Tag Archives: software

Why the Agent Will NOT Be Disrupted

“Google Compare kaput” – Shefi Ben Hutta

A few weeks ago, I published an article here on ITL saying that the insurance industry, in general, would not be “disrupted.” I received both a lot of positive and (politely) negative feedback, including a rebuttal by Nigel Walsh. And then just this week, Google, the single-most-often-pointed-to culprit for the probable insurance disruption, dropped a bombshell: that it is shutting its Google Compare insurance service.

That whisking sound you hear is me taking my victory lap.

All kidding aside, although the urge to take a victory lap is strong, my calmer, rational side realizes that this news does not mean what some might think it means. While my beliefs are that disruption, as has occurred in other industries, will not happen in insurance, Google’s exit from this space is NOT evidence that I am correct. What I believe has transpired is the following:

  1. The insurance business overall is complex. Software cannot eat this elephant whole.
  2. Google underestimated how difficult the business is, especially in the segment Google Compare was fighting for, which is distribution. Getting new customers in insurance is quite challenging. Customers want value in their insurance transactions, which a website and a rater cannot imitate.
  3. Google’s opportunity cost of capital is high, and Google Compare couldn’t meet an acceptable threshold because of its inability to get traction. Brian Sullivan of Risk Information recently said that Google Compare got 10% of the business it forecasted. Ouch!

Those on the disruption side of things promise that, much like the Terminator, Google will “be back.” I actually think that is possible, after some of the issues are ironed out, such as expectations. Once upon a time, I would have been an eager Google Compare customer. So I have no doubt that there is a market for its offering.

But there is a bigger market for insurance customers who want someone else to do the un-thrilling work of getting their insurance in place because those customers either don’t have the expertise or don’t wish to be bothered by the process at all. Consider a recent example in my own timeline.

My current auto and property policies were purchased online several years ago. I didn’t need an agent because I was more than happy to do the work myself to save a few dollars. No longer.

I recently moved across the country, back to the East Coast. The last thing I wanted to do was deal with address and other changes that are required when you move across state lines. I also didn’t want to research all of the licensing and car registration procedures I’d have to go through in the weeks following my move. So I found an agent. Within a couple of days, that burden had been lifted from me. I am less likely to personally do the insurance buying going forward. I would rather be doing something else altogether than researching and buying insurance. The whole experience was well worth the commission paid.

And then there are customers who don’t know much about insurance at all: teen drivers, new homeowners and new parents, to name just a few potential insurance customers where the guidance of a trusted adviser will save a lot of time and future headaches. Can we really expect teen drivers to understand anything more than getting the cheapest policy possible so that they can drive? My newly minted teen driver spent days trying to get her car on the road because she chose the Cockney-accented spokes-lizard insurance, which provided nearly zero support for her real problem, which was the DMV. My response: ”You should have gone to an agent. He would have done all that work for you.” A lesson learned, I hope.

How about a new homeowner trying to get insurance to cover the property and family? An insurance agent will help with issues around replacement values, limits of liability, deductible options and coverage differences between carriers. Can machine learning get to the point where it can replace all of that? Perhaps. But add to this, additional complexities such as how should a family put together auto, property, umbrella and other insurance policies (such as flood, earthquake, jewelry, non-admitted products) together to optimize effectiveness, and I think the technologists looking to disrupt are a long, long way away from being able to effectively deliver the value that an agent/broker is already providing. As the stakes are raised, the human touch will remain invaluable.

This is not to say that the state of the current agency system is acceptable. Agents need to step up their game. Agents have been one of the biggest offenders in not using technology to further their significance. Agents have chiefly been great sales people. They have to be. They are selling an imperfect product whose value is difficult to quantify. In today’s environment, agents need to scale their sales presence outside of the face-to-face transaction toward a digital world. The agent might be able to overcome my objections when we are looking at each other, but, today, I am communicating via digital means, and I can simply ignore the agent. Agents need to use technology to better market to, communicate with an educate customers. They also need to take a page from insurers and use data to understand and quantify risk so that they can recommend the best solutions and not just a policy with the lowest price. Agents are used to providing multiple options to customers; now they need to use data to get an information advantage. Does this mean that agents need to become part underwriter, part adjuster, part actuary while remaining part salesperson to survive? I think so.

For the modern agent or broker, Google Compare was not seen as a serious threat. Top agents know the value they bring and are not easily substituted for with technology. Twenty years from now, the landscape for buying insurance will look very different from today but I wager that, for many of the reasons I have outlined here, the insurance agent will still have a significant role for consumers who value their time and possessions.

