As COVID-19 rapidly spread out across the world, one of the most immediate challenges for businesses across sectors was to enable a mass transition to remote working. This was the first and most visible technological imperative created by the situation.
In the insurance sector, the degree of challenge this represented varied quite widely between different carriers. Some were in a better position than others to effect the change, due to a higher historical degree of remote working among staff. For some companies, the task was much harder. But for everyone, it was something that simply had to be accomplished.
The real nature of the challenge was not remote working itself, but the scale and speed at which it had to be adopted. For most insurers, the architecture and infrastructure was already in place but the sheer volume of simultaneous users was the aspect that made this exceptional. Businesses had to scale their Virtual Private Network (VPN) concentrators, portals and gateways to handle the traffic. To deal with the increased volume, systems needed to be configured to filter and distribute traffic between public and private networks; Virtual Desktop Imaging needed to be extended from back office to business users; virtual and physical infrastructure needed to be scaled up including through the use of various cloud providers to better manage the peaks; enhanced call and video conferencing systems had to be swiftly adopted.
There were some insurers, however, where the challenge was more extreme. Some had to immediately stop 'business as usual' activities and put employees on compulsory leave to reduce the pressure on systems. Laptops and other hardware had to be urgently purchased with Service Desks working day and night to prepare and distribute them, along with access tokens and passwords where needed. In some cases, non-customer facing staff were prohibited from using the VPN during daytime working hours due to capacity constraints.
Another issue to address, particularly pertinent to the insurance industry, was the impact on third party suppliers including the offshore service centers in India and other locations that are widely utilized. In many cases, laptops and other hardware were urgently needed to enable staff to work from home. There were also specific issues with 'clean rooms' - the secure facilities in offshore centers used for the processing of certain highly confidential data - that needed to go through rapid risk evaluations with exception processing securely introduced to allow services to be operated from outside the physical location or the workload being shifted back onshore, a monumental task in most situations.
As the situation rolls on, these set-up challenges have now essentially been resolved. Whole workforces are accessing systems through VPNs; businesses and staff are becoming accustomed to the new way of working. This has not come without some cost - one insurer anecdotally estimated productivity losses of perhaps 25 percent on some projects that were already in progress. But these losses have started to lessen as time has passed and teams have learned to work efficiently in this new model.
However, there can be no room for complacency. The new configurations in place need to be continuously reviewed: are there any single points of failure in the infrastructure, do any alternative cloud-based conferencing or teleworking solutions need to be considered, do access controls need to be relaxed or do additional remote login accounts or credentials need to be created? In addition, there is the ongoing staffing challenge: is helpdesk capacity sufficient, and what contingencies exist in the event that key IT staff fall ill or need to stop working? Are 'break glass' procedures in place to allow other administrators access to critical systems if needed?
Across all of this, another key issue looms - security and the cyber threat. Sadly, COVID-19 has amplified the existing threat landscape. To unscrupulous fraudsters, it simply provides another opportunity to attempt to extort data or gain access to systems. There has been a rapid build-out of infrastructure by cybercriminals seeking to launch COVID-19 themed spear-phishing attacks and to lure targets to fake websites. Significantly, the top `Quick Link' on the World Health Organization's website relates to 'Scam Alert and Cyber Security'.1 According to news reports, Google has been blocking some 18m coronavirus scam emails targeted at Gmail users every day.2
Insurers therefore need to make certain that their staff are aware of the increased risks and follow protocols to avoid unwittingly falling foul of a cyber trap. But the present situation also heightens the risk of deliberate insider malpractice. With oversight abilities diminished through remote working, and the fact that the home environment is less secure than the organization's , insurers (and all businesses) need to guard against the risk of cyber-attackers and disgruntled employees gathering information for unauthorized purposes. Moreover, fraudulent activity can spike, since there are less controls in place to verify the damage, payment methods and face-to-face contact with agents and common processes in place as mentioned further on.
Insurers need to identify areas of unacceptable risk and ring-fence these; monitor the usage of non-approved technology (Shadow IT) and reiterate company policy and/or any contractual requirements; and focus their detection tactics on identifying situations that are likely to be intentional or malicious.
In short, a careful balance needs to be struck between embracing flexibility in extraordinary times and ensuring maximum levels of security and compliance.
Just as COVID-19 has forced insurers to adopt remote and digital ways of working, so it is undoubtedly set to drive a wider acceleration of technology adoption across the industry. This is a trend, of course, that has already been with us for some years: but the current situation will significantly expedite it.
