Tag Archives: startupbootcamp

Global Trend Map No. 12: Cybersecurity

As web-first rapidly becomes the norm for today’s businesses, a new bogeyman is lurking: cybersecurity. With IT systems no longer an adjunct but the central pillar of most organizations, cyberattacks have come to represent an existential threat. No less serious is the risk to the vast repositories of customer data that today’s businesses sit on top of, which have grown far faster than security architectures can keep pace with.

According to PwC’s 19th annual CEO survey, 61% of CEOs are concerned about cybersecurity, with everything from phishing to denial- of- service attacks on the rise.

For the insurance industry, cybersecurity represents both an opportunity and a threat: an opportunity in that enterprises are crying out for coverage against the cyber risks they face, a threat because carriers, of course, hold large amounts of customer data and are hence targets for cyber-attacks and hacks themselves.

A theme across this content series, and one we explored specifically in our feature on marketing and customer-centricity, has been the imperative for insurers to better engage with customers’ needs – before customers start taking those needs elsewhere. On the commercial side, cyber risk is therefore an enticing opportunity for insurers, as their clients’ businesses are only going to get more online, not less, and security risks abound (especially with anything IoT-related).

However, cyber events are particularly challenging to insure against due firstly to their manifold knock-on effects, which range from barely quantifiable reputational damage to share-price collapse, and secondly to the lack of historical data. Substantial focus will therefore be required for insurers to fully realize the cyber-coverage opportunity.

“Insurers just don’t have the capability or the skillset to produce things that customers want to buy, particularly with so-called cyber products that mostly don’t cover the specific risks that the clients are concerned about. There’s a total disconnect there between the reality of business for all the Fortune 500 companies in the world and what insurers think they’re going to provide them by way of services and products.” — Steve Tunstall, CEO and co-founder at Inzsure.com

Cybersecurity is a sprawling area, so this part of our series is primarily aimed at cybersecurity as threat, as opposed to cybersecurity as opportunity: What are carriers doing to protect their customers’ data and to mitigate against the threat of data breaches?

We start with a look at carriers’ attitudes to cyber threats like data breach, followed by a look at how – and how confidently – they are addressing these. To finish off, we cast an eye over the longer-term evolution of cybersecurity as carriers pressing forward with digital transformation seek, at the same time, to future-proof their systems.

The following stats and perspectives are drawn from our Global Trend Map; a breakdown of all respondents, and details of our methodology, are included in the full report, which you can download for free at any time.

1) Assessing the Scale of the Cyber Threat

69% of carriers are “very concerned” about information security breaches.

While (re)insurers are open to the same sorts of attack as other large enterprises, the event we choose to focus on here is data breach. There is nothing that strikes so much at the core of the insurance business, which has been a data business since the very beginning; at the same time, (re)insurers – as professional data stewards – ought to be relatively well-placed to defend themselves. The harm that could come from a cyber breach at a carrier is multifaceted: Stolen data could cause customers direct commercial damage, whereas tampered-with data could render carriers’ risk models worthless, affecting both them and their customers further down the line. It is no surprise then to see the overwhelming majority of (re)insurers registering concern with information security breaches (94%).

Cyber-attacks affect other players in the insurance ecosystem, too, and there are plenty of weak points in the “water cycle” of customer and company data; so we also encounter a majority concern among the other ecosystem players that contributed to our survey.

See also: 2018 Predictions on Cybersecurity  

Our broader research suggests that data breaches are particularly high up the agenda in Asia-Pacific. We reached out to David Piesse, chairman of IIS Ambassadors and ambassador Asia Pacific at the International Insurance Society (IIS), based in Hong Kong, to understand more about what is happening in the region:

“Digitization is leapfrogging in Asia, and so are industrial parks with smart devices and machine learning running the processing. Because of global supply-chain issues, this makes the need to mitigate and protect data integrity an urgency even without regulation where best-practice risk management must be implemented.”

Piesse continues: “Asia Pacific is only starting to look at regulations for data breach as opposed to data privacy laws, which have been around for some time. This leads us into the debate of the difference between privacy (encryption) and data integrity, which are two different arms of the cybersecurity triangle that must be embedded in all cyber risk management approaches.

“The time from compromise to discovery in Asia is now on average 580 days, according to statistics. Therefore, we must assume compromise of data across time, as there have been no notification laws and hence no catalyst to mitigate. This is why there is concern in Asia Pacific. The take-up of cyber insurance in Asia is fairly low as compared with the U.S. and U.K. for this reason.”

2) Filling the Breach

Our respondents’ data-breach concerns are matched by high confidence that data security is adequate, and this probably has a lot to do with mitigation planning across their organizations.

