It is increasingly clear that insurance organizations wanting to retain their competitive advantage, need data to make transformative business changes. Data incompatibility, poor governance, and inadequate data security are increasingly proving to be business limiters that make it difficult for insurers to sustain competitive advantage or respond to potential entrant threats from internet giants like Google and Amazon.
A few years ago, I shared the story of a visit that I made to a major US insurer. The insurer felt that Google would either compete directly for their customers or disintermediate them. Being disintermediated by existing competitors or new market entrants is a dangerous prospect but insurers that get their data act together will, in contrast to their peers, have the agility to embrace the Internet of Things (IoT), acquire the customer intimacy to cross-sell and upsell, and the systems to meet Solvency II, GLBA, GDPR and other data protection regulatory requirements, as well as the operational efficiency needed to invest disruptively.
Numerous industry challenges are also driving the need for change, they include:
To some degree each of these puts existing market participants at a disadvantage against Internet entrants, especially in deploying responses to robo-advisors or in utilizing competitive game changing technologies like IoT. Let’s now take a more detailed look at each:
With sensitive data always under threat of attack, regulators are stepping up requirements to protect consumers. Insurers need to adopt rigorous data protection and governance capabilities in order to protect and manage the creation and utilization of what is now a core corporate asset, or risk losing their existing customers’ loyalty and their advantage over market entrants. Yet insurers say that they are struggling with data security and privacy regulatory compliance.
Part of the challenge for CIOs and CISOs here is that under the EU’s General Data Protection Regulation (GDPR) and US state regulations, data privacy and protection needs to be baked in by design and default, and managed holistically from inception. One CISO put the challenge this way: “The emphasis needs to be move from the application to the data touch points.” This means data protection needs to be part of organizational culture with a clear connection to business strategy.
Insurance CIOs stress the importance of business leaders understanding their accountability for the data they collect, and consider how much is actually required, for what purpose and for how long, as well as the need desensitize it wherever possible to reduce risk. IT leaders argue that, as a part of compliance and privacy, there needs to be the ability to secure the entire data flow, in motion, at rest and in use. As such, data security needs to become an integral organizational goal, woven into everything IT and the business does.
Insurers tell me that they are held back from growth by the complexities of collecting, integrating, and accessing sensitive information without risking the confidentiality of customers’ personal information. Trust is the basis of intimacy which, when combined with a complete and cross-organizational view of a customer’s insurance portfolio, makes it possible to identify opportunities to upsell and cross sell. Access to data is necessary to ensure the consumer engagement required for sustaining competitive advantage.
At the same time, if personal data is not handled sensitively, a 360o view of customers carries significant potential business risk akin to putting all the eggs in one basket. In order to protect both insurers and their customers, it is critical to proactively protect sensitive information as it transverses big data and predictive analytics instances.
Insurers acknowledge the need to redistribute their investment dollars from legacy, shared service datacenters to the public cloud in pursuance of business transformation for their customers’ benefit. They are held back from embracing the cloud because they are limited by what can leave the datacenter due to a lack of control.
Insurance CISOs insist that what has been missing is an architecture for data security, secure transport for data, and identity and access management within the cloud. A lack of security clearly limits their capacity to take advantage of all the benefits the public cloud has to offer – the ability for insurers to directly control the protection of data as it flows into the cloud really is a big deal.
Parting remarks: insurance organizations challenged by digital disruption are limited in their ability to respond by existing business constraints. Those embracing digital disruption to transform their businesses have the ability to change their use of data and the risk profile associated with it. Do you recognize your brand here? Which scenario sounds most familiar to you, the former or the latter?
Learn more about the above issues and how you can overcome them by reading this more detailed discussion and let me know what you think!