In China, for example, the pandemic has bolstered the popularity and usage of online platform services like Ping An's Group Doctor, which connects patients and doctors and provides online consultation services, has seen growth levels of some 900 percent since the situation began.3 Another platform-based insurance model that is booming in China is mutual aid, through which customers pay a small fee to belong to a collective insurance service - with some 300m members “sharing the burden of medical claims.”4
Insurers have also been party to a blockchain arrangement in China and Hong Kong (through which medical information is shared between health providers and insurers) collaborating in the wake of the virus' onset to speed up the information flow so as to process claims faster and make quicker payments through the online payments system, Alipay.5
China already has a technologically advanced insurance sector - but other countries and territories or areas that have remained more paper-based have also increased their levels of digitization in the wake of the situation. More information is being shared digitally such as images or videos to support claims assessment or processing. Italy's large agent network, that traditionally works through face-to-face meetings with customers, has no choice now but to adopt more digital methods. Agents and brokers make up around an 85 percent market share of non-life business, while direct channels have never hit double digits. The situation could be a game-changer in this market, with huge shifts in how business is done. The technology has been there, but it has not been disruptive. The COVID-19 situation has highlighted the need for change.
In 2008, the global financial crisis led to the re-design of payments systems and processes and brought to the horizon new entrants like the fintechs. Twelve years later, COVID-19 will most likely lead the insurance sector to accelerate business innovation and shift more quickly from physical to digital channels and products, with end-to-end automation and optimization of processes from intake through to claims.
Many insurers have, until now, looked at digital transformation only at a product level or focused their efforts on individual components of the value chain (think Payments or FNOL (first notice of loss)). But now, there will likely be a greater realization of the need to digitally transform across the ecosystem. We can expect to see a reprioritization of technology spend. Most will likely start by building in-house where possible on what already exists - but beyond that, we are likely to see increased spend with software vendors as well as potentially more alliances and partnerships with insurtech start-ups through whom digital capabilities (including greater use of AI, robotics and automation) can be more quickly embedded.
Through AI and intelligent automation, the use of IoT and Big Data technologies, insurers will likely be looking to significantly streamline and enhance processes such as:
Cloud implementations are also expected to increase. To date, many carriers have only been dabbling with cloud services, perhaps deterred from large scale adoption by the uncertainty of variable consumption costs compared to the fixed costs of running on premise servers. But now, the necessity of enabling fast and responsive 'access from anywhere' will likely win out over those concerns - even if some insurers are likely to opt for a hybrid model.
There could also be ramifications for the way that carriers interact with and run their relationships with independent agents and brokers as well as vendors and outsourcers. The situation is showing many insurers that these external parties are not always as technologically resilient as they may have assumed, with their systems struggling to stand up to the disruption. For agents and brokers, therefore, we are likely to see insurers investing more in creating an end-to-end environment through which to interact. With vendors and outsourcers, the situation is revealing, in many cases, that carriers didn't always fully appreciate the extent of their dependence on these third parties and how well these third parties were prepared with their own business continuity. They are now looking more closely at different third parties' capabilities during the situation and testing the business continuity aspects that may have been contractually obligated but never actually validated before. We can expect to see some rationalization of third party dependencies as a result, with more critical path activities being in-sourced instead.
Coming out of the crisis, the sector could look fundamentally different: much more agile, secure, connected and digitally-enabled. It is the insurers that stay the course and keep up the pace with this transformation that are likely to be the winners; those that fall back to the old ways are likely to lose market appeal.
Perhaps, indeed, COVID-19 was the digital wake-up call the industry needed. Now, the opportunity is there for those who can to gain value from it for their organization.
Simona Scattaglia Cartago, Global Insurance Technology Lead, KPMG International, and Partner, KPMG in Italy
Gary Plotkin, Global Innovation and Insurtech Lead, KPMG International and Head of Management Consulting for Insurance, KPMG in the US
Lee-Han Tjioe, Partner, Digital Insurance, KPMG China
Shay Zandani, Principal, Cybersecurity Insurance Lead Partner, Advisory, KPMG in the US
1 Home. (n.d.). Retrieved from World Health Organization.
2 Tidy, J. (2020, April 17). Google blocking 18m coronavirus scam emails every day. Retrieved from BBC News.
3 Huang, J. (2020, February 25). China's online health platforms see spike in usage amid coronavirus outbreak. Retrieved from S&P Global Market Intelligence.
4 Here's how tech cuts China's medical cost to the price of a Starbucks coffee. (2020, April 4). Retrieved from South China Morning Post.
5 Lee, G. (2020, February 9). Coronavirus: Insurance service providers use blockchain to fast track claims. Retrieved from South China Morning Post.