News and View Roundup: Penn Mutual and Vantis Life Merger, Root, the DDoS Attack

Rob McIsaac

Rob McIsaac on the recent merger between Penn Mutual and Vantis Life

Steven Kaye

Steve Kaye on what auto insurer startup Root can teach insurers about customer service

Tom Benton

Tom Benton on the recent DDoS attack and how insurers should be adjusting security to better protect consumer data.

Carrier M&A Continues, as Penn Mutual Recently Acquired Vantis Life

Rob McIsaac

One of the highly valued business assets for many companies is their very brand itself. Some brands can connote luxury, some can convey youthful enthusiasm and others can represent strength and durability. In a highly conservative industry such as insurance, which has historically been focused on making sure that it was possible to deliver on long-term promises, the brand strength conveyed by being in business for a period spanning generations has traditionally been a good thing. During times of transition, however, this can also become something of a liability. For example, as financial power is transferred generationally, the idea that “what worked for my parents won’t necessarily work for me” has the potential to become very real. This can be particularly true if the product and service offering that appeal to one generation are diametrically opposed to what another wants. A brand that tries to be all things to all people runs a real risk of landing in a marketing “no fly zone” where they fail to inspire anyone. Retailers and consumer goods manufacturers have realized this for years, but insurers have largely avoided this.

Until now.

Recognizing that even the most iconic of traditional brands may have trouble gaining traction in new places, MassMutual’s experiment with Haven Life had been broadly discussed. The new brand is able to go to places the parent brand can’t … and can do so without creating an unexpected or undesirable blow-back if an experiment goes sideways. No “New Coke” here!

So the recent merger of Penn Mutual and Vantis is particularly interesting. Penn Mutual acquires an existing brand that is already going direct to consumer. As a division within PM, they can continue to do this under the umbrella of the bigger and strong mutual. Experimentation can take place freely without risk of brand damage and as time goes on some of the more successful ideas can, presumably, make their way more gradually into the parent company offerings.

As Millennials grow in influence and purchasing power it won’t be surprising to see more companies buy or create flanker brands that allow them to new opportunities and different business models concurrently. At one point, GM tried to save an iconic brand by touting it as “not your father’s Oldsmobile”. Of course the trouble was that it wasn’t clear who the brand was targeting but it was pretty clear that it managed to alienate both traditional and new buyers alike. The brand was one of the first to be relegated to history as the industry framed a new path forward. Stay tuned; this promises to be a very interesting ride.

“Good-Enough” Customer Experience Won’t be Good Enough for Long…

Steven Kaye

A new auto insurer, Root, offers the chance to purchase a policy, file claims, and monitor driving behavior, all from a smartphone.

There are certainly plenty of traditional insurance elements to Root’s approach. Root files for approvals with regulators and is a licensed insurer, it still collects demographic information in addition to driving behavior (though the CEO hopes to change this over time), and its CEO comes from Century Insurance Group. Regulators in other states may ask for changes to Root’s approach, it remains to be seen what the actual claim experience is like, and investors may decide to back other investments, certainly. But it points to a few elements naysayers do not (or will not?) recognize:

  • Capital, for now, is abundant
  • Smartphones are considered good enough for capturing driver behavior
  • There’s still plenty of runway for considering customer convenience and experience
  • Underwriting is shifting to be based more on individuals and their behavior

Will Root knock out an Allstate or a State Farm overnight? Probably not. But Root and firms like it put additional pressure on insurers to make the processes of buying insurance and submitting claims less painful.

Is Cyber Liability The Next Cat Risk For Insurers?

Jeff Goldberg

There’s a lot of exploration and discussion of cyber liability insurance in the media. It’s not often that the industry has an entirely new line of business to sell, especially one as in demand as this, so it makes sense that insurers are aggressively pursuing the opportunity. On the other hand, most insurers realize that their knowledge of how to rate and underwrite cyber risk is still immature, and therefore are proceeding with caution. (It’s interesting to see so many technology security officers—long relegated to a subset of the IT organization—suddenly thrust into the thick of product development and underwriting, though that’s a different topic.) Most people agree that there are potential catastrophic risks for companies who have poor cyber security, and that it’s only a matter of time before another Target-like hack costs a company hundreds of millions of dollars (or more). Without a proper way of assessing that risk, many cyber policies on the market today have strict limits, meaning a policyholder will be protected from a million dollar loss from a cyber hacking event but not more.