As we see from our graphic, three-quarters of carriers are confident in their security, and we find a similar level of confidence among respondents from the broader ecosystem. While these figures are encouraging, a quarter of respondents lacking confidence on this important measure is still cause for concern when we consider the number of customers that any one company can have. Even just a few percentage points of the ecosystem still represents rich pickings for online criminals and massive disruption for thousands, and potentially millions, of customers.

“Insurers have been very early adapters of computer technology. Given this maturity, one might think they should be able to control technology security on all layers, but the opposite is usually the case.” — Oliver Lauer, head of architecture/head of IT innovation at Zurich

When we turn to look at concrete mitigation plans, we observe that these are relatively commonplace.

However, 11% of carriers having no plan is concerning, given the absolute amount of business interruption this potentially represents (6% answered “don’t know”). Another factor to bear in mind is the potential fallibility of mitigation plans, so the proportion of carriers that are actually safe from security breaches will certainly be less than the 83% quoted above. We should also remember that data breach is just one type of cyber-attack and consequently just one aspect of (re)insurers’ overall cybersecurity strategy, which needs to be comprehensive.

“Insurers are very late in the game of opening their systems for the digital age, and most of their software systems are 25 years old and older, and are “secure by nature” due to their legacy walled garden architectures. And now they are modernizing their systems at the speed of light, and their security architectures and capabilities can hardly follow.” — Oliver Lauer

We expect carriers – and all businesses for that matter – to continue ramping up their cyber defenses over the coming months and years, especially given recent high-profile incidents like the Wanna Decryptor attack in May 2017, which hit nearly 100 countries around the world.

When assessing the full spectrum of cybersecurity risks, it can be difficult to know where to start and what to prioritize, so we asked financial services influencer Michael Quindazzi, business development leader and management consultant at PwC, for five key questions every insurer should be asking itself, from the board down:

— Who are our adversaries, what are their targets and what would be the impact of an attack?

— What are the most important assets we need to protect?

— How effective are our processes, assignment of responsibilities and systems safeguards?

— Are we integrating threat intelligence and assessments into cyber-defense programs?

— Are we assessing vulnerabilities against emerging threat vectors?

As with building on unstable foundations, the risks from getting one’s approach to security wrong at the outset only get bigger the further down the road you go. We spoke to Oliver Lauer, head of architecture/head of IT innovation at Zurich, who frames the security conundrum in the following terms:

“Insurers are implementing digital cores with full connectivity to everything, omni- and multi-channel and open API architectures, and usually they have no real idea what these new implementations mean for their security systems – they are still handling security like they did in the past with their ‘closed shop’ approaches.

“This will lead – in my eyes – to very dangerous threats in the future. And even if they have recognized these risks and have the money to invest, it’s very difficult to hire the necessary resources. Everybody is looking for security experts at the moment.…”

What is clear is that today’s digital platforms introduce a fundamentally new security dynamic requiring a different way of thinking from security professionals at carriers.

3) Longer-Term Evolution

58% of carriers have updated their security strategies to reflect the rise of new digital platforms.

As we can see from the chart below, the majority of insurers and reinsurers have made adjustments to their security strategy to reflect the rise of digital platforms, and we get a similar figure when we consider our other ecosystem players.

For now, though, this is a small majority (58%), less than the 83% who had mitigation plans for data breaches. As the industry gets savvier about cybersecurity as a whole, we expect this figure to rise sharply.

“With customer data-protection and privacy rules becoming more scrutinized across Europe and the globe, it is not a surprise that the chief information security officer is taking such a prevalent position within enterprises. The role will need to ensure appropriate usage of customer data and overcome digital privacy and security issues.” — Sabine VanderLinden, managing director at Startupbootcamp

Global Trend Map No. 1: Industry Challenges

Welcome to the first post in our new insurance/insurtech content series! Here, we examine the top internal and external challenges facing the insurance industry, as revealed by our Trend Map, for which we gathered more than 1,000 survey responses from insurance players around the world and consulted more than 50 industry thought leaders. You can find a breakdown of our survey respondents, details of our methodology and bios of our contributors by downloading the full Trend Map here.

It’s a tough time for the insurance industry right now, with a complex raft of issues to deal with over the coming years, from regulatory and climatic change through to adverse market factors, legacy systems and the rise of insurtech. Indeed, one of the problems we had surveying the industry was the sheer variety of potential challenges that respondents might name.

For this reason, we drew up a short list based on our periodic research within the insurance community. And, as not all challenges are directly comparable, we split them out into external and internal challenges, creating two separate hierarchies:

  1. External challenges: issues in the wider world that necessitate a response from the industry if the industry is to survive and thrive
  2. Internal challenges: whatever stands in the way of that response’s successful implementation

For example, increased regulation might require changes from insurers and other industry participants (external challenge); however, lack of company-wide dedication to core priorities might prevent these necessary changes from actually happening (internal challenge).

