risk segments.

From here, carriers can launch targeted pilot programs, establishing clear data metrics to track success across financial and customer experiences. Next, look at working with a prevention partner like bolt, with the experience to integrate our technology with existing policy management or underwriting systems.

Lastly, make sure underwriters are equipped to incorporate this prevention data into their existing decision-making, and look to developing pricing structures to incentivize and reward policyholders for participating in prevention programs and keeping their risk low.

Embrace a Preventative Future with Proactive Risk Management and Data-Driven Underwriting

The shift to proactive risk management is set to transform how the industry thinks about underwriting. Reducing loss frequency isn’t just about carrier profitability, although that’s always a compelling side effect.

When carriers embrace predictive insights in insurance, they shift from being a “pay platform” that only reacts after disasters to being active partners in risk mitigation. 

As claims escalate in severity and climate risk intensifies, carriers who wish to thrive need to move past reactive models and embrace the power of prevention through underwriting innovation.

If you’re ready to take your underwriting from reactive to proactive, bolt can help you integrate prevention technology into your workflows hassle-free. Learn more about bolt Prevention Technology, or contact us for a demo today. 

Sponsored by ITL Partner: bolt

It's sometimes said, by those observing the geopolitical unrest, the economic stresses, the warming climate, and the fierce debates over culture and policy, that the world is coming apart. But it would be truer to say that it is, in fact, knotting itself more tightly together.

Consider the following scenario: The climate crisis makes extreme weather more common. Fires and floods damage roads, ports, data centers, factories, and other critical infrastructure. Damaged infrastructure disrupts supply chains, leading crops to fail, ships to be delayed, and energy to become scarce or costly. Prices rise. Trust in institutions falters. Unrest brews. Now concerned with problems at home, states turn inward. Protectionist policies are signed into law. Internal conflicts, over tax, trade or migration, grow more intense. The economic and social instability makes for fertile ground for geopolitical unrest. Nations target each other's infrastructure, companies or information systems. Cyberattacks, state-sponsored and otherwise, rise. That weakens our response to climate disasters. And so the cycle begins again.

Even presenting this as a cycle is slightly misleading. This phenomenon involves overlapping, interlocking risks. The link between cause and effect becomes less and less easy to see. These challenges I've mentioned are almost like different threads in the same tangled rope.

What is going on here?

The answer to that question was given some years ago by the late French philosopher Edgar Morin. What Morin perceived is that in a globalized and increasingly complex world, challenges would not arrive one by one but all at once – that they would be linked, layered and mutually reinforcing. He was writing in the early 1990s, just after the end of the Cold War, and noticed that the rapid expansion of economic globalization threw light on how deeply connected national economies and infrastructures had become. Societies were vulnerable to disruptions that could quickly escalate from apparently isolated local incidents to complex international crises.

Morin was drawing on emerging concepts in systems theory and complexity science. These fields are interdisciplinary or transdisciplinary, involving the study of cohesive groups of related, interdependent components that can be natural or artificial. The fields appeared because it was becoming increasingly plain that we live in a world of systems: climate, energy, digital, economic, political. Each of these is complex enough. Morin's insight was seeing what happened when these overlapped. A political shock in Eastern Europe can drive up food prices in Nairobi. A data breach in Tokyo exposes infrastructure vulnerabilities in São Paulo. One crisis bleeds into another. This is a "polycrisis."

It's easy to see what a challenge this poses for insurance. Tasked with ensuring societal resilience, the world's major insurers have to find a way to grapple with a risk landscape so complex that some are already stepping back. The shift in mindset and approach needed to move from a place where crises are seen as separate events, with their own models, to one where there is really one major crisis that is more than the sum of its parts, is daunting, to say the least.

Given the complexity, and given the cascading nature of polycrisis events, the only practicable approach is to rethink the character of insurance itself. Insurance, traditionally, helps people to recover what they've lost in the wake of a disaster. That's a simplification, of course; but for our purposes here it'll do. Now, insurers have to stop events from happening in the first place, insofar as it's possible, and to prepare their clients well in advance of something happening, should it happen anyway.

No, insurers don't have a crystal ball. But they do have something a little like one. We're already using satellite data to predict fires and floods and monitor fire spread and flood zones in real time. Already, we can use vulnerability analyses and human training programs to protect companies from cyberattacks (most breaches come about because of human error within the company, making the creation of a "human firewall" paramount). We can bring geopolitical intelligence, provided by geopolitical consultants with deep expertise working within governments and their security services, to make sure companies have as much knowledge as is feasibly possible and can make decisions with it in mind.

This is not an exhaustive list of what insurers are now able to do, but they give an idea of the role that technology can play in addressing the biggest challenge that insurance has ever faced. The tools available to us are transformative. They redefine what insurance is, but to the degree that the role of insurance is to ensure societal resilience, they in fact "complete" insurance, allowing us to be the very best version of ourselves. We are becoming a proactive partner, and in a world like this, that's exactly what businesses need.

