Risk, reward and cyber-scurity

Post by

Sep 3rd, 2014

For most people the amount of time, skill and effort required to get access to our family photos far outweighs the possible value someone would find there in. Thus, security measures based on making it really quite difficult to get to the data while at the same time not too hard to use have become increasingly popular. I would file username and password security in here.

Occasionally, the digital assets on the other side are valuable to the right group. Banks use 2 factor authentication and a variety of non-digital schemes to ensure security. Even World of Warcraft where rare digital swords and armour carry their own value offer broader measures of security to protect accounts. The recent leak of a number of celebrities private photos shows that there are other assets worth the time and effort required to break this level of security.

The risk associated with the data insurers hold has to date been quite minimal. There are health, specialty lines and large commercial lines where this isn’t the case, but for most people the data held by insurers and available through portals is largely innocuous and available through other means. As insurers start to tap into wider data sources and the Internet of Things it is imperative that the industry considers how it protects it’s customers.

A simple example from products available today: some insurers likely hold the real-time location of the car driven by celebrities and millionaires children, thanks to the increasing popularity of telematics based car insurance. This brings with it increased security, the opportunity to recover the car if stolen and the opportunity to bring much needed assistance swiftly if the car and driver suffer an  accident. In the wrong hands this data is sadly highly valuable and thus worth the time, effort and risk to assault and try to recover.

Whilst the details around the leak are still emerging it is clear that it is incumbent on the providers of these services to offer sufficient security in the first place and to educate it’s users on appropriate use.

To insurers looking at cloud and portals, I say consider the edge cases – the celebrities using your security for instance, those for whom there are organised groups who would be rewarded for getting the data.

Take into account the type of data available through various security schemes and portals, some information is naturally less sensitive. No one will read a story about a film star’s driving score and premium due next month, but where they drove and when – well maybe that’s a headline you don’t want your name associated with.

It Wasn’t the Big One– Yet

Karlyn Carnahan

Post by

Aug 25th, 2014

I was jolted at 3:20 Sunday morning by a 6.1 earthquake. I live about 15 miles as the crow flies from the epicenter of the quake. I woke up as the bed began to shake –noticeable enough to wake me – and then stronger and stronger. The quake went on for about 20 seconds- which actually feels like a VERY long time – and it was a noisy one. You could hear the house creaking as it shook back and forth. I laid in bed thinking –I wonder if this is the big one.

 
It’s been almost 25 years since the 1989 Loma Prieta Quake which was the last big quake to hit the bay area. I was out of town when that hit – at the national CPCU convention –and trust me –there is no weirder place to be than an insurance convention when a major disaster hits. It was the night of the confirmation dinner and the hotel commandeered every television in the place so the different insurance carriers could meet the rest of their crew, huddle in front of the television and decide what they were going to do.

 
The shaking got stronger. It wasn’t a rolling motion – it was back and forth. Imagine your bed on an electric toothbrush or an oscillating saw. I was in a third floor bedroom and was reminded of my great grandfather who survived the 1906 earthquake because he was in a top floor bedroom when the hotel he was staying in collapsed, killing almost everyone in it. He rolled under an iron bed as the ceiling began to fall and that was part of what saved his life. (whew! Thanks Gramps for being smart enough to do that.  I kind of like being here.)

 
We all know that disasters happen. I write and speak regularly on topics such as catastrophe management but it always feels like such a remote possibility that anything will REALLY happen to me. But this weekend, as the house shook back and forth, I realized it has been a while since I checked the contents of my emergency kit, made sure the water supplies were fresh, backed up copies of all my documents to the cloud, or updated my home inventory.

 
The shaking calmed down and then stopped. Nothing seemed damaged – nothing had fallen over or broken. I turned on the radio and began to listen to see what had happened. At 3 in the morning, it takes a while for the pre-recorded program to be interrupted with real news. But Facebook and Twitter – oh thank you social media – was already live with friends actively posting information from a wide variety of sources. And I was already getting messages – are you okay.

 
The news came on and one of the first things mentioned – in the first thirty minutes after the quake – was a mention of a large carrier who had already contacted the news station to let them know where adjusters would be, an 800 number and mention that they were already out contacting people. And remember – this is earthquake insurance – most people don’t even have coverage. Talk about rapid contact.

