The Blame Game

Karlyn Carnahan

Post by

Apr 16th, 2014

Kathleen Sebelius resigned on Monday, and I’m betting that she is hoping that her next role does not include a major IT project.  As Secretary of the Department of Health and Human Services (HHS), Sebelius was responsible for overseeing the rollout of the troubled website whose launch was tainted by serious technical problems. 

Initially the technical problems were thought to be confined to scalability issues given the large amount of traffic.  But it was found that there were a variety of other issues.  The site rejected valid passwords, served up blank drop-down menus, and crashed repeatedly.  There were challenges with the database, issues with integration, and after millions of visits on the first day, only six people got all the way through.  New contractors were brought in to fix the problems which added to the cost overruns.  The cost ceiling began at $93M, was raised to $292M, and today, it is estimated that the site has cost around $500M.    To be fair, this was an extremely complex project consisting of 6 complex systems, 55 contractors working in parallel, 5 government agencies were involved; it is being used in 36 States, and covers 300 insurers’ 4500 insurance plans.

There were a number of contributing factors to the technical problems.  No single contractor managed the entire project and there was a lack of coordination across the multiple vendors.  There were a number of last minute changes – and the project was managed using a waterfall methodology – which can make it difficult to respond to the changes quickly.  Testing was inadequate.  Not only did the system not perform according to design, but it didn’t scale to the level anticipated.  Clearly they knew what the load would be – but the load testing didn’t meet the capacity plan. 

However, Sebelius had little direct oversight of the project and certainly wasn’t responsible for the day to day project management.   The website design was managed and overseen by the Centers for Medicare and Medicaid Services, which directly supervised the construction of the federal website.   Regardless, Sebelius is likely updating her resume today and considering alternatives. 

What does this mean for a CIO?  If you’re going through a large scale project – and many carriers are – you won’t know everything that the project manager knows – even though your neck is on the line if the project fails. Large scale projects require a different level of management than day to day operations.

Areas to focus on include:

·         Set realistic time frames.   Don’t underestimate the amount of time it will take to implement the project.  A lot of carriers want to hear that implementation of a policy admin system can be done in 6 – 12 months and while there are some examples of that being true, it’s more likely that your solution will take longer.  Plan carefully,  add contingencies, and if you end up with a choice between launching late or launching with less functionality that was initially planned,  you’re usually better off taking the time to do it right.  People are much less forgiving of a poorly executed project than a late one.

·         Manage the project with multiple, aligned work streams.  Large projects generally will require multiple work streams.  We often see carriers who divide the project into streams such as data, workflow, rating, documents, etc.   This allows the team to focus their efforts.  However, you have to continuously monitor that the streams are aligned.  Communication across multiple work streams is critical

·         Communications is a key success factor for large projects, yet is often an afterthought – or worse – not planned.  Communications across project teams is necessary to assure the functionality is aligned as planned. Communications is also critical when it comes to managing scope creep.  When the team clearly understands the priorities, they’re better able to make tradeoffs early on.   Clearly setting expectations around the deliverables and then continuing to manage those expectations as the project moves forward is an important piece of the communications – especially if faced with optimistic delivery dates, changing requirements, or staffing constraints. 

·         Focus on the worst case scenario.  Be skeptical when all is going smoothly.  Insist on regular checks on the project and take red flags seriously.  Realistic monitoring of the project progress and analysis of the underlying factors impacting the use of contingency will help identify issues early on.  Make sure not to just look backwards at what has occurred – but focus on readiness for future stages.  Some carriers benefit from having third parties come in and conduct project health checks – looking objectively across the project for subtle indicators of potential issues.

In the end, Sebelius is responsible for the results of the implementation and her resignation should be seen as a red flag for carriers in similar situations.  Take a look at the governance you’ve put in place for your large projects.  Now may be a good time to consider adding some additional oversight. 

Is there a concentration wave going on?

Apr 11th, 2014

As part of our research, Celent has been covering a large variety of vendors active in the insurance space. Over the past 6 months we have published a few reports profiling specific core insurance system vendors in different application domains such as policy administration, claims, underwriting and quote and illustration. Based on our continuous screening of the market we have a pretty good understanding of this market:


In Europe, the Middle East, and Africa we have noticed that the market is highly fragmented and we think that a concentration phase will decrease the number of market participants over the next decade. Mergers and acquisitions activities have already started with some interesting strategic moves that happened over the past 5 years such as the acquisition of Duck Creek by Accenture, IDIT and FIS Software by Sapiens and the merger between FJA and COR AG.