Let me be clear: The polycrisis can't be solved. But it can be navigated. Businesses can become more resilient and robust, and the protection gap can be closed. That means that those who run and work in those businesses can sleep soundly and chart a course across the choppy waters of this polycrisis.

This is the future of insurance, and it's already here.

Artificial intelligence (AI) continues to dominate conversations in the insurance industry. It is being used across the board from risk modeling to claims handling and promises faster insights, more accurate pricing and improved customer experiences. 

But the truth is, no matter how advanced the model, AI is only as good as the data it’s trained on.

For insurers, the difference between an effective AI integration and one that falls short often comes down to a single factor: data quality.

Understanding the Role of Data in Insurance Industry AI Models

At its core, an AI model is a system that learns from past data to identify patterns and make more accurate predictions than traditional insurance algorithms. Over time, an AI model can simulate decision-making processes, flag anomalies, or suggest next best actions. For example, AI can help evaluate the likelihood of a claim going into litigation or estimate the cost of a payout.

Insurance organizations generate and manage large volumes of data. This includes structured data like policy details, claims histories, and property characteristics, as well as unstructured data such as adjuster notes, medical notes, and accident and property images. 

This same data serves as the foundation for training AI models. But for these models to work as intended, they need to be trained on high-quality datasets. 

The Risks of Incomplete or Inaccurate Data

If the data used to train an AI model is missing key variables or is inconsistent across records, the resulting outputs will be flawed. This can lead to underpricing risk, inaccurate claim predictions, or compliance issues. For instance:

• Incomplete data may cause the model to miss important risk factors
• Inaccurate data may result in unreliable predictions or pricing
• Biased data can unintentionally discriminate or underperform for certain populations

Insurance is a high-stakes, highly regulated environment. Data integrity influences not only outcomes but regulatory compliance and customer confidence. Therefore, when the data used in AI models is accurate, real-time, and comprehensive, the advantages of AI become far more obtainable. 

Where Clean Data Drives the Most Value

Risk Management: AI helps insurers shift to more accurate predictive frameworks. When fueled by high-quality data, models can assess systemic or correlated risk across portfolios. This enhances catastrophe modeling and improves early warning systems.

Underwriting: Underwriters can leverage AI to rapidly analyze applicant profiles, identify hidden risk factors, and deliver more personalized pricing recommendations.

Claims: AI can improve claims management for both claimants and insurers by triaging claims more quickly, flagging inconsistencies, and even suggesting optimal resolution paths. 

Compliance and Explainability: Regulators increasingly want to know not just what decisions were made but how insurers are making them. If the data trail is messy or undocumented, insurers will struggle to demonstrate fairness or explain the rationale behind automated outcomes.

Building the Right Data Foundations for AI Insurance Models

Clean data isn’t something that just happens. It requires effort and investment—from consistent data governance practices to systems that capture and store relevant and accurate data. It also means knowing when to look beyond your own walls.

Many carriers find that supplementing in-house data with anonymized, contributory industry data can expose their AI models to a broader set of scenarios and outcomes, improving accuracy across geographies and lines of business.

What If Your Organization Doesn’t Have Enough Quality Data?

One of the biggest challenges insurers face when adopting AI is realizing that their internal data, while valuable, is often not enough on its own. It may be limited in volume, skewed to specific geographies or products, or lack the historical depth needed to train robust models. Or there may be data quality issues such as missing fields that would undermine a model’s reliability. According to a recent Deloitte AI Institute report, nearly one third of companies surveyed say that data-related challenges are among the top barriers holding back their AI efforts.

To address these data issues, many insurers are starting to explore solutions such as: 

• Participating in de-identified industry data consortiums. 

• Supplementing internal data with licensed, external datasets

• Partnering with organizations that curate and maintain high-integrity training sets

• Investing in tools and governance practices that improve data quality upstream

By leveraging these approaches, insurers can gain access to large-scale, anonymized datasets that reflect a much broader range of underwriting scenarios and claims outcomes. Broader, cleaner datasets reduce blind spots, strengthen explainability, and support better predictions across lines of business and populations. 

Looking Ahead

The power of AI in insurance lies not just in more efficient workflows, but in better predictive insight. And insight depends on quality input. 

As the industry continues its current transformation, organizations that invest in strong data foundations will be better equipped to gain the full value of AI. Accurate algorithms matter. But the real power lies in clean, relevant, quality data.

The U.K. insurance market just hit a milestone: the approval of a comprehensive captive insurance framework. This opens the doors for the U.K. to become a leading captive domicile over the next decade and creates opportunities for companies to manage their risks onshore.

Why This Matters

For decades, U.K.-based and international companies have often looked abroad to establish captives. While those jurisdictions have played an important role, the U.K. is uniquely positioned to offer an alternative that combines proximity, credibility, and deep expertise.