 

Later that afternoon, I was out to lunch with friends as we celebrated a birthday. The topic of conversation kept coming back to the earthquake. Light comments – “Did you see what happened at Silver Oak? I volunteer to go clean it up – with a straw!) as well as detailed discussions about emergency kits, and what we’ll do in the event that the big one hits.

 
It wasn’t the big one… for me. But in Napa, it was the big one for a lot of people. It’s times like these that remind us why we’re in this business.

Capital Opportunities

Karlyn Carnahan

Post by

Aug 20th, 2014

AM Best came out today with a revision for the reinsurance sector from stable to negative as the reinsurance market continues to soften. When it comes to reinsurance, it’s been a buyers’ market. Competition in the global reinsurance industry is fierce as there is significant excess capacity. Reinsurers have experienced lower than anticipated cat losses despite some well publicized events earlier in the year. There’s also been robust use of alternative capital as cat bonds continue to increase.

 
What this means for carriers is that they have opportunities to take advantage of falling prices and get improved coverage across all lines of business. In addition to low prices, terms and conditions are improving. Carriers are able to purchase increased coverage because of the low prices and lock in multi-year deals for portions of their reinsurance coverage. They’re negotiating more customized reinsurance programs – lasering out specific exposures. And even property cat renewals are getting improved prices and terms. With pressures on growth, carriers who retreated from catastrophe exposed coastal areas in earlier years are reassessing the potential opportunities and looking for tools to help them re-enter a potential growth market.

 
The question is how long can reinsurers keep this up? Is the bottom of the soft market emerging? Private reinsurance capital is now competing at a level comparable to current government roles in some areas. AM Best isn’t the only rating agency that is posting negative outlooks on the reinsurance market. Primary carriers are starting to look more aggressively to determine if they should consider locking in lower rates and favorable terms for longer periods. Especially as reinsurance becomes even more of a strategic decision since regulators are increasing their use of economic capital modelling. Many carriers find rating agency capital requirements are driving a higher capital constraint and therefore are becoming a leading factor in strategic decisions about how insurers manage capital and make reinsurance decisions.

 
But reinsurance is a unique area in an insurance carrier typically managed by a small unit with one or two gurus who have the knowledge of the programs preserved in their heads. Although reinsurance programs are becoming increasingly complex, large numbers of carriers rely on excel spreadsheets to manage these programs which are rife for error.

 

 

As carriers structure more complex programs because prices and terms are favorable, we’re seeing increased interest in reinsurance software to help manage these complex programs. Modeling potential programs, automating premium and commission calculations, processing complex inurements and improving claims recoveries are helping many find huge returns when investing in these types of systems.

Data Governance in Insurance Carriers

Karlyn Carnahan

Post by

Aug 12th, 2014

Data initiatives abound in the insurance industry. Most carriers have some type of data initiative in place. They focus their efforts on implementing reporting tools, analytic tools, and repositories — with all the tools that go with them.

 

Data governance, on the other hand, is an emerging discipline. The discipline includes a focus on data quality, data management, data policies, and a variety of other processes surrounding the handling of data in an organization. The purpose is to assure carriers have reliable and consistent data sets to assess performance and make decisions.

 

As the insurance industry moves into a more data-centric world, data governance becomes more critical for assuring the data is consistent, reliable, and usable for analysis. Analysis and reporting issues are more often related to data governance issues, not technology issues.

 

Data governance initiatives are generally designed to assure the data is accurate, consistent, and complete in order to maximize the use of data to make decisions, to find unique insights, and to improve business planning. It assures that your data capture mechanisms are set up to capture what you need to capture and assures there is alignment between analytics tactics and strategic goals.

 

But carriers face governance challenges. Data is spread across a wide variety of applications, and data ownership is most often shared across the business and IT. Carriers report cultural resistance to understanding data issues, which makes it harder to find sponsors for data governance initiatives. Consequently, a large number of carriers deploy informal data governance initiatives — especially larger carriers.