My concern is that the cyber liability market may face events that behave more like a true catastrophe—such as hurricanes or floods—and not just a costly event at a single company. Take for example the recent IoT-powered denial of service attacks that crippled much of the internet. This was a relatively benign event in the grand scheme of things, but it exposed the fact that potential cyber backdoors were much more widespread than we realized. Often major hacking events piggyback on “zero day” exploits, existing vulnerabilities that are widespread across systems but as of yet unknown to users and vendors. The issue with such vulnerabilities is that they expose not just one company with a poor security process, but many companies—even those who have taken best practice security measures—who all rely on a trusted vendor or technology.

In the wake of a major zero day exploit in any common platform technology, it’s possible that thousands of companies would be compromised at the same time. Hence the comparison to a hurricane or flood: the big risk isn’t one company with a major cyber liability, but rather all of those companies to whom insurers have sold limited cyber policies filing claims at once. Suddenly a block of limited-coverage policies becomes a massive exposure for the insurer.

Should cyber liability insurers be attempting to limit certain exposures, for example balancing the number of clients who rely on Windows servers vs Linux servers, much the same way a property insurer will limit geographic exposure? Insurers are already developing better methods to judge the risk of an individual cyber liability policyholder, but it’s also important for insurers to look at their entire cyber book of business and assess the potential for cat-like behavior across all of them.

DDoS Attacks and Consumer Data

Tom Benton

On this past Friday (10/21), many of you may have noticed problems connecting to Twitter or streaming Spotify and probably know now that the cause was the latest internet attack. The attack was a DDoS (distributed denial of service) attack where thousands of computing devices infected with the Mirai botnet code targeted the Dyn’s internet servers. Dyn is a Domain Name System management services provider used by Spotify, Github and other popular internet sites.

The internet experiences an increasing number of DDoS attacks – some estimates are at over 124,000 per week against enterprise networks. What was different about this attack was the Mirai botnet compromises common Internet of Things (IoT) devices, such as internet-enabled DVR’s (digital video recorders), security webcams and poorly secured internet routers. The basic plan of attack is to use standard administrator accounts and passwords provided by the device manufacturers and rarely changed by the consumer. (By the way, in most cases an easy fix is to reboot the device and change the administrator password.)

Security blogger Bruce Schneier recently wrote the “someone is learning how to take down the Internet”. He and other security experts warn that this could just be the beginning of more frequent and sophisticated attacks that are also larger and more damaging to internet site accessibility.

In Novarica’s report on IoT, Wearables and Customer Service, we mentioned five challenges for consumer adoption – security was an important one: “Adoption depends on building user trust and avoiding potentially hazardous hacking of devices, especially for automobile operation, home security, and drone operation. Security thus far has been the responsibility of device manufacturers, who may neglect it in order to keep prices competitive.”

As carriers begin to consider how to provide IoT and wearables to consumers and use the data, security should remain a concern so that consumer data is better protected along with brand name. Carriers should press device manufacturers to improve IoT security and CIOs should consult with their CISO or security consultants about how to be better prepared for DDOS attacks in the future.

Group Insurance Special Interest Group Session Highlighted Opportunities and Challenges

Rob McIsaac

Recently, Novarica facilitated a Special Interest Group session in Wellesley, MA, focused on the issues, challenges and opportunities facing carriers in the Group and Voluntary Benefits space. Sixteen carrier participants made the trip to join in a session which provided for a wide-ranging discussion that was particularly timely, inasmuch as many carriers are now in the final stages of framing their plans and budgets for 2017. Earlier last week, Novarica published our latest annual survey of IT Budgets and Plans, which can be accessed at; the material featured prominently in some of the discussions that we explored through the course of the day. The session was hosted by Sun Life and we very much appreciate them making both their team and facilities available for the event. Some of the key discussion areas included:

The world is going “digital” and group carriers need to accelerate their efforts to keep up. Across the entire insurance industry, irrespective of line of business, one of the key topic areas is the evolution of digital strategies. Agreeing on what exactly is included in such a “digital” definition remains somewhat elusive, with varying interpretations of the term reflected in Novarica research. Interestingly, however, no one seems to want to discuss “analog” strategies, which would seem to be the natural corollary to digital capabilities, validating the general importance. Carriers focused on the Group / Voluntary benefits space are certainly feeling the pressure.