The U.K. brings together a combination of strengths that few markets can match:

• Proximity to Lloyd’s and the London market. No other location offers the same depth of underwriting capacity and market relationships in one place.
• A sophisticated ecosystem. The U.K. benefits from a rich pool of experienced insurance professionals, brokers and advisors who understand complex risk.
• Regulatory credibility. Companies value the U.K.’s established legal and regulatory environment, which provides stability and confidence in governance.

What Comes Next

The framework’s long-term success will depend on keeping regulation proportionate and practical. Captives are not conventional insurers, and it’s essential the approach remains streamlined, transparent and tailored to how captives operate.

We expect strong interest from U.K.-based companies that see clear advantages in locating their captives closer to their leadership teams, advisors and stakeholders. Over time, this could reshape how risk is managed and retained within the U.K. market.

This development represents more than regulatory progress. It signals a broader ambition to reinforce the U.K.’s position as a global insurance leader. The next chapter will be defined by how the market embraces this opportunity, the innovation it inspires, and the benefits it delivers to companies of all sizes.

Publicly known as Hulk Hogan, Terry Bollea was more than a wrestling icon. Although I was not an enthusiast and never have even watched a match in my time, I knew Hogan by name, as his brand was far-reaching. At 71, he was still recognizable by most. Hogan knew his collective audience well and catered to what they craved. When it comes to marketing and promoting, he will go down as one of the best. 

There are many lessons wrapped up in his lasting 50-year presence that apply to business and especially those companies building their brands and wanting to distinguish themselves. Looking beyond the flashy character and controversial persona, you can see how he carefully connected business with identity and made it stick for a long, long time. Most of all, he stood out in the wrestling entertainment space and appealed to other business revenue streams. By contrast, of all the other WWF characters, some had a recognized brand, others not so much.

Insurtech Image Among a Crowd

I think of start-up insurtechs and their efforts to stand out in a crowded field. Today’s insurtech landscape broadly consists of technology solution and service providers evolving from the early days of digital disrupters to a concentration of those wanting to collaborate and partner with insurers in nearly every facet of the insurance model. Although the disruptive spirit still thrives, new entrants and incumbent providers recognize the massive barriers to contracting with carriers, especially in attracting their attention in the first place. The lessons from Hulk Hogan, in the right dosages, can make a difference.

On the carrier side of this market reality, companies are still challenged with identifying, vetting and testing insurtechs. There are countless difficulties in distinguishing solution offerings, as many appear similar. Hogan clearly recognized this issue. Each wrestler had his own identity, but from afar, most would say “it all looks the same.” Factor in real issues, like finite resources, budgets and decision-maker availability. Also consider de-risking and all sorts of project priorities, and you have a mismatch when it comes to insurers and insurtechs trying find ways forward together.

These realities chafe start-ups trying to balance limited capital, thirst for revenues and impatience from their investors. Start-ups are left asking questions like, how do I reach the right decision maker(s)? Which insurance industry conference offers the best ROI? Should I be doing e-mail campaigns, offering webinars and publishing white papers?  Is it better to hire a business development person or work with subject-matter-experts? 

Hogan demonstrated what his “Hulkamania” followers wanted. Yes, the hype and iconic statements about 24-inch python biceps, taking vitamins and the outrageous facial expressions of phony anger and the famous muscle pose were on the surface. Underneath were T-shirt sales, trading cards, movies and lasting Hulkamania influence on the whole industry.

Applying Lessons

Knowing the audience when it comes to insurers is crucial. It’s a relationship business environment where knowing the right people is the ultimate X-factor. Insurers not only appreciate but demand that today’s insurtechs understand the insurance business and carriers' pain points – also expressed as business opportunities to be seized. Emphasis on understanding carrier needs and a crystal-clear pitch/demo that responds with precision wins more often than not. Insurtechs bringing an exciting technology or concept without ensuring it matches a carrier’s priorities are often doomed to hear the words, “we’ll get back to you.” It’s the flash without the connection to a priority. 

Not to worry, the Hulkster had a long list of failures, showing it’s never too late to adjust and recover.

Insurance Industry

There’s no question that insurance and technology are not the entertainment business. Insurance is much more serious and conservative, as you might expect and actually appreciate about such an important financial industry. However, there are lessons from Hogan's experience in entertainment:

• Flashy, loud and colorful without substance is just that.

• Knowing the industry and finding ways to shape and influence it are key.

• So is understanding the individual carrier/business unit needs and addressing them.

• Relationships matter a lot. Don’t go it alone.

• Patience is required -- recognize that the sales cycle is generally 12-18 months.

For our carrier friends, keep scouting and taking visits from insurtechs. Be open about sharing pain points and priorities and give candid, constructive feedback while understanding the mismatch. Recognize that start-ups can be challenged by extensive procurement procedures that large incumbents can better overcome.

We often say that the insurtech era has been the most exciting and beneficial development within the long history of insurance. Insurance insiders admit they wish today’s innovative mindset and available technology were around when they started their careers. 

Think of the ecosystem as an externally funded virtual R&D lab for all to discover and participate in. The AI craze is another welcome and daunting addition where all stakeholders -- insurers, customers, solution providers and investors -- can win. It will take all sides to get it right. This is not a pure buy-or-build situation.