 

I’ve just published a new report that surveys carriers around their attitudes, challenges, and initiatives related to data governance. Some very interesting findings. Check it out. http://celent.com/reports/importance-data-governance-current-practices

Nominations for the 2014 Asia Insurance Technology Awards (AITAs) are now open

Wenli Yuan

Post by

Aug 12th, 2014

The Asia Insurance Technology Awards (AITAs) recognize excellence and innovation in the use of technology within the insurance industry in the Asia Pacific Region.

Nominations for the 2014 AITA Awards are now open. Please find more information on Celent website http://www.celent.com/aita, and you can download the nomination form from there. The deadline for submitting the nomination form is 15 September 2014.

AITA AWARDS CATEGORIES

IT Leadership Award

This award honours an individual who has displayed clear vision and leadership in the delivery of technology to the business. The recipient will have been responsible for deriving genuine value from technology and has demonstrated this trait with a specific project or through ongoing leadership.

Nominations accepted from insurers. Vendors are welcome to assist their client insurers with their nominations, however vendors/suppliers are not qualified to receive this award. All nominations MUST include insurer contact information, and all follow-up will be done with the insurer, not the vendor.

Best Insurer: Technology

This award honours the insurer who has made the most progress in embracing technology across the organisation. The recipient will have deployed game changing technology projects in the area of core insurance and broker processes.

Nominations accepted from insurers. Vendors are welcome to assist their client insurers with their nominations, however vendors/suppliers are not qualified to receive this award. All nominations MUST include insurer contact information, and all follow-up will be done with the insurer, not the vendor.

Digital Transformation Award

This award honours an insurer or broker who has made the most progress in implementing digitization initiatives, such as sale and service of products online, eco-system integration (such as with business partners, repair shops, medical providers, distribution, etc.), leveraging social networks, work-place enablement (such as BYOD, collaboration tools, etc.), business process automation (STP), engaging user interface design, or analytics (analyse customer behavior, propensity, risks, etc.).

Nominations accepted from insurers. Vendors are welcome to assist their client insurers with their nominations, however vendors/suppliers are not qualified to receive this award. All nominations MUST include insurer contact information, and all follow-up will be done with the insurer, not the vendor.

Best Mobile Application

This award recognises the insurer who has exhibited true innovation in the use of mobile technology. The recipient will have developed a unique and compelling application not seen elsewhere in the industry.

Nominations accepted from insurers. Vendors are welcome to assist their client insurers with their nominations, however vendors/suppliers are not qualified to receive this award. All nominations MUST include insurer contact information, and all follow-up will be done with the insurer, not the vendor.

Newcomer of the Year

This award recognizes the best new player in the insurance technology field. The recipient will have introduced a game-changing solution to the industry.

Nominations accepted from insurers or vendors.

Innovation Award

This award recognizes the innovation business model or in the usage of technology.

Nominations accepted from insurers or vendors.

$100million — Follow the Money: Investment in Innovation Ventures

Post by

Jul 25th, 2014

The announcement yesterday that MassMutual has set up its own fund to invest in innovations that may/will affect life insurers is another move demonstrating how real money is being bet on disruption.

Here is the link to their press release site: http://www.massmutual.com/aboutmassmutual/newscenter/pressreleases

Celent is aware of several organizations which have set up similar funds. These are not 3rd party venture funds, but are managed, directed, and owned wholly by insurers.

These moves signal that innovation leaders are increasing investments to discover new ways of responding to customers’ needs. The difference from past behavior is that insurers want to own the technology, not just buy it once it is available on the market.

In these companies a first mover advantage strategy is replacing the age-old fast follower approach. The bet is that, as technology investments pay off, patents and expertise barriers will prevent others from even being able to follow. Insurers will gain advantage because they own a protected capability, or they will be able to license it and capture an alternative revenue stream.

Stay tuned. It’s going to be exciting!

Innovation that Delivers on the Brand Promise at USAA

Post by

Jul 23rd, 2014

The announcement today (http://www-03.ibm.com/press/us/en/pressrelease/44431.wss ) of the use of IBM’s Watson platform by USAA demonstrates several of the current research themes at Celent. The move is an excellent case of innovation at the intersection of brand, risk management and technology.

First and foremost, this is another example where USAA is delivering on its brand promise – to improve the lives of active duty and veteran military members and their families. The company will use Watson will to answer the questions of service military members who are transitioning to civilian life. An firm’s brand promise is at the foundation of the Celent customer experience model. It is the key characteristic that signals the evolution from a customer relationship management (CRM) to an experience approach.