How Safe Is Your Data — Really?

The number and the potential severity of cyber breaches is increasing. A recent PwC survey found that nearly 90% of large organizations suffered a cyber security breach in 2015, up from 81% in 2014. And the average cost of these breaches more than doubled year-on-year. With more connected devices than ever before—and a total expected to reach 50 billion by 2020 —there are more potential targets for attackers, and there is more potential for accidental breaches.

What’s more, as of late 2015, companies are, for the first time, listing their information assets as nearly as valuable as their physical assets, according to the 2015 Ponemon Global Cyber Impact Report survey, sponsored by Aon.

So, how do you keep your organization’s data—and that of your clients and customers—safe?

It’s not just a matter of investing in better technology and more robust systems, according to Aon cyber insurance expert Stephanie Snyder Tomlinson, who says, “A lot of companies find that the weakest link is their employees. You need to train employees to make sure that if they get a phishing email, they’re not going to click on the link; that they don’t have a Post-It note right next to their monitor with all of their passwords on it. It’s the human error factor that companies really need to take a good hard look at.”

From intern to CEO: Simple steps everyone can take

It’s easy for individuals to become complacent about data security, says Aon’s global chief privacy officer, Brad Bryant. But, with cyber threats increasing, it’s more important than ever to be aware of seemingly innocent individual actions that can potentially lead to serious cost and reputational consequences for your organization.

According to Bryant, there are four key things that everyone can do to help protect themselves and their organizations from the rising cyber threat:

  • Be alert to impersonators. Hackers are becoming increasingly sophisticated at tricking people into giving away sensitive information, from phishing to social engineering fraud. You need to be more vigilant than ever when transmitting information. Are you certain they are who they say they are?
  • Don’t overshare. If you give out details about your personal life, hackers may be able to use them to build a profile to access your or your company’s information. From birthdays to addresses, small details build up.
  • Safely dispose of personal information. A surprising amount of information can be retained by devices, even after wiping hard drives or performing factory resets. To be certain that your information is destroyed, you may need to seek expert advice or device-specific instructions.
  • Encrypt your data. Keeping your software up to date and password-protecting your devices may not be enough to stop hackers, should your devices fall into the wrong hands. The more security, the better, and, with the growing threat, encryption should be regarded as essential.

Key approaches for organizations to better protect data

To protect your, your customers’ and your and clients’ information, investing in better cyber security is one element. But data breaches don’t just happen through hacks, or even employee errors. At least 35% of cyber breaches happen because of system or business process failures, so it’s vital to get the basics right.

Prevention is key, says Tom Fitzgerald, CEO of Aon Risk Solutions’ U.S. retail operations. There are four key strategies he recommends all organizations pursue to limit the risk and make sure they’re getting the basics right:

  • Build awareness. Educate employees on what social engineering fraud is, especially those in your financial department. Remind employees to be careful about what they post on social media and to be discreet at all times with respect to business-related information.
  • Be cautious. Always verify the authenticity of requests for changes in money-related instructions, and double-check with the client or customer. Do not click on random hyperlinks without confirming their origin and destination.
  • Be organized. Develop a list of pre-approved vendors and ensure employees are aware. Review and customize crime insurance—when it comes to coverage or denial, the devil is in the details.
  • Develop a system. Institute a password procedure to verify the authenticity of any wire transfer requests, and always verify the validity of an incoming email or phone call from a purported senior officer. Consider sending sample phishing emails to employees to test their awareness and measure improvements over time.

Much of this advice is not new, but the scale of the threat is increasing, making following this advice more important than ever. Fitzgerald warns, “Social engineering fraud is one of the greatest security threats companies can encounter today. … This is when hackers trick an employee into breaking an organization’s normal digital and physical security procedures to access money or sensitive information. It can take many forms, from phishing for passwords with deceptive emails or websites, to impersonating an IT engineer, to baiting with a USB drive.”

How governments are driving data protection

The potential consequences of inadequate data security are becoming more serious, and courts and regulators are focusing on this issue globally.

The European Union is considering a Data Protection Directive to replace previous regulations implemented in 1995. The expected result will be a measure that focuses on the protection of customers data. Similarly, an October 2015 ruling by the European Court of Justice highlighted the transfer of customer data between the E.U. and U.S.

Bryant warns: “Regardless of where a company is located, the provision of services to E.U. customers and the collection or mere receipt of personal data from European citizens may potentially subject companies to E.U. jurisdiction. … Failure to comply could present unprecedented risk for companies, including fines of up to 4% of a company’s total global income.”