From the session, it was absolutely clear that Group carriers are aware of the rapidly changing “customer”, which has serious implications for the creation of valid and engaging experiences. Customer has multiple possible definitions for Group insurance. Clearly, plan sponsors are a focal point, and providing solution sets and experience which retain key players in the value chain (e.g., benefits managers and HR departments are key), but similar needs exist for distribution partners and plan members. Leveraging from other lines of business, there was a good discussion regarding the need to think about different tailored experiences for different demographic cohorts as well as the need to consider how “customer” expectations are being influenced by other parts of their lives, including banking and retail engagements. Being out of step with this creates added pressure on carriers that may have historically tried to optimize on “one size fits all” solutions; these approaches, however, risk become “one size fits none” answers. For example, mobile capabilities become increasingly important across the value chain, but as a complement to other tools, rather than as a replacement for other engagement points. A number of carriers noted that they are also considering how Omni-channel capabilities might impact them in the future, which led to a key discussion in this space: effective Omni-channel solutions reflect the ability for a customer to decide when and how they want to move between channels for getting things done, rather than treating them as parallel and non-intersecting runways.

Data management is an increasingly important issue for carriers. One other thing that is very clear from all of this is that data and the ability to turn it into insights that are meaningful and actionable will become increasingly critical in this line of business. That creates challenges for both the ability to extract data from existing legacy environments as well as to attract and retain the talent needed to be able to work with emerging tools and platforms. Most carriers continue to work with legacy solutions that have underlying operational data contained in silos which can be difficult to use for interoperating with other things such as unstructured data. As we explored issues related to data, the notion of governance became increasingly a focal point for the discussion. One key question here was, in effect, who owns the data. Varying approaches were described by different carriers, suggesting that there is not a singular right answer. It was clear, however, that success is dependent on having someone own the data and that investment is made around effective governance which encompasses both defining the data and creating rules of the road for how it is used. The notion that discrepancies in the interpretation of data should somehow be resolved in the CEO’s office was clearly understood to be a “bad idea” which should be avoided at all possible costs. A range of approaches to creating a data governance structure were discussed, which led to a dialogue related to finding the talent that can actually work with new and emerging tools. Several challenges exist here, including the fact that insurance companies may not be seen by graduating students as attractive places to embark on careers. There are also concurrent challenges associated with where carriers are physically located, in terms of being in markets that can attract the right kind of talent. A number of approaches to addressing this were discussed, including internship programs, efforts to engage with local universities to influence curricula and the relocations of key functional areas to places that naturally attract top talent. Examples of companies positioning themselves to be able to tap into talent pools such as Amherst (MA) and Chapel Hill (NC) were also discussed, further reflecting on the need to be flexible and adaptable in a rapidly changing world.

Properly armed with data, part of the next challenge becomes turning that raw material into actionable insights. Some businesses, such as health insurance, have been increasingly aggressive about creating more frequent, and more bi-directional engagement, giving them the ability to potentially weave themselves more tightly into consumer lives (e.g., wearable devices). The unanswered question becomes how Group life and DI carriers can also do this. One avenue explored included leveraging technology to become better and more effective about managing claims for disability and absence management. This has also shown signs of success in the workers compensation space. It remains clear that this (data and analytics) is a space where there is no such thing as a notion of being “done”.

The lack of standards for the exchange of data is an increasingly troublesome problem with no “silver bullets” in sight. An ongoing area of concern for Group and Voluntary Benefit carriers is the lack of standards for exchanging data between enrollment platforms, distributors, carriers and others in the value chain. This particular line of business lags significantly behind the progress that has been made in the P&C world, for example. While carriers have long understood the issues and challenges resulting from the lack of standards there has been remarkably little progress made in this space for years. A number of industry bodies, including ACORD, LIMRA and the Open HR Standards group have tried, but the results to date have been characterized as “disappointing”. There are several efforts underway now but none appear to have the kind of immediate traction or sense of urgency which would lead to a change in circumstances in the near future. One of the challenges is that this business line has a different set of “players” in the value chain than you see in places like individual life insurance and annuities. As the Group and Voluntary Benefits arena has become more competitive, and faces increased margin pressure, new entrants in the value chain have moved to disintermediate carriers and distributors alike. Specifically, enrollment platforms which view the employer as their customer have moved to take on an increasingly important place in the delivery of these products. For them, the employer is the key client relationship and they really have very little interest in helping address issues specific to the insurance carriers which are providing products and services “behind-the-scenes”. As much as carriers would like to influence what the enrollment providers do, the reality up to this point has been that they have very little influence on decision-making at that level. The key to creating a more effective ecosystem for this line of business will be in figuring out the “what’s in it for me” issue for the enrollment platform vendors. Short of that, carriers and associations they belong to may have relatively little leverage in this space. Some carriers, recognizing the immediate challenge associated with this, have moved to create a series of technical tools to ease the ingestion of enrollment data. While this is neither easy nor inexpensive, it can be effective in terms of creating an internal mechanism for a carrier which mitigates the challenge of different formats of data coming in from the myriad of platform providers they work with.

