Has your IT come out of the proverbial and actual basement to be an integral part of your business strategy? Too often, business leaders assign IT a task and expect an initiative to be delivered. End of story. The truth is, business owners must engage and own the outcomes of their IT investments, driving them to a strategic value that can be measured.
What is IT strategy? Think about any infrastructure initiative (building highways, public transportation or urban development). Without the requisite strategic investment of time, funding and planning, these initiatives face delays, cost overruns, diversion from desired strategy and failure. True partnerships between IT and business operations insure that the best thinking of both can be applied to a given situation to produce strategic results.
IT should be viewed as a business strategy. Today, not a single discussion in the workers’ compensation industry relating to claims management or medical management does not include IT. As workers’ comp focuses on outcomes (both cost and quality), it is the only new strategy around. Moreover, it is the most effective and efficient strategy to achieve business goals. The following six elements are necessary to generate business value by leveraging the IT strategy.
1. Define the project—Describing how new technology or a new data application will function is only the first step in integrating IT into the business strategy. However, defining the project can be tricky. Remember, IT professionals talk a different language and appreciate different measures of success than those involved in operations. Business owners cannot assume their IT requests are understood as they were intended. Even slight misinterpretations of requests can result in frustration, cost overrides and a useless tool.
I recall one time, early in my career, when I submitted specifications for a development project. I used the word “revolutionary” to describe the powerful impact it would have on the business. However, the IT person, who was younger and male, interpreted “revolutionary” in an aggressive, military sense, which was not even close to what I had in mind. Always verify that you have an understanding and clarify of all elements of the IT project.
2. Design for simplicity—If the IT project outcome is complicated or requires too many steps, people will not use it.
3. Define the expected business value—As a part of defining the IT project, define its expected business value. Both the business unit involved and the IT team need to align their expected outcomes. Not unlike evaluating ROI (return on investment), identify the financial investment and rewards of the IT project. Make sure to also describe the anticipated collateral outcomes of the IT project, such as PR, business growth or client involvement. Figure out how to measure the expected business outcomes when the project is complete.
Design the project outcome value measures at the beginning. Too often, business leaders do not articulate their expectations of value and, therefore, can never prove them. If you do not know where you are going, you could end up somewhere else.
4. Commit resources—Funding and other resources such as personnel should be allocated at the beginning; short-shrifting resources will guarantee less-than-satisfactory results. Know from the beginning how the IT project will be implemented and who will do and be responsible for the work. Establish accountabilities and create procedures for follow-up.
5. Monitor progress—Continuously monitor and manage the project, even throughout the IT development process. Discovering deviations from the plan early on minimizes damage and rework. Obviously, rework means cost and delay.
6. Measure value—Once the project is accepted and implemented, begin continuous outcome evaluation. Execute the value measures outlined at the beginning. Make the necessary adjustments and keep your eye on the business value.
Not everyone can be an IT expert, but everyone can become an expert in how IT advances the strategies of their domain.
As the saying goes, there are two kinds of motorcyclists: Those who have fallen off their bikes and those who will.
The insurance industry assesses the corporate world’s cybersecurity risk much the same way. Everyone is equally at risk, and, therefore, everyone pays the price for higher insurance premiums.
Not a day seems to go by without news of a high-profile security breach. It’s no surprise, then, that the cybersecurity insurance market is expected to rise to $7.5 billion by 2020, according to PwC. Even worse, the industry does not have effective actuarial models for corporate cybersecurity, say Mike Baukes and Alan Sharp-Paul, the co-founders and co-CEOs of UpGuard.
The two audacious Australians have developed what they say is a better way to assess the risk for cybersecurity breaches.
Alan Sharp-Paul (L) and Mike Baukes (R), Co-Founders and CO-CEOs, UpGuard
The pair’s company recently unveiled its Cybersecurity Threat Assessment Rating (CSTAR), the industry’s first cybersecurity preparedness score for businesses. UpGuard’s CSTAR ranking is a FICO-like score that allows businesses to measurably understand the risk of data breaches and unplanned outages because of misconfigurations and software vulnerabilities, while also offering insurance carriers a new standard by which to more effectively assess risk and compliance profiles.
According to Baukes and Sharp-Paul, many companies forego available policies due to perceived high cost and uncertainty that their organizations will suffer an attack. With countless patches and endpoint fixes slapped onto IT infrastructure to hastily remediate breaches, companies have found themselves with less visibility into their core systems than ever before and, as a result, no way to understand how at-risk they are for hacks. With CSTAR, businesses are able to regain transparency into their own stack and take the appropriate steps to bolster their cybersecurity. Insurance carriers, meanwhile, can make smarter underwriting decisions while accelerating the availability of comprehensive and cost-effective cybersecurity insurance policies for businesses. It’s a win-win for both the insurance industry and for businesses.