Changing E.U. rules aren’t the only thing that could affect your business. Internet jurisdictions and organizational operations are increasingly becoming cross-border. This global patchwork of Internet rules and regulations is why only 24% of cyber and enterprise risk professionals are fully aware of the possible consequences of a data breach or security exploit in countries outside their home base of operations.

Why getting the basics right is critical

As the Internet of Things continues to grow, the number and range of potential targets for cyber attack is only going to increase. While eliminating all cyber risk may be impossible, getting the basics right is becoming more important than ever.

Bryant says, “Given the large scope and impact of the various changes in data protection law—coupled with the drastic increase in fines—becoming educated on how to protect our data is more business-critical now than ever before.”

Digital Insurance, Anyone?

The digital banking conversation is alive and kicking within the FinTech world, focused on discussing the merits, definitions and initiatives around what it means for a bank to become digital across its entire technology and business stacks. I have yet to find the same level of discourse and vibrancy within the insurance world.

Spurred by Yan Ranchere’s latest blog post, I am adding my own thoughts to the insurance narrative or, dare I coin it, the “digital insurance” narrative.

First, let’s frame the discussion by attempting to define the evolution of the insurance model from old to current and future or digital:

Old Insurance Model:  This model is mostly paper-based with an application collected from the customer by the agent and sent to the carrier. The agent quote is not binding and may indeed change once the carrier has reviewed the application. I would qualify this model as carrier-centric. The carrier does all the heavy lifting with data verification and underwriting, with little stimuli from external data feeds in real time; the agent merely serves as a conduit.  As result, underwriting and closing a policy may take several days or even several weeks.

Claims management and customer service are cumbersome. Arguably, this delivers poor service in today’s age of instantaneous expectations. Not only can the old model be considered carrier-centric, I would also venture it is product-centric (in the same way that the old banking model is product-centric). The implications from a technology point of view are the same as in the banking world: a thin front end, shaky middleware and a back end that is silo-driven and that makes it difficult to optimize underwriting or claims.

Current Insurance Model:  The current model optimized the old model and made the transition from carrier-centric to agent-centric, which means that things are less paper-based and more electronic and that there is more process pushed onto the agent to be closer to the customer. In this model, the agent is empowered to issue policies under certain limits and risk frameworks—the carrier is not the gating factor and central node anymore.

Instead of batch-processing policies at the carrier level, the system has moved to exception processing at the carrier level (when concerned with nonstandard data and policies), thereby leveraging the agent. The result is faster quotes and policies signed more quickly, with the time going from days and weeks to hours or just a day. Customer service will go the same route. Claims management will still remain the central concern of the carrier, though.

Digital Insurance Model:  This is the way of the future. It is neither carrier- nor agent-centric, and it certainly is not product-centric any more. This model is truly customer- and data-centric—very similar to what we witness in digital banking. The carrier reaches out to the customer in an omni-channel way. Third-party data sources are readily available, and the technology to process and digest the data is extremely effective and delivers fast and furiously. Machine learning allows for near-instantaneous underwriting at a carrier or agent level, any time, anywhere. The customer can now get a policy in minutes.

Processes after policy-signing follow a similar transformative route. The technology implications are material: new core systems of record, less silo effect, more integration, massive investments in data warehouses and in products and services that act as layers of connection between data repository centers, core systems, claims management platforms, underwriting platforms and omni-channel platforms.

Picture the carrier effectively plugged in to the external world via data sources, plugged in to the customer in myriad ways that were not possible in the past and plugged in to third-party providers, all of this in real (or near-real) time. That means no more of the old linear prosecution of the main insurance processes: customer acquisition, underwriting, claims management. Furthermore, with a fast-changing world and more complex customer needs, delivering a product is not the winning formula any more. Understanding the customer via data in a contextual manner is.

To be fair, insurance carriers have nearly completed massive upgrades to their database architecture and can claim the latest in data warehouse technology. Some carriers have gone the path of renovating their channels and going all-out digital. Others are refining the ways they engage new customers. Most are thinking of going mobile. Still, much remains to be done. These are exciting times.

Boiling down what a digital insurance model means, we can easily see the similarities with digital banking; digital insurance must be transparent, fast, ubiquitous and data-focused, and there must be an understanding that the customer is key and is not a product.

