The future has arrived for insurance, but have insurers arrived in the future?

Matthew Josefowicz

The good news from the recent PCI Tech Conference is that futurists like Vivek Wadhwa give the insurance industry at least three to five years before it is disrupted beyond recognition by data, analytics, the internet of things, self-driving cars, 3D printing, hyper-aggressive technology companies, and essentially free energy.

The bad news is, many large insurers are still planning five year technology transformation initiatives to shed their legacy burdens and take advantage of today’s technology.

Insurer CIOs understand the challenge. They need to mitigate the effects of yesterday’s inheritances. They need to address today’s business needs, and they need to prepare the organization for tomorrow. They need a deep understanding of all three timelines, and the ability to help others understand.

This requires a new set of skills and new kinds of relationships. As one speaker put it, CIOs need to be communicators and story tellers as well as effective managers. They need visionary business executive partners who are willing to embrace the opportunities that technology creates in their ability to deliver innovative products to changing markets. CIOs also need technology partners who will not just deliver today’s solutions but co-evolve with them to meet tomorrow’s challenges.

“I will invest in any technology initiative that increases our agility,” said one insurer CEO who understands. But far too many CEOs are still at a loss as to how to quantify the value of technology and continue to manage their technology investments as if spending more than 5% of premium on IT were a greater sin than letting the future pass them by.

Meanwhile, while the conference was in session, Google Ventures announced an investment in innovative health insurer Oscar. The clock is ticking in insurance, and it’s not counting down anymore. It’s counting forward.

Emerging Cyber Threats

Mitch Wein

I recently attended the IASA Mid-Atlantic conference in Atlantic City. This conference had a lot of business people from insurance, particularly from areas like regulatory reporting, accounting, audit and legal. Many topics that you would expect like GAAP and tax reporting, Economic Outlook for 2015, reporting under the Affordable Car Act were covered.

However, what was notable for a conference with almost no IT people was that almost half of the discussions were about cyber-security and cyber risk management. Acting as a communication vehicle to the board, the NAIC cyber security principles, emerging compliance coming from NAIC and FINRA requirements, user behavioral analytics and even security war games were covered.

The FBI did an excellent briefing on the type of cyber threats there are as well as the scam patterns that have emerged in recent years. This covered areas addressed by their Cyber division including infrastructure defense, nation state attacks, hacktivism, espionage and terrorism coordination through social media. This also covered the scam areas addressed by their criminal investigation division including the counterfeit check scam which targets attorney’s and CPA’s, the account takeover scam targeting business and individuals after personal information compromise, and business email compromise targeting businesses working with foreign suppliers and/or performing wire transfers.

We have written before about the importance of cyber security especially as insurers transition to a digital future and retaining insured and agent trust. It was obvious to me that every business person in insurance needs to understand cyber security and what they need to do relative to their job functions and roles. Every insurance company is now a combatant in a war against criminals and terrorists. This is the new normal.

Note: I’ll be presenting my recent work on IT Security Frameworks for Insurers on a free webinar on Sept 30 at 2pm. Pre-register here.

Related Research

IT Security Frameworks: NIST and SSE-CCM
IT Security Issues Update

Workers’ Comp Insurers Look to Analytics and Core Systems

Jeff Goldberg

In our most recent Novarica Council Special Interest Group meeting, several Workers’ Compensation CIOs discussed core systems replacement strategies and long-term visions, as well as emerging uses of mobile, analytics, and end-user-facing technologies.

All the attendees were in various stages of core system replacement—ranging from just-completed to the initial stages—so they were eager to learn from others’ experiences, and to gain perspective on their own challenges. Everyone agreed that a flexible, modern core system was at this point table stakes, hence the flurry of transformation activity. A minority of companies are changing appetite, but the vast majority of P/C insurers are looking to grow by moving into new territories. To do that a modern, flexible system is absolutely necessary.