Second, this development is an illustration of an increased focus on prevention and risk mitigation. Traditionally, insurance has been a backward-looking, financial indemnification product (we pay you when there is a loss). This approach shows how insurers will innovate to apply technology to help insureds more effectively manage the risk in their lives (reduce or, avoid risk, altogether). This redirection will occur in commercial, as well as personal lines (see previous post on this blog: “My Risk Manager is an Avatar”).

Finally, this is a business application of a computing approach that, up to now, has been closely held in the laboratory, in select pilot accounts, and in a custom, controlled environment (such as Jeopardy!). It will be fascinating to see what we humans, and the machine, Watson, learn in from this insurance debut.

Apple Takes a Bite at the Internet of Things—Where are Insurers?

Post by

Jun 3rd, 2014

Apple has just announced two new “robust frameworks” for developers that are aimed squarely at two of the hottest sectors in the Internet of Things (IoT): HealthKit and HomeKit (http://www.apple.com/pr/library/2014/06/02Apple-Releases-iOS-8-SDK-With-Over-4-000-New-APIs.html).

The IoT connects people and non-human things. HealthKit facilitates communication between fitness apps (think fitness bands) and health apps (think doc in a box). HomeKit uses Siri to poll and control household appliances and systems (heating and cooling, lighting, security (and eventually entertainment?). Everyone who saw “Her” and wishes they could achieve a higher level of intimacy with an AI/Machine Learning avatar, can now (according to Apple’s PR) “tell Siri you are “going to bed” and it could dim the lights, lock your doors, close the garage door and set the thermostat.”

Apple also announced some initial partners: the Mayo Clinic for HealthKit; and Philips Lighting for HomeKit—both strategically good, and household names (so to speak).

What is missing from this announcement is any mention of how health insurers or homeowners insurers could participate in what Apple wants to be a foundational step for connecting networked sensors to data stores, and then using analyses of that data to better price, underwrite, and control losses.

The iPhone (and other smart phones) have changed parts of the claims process, and basic communication between consumers/patients and healthcare providers. Apple clearly hopes that HealthKit and HomeKit will begin to do the same for the IoT.

Will insurers jump on this wave—or stay on the beach?

Tags:

Business Configuration – Is it Time?

Karlyn Carnahan

Post by

May 28th, 2014

I was talking with a carrier recently who asked an interesting question. “So many of the modern core systems include highly configurable environments. Does it really make sense for the business to be making their own changes?”

 
We have seen a movement toward more involvement by the business in the configuration of software systems. Many of the tools have dual development environments – a simplified environment that supports the business making simple changes – modification of rate algorithms/tables, product definitions, lists of values, drop downs – sometimes through wizards. Typically a more robust environment is used by IT to manage screen and workflow configuration, business rules configuration, data/ object model configuration and interface configuration.

 
Many IT departments have taken the philosophical position that their job is to enable the business to do as much as possible themselves and to do so as transparently as possible.

 
There are a number of good reasons for this. There’s a better alignment between responsibilities and ownership. It enables the business to be ready for testing, training, and other necessary activities. The business gets to see the changes they’re making and have control over some of the aspects. They can make the changes based on their own prioritization of them.

 
But for most companies, there are significant hurdles in this movement so the shift has been and continues to be quite gradual.
Specialized knowledge such as logic and abstraction may be needed and may not reside in the business. Changes may impact multiple stakeholders so a process must be in place to assure consistency across business units. Version management is usually important – but different levels of maturity may exist in different parts of the system. The business may not understand the global impact on cost, performance, and maintainability when making changes on systems and environments especially if they are working with complex rules or products.

 
Sometimes IT resists moving the responsibility to the business – but here’s a secret. Most IT departments don’t actually enjoy configuration work. Most would love for the business to do it themselves. Why then do we see significant resistance on the part of IT departments to move it?