In the end, a little Insurtechmania may be what keeps this all going.

R.I.P., Terry Bollea.

The P&C insurance industry has long faced pressure to improve efficiency and reduce costs, all while navigating complex regulatory requirements and rising risks. Today, artificial intelligence (AI) is finally maturing into a tool that can help insurers meet those demands head-on. When paired with smart automation, AI is not only streamlining manual workflows but also enhancing decision-making and helping insurers accelerate and scale operations with confidence.

While much has been said about AI's promise, many insurers are still grappling with how to turn that promise into measurable results. In our work with insurers across North America and Europe, we've found that the key lies in combining AI with practical automation initiatives—and doing so with a flexible, modular approach.

AI adoption and automation remain a work in progress for many insurers. According to a recent survey on AI in insurance by Sollers Consulting, 21% of insurers are using AI to support underwriters, while another 17% are actively implementing AI for this purpose, and 31% more are planning such an initiative. Additionally, 15% of insurers are already using AI to automatically extract and analyze data for underwriters. However, only 8% have AI-driven automation in place to prepare insurance offers for underwriter verification, with 23% still evaluating such automation. These figures underscore both the opportunities and challenges insurers face in scaling AI adoption.

AI and Automation Working as One

Think of automation as the engine and AI as the GPS. Automation reduces friction by eliminating repetitive tasks, while AI adds intelligence, learning, and adaptability. When integrated, the two can transform everything from underwriting and claims to customer service and pricing.

Where automation alone might expedite a task, AI can refine it—learning from outcomes, identifying anomalies, and making predictive recommendations that add strategic value. This symbiosis is especially valuable in P&C insurance, where decisions are complex and data is abundant but often underused.

In underwriting, modular deployment of AI-enabled underwriting workbenches is streamlining submission intake, data gathering, and risk assessment—giving underwriters a unified view of risk without disrupting core systems.

Because underwriting processes often struggle with fragmented data and legacy system constraints, AI initiatives here focus heavily on data ingestion, standardization, and decision support, while AI in claims focuses more on triage, fraud detection, and automation.

Key Processes to Target for AI Automation

While every insurer's roadmap is unique, our experience suggests there are seven high-impact areas where AI-enabled automation is delivering immediate returns.

1. Claims Processing Automation: AI significantly speeds up the First Notice of Loss (FNOL) process by analyzing text, photos, and videos submitted by policyholders. It can extract relevant details, assess severity, and initiate workflows—all in real time. This not only accelerates settlements but also improves policyholder satisfaction.

2. Fraud Detection: Traditional rule-based fraud detection often falls short of identifying new or subtle threats. Machine learning models continuously adapt to evolving fraud patterns, flagging anomalies in claims documentation, invoices, and even claimant behavior. These systems reduce false positives and allow fraud teams to focus on high-risk cases.

3. Underwriting Efficiency: AI empowers underwriters by synthesizing large datasets, from historical claims to third-party data, into actionable risk insights. By pre-analyzing submissions, AI reduces the time spent on each file and improves risk selection. It also supports faster onboarding of less-experienced underwriters through decision support.

4. Risk Scoring and Modeling: AI enhances the precision of risk models by factoring in dynamic data such as weather, building materials, location, and behavior. These continuously learning models support both underwriting and pricing, making it easier to tailor coverage and reduce exposure.

5. Pricing Optimization: Predictive analytics enable insurers to fine-tune pricing based on a deeper understanding of risk, market conditions, and customer behavior. AI-driven models can simulate scenarios and identify price sensitivities, allowing insurers to balance competitiveness with profitability.

6. Policy Administration Automation: From issuing policies to handling endorsements and renewals, AI streamlines core administrative tasks. Robotic Process Automation (RPA) tools, combined with AI-based decisioning, can validate inputs, detect errors, and execute changes, reducing back-office burden and turnaround time.

7. Document Handling and Extraction: AI-powered natural language processing (NLP) can parse complex documents, such as medical reports or police statements, extracting structured data from unstructured content. This accelerates workflows in both underwriting and claims and minimizes human error.

Strategic Implementation Without Disruption

One of the most common misconceptions about AI is that its deployment requires a complete overhaul of existing systems. In reality, many AI use cases can be implemented modularly, with minimal disruption. For example, insurers can start by embedding document analysis tools into claims or underwriting systems, or launching a chatbot to handle common customer queries.

These "low-hanging fruit" projects offer a fast return on investment and build internal confidence in AI's value. Once successful, they can be scaled or integrated with more advanced systems over time.

In underwriting, early AI wins often come from automating submission intake or augmenting risk assessments, building momentum for broader transformation over time.

To ensure AI tools function as intended, insurers must also invest in the fundamentals:

Data Management: Clean, consistent, and governed data is essential for training and operating AI models. A unified data strategy can unlock insights across the organization.

