Tag Archives: network

Third Parties Pose Problems With Cyber

In today’s cyber world, business is done digitally. Trusted cyber relationships between partners must be formed to effectively conduct business and stay at the forefront of innovation and customer service. Having these trusted partnerships comes with a major drawback, however.

Look at it from this perspective: If your organization is the target of a malicious actor, yet they find your defenses too difficult to penetrate, the attacker can use a partner company to find a way in. Depending on the difficulty, the attackers could target multiple third parties in an attempt to gain access to your network.

The important factor to keep in mind here is that just because your organization may have top-notch security practices in place, it does not mean your partners do, and they can be targeted for their valuable insider access to your systems.

Related story: Third-party vendors are the weak links in cybersecurity

Third-party companies, no matter how trivial they may seem to your everyday operations, need to be thoroughly vetted. If they are given secure insider access as part of doing business with your organization, their systems must be reviewed and assessed for security vulnerabilities. The adage, “you’re only as strong as your weakest link,” could not be more true when it comes to third-party vulnerabilities.

Coming to grips with risk

Partners may think of themselves as unlikely targets, but even your HVAC vendor could be creating a gaping hole in your security network that malicious actors may use to gain access to your sensitive information.

For example, financial enterprises have extremely large networks of third-party vendors and partners, from payment processors and auditors to Internet providers and other financial institutions. Being able to map your third parties’ public Internet space and network presence allows you to identify indicators of compromise and risk that paint an accurate depiction of your partners’ potential attack surface.

When we think of potential targets for hacking, we naturally think of big companies or government agencies-organizations that have large volumes of critical and sensitive data. But because these organizations typically have the funds and resources to implement sophisticated security, they are usually not the weak link when it comes to an attack.

Because these organizations cannot be easily accessed, malicious actors adjust their attack strategies to use alternate paths to their desired goal-less secured partners with privileged access. Once a vulnerable company is compromised, its trusted access into other partners allows malicious actors to bypass security controls with exploits that didn’t work previously. Adversaries now are free to roam the connected partner networks, essentially undetected.

Dealing with the problem

The moral here is that insider threats don’t necessarily have to come from within an organization. Trusted third parties, once compromised, create significant security risks to sensitive data. Organizations must look beyond their own defensive perimeters and consider monitoring their partners to better understand their complete attack surface-especially large and complex organizations in which new services are frequently delivered on outward-facing infrastructures.

Understanding the complete attack surface not only provides the intelligence to prevent abuse, but it provides insight into how an attacker may view a path of attack. Additionally, gaining insight into third-party partners, vendors and suppliers is crucial in creating an informed and dynamic risk management program.

Most organizations are busy enough dealing with their own IT infrastructure, so double-checking the risks associated with their partners may not be at the top of their priority list. However, in today’s cyber threat landscape, if you don’t take into account the security posture of your partners, you will never be able to truly mitigate your risk and are leaving gaps in your defenses for anyone to access your critical information.

This article was written by Jason Lewis. Lewis is the chief collection and intelligence officer at LookingGlass. Lewis is a network analyst who has technology initiatives in the private and public sectors.

Stretching the Bounds of Digital Insurance

Last year, we began to see industry leaders respond positively to disruption and start to reimagine their businesses for the digital insurance era. We predicted that insurance’s “Digital Transformers,” many with deep resources, huge scale and process discipline, were about to rewrite much of the digital playbook. They would use technology not just to improve their internal processes but also to create and exploit entirely new opportunities for growth.

This year, our Technology Vision shows how these pioneering insurers are fundamentally changing the way they look at themselves; leading carriers are quickly mastering the shift from “me” to “we.” They are stretching the boundaries of digital insurance by tapping into a broad array of other digital businesses, digital customers and digital devices at the edge of their networks. In the process, these forward-thinking companies are not just transforming insurance but are looking to reshape entire markets and change the way we work and live.

Every year, Accenture’s Technology Labs collaborates with Accenture Research and a large number of business and technology specialists to pinpoint the emerging technology developments that will have the greatest business impact on insurers in the next three to five years.