After spending years in financial services in Australia and the U.K. and witnessing the disarray of corporate IT, Up-Guard’s two co-founders decided they could make a difference by developing a better way for corporations to understand their software portfolios and their associated potential risk for security breaches. Baukes says, “Our experience showed that that there were thousands of applications and thousands of machines powering all of this critical infrastructure. And the thing that we learned throughout all this was just how hard it is for an IT organization to understand and get a handle on what they’ve got.”
“Today, everything is out in the cloud,” Sharp-Paul says. “We’re all more connected. Employees are connected 24 hours a day, seven days a week. Now what keeps CIOs and CEOs up at night is, ‘If we get breached, I could get thrown in jail. I could get sued.’ It’s a very, very different world we live in today. We built a system to help companies understand and prevent downtime, and helping them save on project costs is just as relevant today from a security perspective.”
The two initially started a consulting company to help companies catalogue and manage their software platforms and applications. According to Sharp-Paul, “We realized the biggest problem companies have from an IT perspective is that they don’t really have appropriate visibility into what they’ve got and how it’s changing because so many things are changing daily in these environments that it’s really hard for them to know what ‘good’ looks like.”
Sharp-Paul and Baukes’s consulting led them to develop software to automate the process, providing the means to quickly and effectively crawl every server and software application to present a profile of what needed to be updated or patched and to identify the system holes that allowed for security breaches.
As Baukes tells it, “Getting that all to mix well and be safe, secure and capable of pinpointing where problems go wrong really quickly is an incredibly difficult task. So, we built up the first commercial version of the product—a very rudimentary version—and we shopped it around, and people were very excited at the time.”
From there, the pair realized their software had commercial potential and implications more far-reaching than what they had first thought. “We started with that very simple version with a few sales and no sales force—just Alan and [me] at the time—growing to the point now where we now have 3,000-plus customers, and the team is steadily being built,” Baukes says.
Now, the company has nearly 50 employees and is growing fast. The Mountain View, CA–based company attracted early seed funding from the likes of Peter Thiel, Dave McClure and Scott Petry, leading to a near $9 million Series A funding underwritten by August Capital.
The co-CEOs admit the co-managing arrangement is unconventional and would be challenging to make work under different circumstances. However, Baukes and Sharp-Paul feel their skills and temperament complement each other.
“To be honest, when people ask us about it, my first response is always that it’s a terrible idea,” Sharp-Paul says. “And that’s not because it’s been a horrible experience for us. It’s because I kind of think we’re really the exception. And the only reason I say that is that I know the unique things we went through and the type of people we are that makes this work. I can’t imagine that being a common thing at all.”
Baukes is generally a more aggressive and strategic thinker, while Sharp-Paul describes himself as more pragmatic and conservative.
Sharp-Paul and Baukes first worked together at the Colonial First State Investment firm back in Sydney, where the two lived the DevOps experience before DevOps became the buzzy concept that it is today. There, Sharp-Paul was a web developer, and Baukes was a systems administrator, and they talked a lot about things like continuous integration and continuous delivery.
“Now these are all fantastic things,” Sharp-Paul says. “But you need a foundation or a basis of understanding what you have. I mean, we like to say you can’t automate what you don’t understand. Or you can’t secure or fix what you don’t understand. And that’s always missing. Everyone’s trying to rush to this goal of DevOps or moving to the cloud. Everyone wanted to be there, but companies and vendors in particular weren’t helping businesses on the journey there.”
Baukes says, “Once you have that base understanding of what you have, then that opens everything else up. You can think about DevOps. You can think about automation. At the time, we were thinking, ‘Why hasn’t anyone thought to do this before?’ It seemed like such a foundational, basic thing. It was almost like it was so foundational that everyone just moved past it, and they were looking at the next shiny thing down the road. I think that was the white space. That was our opportunity. We jumped on it.”
As it turns out, in the world of corporate IT, applications never get retired. Even worse, the people who manage them move on because the life cycle of an employee at a company is short. As as result, the institutional knowledge about these applications is lost.
“Corporate memory is so short typically,” Sharp-Paul says. “They often get to this point five years down the track where they rediscover this server or this application, and everyone’s too scared to touch it because they don’t know what it does. They don’t know how it works. The people with the knowledge just left with it all in their heads. We come across that all the time.”
Sharp-Paul and Baukes had always seemed destined to do something on their own.