Once you digest this new model, it is easier to sift through the key trends that are reshaping and will reshape the industry. I am listing a few that we followed at R66.  By no means is this an exhaustive list, nor is it ordered by priority, impact or size of opportunity:

1) Distribution channel disruption: There are three sub trends here—a) the consolidation of brokers and agents, b) channels going all-out-digital and disrupting the brick and mortar and c) carriers continuing to go direct and competing with brokers.

2) Insuring the sharing/renting economy: Think about Uber, Airbnb and the many other start-ups that are building the sharing economy. All of them need to or already are creating different types of coverage through their ecosystems. Carriers that focus on the specific risks, navigate the use cases, gather the right data and are forward-thinking will win big. James River is an insurance carrier that comes to mind in this space.

3) Connected data analysis: I do not use the term “big data” any more. Real-time connected data analysis is the right focus. Think of the integration of a series of hardware devices, or think of n+1 data sources. These are powerful, mind-blowing and will affect the trifecta of insurance profits: underwriting, claims management and customer acquisition.

4) Technology stack upgrades:  This means middleware to complement data warehouse investments, new systems of record, software platforms for underwriting (or claims management) and API galore. It’s the same story with banking; there is just a different insurance flavor.

5) Technology externalities: GPS, telematics, AI, machine learning, drones, IoT, wearables, smart sensors, visualization and next-generation risk analysis tools—you name it, these will help insurance companies get better at what they do, if they adopt and understand.

6) Mobile delivery:  How could I not list mobile delivery? Whether it is to improve customer acquisition; policies or claims management; or customer service, we are going mobile, baby.

7) A la carte coverage: Younger generations are approaching ownership in different ways. As a result, a one-size-fits-all insurance policy will not work any more. We are already witnessing a la carte insurance based on car usage, homes or commercial real estate connected via sensors or IoT.

8) Speciality insurance products:  We live in a digital world, baby, which means cyber security, fraud and identity theft.

It should be noted that the above describes changes in the P&C industry and that the terms “carriers” and “reinsurers” can be used interchangeably. Furthermore, I have not focused on health insurance—I know next to nothing in that field.

Any insurance expert is welcome to reach out and educate me. Anyone as clueless as I am is welcome to add their thoughts, too!

This article first appeared on Pascal Bouvier’s blog, here.

Cars That Self-Assess Accidents

“Star Trek” fans love to point out that, over the last five decades, many of the show’s futuristic technologies have gone from science fiction to fact. Mobile communicators (cell phones), non-invasive surgery (focused ultrasound surgery), food replicators (3D printers) and phasers (now being tested by the U.S. military) are but a few examples.

But in its own way, a show in the 1980s was just as prescient: “Knight Rider”– a show about the exploits of Michael Knight (David Hasselhoff) and his car KITT, a talking, thinking and feeling car is nearly spot on.

In the show, this highly autonomous vehicle could map locations, conduct video calls and talk much like Apple’s Siri system. In reality that’s headed our way, automobiles that feel and virtually think will be made possible by technologies that include augmented reality, microscopic sensors and mini-microprocessors. These technologies will enable vehicles to perform a variety of tasks now done by humans – from assessing the damage caused by accidents and ordering replacement parts to booking rental cars and assessing liability.

Tomorrow’s vehicles will, in part, assume the roles of insurance adjusters, collision-repair technicians and drivers. And “tomorrow” may not be too far off.

“Smart Skin”

Already, engineers at the British defense, security and aerospace company BAE are developing a “smart skin” – a thin surface that could be embedded with thousands of micro-sensors (aka “motes”). The company says that when this layer is applied to an aircraft, it will gain the ability to sense wind speed, temperature, physical strain and movement with a high degree of accuracy.

According to several articles, the micro-sensors could be as small as dust particles and could be sprayed on the surface of the aircraft (and on a car or truck). The motes would have their own power source and, when paired with the right software, communicate in much the same way that human skin communicates with the brain.

Once sensory and virtual-reality technologies have evolved to the point where our vehicles can genuinely “feel” and evaluate changes to themselves and their environment, the main thing needed to complete this automotive Internet of  Things will be data – lots of real-time data that is freely exchanged between car owners, insurance companies, auto repair shops and auto manufacturers. Achieving a consensus among consumers and corporations about when, what and how much data should be exchanged may be a sticking point, but, once that agreement is reached, it will be just a matter of time before self-diagnosing cars start hitting the roads.

The Car of Tomorrow

Imagine a future in which your car is covered with an intelligent “skin” that monitors every component and function – from the engine to the exterior sheet metal.