This year’s Accenture Technology Vision highlights five themes that will catalyze the growth and transformation of the insurance industry’s digital power brokers of tomorrow.

1. The Internet of Me is changing the way people around the world interact through technology, placing the end user at the center of every digital experience.

2. Digital devices at the edge, where the digital and physical worlds meet, are powering an Outcome Economy and enabling a new business model that shifts the focus from selling things to selling outcomes.

3. The Platform (R)evolution reflects how digital platforms are becoming the tools of choice for building next-generation products and services—and entire ecosystems in the digital and physical worlds.

4. The Intelligent Enterprise is making its machines smarter—embedding software intelligence into every aspect of its business to drive new levels of operational efficiency, evolution and innovation.

5. Workforce Reimagined sees advances in more natural human interfaces, wearable devices and smart machines extending intelligent technology to interact as a “team member” and working alongside employees.

Beyond insurance

The emergence of the new “We Economy” is sure to bring profound change to the insurance industry. The transition has already started, led by those carriers that welcome disruption as an opportunity to outpace their less agile competitors and to discover new paths to growth.

Shaping a positive response to such far-reaching change is not a trivial issue. Insurers face extensive transformation as they seek to redefine their role in the face of rapid advancements in big data, robotics, nanotechnology, genetic engineering, artificial intelligence and many other technologies that promise to change our world dramatically in the next decade.

75% of insurers believe that, in the future, industry boundaries will dramatically blur as platforms reshape industries into ecosystems. But most insurers are still tied to a business model based on pooling risk, calculating average pricing and generating gross premium income. This model will come under increased threat in the future as the Internet of Things, big data, digital channels and artificial intelligence enable carriers to assess and price risk directly and individually.

The leaders are already thinking about what their role will be in an economy where service is personalized and real-time, measured by outcome and delivered through powerful digital ecosystems. They are preparing to use their digital advantage to stretch their businesses beyond the boundaries of the enterprise—and of traditional insurance. 35% of insurers are comprehensively investing in digital technologies as part of their overall business strategy; 29% are investing in selected business units.

For brave insurers, digital technologies and new sources of rich data also bring new possibilities for underwriting, opportunities to take out significant costs though machine learning and other automation strategies and powerful ways to differentiate by finding new sources of customer value and enhancing the customer experience.

The Digital Transformers are thus taking a two-speed approach to exploiting new technologies.

They’re addressing their short-term needs by improving specific processes and products, while at the same time investing in their future by exploring the transformative potential of digital. They tend not to have a digital strategy as such, but a business strategy that is altogether digital. Their digital investments are directed less at specific processes or operations than across the enterprise value chain.

These pioneers have realized that digital technology is not just about driving market differentiation, stronger customer relationships and better quarterly returns. It is also about collaborating with other organizations to effect long-term change and shape business outcomes in ways that were not possible before. And it is about insurers revisiting their core purpose within society and what that means in the digital world.

The objective of insurance has always been to manage the risks inherent in growth, progress and innovation, and that is a purpose that is more relevant than ever in a world of accelerated change. When automobiles upended the ways that societies and economies worked in the 20th century, insurance helped smooth the risks and make the horseless carriage a safe reality. Now, with the first driverless vehicle poised to become a commercial reality, insurers once again have the opportunity to be the enablers of a disruptive technology that will change the way we live.

Here, as before, it is insurers who should mediate the changes and mitigate the risks. There is no innovation without regulation, and no industry better placed than insurance to take on the responsibility of governing the dangers of disruptive new technologies.

Everything is connected

Consider the rapid growth of the Internet of Things. It is potentially bringing every insurable asset, life and activity into the digital realm, creating a new world of possibilities for insurance. Forward-thinking insurers are using these connections to offer new services, reshape customer experiences and enter new markets by creating digital ecosystems.

In the emerging vision for the connected home, the entire home will soon become a single connected entity, both internally and with an ecosystem of service providers, each of which monitors and reacts to data that’s relevant to itself. This includes the security team, emergency services, and of course, the insurer.