“I always had a healthy disrespect for authority. Throughout my corporate life, I was looking outside to see what else is [WAS?] out there,” Sharp-Paul says. “I actually started the first step of creating a business on my own—with something as mundane as a French language website that I used when I moved overseas for a couple of years. … It taught me that I can actually build something myself that makes money.”
“The big difference is that I grew up in an immigrant family in the middle of nowhere, effectively. I won’t say the Australian Outback, but really rural,” he says. “We built everything ourselves. My father was a great wheeler and dealer. So, I learned a lot of from him. I fell into all of this by playing computer games and was really good at it, frankly. For me, that was a springboard into an accidental corporate life. I always knew that I would do something else.”
Now, for the future?
Baukes says, “It makes good business sense to quantify the risk in your company’s IT systems and report it effectively. And I think that for us, we could continue growing our business with that in mind—giving people visibility, helping them get to the truth of what they’ve got, teaching them how to configure it, and showing them if they’re vulnerable. That is beginning to accelerate for us, and we’re incredibly proud of that.
“We truly believe that, over time, CSTAR will be adopted as an industry standard that companies and carriers alike can rely on to make critical coverage and cybersecurity decisions.”
Most people who purchase an insurance policy are faced with the daunting task of filling out an extensive application. The insurance company – either directly or through an intermediary – asks a myriad of questions about the “risk” for which insurance is being sought. The data requested includes information about the entity seeking to purchase insurance, the nature of the risk, prior loss experience and the amount of coverage requested. Insurers may supplement that information with a limited amount of external data such as motor vehicle records and credit scores. The majority of information used to inform the valuation process, however, has been provided by the applicant. This approach is much like turning off your satellite and data-driven GPS navigation system to ask a local for directions.
According to the EMC Digital Universe with research and analysis by IDC in 2014, the digital universe is “doubling in size every two years, and by 2020 the digital universe – the data we create and copy annually – will reach 44 zettabytes.” That explosion in the information ecosystem expands the data potentially available to insurers and the value they can provide to their clients. But it requires new analytical tools and approaches to unlock the value. The resulting benefits can be grouped generally into two categories:
Providing Risk Insights: Mining a wider variety of data sources yields valuable risk insights more quickly
Improving Customer Experience: Improving the origination policy service and claims processes through technology enhances client satisfaction
For each of these areas, I’ll highlight a vision for a better client value proposition, identify some of the foundational work that is used to deliver that value and flesh out some of the tools needed to realize this potential.
Risk Insights Insurance professionals have expertise that gives them insight into the core drivers of risk. From there, they have the opportunity to identify existing data that will help them understand the evolving risk landscape or identify data that could be captured with today’s technology. One can see the potential value of coupling an insurer’s own data with that from various currently available sources:
Research findings from universities are almost universally available digitally, and these can provide deep insights into risk.
Publicly available data on marine vessel position can be used to provide valuable insights to shippers regarding potentially hazardous routes and ports, from both a hull and cargo perspective.
Satellite imagery can be used to assess everything from damage after a storm to proximity of other structures to the ground water levels, providing a wealth of insights into risk.
The list of potential sources is impressive, limited in some sense only by our imagination.
When using the broad digital landscape to understand risk — say, exposure to a potentially harmful chemical — we know that two important aspects to consider are scientific evidence and the legal landscape. Historically, insurers would have relied on expert judgment to assess these risks, but in a world where court proceedings and academic literature are both digitized, we can do better, using analytical approaches that move beyond those generally employed.
Praedicat is a company doing pioneering work in this field that is deriving deep insights by systematically and electronically evaluating evidence from various sources. According to the CEO Dr. Robert Reville, “Our success did not come solely from our ability to mine data bases and create meta data, which many companies today can do. While that work was complex, given the myriad of text-based data sources, others could have done that work. What we do that is unique is overlay an underlying model of the evolution of science, the legal process and the dynamics of litigation that we created from the domain expertise of our experts to provide context that allows us to create useful information from that data built to convert the metadata into quantitative risk metrics ready to guide decisions.”
The key point is that if the insurance industry wants to generate insights of value to clients, identifying or creating valuable data sources is necessary, but making sense of it all requires a mental model to provide relevance to the data. The work of Praedicat, and others like it, should not stop on the underwriter’s desktop. One underexploited value of the insurance industry is to provide insights into risk that gives clients the ability to fundamentally change their own destiny. Accordingly, advances in analytics enable a deeper value proposition for those insurers willing to take the leap.