The shrinking lifespan and growing price of core systems was another area of concern. Everyone agreed that that new core systems are increasingly costly to implement, and that they must be replaced more frequently than older legacy systems. Gone are the days that a core system lasted for 40 years. Some participants also noted that many strategic business initiatives—like new product deployment—must be put on hold during a multi-year implementation project, increasing the indirect costs of the implementation.

As an antidote to this gloom and doom, the CIOs in attendance were confident in their strategy to overcome these obstacles. Core systems today are much more flexible than legacy systems, relying on componentized architectures and configurable logic, meaning that the next round of replacements (and possibly even conversions) should be easier. More importantly, past lessons have been learned, and both insurers and vendors know how important it is to avoid custom coding and to stick with a vendor’s upgrade path. If those rules are followed, ten or fifteen years down the road the insurer’s system will be “new” even if they’ve stayed with the same vendor and system all along! It’s critical to choose a vendor who acts as a long-term partner and not just a one-time purveyor of a technology.

Of all the strategic considerations discussed, one of the most important was a concrete plan for data conversion and sun-setting old systems. One participant shared that if he could go back in time, he’d focus much more on a transition plan, so as not to lose the project’s momentum after go-live. Other attendees described the challenges of data conversion and new data warehouses, and the legal and data integrity-related risks of fully sun-setting old components.

Attracting and retaining good talent was another concern for many of the attendees. One insurer reported being well ahead of their Guidewire implementation schedule, due to a concerted effort to focus talented IT and other business unit resources on the project. Several attendees noted that the structure of their projects—agile, waterfall, or a combination of the two—was much less important than the staffing and communication strategies of those projects. When agile first started becoming prevalent in the insurance industry, carriers all over the country were told it might be the answer to all their project/logistical problems. But that’s not how software works. Everyone in attendance was reminded that there are rarely, if ever, silver bullets for these huge problems.

Related Research:
Business and Technology Trends in Workers Compensation

The Blockchain Insurance Company

Jon Leslie

Within the past two years, Bitcoin, the first and most popular form of “cryptographic currency,” has entered the mainstream. With roughly $3.4bn worth of Bitcoin (BTC) in circulation, over a half billion dollars of Venture Capital invested in the space (including into one potential billion dollar company), and Fortune 500 companies such as Dell, Microsoft, Overstock, and Paypal accepting the digital currency, it is an impressive track record for any seven-year-old technology.

And Bitcoin is not just a reapplication of existing technology (for instance, the way that the consumer internet was really 1970’s technology in a new setting). The very concept that enables cryptocurrency, the system for running a distributed self-regulating database called the “Blockchain,” is just as new as Bitcoin itself: seven years.

Novarica recently released a report, Bitcoin and Insurance: Overview and Key Issues, authored by Jeff Goldberg and myself. It outlines a brief introduction to Bitcoin and Blockchain and its implications for the insurance industry. We argue that, while insurers have ample reason to be cautious about entering this market, it is nonetheless an important area for the CIO to keep on her radar.

In the short term, the most important implementation of Blockchain will be the Bitcoin currency, which, due to its high volatility, technological novelty, and current constitutional crisis, carries with it particular risks (detailed in a Lloyds June 2015 report). There are opportunities available for the properly positioned carriers who are willing to proceed despite those risks, though it is not necessarily transformational for the industry.

Blockchain, on the other hand, may have much wider implications. At a basic level, Blockchain enables the creation of trusted contracts in a publicly-verifiable setting. Insurance policies are also trusted contracts, and many people have wondered about possible ways insurance policies could be moved into Blockchain’s exchange. A Blockchain policy could automatically pay out a claim based on preset conditions or based on information from a trusted third-party (for example, a crop policy that pays out based on weather service reporting).

Imagining the potential impact of Blockchain on the insurance industry isn’t just the realm of technology analysts. The Society of Actuaries held an actuarial speculative fiction contest, and a submission by Gennady Stolyaro II called “The Blockchain Insurance Company” (which the title of this posts steals from) describes in great detail how auto-insurance in the age of self-driving cars might work. In the story (available here), set in the 2020s, the slightly Hal-esque autonomous car informs the retired actuarial protagonist: “There is no management. The company runs itself – on the blockchain. The public blockchain ledger keeps a record of the capital contributions from each account and the corresponding shares issued. A contractual algorithm is built into the blockchain to deposit and withdraw bitcoins to and from each shareholder’s account in proportion to the company’s profits and losses.”