Home owners will receive a variety of data, from energy consumption levels to alerts and even surveillance video feeds, on their mobile devices or any other channel they prefer. In this ecosystem, how can the insurer go beyond offering cover to help customers manage risks and prevent accidents that would lead to a claim? And how can it mitigate the risks of this technology breaking down or malfunctioning?

BNP Paribas Cardif in Italy already offers Habit@t, an insurance package that uses technology to secure customers’ homes. Habit@t employs sensors to monitor the home, even when no one is in. In case of danger—fire, smoke, flooding, lack of electricity—it alerts the customer and the operations center.

According to BNP Paribas Cardif: “These types of offers will typify your future relationship with your insurance providers: they are no longer there simply to assist you after an incident. They now help you anticipate incidents and limit their consequences, while improving your comfort and security on a daily basis.”

In healthcare, Apple and Humana in the U.S. have partnered to let consumers share Apple HealthKit data with the Humana Vitality app. HealthKit brings together wellness data from wearable devices and apps, letting consumers track and share their daily steps walked, calories burned, heart rate readings and other data.

In exchange for their data relating to healthy behavior, customers receive financial incentives such as discounts on their monthly healthcare premiums. Here, the insurer’s role isn’t simply to provide health insurance but also to help customers lead healthier lives. What does it mean for society when the focus is on monitoring patients to keep them healthy rather than on treating them when they’re ill?

And in the auto insurance sector, the connected car is bringing disruption and opportunity. Many insurers already use car telematics to personalize risk assessment and pricing, or even to offer usage-based products. Some are using it to offer a range of services like roadside assistance and traffic alerts, vehicle security, driver coaching and so on.

Looking a little further into the future, driverless cars have the potential to turn the auto insurance industry on its head. Again, leading insurers are starting to forge new partnerships and build ecosystems that will allow them to remain relevant in a world where personal auto ownership will be rarer and where the nature of the risks they manage will be vastly different.

BMW and Allianz have agreed to offer usage- based insurance underwritten by Allianz for the car manufacturer’s i3 and i8 electric vehicles in the UK. And State Farm, the U.S.’s largest personal lines auto insurer, is collaborating with Ford on autonomous driving research. Together, the companies are assessing whether driver-assist technologies can lower the rate of rear collisions.

And in many segments of the market, the need for traditional insurance coverage is slowly evaporating. In auto insurance, for example, the imminent arrival of autonomous vehicles together with a trend away from owning cars might shrink the size of the addressable market. Similarly, a combination of hardier, high-yield crop varieties and big data for more accurate forecasting of crop yields is starting to erode the market for crop insurance. Insurers must think about new business models and revenue streams to compensate for those that slow down to a trickle or even disappear in the years to come.

Tomorrow’s digital insurance leaders

As the earlier examples illustrate, forward- thinking insurers see great potential to make a difference—and to make a profit—by operating within ecosystems, not just as individual corporate entities. Working in concert with players from other industries, leading insurers are considering how to tackle significant challenges that societies, organizations and people will face in the future. Whether under their own brands or as partners for other companies, they will play a role in transforming centuries-old modes of transportation; raising the quality of healthcare by tackling it holistically, across many industries from hospitals to insurance and robotics; and much more besides.

Insurers have an opportunity to embed themselves in tomorrow’s customer-centric digital ecosystems, become the regulators of the disruptive technologies of the future and help to enable progress. This is an opportunity they should not squander.

Read the full report at Accenture

3 Steps Toward Better Meetings

How many meetings did you attend last week that lacked a specific agenda, started late and then ended late? How often did you attend a meeting without knowing why you were even there? How many meetings actually resulted in a new idea or significant decision?

With about 11 million business meetings occurring each day, one thing is clear: Meetings are a mainstay of business culture. When they are conducted effectively, they inspire and ignite innovation and lead to higher-performing teams and a stronger bottom line. When they are ineffective and irrelevant, they plague all of us with the notion that this time together was wasteful, costly and inefficient.

Too many meetings fail to generate any meaningful return on the investment of our time and energy. And they undermine our productivity. Our meeting-intensive culture forces people to complete their work in the margins of their day-early in the morning and late at night-hurting their health, motivation and work-life balance.