Flexible IT Architecture: Insurers should prepare for integration by building modular architectures that can support APIs, data pipelines, and AI engines without management strategy that ensures a smoother transition and better adoption across teams.

Business Process Optimization: AI works best when it enhances already-sound processes. A workflow review can identify the best points for automation.

Evolution, Not Revolution

Technology alone can't transform an organization. To realize AI's full potential, insurers must engage, empower, and evolve their teams. This means offering training, clarifying roles, and positioning AI as a partner—not a replacement—for skilled professionals.

AI-driven automation isn't a single event—it's a continuing journey. The most successful insurers are those that take a phased approach: starting small, proving value, and then scaling solutions that work. With the right mindset and execution, AI can transform core operations, improve agility, and unlock long-term value.

With July marking peak cyber insurance renewal season, thousands of organizations are receiving updated policies that require immediate attention—not just for coverage review but for secure storage. 

This timing is critical: Over the past six months alone, we've witnessed multiple incidents where threat actors obtained copies of cyber insurance policies from client networks and weaponized that information during ransom negotiations. These attackers used coverage details to calibrate their demands, turning the very documents meant to protect organizations into tactical advantages for cybercriminals. 

Your cyber insurance policy is designed to protect your business when attackers strike, but what happens when the policy itself becomes the target?

Enterprise-grade protection for critical documents

Fortunately, this is a solvable problem. Securing your cyber insurance policy requires the same rigor you'd apply to protecting customer data or financial records. 

First, start with the basics. Organizations should limit the number of copies of the policy that exist, because the more copies available, the more likely one is to get into the wrong hands. Then, tightly restrict who has access to the policy – really only someone on your risk team or your finance team needs to know how to locate it. And make sure they know that if they do need to share it with someone, it should only be shared via encrypted email or secure file transfer.

Consider these additional methods to protect your policy:

1. Store the documents in a purpose-built digital vault

Consider enterprise digital vault platforms specifically designed for sensitive document management.

These specialized solutions provide institutional-grade security with advanced encryption protocols that go beyond what standard cloud storage offers. Secure sharing workflows eliminate risky email attachments by providing controlled, authenticated access to documents without exposing them to email security vulnerabilities.

Built-in compliance tools for retention policies and regulatory requirements help ensure you meet legal obligations for document storage and disposal. Granular permission controls including view-only access and watermarking give you fine-tuned control over how documents can be used and shared.

Integration capabilities with existing business processes ensure that enhanced security doesn't disrupt your operational workflows.

2. Store the data in an encrypted state

Move beyond basic cloud storage to solutions that offer end-to-end encryption where even the provider cannot access your data.

The foundation starts with AES-256 encryption for data at rest and TLS for data in transit, ensuring your documents remain protected both while stored and during transfer. Equally important are customer-managed encryption keys stored separately from the data, giving you complete control over who can decrypt your files.

Look for services that offer zero-knowledge architecture, ensuring provider staff cannot view your files even if they wanted to. Finally, verify compliance certifications like ISO 27001, SOC 2, and GDPR readiness to ensure your chosen platform meets enterprise security standards.

Pro tip: Avoid consumer-grade cloud services for business documents. The convenience isn't worth the security trade-offs.

3. Control who can access the stored data

Implement robust access management that goes beyond simple passwords.

Start with role-based access control (RBAC) limiting document access to essential personnel only, ensuring that each user can only access documents relevant to their role and responsibilities. Multi-factor authentication (MFA) for all accounts with document access provides a crucial second layer of defense, significantly reducing the risk of compromised credentials leading to unauthorized access.

Single sign-on (SSO) integration for centralized identity management streamlines administration while maintaining security standards across your organization. Comprehensive audit trails tracking all access attempts and activities provide visibility into who accessed what and when, enabling rapid detection of suspicious behavior.

Finally, regular access reviews to remove orphaned accounts and unnecessary permissions ensure that former employees or users who no longer need access can't inadvertently create security gaps.

Regulatory alignment and compliance

Your document security strategy should also align with established frameworks:

For U.S. Organizations:

• Follow NIST Cybersecurity Framework guidelines for data protection
• Implement controls consistent with sector-specific regulations (HIPAA, GLBA, etc.)
• Consider NIST SP 800-171 Rev. 3 requirements if handling sensitive government data

For European Operations:

• Ensure GDPR compliance for any personal data in policy documents
• Implement "appropriate technical and organizational measures," including encryption
• Establish data retention policies and secure deletion procedures
• Verify that cloud providers offer GDPR-compliant Data Processing Agreements

Your insurance documents deserve insurance-grade security

Cyber insurance exists to protect your business when security controls fail. Shouldn't the policy itself be protected with the same rigor you apply to your most valuable digital assets?

By treating your cyber insurance documents as the high-value targets they truly are, you eliminate a potential attack vector while ensuring these critical protections remain available when you need them most. In an era where every document can become a weapon in the wrong hands, securing your insurance policies isn't just good practice—it's essential risk management.

Cybercriminals already understand the value of your insurance documents. The question is: do you?