Although that story is obviously only one version of many possible outcomes, this is the kind of radical transformation in structure (both technological and organizational) that insurers should be open-minded about. One rule of thumb about genuinely new technologies is that they are over-hyped in the short-term, but often under-hyped in the long-term (hint: the Internet circa 1995). Whether or not one buys into the idea of sustained dialogue with our cars in the next decade, it is certain that the Internet of Things will require new forms of record-keeping, of which it’s very likely that Blockchain technology will be a crucial component.

Top Stories in Life/Annuity for August 2015

Steven Kaye

We’ve just published our Novarica Industry Intelligence Brief for Life and Annuity for August 2015. These reports highlight some of the most interesting industry stories from the past month, and present them along with Novarica commentary. Commentary is available to clients only, but we’ve posted direct links to the stories below:

  • Second-quarter 2015 pension buyout sales hit record levels according to the LIMRA Secure Retirement Institute, a sharp departure from more typical quarterly sales activity. Full Story.
  • States are working to introduce state-sponsored IRA plans that automatically enroll workers not covered by small business employer-sponsored retirement plans. Full Story.
  • Cash balance plans are growing at a much faster rate than 401(k) plans, according to Kravitz’s 2015 National Cash Balance Research Report. Full Story.
  • Short-term care insurance is growing as an easier to underwrite alternative to long-term care insurance. Full Story.The NAIC has proposed a “bill of rights” for consumer cybersecurity. Full Story.

For Novarica commentary, clients can download the Brief at

Previous Novarica Industry Intelligence Briefs for Life/Annuity

Top Stories in Property/Casualty for August 2015

Steven Kaye

We’ve just published our Novarica Industry Intelligence Brief for Property and Casualty for August 2015. These reports highlight some of the most interesting industry stories from the past month, and present them along with Novarica commentary. Commentary is available to clients only, but we’ve posted direct links to the stories below:

  • The Michigan Department of Transportation is installing cameras and sensors on Detroit-area roads to eventually be able to transmit construction, traffic, and weather updates to suitably-equipped vehicles. Full Story.
  • The 3rd U.S. Circuit Court of Appeals ruled the FTC can regulate corporate cyber security. Full Story.
  • Progressive lost its appeal in a telematics patent lawsuit filed against Liberty Mutual. Full Story.
  • A security flaw in the transponder chip used by luxury vehicle immobilizer has been known since 2012 – but auto manufacturers sued the researchers who discovered it to keep it quiet. Full Story.
  • An Accenture study finds global consumers unhappy with the digital experience they get from insurers and wanting more online interaction. Full Story.
  • At least one private investigator is using cameras with facial recognition and motion detection, as well as drones, to find people committing workers’ compensation fraud. Full Story.
  • Connected vehicles open new possibilities for hacking. Full Story.

For Novarica commentary, clients can download the Brief at

Previous Novarica Industry Intelligence Briefs for Property and Casualty

CIO Best Practices for Effective Board Communication

Frank Petersmark

While studying for my PhD in history I came across hundreds of examples of good and bad leadership. The one thing all good leaders had in common was their ability to clearly communicate and get people to take action. Each of these leaders had their own unique styles. For example, John Kennedy and Winston Churchill would use words, Napoleon and Henry VIII would use actions and Rosa Parks and Mahatma Gandhi would use silence.

So what does all of this have to do with how CIOs and their boards of directors communicate with each other?

One of the differences between more successful and less successful CIOs is their ability to communicate effectively with their boards. Being able to communicate effectively with your board will help make securing organizational support for IT initiatives, such as funding and resource commitments much easier, as well as achieving the strategic goals of IT, which, if aligned properly will benefit the entire organization.

Developing a common communications approach is a critical part of the CIO function. The checklist below is a great place to start for board meetings, presentations and for an IT leader’s overall communications with their board members.