Something has to give.

It is time for better meetings. It is time for a meeting revolution.

Start the revolution by questioning the value of each meeting you attend, by preparing for your meetings and by ensuring that the right people, and only the right people, are invited.


Instead of automatically accepting the next meeting request, pause and consider the meeting’s return on investment for you. Ask yourself:

  • Will this meeting assist me in achieving my goals?
  • How does the purpose of the meeting align with the company’s strategic priorities?
  • What contribution can I make in the meeting?
  • Will anyone even notice if I’m not present?
  • Will this meeting be energizing, or will it suck the life right out of me?
  • Will this meeting be a rehash of the last five meetings I attended?
  • Is attending this meeting the highest and best use of my time right now?
  • Remember, every time you say yes to one thing, you are saying no to something else.


As you prepare for your next meeting, ask yourself the following questions:

  • Why do we need to meet?
  • What is the purpose of the meeting?
  • Is this an informational, decision-making, problem-solving, brainstorming, team-building or instructional/skill-building meeting? Or a combination of a few of these?
  • What is the outcome I want to achieve as a result of this meeting?
  • Is there an alternative format I can use to achieve the outcome?
  • If a meeting is essential, what is the ideal meeting format to achieve the meeting outcomes-an in-person meeting, a virtual meeting or a combination of the two?
  • Who needs to attend the meeting?
  • What information do I need from the attendees?
  • What do the attendees need to know or complete in advance of the meeting to achieve the outcome?
  • What expectations do I have for the meeting attendees regarding preparation and participation? How will I communicate these expectations?
  • What is the ideal length of the meeting to accomplish the stated purpose of the meeting?

Use your answers to guide you in planning and preparing to have better meetings.


To think about who to invite to your meeting, start by recognizing that there are four types of meeting attendees: the decision maker, the influencer, the resource person and the executer.

  • The decision maker is the primary authority.
  • The influencer has the pull and network within the organization to advocate and popularize meeting decisions and initiatives.
  • The resource person has specific knowledge, skills and expertise needed to inform the decisions and create plans for executing those decisions.
  • The executer has the knowledge, skills, resources and authority to successfully complete the work resulting from the meeting.

An ideal meeting has each of these types in attendance. Of course, one person can represent multiple roles, and more than one representative of a specific role may be required. For example, you may need three executers to complete a complex project discussed during the meeting.

To determine who really needs to attend the meeting, ask yourself:

  • What is the meeting outcome?
  • Who in the organization must be present to achieve the outcome?
  • Who is the decision maker?
  • Who is the influencer?
  • Who is the resource person?
  • Who is the executer?
  • If there are people who will not be invited to the meeting but who have been invited to similar meetings in the past, how will I communicate my rationale for excluding them?

Without the right people in the meeting, nothing will be accomplished, and everyone’s time will be wasted. To have better meetings, invite the right people and only the right people.

A decision maker is not necessary to start a meeting revolution. A meeting revolution starts with one person choosing to do something differently and then communicating with colleagues about why she has chosen a different approach.

Thirty-seven percent of employee time is spent in meetings. So, when you choose to lead a meeting revolution, you are not only ensuring that this investment of time and energy generates a significant return on investment, you’re also giving your team time back to do the work they’re good at, the work they’re hired to do and the work that will grow the business.

What can do you right now?

  • Here’s a game-changing question for you: Are you a planner, prioritizer, arranger or visualizer? Find out your productivity style in less than 10 minutes; take my free productivity style assessment.
  • Want to take it to the next level? Share the assessment with your team, then start a conversation about your respective productivity styles and what you each need to work well.

Share your thoughts on how these strategies worked for you! Please leave a comment on this post.

This article originally appeared on fast company.com.

Rethinking the Claims Value Chain

As a claims advisor, I specialize in helping to optimize property casualty claims management operations, so I spend a lot of time thinking about claims business processes, activities, dependencies and the value chains that are commonly used to structure and refine them. Lately, I have been focusing on the claims management supply chain — the vendors who provide products and perform services that are critical inputs into the claims management and fulfillment process.