Meet Richard Macias. He is 65 years old, born on Dec. 18, 1959. He lives at 2721 Prospect St. in Marlton, N.J.

Richard is 5-foot-7 and weighs 237 pounds. He works as a radar controller, and his mother's maiden name is Walters. Richard has an email address (richardtmacias@jourrapide.com), a phone number (856-596-####), and a Social Security number (136-18-####). He pays for most of his purchases with his Visa card (4532-3836-4287-####, expiring on 4/2028, with a security code of 056).

Richard is also completely made up. 

It took less than a minute to create Richard Macias on a site that will deliver a spreadsheet of thousands of synthetic identities with detailed personal information directly to your inbox – for free. The website's FAQ asserts: "We do not condone, support, or encourage illegal activity of any kind." Information is pulled from available public databases in random combinations. Using the street address as an example, this randomness means, "Odds are that the generated street address is not valid," according to the FAQ.

A different free artificial intelligence (AI) program provided a photo of Richard outside New Jersey's famous theme park, Six Flags Great Adventure. That took less than five minutes.

When he looked a little lonely, that same AI added a troupe of grandkids.

Richard's creators used their knowledge of the dark web and other nefarious corners of the internet to find illicit services that, for a small fee, could produce convincing fake documents such as driver's licenses, passports, bank statements, and medical records.

That effort to bring Richard to some form of life stopped short of committing actual fraud. But many don't stop.

The scale of the problem

The life insurance industry loses an estimated $74.7 billion to fraud each year. The fastest growing form of this fraud involves synthetic identities – fictitious personas like Richard Macias built from a mix of real and fabricated information. 

The cost of synthetic identity fraud in the financial industry has grown from approximately $8 billion in 2020 to more than $30 billion today, a nearly 300% increase in just five years. The Federal Reserve estimates that synthetic identity fraud now accounts for 80%-85% of all identity fraud cases. 

Life insurance fraud is a particular target for ne'er-do-wells using synthetic identities. Fraudsters have been known to secure life insurance policies on these fake identities and then "kill them off" to collect benefits. Children younger than 15 years old and elderly populations are particularly vulnerable, as their Social Security numbers are either unused for years or not actively monitored.

Connections to organized crime

These schemes are occasionally mentioned as being part of organized crime efforts. While specific statistics on fraudulent death claims tied to organized crime are limited, life insurance fraud represents a massive cost center, with experts warning AI will make it easier and faster to create realistic fake identities – and harder for insurance companies to detect them. 

For example, a recent case in India exposed a multi-state syndicate labeled an "insurance mafia" that created fraudulent life insurance policies for terminally ill or deceased individuals. This group used fake identities and forged documents to siphon the equivalent of $64 million or more from major insurers. 

The challenge with synthetic identity fraud in life insurance is that it can appear to be a victimless crime. Richard Macias and the thousands of synthetic identities that apply for insurance products via the web are not real people, so it can appear that no human being would be harmed in fraudulently creating their profiles – at least initially. This makes these particular schemes incredibly attractive to organized crime groups, which prefer to stay under the radar while raking in millions of dollars in ill-gotten gains.

Of course, these schemes are not victimless. Recouping losses from fraudulent claims drives up premiums for everyone, costing the average family $400-$700 a year in additional premiums, the FBI estimates. 

AI could make this easier and more costly. But it is also making it easier for insurers to fight back.

Building an AI defense system

SEE GRAPHIC ANIMATION HERE.

The same technological advances bad actors are weaponizing to commit fraud, insurance companies can turn into a highly advanced fraud-detection shield. 

Insurers are using new technology, including AI, to fight fraud in numerous innovative and powerful ways. For example:

• Omnichannel verification – Vetting individuals across multiple channels (digital, phone, in-person) to confirm their authenticity.
• Machine learning – Analyzing patterns in claims and application data to detect anomalies indicative of synthetic identities or coordinated fraud schemes.
• Biometric authentication – Using facial recognition, voice analysis, and fingerprint scanning to verify the identity of policyholders and claimants.
• Cross-industry data sharing – Collaborating with other insurers, banks, and law enforcement to identify and track synthetic identities and organized crime activity.
• Continuous monitoring – Real-time, 24-hour monitoring of transactions and claims for suspicious activity, enabling faster detection and response.

But less than one-third of respondents in the 2024 U.S. Life Insurance Fraud Survey, conducted by RGA and MIB, indicated they are using algorithms or analytics tools to flag questionable underwriting applications. 

More than 70% of insurers said they are interested in using data analytics or technology-based tools to detect fraudulent applications, but only 5% of carriers currently use AI as part of the fight, and only 24% are actively exploring AI solutions.

Looked at in full, insurers are potentially falling behind in the AI arms race and ceding too much of the battlefield to those who would use AI for harm.

Conclusion: Eliminating Richard Macias

Proving Richard Macias to be fake is not difficult. A search of Google Maps reveals there is no Prospect Street in Marlton, N.J.; calling his phone number leads to the rapid busy signal of an out-of-service line; trying to buy groceries with his Visa card will leave bare cupboards.