 
In most cases, IT knows that they are the ones who are held responsible for the system and will be the ones to answer the phone at 2 am or work the weekend investigating a problem. IT is also usually the group measured by system availability, incidents and SLAs and doesn’t want to be penalized for other groups’ activities. In many organizations, business hasn’t been willing to invest in the tooling, interfaces and governance necessary to make it practical for them to self-manage. But IT wants to be sure the other areas are going to be held to the same standard of governance that IT is. These standards were put in place for a reason. And some carriers are concerned about regulatory issues and making sure that there is segregation of duties as well as good auditability around the changes being made because of the discoverability of those changes. Auditability requires a great deal of consistency across processes that can be harder to maintain when spread across multiple units.

 
If you’re going down this path there are some things to think through. First, make sure you’re solving the real problem. The business may want to take responsibility because they feel they have difficulty engaging IT, that there are quality problems or that IT doesn’t have sufficient business knowledge of what needs to be done. Sometimes business wants to take control because they feel changes aren’t being made quickly enough or senses prioritization or resourcing conflicts. All of these items should be a separate conversation. It may well be that the nature of the work requires a process or skill that will make it better housed in the business. But if it’s one of the other issues, solve for that before moving responsibility to the business.

 
If you do decide to move configuration to the business, make sure the business is well trained on how to use the tools – and has an understanding of the dependencies outside of their specific area. Some carriers find it most effective to find a few ‘super-users’ in the business and to roll out capabilities to these users in a phased manner. Create a test environment that supports the business. Many times, they’re simply looking for a sandbox environment where they can model what they want – and then use that as the starting point of a request to IT. Include the business in the same governance process for quality assurance, testing, and release management.

 
While software vendors have created robust tools that can support business driven configuration, carriers should assure processes, procedures, and governance is in place before moving the capability from IT to the business.

 

 

My Risk Manager is an Avatar

Post by

May 22nd, 2014

In the world of Commercial Insurance there exists the very curious role of Risk Manager. I mean curious in the sense that successful risk managers appear to have superpowers. They are charged with taking the actions necessary to avoid or reduce the consequence of risk across an entire enterprise. Their knowledge must extend deeply into a variety of subjects such as engineering, safety, the subtleties of the business of their employer, insurance (of course), physics, employee motivation and corporate politics / leadership. Their impact can be wide-ranging, from financial (eg., dollar savings from risk avoidance / mitigation) to personal (the priceless value of the avoidance of employee death or injury).

Sadly, the tyranny of economics restricts the access that businesses have to continuous, high quality risk management. Full-time risk managers are prevalent in huge, complex, global companies. These firms often self-insure, or purchase loss sensitive accounts and the financial value of a risk management position (or department) is clear. The larger mid-market firms can afford to selectively purchase safety consultant services, their insurance broker might perform some of these tasks (especially at renewal), and their insurers may have loss control professionals working some of these accounts. However, for the majority of small businesses, risk management at the professional level is not affordable.

Over the past year, I have toyed with different ideas about how to automate this function in order to bring the value of a risk manager to the small commercial business segment. My attempts were always unsatisfying (and one reason I have not blogged this idea before). However at The Front End of Innovation conference last week in Boston, a presentation by Dr. Rafael J. Grossmann (@ZGJR) crystallized the vision. I can now clearly see how existing technology can be combined to create a Risk Manager Avatar.

Dr. Grossmann is a trauma surgeon who practices in Maine. In addition to the normal challenges of his profession, he is one of only four trauma surgeons servicing a very wide area. Although sparsely populated, the challenge of distance and time complicates the delivery of medical services. Dr. Grossmann presented his vision of a medical avatar, a combination of technologies which will perform 80% or more of the routine medical cases in a consistent, timely, and cost effective manner. Combining the technologies of mobile, voice recognition, virtual reality, artificial intelligence, machine learning and augmented reality forms a new silicon entity – a medical doctor avatar. He also introduced a company, sense.ly, that is now working to deliver similar services (video here: http://www.sense.ly/index.php/applications/).

If such systems can deliver medical services, then why not risk management? For example, given permission, a system would monitor the purchases of a small company and identify when the historical pattern changes, eg., when the company begins to buy new types of materials. Using predictive algorithms, the pattern can be compared against others to evaluate if there is likelihood that the company is now performing new business operations. The avatar could then contact the small business owner to consult on options (endorse policy, retain risk, cease operations). It could also escalate the issue to an underwriter to evaluate more complex options.

Someone will build a Risk Management Avatar. The question is, who will do it first?