In a traditional manufacturing model, the supply chain and the value chain are typically separate and — the supply chain provides raw materials, and the value chain connects activities that transform the raw materials into something valuable to customers. In a claims service delivery model, the value chain and the supply chain are increasingly overlapping, to the point where it is becoming hard to argue that any component of the claims value chain couldn’t be handled directly by the supply chain network.

Which creates an intriguing possibility for an insurance company — an alternative to bricks and mortar and company cars and salaries, a virtual claims operation! Of course, there are third-party administrators (TPAs) that are large and well-developed enough to offer complete, end-to-end claims management and fulfillment services to an insurance company through an outsourced arrangement. That would be the one-stop shopping solution: hiring a TPA to replace your claims operation. But try to envision an end-to-end process in which you invite vendors/partners/service providers to compete to handle each component in your claims value chain (including processing handoffs to each other.) You select the best, negotiate attractive rates, lock in service guarantees and manage the whole process simply by monitoring a performance dashboard that displays real time data on effectiveness, efficiency, data quality, regulatory compliance and customer satisfaction.

You would need a system to integrate the inputs from the different suppliers to feed the dashboard, and you would also need to make certain the suppliers all worked together well enough to provide the ultimate customer with a seamless, pain free experience, but you are probably already doing some of that if you use vendors. You would still want to do quality and compliance and leakage audits, of course, but you could always hire a different vendor to do that for you or keep a small team to do it yourself.

Your unallocated loss adjustment expenses (ULAE) would become variable, tied directly to claim volume, and your main operating challenge would be to manage your supply/value chain to produce the most desirable cost and experience outcomes. Improved cycle time, efficiency, effectiveness, data accuracy and the quality of the customer experience would be your value propositions. You could even monitor the dashboard from your beach house or boat — no more staff meetings, performance reviews, training sessions — and intervene only when needed in response to pre-defined operational exceptions.

Sounds like a no-brainer. Insurance companies have been outsourcing portions of their value chain to vendors for years, so why haven’t they made their claims operations virtual?

If you are running an insurance company claims operation, you probably know why. Many (probably most) claims executives are proud of and comfortable with their claims operations just the way they are. They believe they are performing their value chain processes more effectively than anyone else could, or that their processes are “core” (so critical or so closely related to their value proposition they cannot be performed by anyone else) and thus sacrosanct, or that they have already achieved an optimal balance between in-house and outsourced services so they don’t need to push it any further. Others don’t like the loss of control associated with outsourcing, or they don’t want to consider disruptive change. Still others think it might be worth exploring, but they don’t believe they can make a successful business case for the investment in systems and change costs. Unfortunately, this may help explain why claims executives are often accused of being stubbornly change averse and overly comfortable with the status quo, but I think it is a bit more complicated than that — it all begins with the figurative “goggles” we use to self-evaluate claims operations.

If you are running a claims operation, you have an entire collection of evaluation goggles — the more claims experience you have, the larger your collection. When you have your “experience” goggles on, you compare your operation to others you have read about, or seen in prior jobs, or at competitors, to make sure your activities and results benchmark well and that you are staying up to date with best practices. At least once a year, someone outside of claims probably demands that you put your “budget” goggles on o look for opportunities to reduce ULAE costs. or legal costs, or fines and penalties, or whatever. You probably look through your “customer satisfaction” goggles quite a bit, particularly when complaints are up, or you are getting bad press because of your CAT response, or a satisfaction survey has come out and you don’t look good. Your “stakeholder” goggles help you assess how successful you have been at identifying those who have a vested interest in how well you perform, determining what it is they need from you to succeed, and delivering it. You use your “legal and regulatory compliance” goggles to identify problems before they turn into fines, bad publicity or litigation, much as you use your “no surprises” goggles to continually scan for operational breakdowns that might cause reputational or financial pain, finger pointing and second guessing. Then there are the goggles for “management” — litigation, disability, medical, vendor — and for “fraud mitigation” and “recovery” and “employee engagement.” Let’s not forget the “efficiency” goggles, which help you assess unit costs and productivity, and the “effectiveness” and “quality control” goggles, which permit you to see whether your processes are producing intended and expected results. And of course your “loss cost management” goggles give you a good read on how well you are managing all three components of your loss cost triangle, i.e., whether you are deploying and incurring the most effective combination of allocated and unallocated expenses to produce the most appropriate level of loss payments.

