may 1-4, 2016 the ritz-carlton, dove mountain, arizona

A Berkshire Hathaway Company

MAY 1-4, 2016 THE RITZ-CARLTON, DOVE MOUNTAIN, ARIZONA

MAY 1-4, 2016 | THE RITZ-CARLTON, DOVE MOUNTAIN, ARIZONA

A Comprehensive IT Strategy for Insurers Presented by John Connors, CIO Gen Re May 2, 2016

2016 Spring CEO Conference | John Connors | MAY 1-4, 2016 2

Agenda

Impacts of Technology in Insurance Developing a Comprehensive IT Strategy Key Considerations for CEOs Cyber Security Q&A


Impacts of Technology in Insurance


Technology Changing the Insurance Ecosystem


Technology 10

9

8

6

5

2

Pricing

Customer Expectation

Economy & Interest Rates

Regulations

Catastrophes

Digital technologies will continue to transform the market landscape

Impact of External Forces on US P&C Market in 2016 (0=Very low impact, 10- Very high impact)

Source: EY 2016 US property-casualty insurance outlook

Disruptive Technologies in Insurance


• Which of these are relevant to your business?

• What are the threats and opportunities? Challenge:

Mobile – Computing Everywhere

Cloud Computing

Digital Marketing

Robotics/ AI

Internet of Things

Sensors/ Telematics

Advanced Rating Engines

Decision Analytics

Social Collaboration

Drones

Cyber Security

Electric & Driverless Vehicles


Where “InsurTechs” May be Better or Faster

•Personalized Service •Online purchasing •Digital Claim Management

Customer Engagement

•Fraud detection •Storage of personal data • Identity verification •Blockchain

Security •Real-time risk mitigation •Pay-per-use •Adapted pricing

Data & Analytics

•Vehicle telematics •Home security •Body sensors •Asset tracking

Internet of things •Blockchain platforms

•APIs •Process Automation

Processing

Threats and opportunities across all functions


Impacts on Traditional Insurers

Expense advantage opportunity awaits the early movers

Back office Operations will be subject to radical change

Gen Y Customers & Technology


By 2017 a new breed of customer will start to dominate – Digital Natives

Source: PwC Insurance 2020: Digital

Developing a Comprehensive IT Strategy


Business Strategy


How will you determine a clear IT Strategy and measure its success if you cannot articulate your Business Strategy?