We then asked all our survey respondents – encompassing carriers, intermediaries, solution providers, associations and regulatory bodies – to rank these external and internal challenges in order of importance, giving us an idea of what the industry regards as the biggest hurdles ahead.

External Challenges

Our external challenges table points to technological advancement as by far the greatest external challenge, followed by changing customer expectations and digital channel capabilities.

A quick note on our methodology: Respondents were asked to rank their top three challenges, with three points being awarded for 1st place, two points for 2nd and one point for 3rd. This allowed us to create not just a ranking but a cumulative score for each challenge.

New emerging risks, changing economic conditions, increased regulation and increased competition make up the middle tier. Further down we have new entrants to the market, catastrophe risk, absence of a clear strategy and climate change. Then, comfortably in last position, we find lack of company investment.

“Technology has always been a key enabler within the insurance sector. In today’s highly customer-centric world, organizations that want to thrive will do so through digital excellence; meaning by combining unique customer experiences and omni-channel distribution mechanisms, as well as by reinventing interactions across the insurance value chain, despite legacy constraints.” — Sabine VanderLinden, managing director at Startupbootcamp

So what then is the picture, if any, that we see emerging? The top three challenges, notably, form a clear constellation: Changing consumer behavior patterns, especially the desire for digital channels, certainly underlie insurers’ preoccupation with technological advancement to a considerable extent.

See also: Prospects for Insurers as a Global Industry  

We would therefore say tentatively that the interface between customer and insurer is going to be one of the key battlegrounds going forward, not just in the trivial sense of online portals and chatbots but rather as the ability of insurers and other industry participants to make every part of their operation work for the customer. The mid-tier challenges – essentially market factors – are certainly significant but represent the pointy end of “business as usual” rather than the digital, customer-centric paradigm shift we see coming into focus at the top of the challenges table.

This shift falls broadly under the remit of digital transformation, which we have seen at work in many recent initiatives at major insurers, both internal and external to their organizations. Many insurers have, for instance, like Allianz in November 2015, founded some form of digital transformation unit. Likewise, a number of major players have set up venture-capital arms to foster digital innovation outside of their four walls – like AXA Strategic Ventures.

While insurance was for a time considered the sleepy corner of financial services in terms of digitization, tech and innovation, we now see a host of transformation and innovation projects underway, and the money is flowing. This is borne out by the fact that lack of company investment was, by some way, the lowest-ranked challenge in the industry. Insurers and other industry participants may or may not be successful in their digital transformation – but this will likely be decided by factors other than their willingness to invest in it.

Download your complimentary copy of the full Trend Map here.

Internal Challenges

The results for internal challenges show lack of innovation capabilities and legacy systems neck and neck and leading the pack. Finding and hiring talent and siloed operations make up the middle tier, with lack of company-wide dedication to core priorities and mergers and acquisitions activity a long way behind at the bottom of the table.

The methodology used here was the same as that used in gathering the external challenges – giving us both a ranking and a score.

These results are consistent with the picture we saw emerging with the external challenges; that lack of innovation capabilities should be the leading internal challenge indicates first and foremost the industry’s strong will to innovate, which is part and parcel of many insurers’ and other industry participants’ current digital transformation projects.

In keeping with this is the low position attained by lack of company-wide dedication to core priorities – it’s clear that what is missing is neither the intention nor the investment to change (lack of investment was rated the industry’s lowest external challenge), rather it is the capabilities to make it happen. And these capabilities fall short in three perennial areas that turn up once again in our internal challenges table: systems, staffing and silos.

“These challenge tables perfectly illustrate and explain the fundamental conundrum of the global insurance industry; the acceleration of technological advances coupled with expanding sense of consumer entitlement and their rapidly evolving tech-driven behavior is causing older and slower-to-change insurers to struggle mightily in playing catch-up and has made them vulnerable to newcomers and disruptors.” — Stephen Applebaum, managing partner at Insurance Solutions Group

Find out more about how these internal and external challenges vary by geography – for Europe, North America, Asia-Pacific and LatAm – in our regional profiles, by downloading the full Trend Map here.

Additional Challenges

Our survey respondents had the opportunity to provide any additional challenges they felt we had missed. Responses were colorful and varied, but some that stood out were:

  • Prevailing low interest rates
  • Insurtech/disruptors
  • Cyber-risk
  • Loss of agents/disintermediation
  • Change management
  • Lack of strong leadership

Conspicuous on this list is insurtech; while this was not explicit in our short list of challenges above, it nonetheless cuts across them (in particular, technological advancement and lack of innovation capabilities, our two leading external and internal challenges respectively). There is indeed plenty of talk on the air about an impending shakeup of traditional insurance models…

Innovation: ‘Where Do We Start?’