Are all those goggles necessary? You bet. Claims management involves complex processes and inputs and a convoluted web of variables and dependencies and contingencies. Most claims executives would probably agree it makes sense to regularly evaluate a claims operation from many different angles to get a good read on what’s working well , what isn’t and where there is opportunity for improvement. The multiple perspectives provided by your goggles help you triangulate causes, understand dependencies and impacts and intelligently balance operations to produce the best outcomes. So even if you do have a strong bias that your organization design is world-class, your people are the best and all processes and outcomes are optimal, the evaluation should give you plenty of evidence-based information with which to test that bias and identify enhancement opportunities — as long as you keep an open mind.

No matter what you do, however, there will always be others in your organization who enjoy evaluating your claims operation, and they usually aren’t encumbered by such an extensive collection of goggles. They may have only one set that is tuned to budget, or customer experience, or compliance, or they may be under the influence of consultants whose expensive goggles are tuned to detect opportunities for large-scale disruptive/destructive process innovation or transformation in your operation. On the basis of that narrow view, they just might conclude that things need to change, that new operating models need to be explored. Whether you agree or disagree, your evidence-based information should be of some value in framing and joining the debate.

Will we ever see virtual claims operations? Sure. There are many specialized claims service providers operating in the marketplace right now that can perform claims value chain processes faster, cheaper and better than many insurance companies can perform them. The technology exists to integrate multiple provider data inputs and create a performance dashboard. And there are a few large insurance company claims organizations pursuing this angle vigorously right now. I fully expect the companies that rethink and retool their claims value chains to take full advantage of integration of supply chain capabilities and begin to generate improved performance metrics and claim outcomes, ultimately creating competitive advantage for themselves. Does that mean it is time for you to rethink your claims value chain? I think the best way to find out is to put on your “innovation” goggles and take a look!

Bizarro World: Where Buying Can Be Fun

In the Bizarro world of insurance, the product that people buy hoping they never use it is replaced with products that people buy via an interactive and engaging learning experience.

Last Wednesday, Google opened its first retail store in London: a pop-up store within a British electronics retailer, called Currys PC World. The Google shop lets people play, experiment and learn about all Google has to offer. In a sense, the store is an interactive billboard that places profits at the backseat and lures customers in via a promise to entertain.

This concept of “play over purchase” isn’t unique, and can be found in Apple’s and Samsung’s business models. In fact, only two years ago, Samsung looked to emulate Apple’s success in the U.S. by launching its own chain of mini-stores in partnership with Best Buy.

Surely there is some room for play, not just purchase, in our industry.

To get a better idea of how this would work in Bizarro insurance world, picture a retail destination with insurance geniuses standing by, ready and eager to engage customers in the insurance experience all the way from consulting on insurance products to simulating claim-handling and the latest telematics gadgets. These insurance geniuses will welcome consumers and listen to them, to better understand the right combination of products and features to offer. Later, the geniuses will point consumers to different stations, such as “Seriously Real,” sponsored by Cyberith, where consumers can enter the virtual world of operating drones for disaster support, or “Hot Quotes,” sponsored by Bolt, where consumers can obtain auto insurance quotes faster than Jimmy John’s delivery guy can make a sub.

The result will be a house of insurance brands that come together under one roof to clearly communicate the value of insurance for the sake of a branded customer experience. Yes, I’m referring to the two most overused words in this industry – customer experience – which until now were largely defined by an automatic renewal letter sent once a year or perhaps an unused, “downloaded and forgotten” app.

We should also draw on the underused word “ecosystem”: in this setting, defined as a network of carriers, vendors and insurance startups that collaborate to educate and engage around insurance products via a one-stop shop.

To be continued when we revisit the Bizarro world of insurance….