Customer Experience Requiring clients to provide copious amounts of application data in this information age is unnecessary and burdensome. I contrast the experience of many insurance purchasers with my own experience as a credit card customer. I, like thousands of other consumers, routinely receive “preapproved” offers in the mail from credit card companies soliciting my business. However appealing it may be to interpret this phenomenon as a benevolent gesture of trust, I know I have found myself on the receiving end of a lending process whereby banks efficiently employ available data ecosystems to gather insights that allow the assessment of risk without ever needing to ask me a single question before extending an offer. I contrast this with my experience as an insurance purchaser, where I fill out lengthy applications, providing information that could be gained from readily available government data, satellite imagery or a litany of other sources.
Imagine a time when much of the insurance buying process is inverted, beginning with an offer for coverage, rather than a lengthy application and quote request. In that future, an insurer provides both an assessment of the risks faced, mitigations that could be undertaken (and the savings associated), along with the price it would charge.
While no doubt more client-friendly, is such a structure possible? As Louis Bode, former senior enterprise architect and solution architect manager at Great American Insurance group and current CSO of a new startup in stealth-mode observes, “The insurance industry will be challenged to assimilate and digest the fire hose of big data needed to achieve ease of use and more powerful data analytics.”
According to Bode, “Two elements that will be most important for us as an industry will be to 1) ensure our data is good through a process of dynamic data scoring; and 2) utilize algorithmic risk determination to break down the large amounts of data into meaningful granular risk indexes.” Bode predicts “a future where insurers will be able to underwrite policies more easily, more quickly and with less human touch than ever imagined.”
The potential to use a broader array of data sources to improve customer experience extends well beyond the origination process. Imagine crowdsourcing in real time the analysis of images to an area affected by a natural disaster, getting real time insights into where to send adjusters before a claim is submitted. Tomnod is already crowdsourcing the kinds of analysis that would make this possible. Or imagine being able to settle an automobile claim by simply snapping a picture and getting an estimate in real time. Tractable is already enabling that enhanced level of customer experience.
The future for insurance clients is bright. Data and analytics will enable insurers to deliver more value to clients, not for additional fees, but as a fundamental part of the value they provide. Clients can, and should, demand more from their insurance experience. Current players will deliver or be replaced by those who can.
I’d like to finish with a brief, three-question poll to see how well readers think the industry is performing in its delivery of value through data and analytics to clients. Here is my google forms survey.
In the world of disability insurance, most financial advisers think of personal income protection. This is only the beginning of the possibilities that the adviser may be able to provide to safeguard clients, their businesses and assets. There are many products available within the disability insurance realm and diverse opportunities to provide your expertise.
Diversity of Product:
The most valuable asset in a business is the people. Imagine if one of your key executives had an illness or an accident and was unable to work and continue creating revenue and profit for your company. What effect would this have on the bottom line? How would you replace the lost revenue?
At a closely held, family owned business, benefit plans favoring the family and the senior management are important for retention and reward. Over the past year, a non-qualified deferred compensation plan is put in place for the top 10 executives. What happens if one of the executives becomes sick or hurt and is unable to work and contribute to the plan? Can the plan be funded? If yes, how?
The board of a company just signed the largest contract in company history for a new CEO. The contract has financial guarantees, performance bonuses and the other usual language. What happens if the CEO becomes ill or has an accident and is unable to perform his duties? The company is on the hook for the financial guarantees. Should this be funded out of company cash flow or have the liability transferred through a disability insurance policy?
There are more than 21 million small business loans valued at more than $600 billion. Business loans are taken out for business-related expenses, such as:
Purchase or expansion of a practice or business
Purchase of a large piece of equipment
An increase in working capital or build-up of inventory
Purchase of a building or land for a business
It may make sense to provide disability insurance to cover the business loans in the event the business owner has a disabling accident or illness. There are separate insurance policies or riders to a traditional policy that provides benefits to cover the loan or loan payment obligations.
Perhaps a client will not qualify for traditional or even non-traditional coverage because of an extensive medical history. Impaired risk coverages can work for pre-existing medical conditions.
Diversity of Opportunity:
QSPP Can Prevent Dysfunction and Disruption
Could you continue to pay a disabled employee’s salary from your business?
How long could you afford to pay a salary?
Would the payments you pay be deductible to your business?
It is the American dream: turn a simple idea into a start-up and, through innovation, hard work and the right people, grow that start-up into an industry leader. It may seem obvious that a business owner would want to do everything to protect the people who help grow the business. As the business grows, however, offering everyone the same protection in the case of injury or illness may become difficult. Owners have a tendency to focus on partners, executive staff and key employees. This is a completely logical line of thinking, but without a Qualified Sick Pay Plan (QSPP) in place, it could put the business at high risk.