Before “insurtech” becomes the next over-used buzz-phrase to hate, let’s step back for a moment and consider the truly unprecedented scope of opportunity for growth facing those in the various risk management sectors who embrace the inevitable reinvention of this trillion-dollar industry.

As the whirlwind of start-ups and innovation occurring across insurance business models evolved into viral global gold rush, many existing insurers and VCs still struggle with how to participate. Many who understand the reality of disruption as a means of growth struggle even more with the most basic questions:

  • Where do we start?
  • Do we have the expertise?
  • How can we pick the best among the thousands of startups and “smart-ups?”

Most of the established firms I coach are consistently surprised by two lessons learned that have been captured at some point after working through these key strategic questions.

First, they are surprised at the ease with which they were able to answer the one question that can be truly paralyzing: “Where do we start?” Second, they often voice relief at how easily the rest of the core, up-front answers seem to just fall into place. These experiences can be distilled down to a rather straightforward single question: “How do we get unstuck?”

See also: Insurtech and the Law of Large Numbers  

Two timeless bits of wisdom can provide the first steps toward converting chaos into actionable clarity:

  1. A picture is worth a thousand words. Frameworks and models do help create clarity.
  2. A little education goes a long way. This is code for: check as many assumptions as possible at the door and ask, “What if..?”

Here are some pictures that can be useful:

Source: Startupbootcamp, what is an insurtech? [Infographic], 2015

The “4 Ps” model from Matteo Carbone and the Insurance Observatory

Insurtech Landscape by AGC Partners

All three frameworks for understanding insurtechs are solid models by which an audience, subscriber group or client company can gain greater insights. But insurance companies, venture capitalists and regulators need to understand how to use them.

The insurtechs in these models represent but the center of a much larger landscape of forces requiring consideration if you want to be an insurer that defines the rules that all others will have to follow.

Innovation Framework

The reinvention of insurance is simultaneously happening from the inside-out (insurtechs) as well as from the outside-in (exponential technologies). In other words, insurtechs are revolutionizing HOW insurers will manage risk and consumers. Exponential technologies will fundamentally redefine the WHAT—i.e., the very risks that insurers manage.

Now, this raises an important question: How do we define these larger external forces? One organization influencing many of these breakthrough, or exponential, technologies is Singularity University in Sunnyvale, CA. Singularity U coined the phrase “10(9)” Opportunities.” These are opportunities to leverage a technological capability, or domain, to improve 1 billion lives (9 zeros) within a single decade.

Some may question whether this vernacular is more aspirational than attainable. But among the best-kept secrets in the insurance industry is the reality that exponential markets waiting to be discovered outnumber those currently being addressed by existing insurance product lines. So, here is a possible goal: “By year-end 2027, we will have grown by improving the lives of 1 billion or more people by creating products that leverage the technological application of___________________.”

Incumbent insurers must understand how these converging forces relate to discover clarity and scalable growth. A short list of essential questions leading to viral growth strategies needs to include: Which insurtechs will feed my strategy to grow _________ opportunities?

These types of questions can map the insurtechs within the industry and near term to the longer-term, much broader landscape of opportunities. Clarity of these exponential forces—then mapped back to the products, services, and new business models among insurtechs—will open the door to achieving four significant deliverables:

  1. Improve the solicitation, selection and vetting of new ideas generated internally and collaboratively;
  2. Improve the returns on early-stage investments;
  3. Improve the vision, focus and identification of M&A opportunities;
  4. Improve the expectations and returns on new products and services developed and launch by internal innovation teams.

Strategic Framework for Member Services

The world outside of insurance looks into this industry with skepticism with respect to innovation. What is so often misunderstood is that three of the most significant societal shifts of the past 200-plus years were essentially enabled by insurance innovation: homeownership in the late 18th century, the viral adoption of the car and advances in medical treatments as an outgrowth of adoption of health insurance. The DNA for exponential innovation resides within this industry.

Seeing insurtechs as a means to fulfill a longer-term innovation strategy is where the opportunities are being discovered by those who will lead this industry for decades to comes.

See also: Insurtech Is an Epic Climb: Can You Do It?  

To provide feedback, ask for additional information or learn how to apply these concepts, contact Guy Fraker, guy@insurancethoughtleadership.com.

Do you want to follow Guy Fraker’s commentary and insights, and be notified as new posts are added?

Subscribe to Guy Fraker's blog