Product Innovation

Customer Experience

Speed to Market

Disciplined Underwriting

New Markets

Cost Optimization Distribution Channels Investment

Management Operational Excellence

Risk Management

Technology Strategy must follow and align with the Business Strategy

IT Strategy – Approach

1. Articulate Business Strategy

2. Determine the Business Capabilities

3. Assess the Current State Technology

5. Develop Common Vision & Target Architecture

4. Identify Gaps 6. Assess Solutions and Develop the Roadmap

BusinessServices

Advisor

Participant

Sponsor

Employee

B2B GatewayB2B Gateway

Institution

Constituents Interactions Components

Regulator

Vendor / PartnerSystems

Integration

TechnicalServices

Text Message

Phone PDA

Forms

Email

Browser

Services

ProcessServices

VisibilityServices

OptimizationServices

InformationServices

Plan Setup

Participant Setup

Investment

Reserve Calc

Elections

SecurityServices

VirtualizationServices

Systems MgmtServices

DataServices

Product

Client

Marketingand Sales

Record-keeping

InvestmentMgmt

Financials

Pac

kage

Lega

cy

Cus

tom

Ext

erna

l

InstitutionView

ContactCenter

ParticipantView

FinancialAdvisor

EmployeeWorkplace

Processes

FinancialFinancial

ProductProduct

ClientClient

Offer andCampaignOffer andCampaign

Plan Participants

Plan Participants

InvestmentsInvestments

Data

Rules

Product

Plan

Process

OnBoardingOnBoarding

PricingPricing

FulfillmentFulfillment

CommunicationsCommunications

Contract SetupContract Setup

Receipt ofPayroll

Receipt ofPayroll

SocialMediaInfluencer

Paper

UserServices

RuleServices

ComponentServices

ServiceServices

ProcessServices

InteractionServices

DataServices

SecurityServices

Application Integration ServicesGateway Services Data Integration Services

Systems Management Services

Infrastructure Services

Common Services

Web Browser

Rich Internet Access

HTTP Server

Web Portal

Mobile

Disconnected

Collaboration

Telephony

Imaging

Database Mgmt

Data Quality

Document Mgmt

Business Intelligence

Reporting

ServiceRegistry

ApplicationServer

RulesEngine

BPM

Workflow

Authentication

Authorization

Encryption

Directory Services

GatewayServices Messaging Application Integration

HubETL Data Synchronization

Data Propagation Data Federation

Monitoring Backup and Recovery

Operating Systems and Platforms Job Scheduling ServicesVirtualization Services

Email / SMTP Fax Web Content Mgmt Document Generation Knowledge Mgmt Archival Audit and Logging

Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4

Institutional

Plan Sponsorand AdvisorSelf Service 3 5RM ServiceDesktop / ToolsOps ServiceDesktop / ToolsParticipantSelf Service 3 5PSC ServiceDesktop / Tools

Data Foundation

Data Strategyand OrganizationalReadiness 3 5OperationalData StoreData Warehouse

Core Data and Functional Services

Customer ProfileInstitutional ViewCustomer ProfileIndividual ViewProducts andServicesPlanFinancialsInvestments 2 3

Analytics / ReportingOperationalReporting 2 3Sales and MarketingAnalytics 5 8Risk ManagementReports and Analytics 2 4Operational ManagementReports and Analytics 0.5 1Corporate PerformanceManagementReports and Analytics(Finance and Pricing) 2 3

Document and Content Management Content Management

HP DialogueUpgrade 1 2iStreamReplacement 1 2Contract Management

ProcessAutomation

CFE and STARSRationalization 6 8NBS - PEAQ - ADB Alignment with STARS 0.25 0.5Additional ProcessAutomation 3 6

On-boardingTransition Team Services and Portal 1 1.5

Integration

Integration Strategyand OrganizationalReadiness 3 5ApplicationIntegration Platform 2 5DataIntegration PlatformRules Platform

ApplicationPlatforms PRT Solution 1 2

$40.75 $69.00

Cost EstimateProgram Project Year 1 Year 3 Year 4Cost

EstimateYear 2


Business Capabilities

Business capability describes the capacity, materials and expertise an organization needs in order to perform core functions


0% 10% 20% 30% 40% 50% 60% 70% 80%

Digital marketing/customer engagement

Reduced operational risk

Support new distribution channel

Policyholder self-service

Distributor ease of doing business

Speed to market for true-new products

Speed to market for product changes

Optimized internal workflows

Reduced opearting expenses

Business intelligence/data analytics

Top Capabilities that Business Wants IT to Deliver in 2016 and Beyond (percentage of respondents citing each in the top 3)

Midsize P/C

Large P/C

Source: Novarica Research Council Report


Systems of Engagement

• Distribution Channels • Underwriting • Customer Relationship

Management • Marketing • Learning & Talent

Management • Collaboration

Systems of Insight

• Risk Analysis • Decision Analytics • Data Warehousing • Reporting • Enterprise Risk

Management • Knowledge

Management • Actuarial – Pricing

Systems of Record

• Technical Accounting • Contract Management • Claims • Collections &

Disbursements • Policy Administration • General Ledger • Records Management • Reserving

Business Capabilities by System Category

Consider Your Current State

SWOT analysis of your technology landscape

What are the major pain points?

Where are the gaps?