More recently we have seen software integrators or more generally what Celent calls IT services vendors getting more active on the M&A front with for instance MphasiS purchasing Wyde a few years ago. As we are about to kick off the update of our IT Services vendor reports from 2010 (for more information about these reports you can click on the following links: IT Services Vendors Solutions Spectrum: North American Version, 2010 and IT Services Vendors Solutions Spectrum: EMEA Version, 2010), we already have noticed that some IT services firms are getting very aggressive on the market. A good example is without any doubts Sopra who has had an acquisition fever over the past 3 years with the recent acquisition of Steria announced this week.

We find the recent M&A developments in the core insurance system vendor area as well as the IT services vendor industry interesting. We think it demonstrates that IT in financial services and more specifically in insurance attracts interests from investors, being existing players or new ones. In this fast changing environment, we are looking forward to get a deep dive in the IT services vendor landscape in order to provide the latest about this market to our insurance subscription clients. Stay tuned!

Is the insurance industry facing a Cyber-Cat? Thousands of websites at risk to heartbleed bug…

Post by

Apr 9th, 2014

No no – I’m not referring to an animated cat on an App but rather the announcement yesterday regarding the Heartbleed bug affecting the security of over 50% of the Internet according to some estimates.

The bug affects the OpenSSL package and is believed to have been in the package since 2011. It affects the way the package deals with heart beat messages, hence the moniker given to the bug. There are already tools in use that exploit the bug and provide access to recent user data on compromised servers.

There have been security alerts before with many large brands facing fines and media inquiries about their losses but this bug potentially affects hundreds of thousands of websites and many businesses globally, but why characterise this as a catastrophe and why would insurers be interested?

In the last 2 to 3 years with the cost of data breaches growing significantly businesses have been offsetting the risk of a breach or loss through Cyber Liability Insurance Covers. Whilst the practice and cover is arguably in it’s infancy it’s popularity suggests that this sort of event could constitute a significant liability to insurers globally offering this cover. Further the event has some characteristics in common with other events requiring catastrophe response:

  • Many insured are at risk.
  • The event will likely draw the attention of governments and regulators.
  • Swift response will mitigate further loss.

There are some significant differences here though. Most notably in the event of hail, storm or flooding the insured are likely aware if their assets are affected or not – they may not know the extent of the loss but are likely aware if they need to claim. Increasingly risk aggregation and modelling tools are helping carriers and brokers understand the likely impact of catastrophe events. In this case however the insured may not be aware if they are compromised or not since the bug allowed for intrusions that would not be logged by the affected systems. In this case the advice is to determine if OpenSSL is used and if so then the server has been vulnerable, may have been compromised and should be patched immediately.

The full statement regarding the bug is available at although it is also covered at which contains some useful advice. Further coverage is available from Reuters and The Guardian.

As noted on – Apache and NGinx webservers are known to typically use the OpenSSL library and account for 66% of the Internet according to Netcraft’s April 2014 Web Server Survey.

Google says that it is not affected however Yahoo has already reported that they are working to fix the affected services on their side.

As always communication and collaboration is crucial to managing these events. Insurer clients of Celent may like to read Celent’s case study combining internal and external data to respond to a catastrophe.

Celent Announces Model Insurers for 2014

Post by

Apr 4th, 2014

If you were not able to join us in New York yesterday for our annual Celent Innovation & Insight Day, I am sorry to say you missed a great event!    Not only did we have over 250 attendees hearing about this year’s Model Insurers and Model Banks, but you missed some great speakers, content, and in depth discussions with the insurers whose case studies were finalists or winners of the awards.   If you were there, I hope you will agree it was a fantastic day!

First, let me congratulate our Model Insurer of the Year: MetLife.  Gary Hoberman of MetLife was one of our speakers and gave the attendees a look into The Wall, one of the innovative technologies MetLife is using to improve customer service around the globe. He also discussed MetLife’s development of Synapse, a tool designed to match skill sets with open positions, while creating a database of rich, qualified talent.