A QSPP is a formalized plan determining who will be paid, how much will be paid and how long salary will be continued when employees are unable to work because of an injury or illness. The plan can have different determinations for different classes of employees within the company. It can also be self-funded, or funded through an insured product, such as disability income policies.
Why a QSPP?
There are two key reasons: tax implication of benefits paid and potential precedent. The Internal Revenue Code states that wages paid to a disabled employee may not be deductible as a business expense unless they are paid under a salary continuation program. Without a program in place, any payments made are not deductible by the business and are fully taxable to the employee.
The implementation of a plan allows a business to deduct wages paid to employees who cannot work, and an employee can receive qualified benefits tax-free. The absence of a QSPP could result in the IRS disallowing benefits paid to an employee as sick pay. This would have serious tax implications on the employer and the employee.
An even greater danger to an employer is the existence of benefit payment precedent. It may seem completely logical to continue the salary of key employees responsible for revenue growth, but, without a QSPP, any sick pay for any employee creates a precedent of the same pay for all employees. Any variation between employees could be viewed as discrimination. To eliminate this risk, it is important to create a formal, written plan stating any differences of salary continuation length or frequency between classes of employees before an employee needs to use it.
How Is a QSPP Implemented?
A QSPP requires two components: a plan resolution and plan letters to employees.
A plan resolution is drafted and executed by the company’s board. This resolution defines the classes of employees, how benefits will be paid and how long they will be paid.
Plan letters communicate the information to the employees. They can be class-specific.
How Can Benefits Under a QSPP Be Funded?
This is an important consideration. A QSPP can be fully self-funded, fully insured or a combination. If a plan is fully self-funded, the company can be burdened with all of the responsibility of determining who cannot work and how long they can’t work and of paying benefits from company accounts during a time when, depending on the person who cannot work, the company may need the funds the most. Additionally, the FASB 112 Accounting Rule makes a company become an insurance company by requiring it to carry the present value of future claims as a liability on the balance sheet if it chooses to self-fund a salary continuation program. Two implications of FASB 112 are:
Companies with self-funded disability programs must set aside all the money upfront
This requirement can significantly reduce profits while increasing liabilities
Under a QSPP plan with disability income insurance, the insurance company determines when your employees cannot work, the insurance company determines how long they cannot work and the company pays smaller, regular payments for the benefit during a time when all employees are actively at work. A fully insured plan not only takes much of the liability away from the employer, but it also allows the company to predict future plan costs. Disability income insurance premiums are level for the life of the policies. Three tax shelters of an insured salary continuation program are:
Premiums paid are deductible as a fringe benefit expense (IRC Section 162(a)).
Employer premiums are not included in employee’s taxable income. (IRC Section 106).
A special tax credit may be available for employees that are permanently and totally disabled (IRC Section 22(b)).
In working with the son of the owners of a medium-sized technology security firm, I learned that Mom and Dad would take care of the son if anything were ever to happen. As a financial adviser, what do we do now? A conversation about the company benefits and what the parent/owners wanted to have happen with their family and their employees created an opportunity. By educating the clients on sick pay plans, we were able to provide better recommendations to the owner (parents) for the benefit of the son and the other employees while keeping the firm in legal compliance.
Most if not all settlements include division of assets and liabilities owned by the parties. Additionally, when appropriate, especially if there are children involved, there is an alimony agreement. What happens to the continuing alimony payment if the payer becomes sick or hurt and unable to earn the income to make the support payment?
With the divorce rate at 50% or higher for U.S. marriages, there is an opportunity to protect a spouse and provide the children a source of income used for living and educational expenses. The solution is to place a disability insurance policy on the payer, with the spouse as beneficiary.
Students, coaches, umpires, golf professionals, chefs, race car drivers, comedians and musicians, to name just a few, are thought to have a hard time obtaining disability income insurance. They are not hard to insure if you are able to go a little deeper within the traditional markets or outside to the non-traditional markets.
Our hobbies sometimes position us to have access to people in these diverse occupations. One of my hobbies is to watch, listen and learn from professional speakers. It has been a privilege to spend time with some of the all-time greats. I am always amazed at their accessibility if you step forward and participate. Once, I hosted Chris Gardner, who became nationally know for his life story through the movie “Pursuit of Happiness,” where his role was played by Will Smith. As Chris and I began building a relationship, he learned about our firm, and it became evident that no one had spoken to him about protecting his flow of income from a disabling accident or illness.
There are many diverse opportunities for you as the adviser to protect your client’s flow income, business entity and valued assets. Think beyond personal disability insurance and help your clients understand their needs to secure their financial foundations.