  • Speak their language, not IT’s
  • Keep things simple
  • ABC – Always Be Contextual
  • Talk about organizational benefits derived, not technology functionality and capabilities
  • Present options, but clear about which one is best and why
  • Don’t hide the risks
  • Paint a picture of what the organization looks like after the effort
  • Recap and ask for support, and if necessary, sponsorship
  • Return with progress reports – good, bad, and ugly

On Thursday, September 24th at 2 p.m. (ET) I will get into more detail and provide additional insights into the best practices above. This 30 minute webinar will be open to all insurance CIOs and IT executives. To secure your spot, visit:

I would also like to invite Novarica clients who haven’t downloaded my new CIO Checklist Report: Best Practices in Board Communications for CIOs to download it today at:

Unexpected Impediments to Change

Jeff Goldberg

I heard a great story this week from a friend in insurance technology sales and he gave me his permission to retell it here. I’ll start with the story and end with the (questionable) lesson.


Back some years ago a man worked selling agency management systems and traveled down to Texas to pitch the system to a small agency. The agent in charge was an affable cowboy, fairly comfortable with his current process but willing to listen to a sales pitch. As they walked through the office, the agent introduced the salesman to an elderly woman (he called her “a lovely young lady” though she was at least 20 years his senior) who sat in front of an Underwood typewriter, her sole job to manually type up each insurance certificate by hand. The salesman, seeing an opportunity to discuss the values of the agency management software, explained that with their modern processing and document generation, all of the insurance certificates would be automatically created and printed without the need to type them up anymore.

The agent stopped him in his tracks and said, “That lady’s not going anywhere. She’s my momma.”


Needless to say, he didn’t get the sale. And surely there’s a sales lesson in there. Something about knowing your target before making a pitch. Of course, no matter how much research you’ve done there are likely to be some details you can’t discover in advance.

More interesting to me is how impediments to change can come from unexpected directions. Despite many rational and logical reasons to modernize core system technology, often companies put these decisions off for years or even decades. Sometimes it’s due to budget constraints, sometimes a company isn’t ready for the short term business disruption a big project entails, sometimes there’s a lack of understanding or belief in a modern system’s capabilities. And sometimes it’s because the person whose job will be displaced is the boss’s mother.

Six Questions For Improving Cybersecurity

Tom Benton

As I recently posted on Novarica’s blog site, “while emerging technology keeps CIOs busy during the day creating information, IT security and keeping that information protected keeps them up at night”. With last year’s Target hack and this year’s Office of Personnel Management data breach among others, CIOs and CISOs at insurance carriers are rethinking their approach to security. While in the past, the main focus has been on applying security technology to protect the data perimeter, recent attacks have highlighted the fact that the biggest vulnerabilities may be the carbon-based life forms we call employees, contractors and consultants.

A recent Harvard Business Review article highlights the recent breach of an unclassified e-mail system at the Pentagon, and discusses the U.S. Military’s emphasis on human factors to minimize cybersecurity risk. If any organization has a complex task with securing its data and communications, it’s the Department of Defense, from well-funded and persistent attackers to extremely sensitive information that must be shared in a timely manner with staff from the top to the bottom of the organization.

The article summarizes methods that the U.S. Navy propulsion program uses through their training, reporting and inspection programs, with a six-area approach that any organization can use to build a better cybersecurity culture, leading to improved security that supports the technology measure in place. For each of the six areas mentioned in the article, I’ve added a question for you to consider for your organization.

1.Integrity – The military units in the DoD have a strong sense of their mission and clearly know their role in maintaining cybersecurity. One element is expecting that all have integrity to follow security protocols and procedures, and to quickly let others know when they have made a security mistake. What is your organization more likely to do: punish someone who violates a security rule, or praise that person if they quickly come forward so that the issue can be resolved immediately?

2. Depth of Understanding – The military stresses “thorough understanding of all aspects of a system” so that those maintaining and using systems can better recognize issues when they arise and can then address them effectively. Are you ensuring that IT staff and contractors have a full knowledge of all systems and interfaces, and making sure any changes are reviewed for potential security issues?