Gary was one of three great speakers at the event.  Richard King, CEO and President of Ingenie, also spoke.  Ingenie is a UK based auto-insurance broker with a target market of young drivers.   King discussed Ingenie’s telematics technology and the company has grown to be a leading insurance in the UK for the 17-25 year old cohort.  Through the use of black-box technology Ingenie tracks key driving behaviors and offers customers discounts every three months if behavior is positive as well as education to make policyholders better drivers.   The most impressive part for a parent of a teenage driver was Ingenie’s successful efforts in attracting a young, digitally-savvy audience who demand a personalized, one-to-one experience.  King announced that Ingenie is entering the Canadian market this year and plans to come to the US in 2015.

Our third speaker was Mick Simonelli, an Innovation Consultant and former Chief Innovation Officer at USAA.  Simonelli expanded upon the theme of innovation and how companies can build processes and competencies that allow them to launch, build and sustain an innovation culture.

Along with these great speakers the highlight for many attending were the announcements of the Model Insurers in the theme categories of digital, analytics, legacy transformation, IT management and implementation best practices.   New this year, Celent had individual break out sessions for each theme and the finalists in each award category discussed their projects during a panel discussion.   Congratulations to Allied Insurance, Bankers Insurance, ICW Group, Allstate, and CNA for winning Model Insurer awards this year.  A high five also goes to John Hancock, Unigarant, Aegon UK, Saxon Insurance, Foresters, RSA UK, Inter Hannover, MetLife, Millers Mutual, and 1st Central Insurance for their highly commended initiatives and being named finalists for their categories.  These fifteen insurers and MetLife’s the Wall were selected from 74 submissions for our award program this year.

We hope everyone who attended enjoyed the day as much as we did!  If you couldn’t attend, we’ll be doing it again next year so plan to join us then!  And if you have a successful technology project you would like considered for a Model Insurer award submit it for our 2015 Model Insurer Award program!  The submission form will be available on Celent’s website in July.


Model Insurer Asia Summit: A quick overview

Post by

Mar 25th, 2014

Earlier this month, I attended the Model Insurer Asia Summit at the Fullerton Hotel in Singapore.  With approximately 50 delegates from across the APAC region, it was a fantastic event to learn from others, debate the key issues facing the industry, and network across the region.

A total of 18 firms were recognised this year from over 8 countries, with entries ranging from large regional technology transformations through to novel uses of technology to enable propositions.

Tokio Marine presented just one such novel use of technology to enable a proposition where an app-based avatar is employed to provide health advice for women based upon how their body is feeling in support of a health insurance product.  This solution goes as far to include tracking the insured’s body temperature using a smartphone and a connected thermometer in order to identify when they may be coming down with an illness.  I just love this idea!  After talking about the potential for personal telemetry within the health insurance sector for several years now within Celent, it’s great to see a live proposition racing towards it.  Since its launch in June 2013, Tokio Marine has added 250,000 users already.

The overall Model Insurer Asia winner was awarded to Max Bupa Health Insurance (MBHI) from India.  Being a relatively new player in India at around four years old, MBHI had aggressive plans to launch new distribution channels whilst not losing sight of delivering an excellent customer service experience. It chose to implement a BPM solution to wrap around its existing applications, enabling it to deliver a consistent end-to-end process that achieved a 75% increase in processing capacity and 90% improvement in service level agreements.  This is a great example of how, when applied effectively, technology can truly deliver a differential business performance.

To find out more about these (and the 16 other finalists), a copy of the Model Insurer Asia report can be downloaded by Celent clients at

Finally, this year, we sandwiched the summit between two roundtable discussions: one on the use of digital and ‘big data’ to enable innovation in insurance; and the other one on regional distribution opportunities and challenges.  Round-table discussions of this nature are always a great way to get detailed insights around the main challenges facing firms quickly.  Unfortunately, I can’t share too much as they’re closed sessions and “what’s said in the room, stays in the room”.  However, what I can share with you is that many of the opportunities and challenges facing individual firms across the Asian region are shared with insurers from around the world.  There is a growing desire to provide a more engaging proposition with the end client, a need to secure new forms of distribution, and an acceptance that effective technology is at the heart of future business performance.  Sound familiar?  That said, unlike perhaps some other geographic regions, regional diversity in distribution, regulation, population prosperity, language, character set, and political goals, make it more difficult for insurers, vendors and SIs / consultancies to navigate with a ‘one size fits all’ policy.  It’s this diversity coupled together with the regional growth rates for emerging financial services that make the region one of the most fascinating to follow and one that we expect to see a lot more innovation come out over the coming decade.