That said, it is increasingly easy to create fake people with addresses, phone numbers, and credit cards that can pass for the real thing and be tapped to commit costly fraud that hurts insurance companies' reputations – and their customers' wallets.

The key for insurers is to use the very tools that criminals weaponize to augment the fraud-detection skills of their employees and create a potent one-two counterpunch against illegal activity. One smart path forward is for insurers to partner with experts in technology-driven anti-fraud solutions to rapidly scale their fraud-fighting arsenal to meet the growing challenge.

You can register for the 13th Annual RGA Fraud Conference here: https://events.bizzabo.com/715418

For many, especially those from a previous generation, cyber insurance feels like a kind of solace: a safety net to catch all the threats tied to technologies they don't fully understand. 

This often leads them to treat the insurance contract as a formality, signing without scrutiny, effectively writing insurers a blank check. The hope is that coverage will be a cure-all and push the specter of cyber intrusions, malware infections and ransomware out of mind.

It's hard to blame them. Cybercrime is rising each year, and cyber defenses are struggling to keep up. It's not just that attacks are growing in volume and creativity. The surface area for intrusion is expanding exponentially. Much of that is because companies today rely on a dense web of third-party vendors, each one a potential threat vector. And with new data privacy legislation, the financial penalties for being hacked can be crippling and the reputational damage long-lasting. So, when an insurer says, "We'll cover it," it's easy to be lulled into a sense of security even though the coverage has limitations. 

Yet if executives brought in their CISOs, legal teams, or outside cybersecurity advisors to comb through and translate the fine print, they'd be surprised by the number of exclusions they'd still be liable for, had they signed blindly.

Even phrases that seem straightforward, such as "immutable backup," can hide unexpected exclusions. A monthly backup may not suffice, and if a company doesn't know the required frequency or scope, they may find themselves unable to recoup losses when an attack hits.

The goal of translating these contracts isn't to strong-arm insurers or discredit the policies; rather, it's to become a better insured. That relationship is symbiotic. Insurers aren't out to trick you, but their business depends on pricing risk accurately. They benefit when you understand the exclusions and work to close the gaps. A safer client is a better client.

Not at War, But Still Not Covered?

If an executive asks the CISO to sit down and walk through the exclusions one by one, they might pause at the wartime exemption and laugh it off. Fair enough, they think. If we're ever at war, we'll take our chances. After all, the cyber policy only makes up, at most, 20% of the company's broader insurance stack. There are other priorities to manage.

But even an easily dismissed clause like the wartime exemption can come into play. The definitions of "war" and "terrorism" are more fluid than most assume. Ukraine is at war with Russia; the U.S., while supplying arms, is not. If a Russian state-backed actor hacks a U.S. company, does that count as wartime activity? This question has been debated across the cybersecurity and legal communities, and the answer may depend more on contract language than common sense.

The Most Overlooked Exclusion in Cyber Insurance

If legal teams, CISOs, and back-end engineers are going to tunnel into one exclusion, fully translate it, parse it, and map its implications, it should be the vendor clause. This is where the most hidden risk lies. When third-party providers go down, insurers often won't cover the fallout. Understanding where that exposure lives, and how to plug the gaps, pays the biggest dividends.

As noted, most organizations rely on a web of third-party vendors. Some of these vendors aren't pre-approved by the insurer. If one of them is responsible for a breach or outage, coverage may be denied. Often, these are the very vendors that matter most: the ones deeply embedded in your infrastructure, the ones who know your systems inside and out. Faced with that reality, executives may simply shrug and say, We've made our bed, we have to sleep in it.

What might surprise executives is that even vendors on the insurer's pre-approved list aren't always covered. So once the policy is signed and operations shift to approved providers, any miscommunication, friction between vendors, or threat that swims upstream can still leave the company fully liable.

What should you do? First, understand concretely which vendors are excluded from coverage. Once that's acknowledged, it becomes your responsibility to ensure full operational cohesion with those vendors.

What Getting It Right Actually Looks Like

Here's an example. A mid-sized fintech company reviews its cyber insurance contract and, after weighing its options, decides to replace its long-standing cloud service provider with one from the insurer's pre-approved list to take advantage of a steep premium reduction.

Later, as the company parses the contract more carefully, they notice a crucial detail: Even the new cloud provider, despite being pre-approved, falls under an exception if compromised. The company quickly sheds any illusion that pre-approval means blanket protection. Instead of treating the move as a box checked, they double down, working closely with the vendor to harden defenses and ensure shared accountability.

In practice, this means ensuring the cloud team has full architectural awareness of the organization's environment: how data flows, where the dependencies live, and which systems are mission-critical. The organization coordinates tightly with incident response partners and forensic vendors and ensures data storage and backup providers are fully aligned on recovery protocols, access controls, and breach escalation procedures.