Develop a Common Vision


Gen Re’s Technology Matrix

Develop a Future State Vision

16

Systems of Engagement Systems of Insight Systems of Record

L&H Cert Administration

Technical Accounting

General Ledger

Business Partner

Document Repository

Reserving Systems

Contract Administration

Risk Modelling & Analysis

Rating & Pricing Tools

Decision Analytics

Business Intelligence

Enterprise Data Warehouse

Knowledge Management

Traditional Reporting

L&H Underwriting

Business Process Management

Marketing

Collaboration

Mail & Calendar

PC Treaty Underwriting

Client Connectivity Portal Knowledge Sharing Straight Through Processing

Self Service Analytics Transaction Status Personalized Content

Employee Portal Task Management Calendar

Collaboration Personalized Content

PC Facultative Cert Admin Facultative Underwriting

Enterprise Risk Management

‘Single Purpose’ Apps CRM

Learning & Development

SAP Solution

Microsoft Solution

Other Solution

2016 Spring CEO Conference | John Connors | MAY 1-4, 2016

2013 2014 2015 2016 2017 2018 2020

S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D F M A M J

Project A

Project B

Project C

Project D

Project E

Project F

Project G

Project H

Project I

Project J

Project K

Project L

Project M

Project N

Project O

Modernization Roadmap


Sep 2014 Analysis or Prep

Blue Printing

Realization or Development

Warranty Support

Production – Roll Out

Decision Point

Sep 2015 Sep 2016

Mar 14 Nov 14 Sep 2016 Analysis

PUMA Production Definition Aug 2017

Aug 2017 May 2020 Aug 2016 Sep 2014

Oct 2016 Project Gap Analysis

May 2020 Aug 2017

Go Live in 2021

Go Live in 2021

Sep 2017 Aug 2018

Jun 14 Rel 1B Rel 2 Rel 3

IT Roadmap


• Corporate Priorities / Business Opportunity

• Technology and Product Maturity

• Scale of Investment Requirement

• Budget Distribution – Run vs. Transform vs. Grow

• Organizational Execution Capability (e.g. Resources & Skills)

• IT & Vendor Execution Capability

– Outsourcing of Legacy Systems

• ‘Bi-Modal’ IT

Sequencing Considerations

Key Considerations for CEOs


Adoption of Cloud Technologies


0%

10%

20%

30%

40%

50%

60%

70%

80%

SaaS/Cloud for core insurancesystems

SaaS/Cloud for non- coreinsurance systems

Current and Planned Deployment for Cloud/SaaS

Pilot/Test capabilities

Launch capabilities in this areafor the first time

Currently deployed

Source: Novarica Research Council Report

Transfer expertise required to the cloud

provider

Cloud based solutions can:

Reduce capital investments in

technology

Reduce cyber security risk

• Each constrains and enables the others

• All impact business capability

• Transforming one necessitates changing all


Operational Excellence

People

Technology Process

Operational Transformation

+

22

Gartner‘s1 Governance and Pace Layering Model for Bi-Modal IT

+

Systems of Engagement

-

Systems of Insight

Systems of Record

VEL

OCI

TY A

ND

FRE

QU

ENCY

OF

CHA

NG

E

-

EXECUTIO

N G

OV

ERNA

NC

E

Mode 1

Mode 2

1 #GartnerSYM

Bi-Modal IT

2016 Spring CEO Conference | John Connors | MAY 1-4, 2016

High Priority Projects for US Insurers in 2016


Percentage of respondents citing each area among their top three priority projects Source: Novarica Research Council CIO Survey

0% 10% 20% 30% 40% 50% 60%

Costs and Budget

Security

IT Opeartions

IT Infrastructure

New Capabilities

Data and Analytics

Digital/User Exp

Core System

High Priority Projects for Insurers in 2016

Can you Execute? Critical Success Factors

• Executive Commitment

• Team Culture

• Due Diligence

• Strong Partners & Methodology

• Robust Contracts & Effective Governance

• Scope Discipline

• Project & Risk Management


Cyber Security


State of Cyber Security: Key Stats

Cyber crime incidence continues to rise and outstrip pace of defensive investments


8%

13%

14%

14%

19%

29%

0% 5% 10% 15% 20% 25% 30%

Germany

Australia

United Kingdom

Japan

United States

Russia

Source: Ponemon Institute

One-year net change in cyber crime in six countries Net change could not be calculated for Brazil N=252 separate companies

State of Cyber Security: Key Stats

For 2015 – There were 38 percent more security incidents detected than in 2014.

• Source: “The Global State of Information Security Survey 2016” | PWC

– Even fewer SMBs (29 percent) used standard tools like configuration and patching to prevent security breaches, compared with 39 percent who did so in 2014.

• Source: “Cisco 2016 Annual Security Report” | Cisco

– The median number of days that attackers stay dormant within a network before detection is over 200.

• Source: “Microsoft Advanced Threat Analytics” | Microsoft


http://www.networkworld.com/article/3011103/security/biggest-data-breaches-of-2015.html

https://www.microsoft.com/en-us/server-cloud/products/advanced-threat-analytics/overview.aspx

State of Cyber Security: Major Breaches 2015


Represents only

30% of the 620 million records lost

in 2015

State of Cyber Security: Sources of Loss


State of Cyber Security: Crypto malware trend


Ransomware: Would you pay?