3. Procedural compliance – The culture in military units is to know proper procedure and follow it completely, without exception. My former boss, who had previously been a captain on a nuclear attack sub as well as commander of the US Pacific fleet, told me that every sailor on the vessel followed orders immediately without question because if they didn’t someone could lose their life. Is your staff committed to following the operating procedures and keeping documentation for procedures up to date?

4. Forceful backup – This concept means that for any high risk task that at least two people, not just a single staff member, are required to complete it. Also, anyone in the unit from the most junior sailor to the commanding officer can stop the process if they see a security issue. Does your organization have the same level of attention to high risk security activities?

5. A questioning attitude – All personnel are trained to listen to their “internal alarm bells” and to act – the “if you see something, say something” culture that we hear public security officials stressing. Do you welcome questioning of your security measures by staff or are you allowing blind spots?

6. Formality in communication – Finally, the military almost has its own language around communicating orders and instructions. When orders are given, the response is to repeat the order exactly as it was given before proceeding, to ensure it was heard and understood. This formal approach minimizes miscommunication and leaves little room for making errors such as misinterpreting or changing the order. Do you have a formal approach to implementation of security, especially in areas of access to systems and working with third parties on data interfaces?

Insurance CIOs and CISOs can learn from the military’s approach to developing a strong cybersecurity culture in their organizations. A disciplined, documented and determined cybersecurity environment that backs up appropriate levels of technology can minimize risk and ensure fast and effective response when security issues arise.

Novarica is not an IT security consulting firm and does not provide specific advice on IT security matters. CIOs and other IT executives should consult one or more of the many consulting firms that provide specialized expertise in IT security issues when developing and implementing their IT security plans. Please see my report “CIO Checklist: IT Security Planning”, or contact me if you’d like to discuss strategy for implementing IT security.

Novarica Impact Awards Summit Recap

Matthew Josefowicz

Our recent Novarica Impact Awards Summit provided a forum for IT leaders to present and discuss their nominated case studies with a broad group of Novarica council members and clients.

The projects presented ranged from Philadelphia Insurance’s adoption of a legal bill review solution that delivered a multimillion dollar payback to MetLife’s successful transformation of their global trading systems. Panel discussions highlighted the importance of IT’s ability to communicate effectively with other business units in delivering impactful projects, and many cited the adoption of agile as a success factor in their projects. While most of the projects involved working with technology vendors, some focused on the adoption of new practices and frameworks, and others on custom development in both traditional platforms and in the cloud.


The panels also presented an opportunity for IT leaders to compare notes on project priorities and strategies, with many attendees noting that their organizations had faced similar challenges and worked toward similar goals. Several presenters and audience members described the importance of securing other executives and end users to act as champions throughout the organization, to speed adoption of new technology and processes.

One theme that rose to prominence this year was a focus on user experience—not just for customers, but for agents and carrier employees as well. AFBA/5Star Life incorporated the needs and requirements of more than 40 third-party administrator customers when designing a new List-Bill solution. CNA deployed an enhanced agent self-service portal for quoting and issuing endorsements, drastically improving agent experience and satisfaction. And Tokio Marine North America introduced a new analytics system to aggregate customer and agency data, empowering business users with insights into previously-unknown market segments.

Taken together, these and many other nominees represent a trend towards end-user focus. Insurer CIOs are recognizing that usability of a system by all its stakeholders must be a priority, whether a project involves cutting-edge analytics or core systems replacement. These projects have successfully balanced user needs with business and system requirements—essential for ensuring a project’s positive impact throughout the organization.


All of the nominated case studies are featured in Novarica’s Best Practices Case Study Compendium 2015, which is free to Novarica clients and council members.

Insurance Networking News was there to cover the keynote and conduct a short video interview on themes of recent impactful projects.

Project teams from nominated companies received their awards, and had an opportunity to network with each other an the other attendees.


Networking Comp

To learn more about the Impact Awards program, see