The organization might even bring in third-party cybersecurity experts to conduct an unbiased assessment. The consultants quickly spot a blind spot: "Your cloud service provider has access to critical production systems, but there's no centralized visibility into their activity. If something goes wrong on their end, your internal team wouldn't see it until it's too late." The fix? Implement cross-account logging and unified SIEM integration, so cloud activity is monitored alongside on-prem systems. That way, if a threat emerges, internal and vendor teams can respond in sync.

Next, the organization runs tabletop exercises, simulating cyber threats and rehearsing how to neutralize them. The result isn't just faster incident response; it also greases the wheels of day-to-day operations and reduces finger-pointing when something does go wrong. The insurer takes note, aided by the third-party cybersecurity firm serving as a credible intermediary. That expert vouches for their proactive posture, and it pays off: Premiums go down.

Months later, a malware-laced file slips through a compromised vendor's integration and lands in the organization's cloud environment. But the alert fires instantly, thanks to shared SIEM visibility. The cloud provider isolates the infected workload within seconds, while the company's internal team coordinates with their incident response vendor to confirm containment. The breach is neutralized, the response is airtight, and the premium doesn't budge.

Pre-Existing Threats, Intentional Acts, and the New AI Grey Zone

Some threats are already embedded in the system, quiet, patient, waiting. That's why prior acts or retroactive exclusions exist. If an attacker slipped into your network months before coverage began and the breach only surfaces after the policy is active, you might be out of luck. It's the cybersecurity equivalent of a pre-existing condition in health insurance. Therefore, many companies now engage third-party cybersecurity firms to conduct compromise assessments, validating that no threat actors remain. It's not just about peace of mind. That level of diligence often translates to more favorable premiums.

Other exclusions hinge on intent. Insider threats, like a disgruntled CISO leaking credentials or sabotaging systems, are often carved out. Think of it as the digital version of setting your own car on fire and expecting a payout. Insurers want to know that the threat came from the outside, and that you did everything you could to prevent it.

Some exclusions are more mundane but still matter. Lost or stolen devices, for example, are often excluded, though the rise of remote wipe capabilities has made this less of a pressing concern. Still, if your company laptop disappears with sensitive files on it, don't assume your policy will cover the fallout unless the language says so.

And then there's the frontier: AI-related data leaks. These aren't widely excluded, yet. But as tools like ChatGPT and other LLMs become part of daily workflows, insurers are eyeing them closely. If an employee drops sensitive information into a public model, that data may end up in places you can't control, and the insurer may argue you willingly exposed it. AI data lakes are notoriously hard to secure. Expect more policies to start carving out this risk within the next 12 to 18 months.

The CISO's Role: Translator, Not Bystander

CISOs are still too often sidelined in cyber insurance discussions, treated as technical advisors rather than core stakeholders. But completing a cyber insurance application requires fluency in both business operations and technical architecture, and the CISO should serve as the bridge between the two. That role becomes even more critical in a post-SolarWinds world, where executive liability has come sharply into focus. Misstatements about risk posture can resurface in court, not just at renewal. And while the CISO may not be the one negotiating premiums, they're often the one who pays the price when the fine print goes unread.

The Blurring Line Between Defense and Coverage

Some cybersecurity firms are beginning to offer more than just assessments and remediation, they're offering guarantees. The idea is simple: "Implement all 12 recommended controls, let us manage them, and we'll backstop you against a breach." In some cases, it's a straight guarantee. In others, the firm operates a captive insurance model, using its own capital to cover potential losses.

These models are gaining traction, particularly among smaller businesses that may not qualify for traditional cyber insurance. In the background, the shift is being enabled by managing general agents (MGAs), which are contracted firms that can underwrite policies on behalf of established insurers. The shift blurs the line between consultant and carrier. It's a fast-evolving space, but the message is clear: Cybersecurity and coverage are converging, and the firms managing your risk may soon be the ones pricing it, too.

Think Like a Private Equity Firm 

The most effective way to approach cyber insurance is to think like a private equity firm evaluating an acquisition target. Would I acquire my own company? It would need to be lean, every layer justified, with clean systems and low risk.

Becoming a better insured starts with hygiene. Run security assessments. Document your controls. Work with outside experts when needed. A third-party validation of your security program doesn't just look good on paper, it lowers perceived risk and often premiums alongside it.

Too many companies also spend too much in the wrong places. Redundancy in tools -- three threat intel feeds doing the same job, for instance -- won't help you in a breach and won't win points with insurers. Rationalize your stack. Eliminate overlap. Show that your budget is disciplined and purposeful.

And while it's rare to hear this from anyone in the security world: Yes, you can be overinsured. A 50-person firm with a six-month business interruption clause and coverage against nation-state threats probably isn't optimizing its spending. Know your risk tolerance, and match coverage to real exposure, not paranoia.

Finally, don't get lost chasing every headline. The goal isn't to defend against theoretical quantum attacks. It's to reduce the number of ways someone can get in today. Threat intelligence matters. But securing your entry points, and knowing which ones insurers care about, matters more.