A number of carriers mentioned that one of the major insurance trade association (ACORD) organizations believes they are making some progress in this space. The details on that remain confidential until later in the year but it seems clear that any solution which will be effective must address a broad set of issues for both insurance carriers and enrollment platform providers. Until that is done carriers will likely continue to play a relatively weak hand in this space, particularly for Group insurance benefits which employers see as being part of a suite of solutions being made available to plan participants.

Core systems remain a major concern but the pace of transformation remains modest. For all carriers at this meeting, the subject of core systems and their future direction remains an important “hot topic”. The nature of the business is that few have embarked on sweeping core system replacements today, although many expressed interest in seeing how the vendor community anticipates supporting this need in the future. A more common approach for most carriers now is to address some of their peripheral system needs, such as claims, compensation or underwriting, leaving the heart of their systems environment to be addressed another day. For many carriers, part of the issue remains that the low interest rate environment continues to be an impediment to new investments. There also remains a strong desire to see platforms successfully deployed at other carriers before some are willing to make a local plunge. Given the risks associated with these types of projects, and the lack of the kinds of success patterns which have colored the property and casualty space in recent years, some of this reluctance is not surprising. There are, however, emerging success stories with things like underwriting and claims which carriers in our view should be mindful of. One question came up regarding new entrants in this space. While there have been some newer technology vendors in recent years, the number is actually very small; this situation is unlikely to change significantly since the Group and Voluntary benefits segment is very highly concentrated with relatively few buying units. That generally keeps the number of new players down, particularly since part of the decision criteria carriers use for purchasing the systems is some form of track record that they can count on, creating a classic “Catch-22” situation. That isn’t to say, however that there are not good deployment examples for carriers to be aware of, particularly in support of the Voluntary benefits lines. The session gave us an opportunity to discuss a number of these. We also expect that 2017 will continue to show more progress by existing software vendors attracted to this space. Given the challenges, including significant technical debt, associated with current platforms at Group carriers, we do expect that the latter part of a decade will see a significant ramping up of investment.

Cloud based solutions are increasingly viable … with some caveats. For many carriers the use of cloud-based solutions across the technology stack is an option which looks increasingly attractive. In addition to allowing carriers to transition from Cap-Ex to Op-Ex spending, which can more closely align IT spending and business cycles, this can be a way for carriers to also reduce the long depreciation periods associated with traditional deployments, which can risk having solutions become obsolete before the depreciation schedules expire. This can lead IT organizations into unfortunate circumstances where impaired assets with significant residual value can need to be written off before new replacement projects can be implemented. As a result, carriers have increasingly turned to cloud options for peripheral systems such as e-mail, Human Resources platforms, CRM, and Finance capabilities. As many of the carriers at the SIG noted, these solutions can be both flexible and highly functional for critical workloads. Historically, cloud-capabilities had raised security related concerns for carriers. Today, many carriers have accepted that top-rated solution provides such as Google, Amazon and Microsoft (to name three) probably can provide better security than they deliver internally. As such, this allows carriers to consider these hosted solution options as viable alternatives for functions at the core of their operations, including claims and underwriting. We also discussed how cloud-based capabilities have become more commonly used for core functions in other parts of financial services, notably in banking and P&C insurance. One special challenge that may be faced by group carriers, however, is that there may be special requirements for data management and control that are established by the plan sponsors. Employers, potentially concerned about a range of issues associated with the personal and confidential information for employees, appear to have created challenges that group carriers are continuing to struggle with getting past. As a general construct, group carriers appear to have a very similar understanding of the issues as their individual insurance counterparts, but the concerns or restrictions raised by plan sponsors appears to be creating some added headwinds for cloud adoption on core capabilities. It also appears likely that this is a temporary, rather than a permanent, situation. For one thing, many carriers note that key infrastructure providers (including Microsoft and Oracle) are making it increasingly difficult for companies to acquire their technology for deployment outside of the cloud options. This is something that employers / plan sponsors will likely be facing themselves.