Now imagine the moment your car gets into an accident. The car will instantly calculate how much damage has been done, where it was done and what needs to be repaired or replaced. This information will be quickly ascertained and collected by the vehicle’s computer. From there, it will be transmitted to the cloud, where it can be downloaded by a repair facility or insurance company. By viewing a three-dimensional virtual-reality image of the automobile, the repair technician and insurance adjuster could literally “see” – and almost feel and touch – the damage.

Imagine a time when all that damage is self-assessed by the vehicle. It diagnoses itself, feeds the information into estimating software and tells the collision-repair shop what needs to be done. The vehicle also determines how long repairs should take and even orders parts by automatically sourcing suppliers. All this ensures that your vehicle is fixed ASAP. In addition, your hyper-smart car can order a rental, so you’ll have alternative transportation while the claim is being processed.

All the information regarding your accident – the speed at which you were traveling, location, direction of travel, etc. – will be instantly transmitted to your insurer, enabling the adjuster to make more educated decisions. Think of all that information being fed to a predictive, cognitive claims system that can make intelligent recommendations, helping consumers receive the best possible outcome on every claim.

This is the future – an era when data, sensor and cognitive computing technology are meshed to create a seamless auto claims process that speeds repairs, handles claims more efficiently and provides an amazing customer experience.

Use of Cloud Apps Creates Data Leakage

A large U.S. cable television company recently sought to better understand how its employees were using cloud apps to stay productive. Management had an inkling that workers routinely used about a dozen or more cloud file sharing and collaboration apps.

Ed note_CipherCloud_Willy Leichter

An assessment by CipherCloud showed the employees actually were using 204 cloud services that posed a security risk: 78 cloud storage apps and 126 collaboration apps, many of which included file-sharing functions.

Emerging risk: A major concern for the cable company was that sensitive information about customers and employees could leak unnoticed beyond its network perimeter.

Free cloud file storage makes it convenient to share data quickly and widely. The company learned that sensitive files had been moved into folders accessible to people who should not have had access to the information.

Wider implications: Like many organizations, the cable company routinely stores customer transactions data as well as employee healthcare data covered by HIPAA privacy rules. The rising use of free Web apps by employees has created many more opportunities for data leakage and could lead to sanctions and fines – or, worse, an embarrassing, expensive data breach.

The cable company set up sanctioned accounts with a popular cloud storage service-Box-for employees to use. It also has begun examining other steps it can take to impose tighter controls around sensitive company records.

Excerpts are from ThirdCertainty’s interview with Willy Leichter of CipherCloud. (Answers edited for length and clarity.)

3C: Can you outline how the rising use of cloud apps in the workplace is creating security issues?

Leichter: A typical process is one person sends you something from a Dropbox account, and suddenly you become a Dropbox user. Or, often, departments will say, “OK, we’re going to use Dropbox or Hightail for this particular project,” and it kind of grows department by department. It grows virally.

The challenge is the very nature of the whole file-sharing world. It’s like Swiss cheese. It’s designed to be very easy to share and to open up public links and to let another person in.

That’s where this cable company approached us. They had about a dozen different things they knew about and wanted to standardize.

3C: You found a lot more than a dozen cloud apps in use.

Leichter: We found well over 1,000 cloud apps, what we call shadow IT apps, that they were using. We have about 20 different categories of such apps; it could be software development tools, or it could be social tools. In one category, file-sharing tools, we found more than 120 apps. This one category is probably the most actionable category because file sharing involves sending people documents.

3C: How did this discovery help the cable company?

Leichter: They were trying to do two things. They were trying to standardize on two or three different file-sharing services and use monitoring tools on them. And they also wanted to shut down the worst offenders, which you can do easily enough.

3C: In general, what kinds of malicious or worrisome activity are you seeing in shadow IT?

Leichter: It’s kind of a spectrum. Officially sanctioned apps are being scanned in real time, using tools we and others make. That’s kind of a new world. We can give you all kinds of detail about who’s using all these apps. Then there’s the other 90% of the apps in shadow IT.

Anomalies can be where someone is sending huge amounts of files to some strange apps. Or someone is downloading stuff they shouldn’t be at two in the morning. Or it could be multiple people using the same account from different IP addresses. Someone is logging in from San Jose and then an hour later they’re logging in from Beijing. You can spot a lot of these and take steps to shut them down.

3C: What else surprised the cable company?

Leichter: One of the things they learned is why people were doing this. For the most part, it was because the company wouldn’t pay for them to use an account. So they were account hopping from one freebie to the next. It was because people just did not want to pay for stuff.

So now the company is trying to steer people to use better practices through outreach and education. And it also is buying them accounts.