Agile is increasingly important but there are some clear challenges to achieving the desired outcomes. All carriers at the session noted that they are actively moving to use Agile as the preferred approach to software development. The degree of deployment varies significantly between carriers, however, with some having already moved to fundamentally change their work environments to support the collaboration needs associated with the evolving SDLC methodology. As much as carriers are looking forward to the potential benefits of Agile, there are some problems. For one thing, working with vendors that have themselves moved toward this development approach, may have very different definitions for Minimum Viable Product than the carriers themselves do. This makes it difficult to ingest work done by vendors and integrate it with development efforts being done by carriers on their own. This type of integration issue was mentioned by several carriers, highlighting the need to think expansively as project plans are developed and implemented. With the move to Agile, many carriers appear to be moving away from traditional office spaces and more toward a “hoteling” approach which has work spaces available on more of a ‘first come / first served” basis. This appears to have many advantages for carriers, but is something that is accepted at differing paces by employees from different demographic cohorts. Others noted that Agile is something that needs to be a joint IT and business undertaking, not IT alone. The change management efforts required to address both these issues is crucial to the ultimate success of these initiatives.

The level of engagement during the session was terrific although there were clearly more issue areas than we could discuss in a single day meeting. The group agreed that we should continue these sessions in the future and we’re pleased to be able to report that The Hartford Insurance Group will be our host for the sessions we plan to conduct in 2017. As always, if you’d like to discuss any of this in more detail, please let us know. Insurance technology is becoming ever more interesting … and critical to the success of the carriers focused on this line of business.

That Cool Refreshing Drink…


Matthew Josefowicz

Lemonade shared its first 48 hours’ results earlier this month (15% visitor-to-buyer rate for renters insurance in NYC), and Business Insider offered a nice profile of the company, founders, and its fundraising process. Whether or not it is successful in grabbing significant marketshare, it is remarkable for two things that insurers should carefully consider:

1. The online quoting process is not only simple, but explains the product, coverages, and exclusions simply. Lemonade’s quoting process heavily leverages third-party data to avoid asking unnecessary questions, and it communicates quotes and offered coverages in simple language that non-professionals can understand. While insurers have long maintained that their products are too complex to communicate effectively without an intermediary, companies like Lemonade are proving that either the products were too complex, or the communications skills were too poor. This is a solvable problem for incumbent insurers as well.

2. It’s not holding risk, it’s managing customer relationships and service. While a lot of digital ink has been spilled on Lemonade’s P2P, social-engineering business model, a much more interesting part of the business model is that Lemonade is ceding 100% of risk to reinsurers, while taking a 20% fee to cover operating costs and profits. This means that its operating results are dependent only on its marketing and operating abilities, and not on the unpredictable nature of claims. What Lemonade wants to be good at is customer intimacy.

For incumbent insurers, this may point the way to a bifurcated future where there are customer relationship companies and risk management companies. One might object that that’s the traditional agent/company structure of the industry, but I’d argue that it’s a mistake to see a sales channel as a customer relationship company.

Related Research:

News and Views Roundup: Zenefits, Drone Use, Workers’ Comp Profitability, Customer Experience, Plans for DC Products

Tom Benton

Tom Benton on DC plan advisors planning to adjust products in the wake of the DOL Ruling

Rob McIsaac

Rob McIsaac on Zenefits launching new products for small business

Mitch Wein

Mitch Wein on consumers’ increasing interest in customer experience, and not just price

Steven Kaye

Steve Kaye on recent profitability in workers’ compensation

Jeff Goldberg

Jeff Goldberg on Travelers’ use of drones during Hurricane Matthew

Travelers used Drones to Survey Damage during Hurricane Matthew

Jeff Goldberg

The use of drones by Travelers to survey damage from Hurricane Matthew is an excellent application of new technology to the insurance industry. It lowers risks for everyone in the process, it allows a more rapid response for policyholders, and–rather than technology replacing human jobs–it serves to bring new and old skills together and allow existing resources to be more effective at what they do. While the general media loves to talk about drones delivering tacos, this is the area where the tech will have true impact to people’s lives.

According to A.M. Best, Workers’ Comp is Continuing to be Profitable

Steven Kaye

According to A.M. Best , the workers’ compensation industry is on track to continue its streak of profitability for the fifth year. The agency cites favorable frequency and reserve developments, premium growth, and the effects of implemented technology. However, rates are declining and favorable reserves may not last. In a highly-regulated industry such as workers’ compensation, investments in agent and customer portals; analytics, sensors, and wearables; claims administration systems; and core systems replacement are key to ensuring superior customer service and lasting profitability. For more details, see our recently published report.