Crypto-ware is everywhere • The ratio was 83% in Q4 2015

• Large percentage delivered through email

• Typical payment was one or two bitcoins ($500 to $1,000)

50%

72% 81% 83%

50%

28% 19% 17%

0%

25%

50%

75%

100%

1Q 2Q 3Q 4Q

Cryto-ransomware Ransomware

Compared to last year’s data, this year’s crypto-ransomware numbers steadily rose up to the end of 2015 and

even overtook ransomware.

Cyber Security: Building your Defense


Implementation of key security safeguards A quality building

requires quality architects, materials and builders

A quality security program is no different

Cyber Security: Use a Framework


• Align with NIST Cyber Security Framework

• Define and oversee Security Program & Strategy

• Coordinate interdepartmental affairs

Basic Components

GOVERNANCE

PROTECT

DETECT

RESOLVE

• Layered Defenses

• Extensive and Continuous Monitoring

• Incident Response

PROTECT

DETECT

RESOLVE

Cyber Security: Framework Components

Layers of Defense


Extensive and Continuous Monitoring

Incident Response

• Informed Mindset & Culture • Policies & Standards • Relevant Technologies (e.g., firewalls, anti-malware) • Training & Awareness (everyone, not only IT)

• Security Event Data Collection • Security Information & Event Manager (SIEM) • Intrusion Detection / Prevention System (IDS/IPS)

• Risk-based Triage • Incident Management Leadership

(Human Resources, Legal, Compliance, IT) • Well-rehearsed Procedures • Forensics Capabilities

Cyber Security: Landscape Assessment


PROTECT DETECT RESOLVE

Virus Control

Basic Access Management

Content Filtering

Vulnerability Management

Encryption

IDS/IPS

Security Awareness

Scenario-based Training

Firewall

IDAM& Single Sign-on Anomaly/End Pt. Detection

Email Attack Protection

Data Classification

Network Segmentation Network Access Control

Data Loss Prevention

Email/Spam Filtering

Multi-Factor Authentication

Privileged Access Management

Threat Processing

Rights Monitoring

Security Assessments

Mobile Security

Incident Response

Pen Testing 24/7 SOC

Denial of Service Defense

Cloud Security

Forensics

At Standard

Improving

Improvement Needed

Configuration Mgt. & Hardening

Security Skills Training ( IT ) Extranet Monitoring

Cyber Security: Tips

• “You can’t boil the ocean” – Protection commensurate with importance of asset

• “Many hands make light work”

– Every manager and every employee ‘owns’ security too – Train and train again

• “Box ticking won’t work”

– This isn’t about compliance, it’s about ownership Compliance is about meeting a minimum standard


Cyber Security: Tips

• “Tone at the top” – Granting endless exceptions to security policy

undermines the entire program

• “The best things in life are free” – Make sure the assets you own are configured and

operated as securely as they can be. This includes patching. No amount of shiny new security ‘medicine’ will overcome poor basic hygiene

– Train your finance staff to be skeptical of emails and phone calls requesting funds transfers


Cyber Security: Final Tip

• You’re not alone – Join an ISAC – http://www.isaccouncil.org/memberisacs.html


Questions


Comprehensive IT Strategy for Insurers John Connors Chief Information Officer, Gen Re The pace of change in the insurance industry continues to challenge insurers’ ability to react and evolve as well as manage their day-to-day operations. Nowhere is the challenge greater than in technology. Insurer CEOs consistently respond that technological change is the biggest risk, and opportunity, to their companies. Insurers need to develop a comprehensive IT Strategy that balances the competing forces of modernization (whether legacy system replacement, mobility and cloud computing, or digitalization initiatives), and the need to reduce the overall cost of IT to the organization. John Connors, our Chief Information Officer is responsible for this strategy at Gen Re and will share with you the key considerations and recommended approach to navigating this complex area. Most importantly, he will describe the need for and approach to starting with the business strategy and fundamentally connecting the IT Strategy to key business objectives.


may 1-4, 2016 the ritz-carlton, dove mountain, arizona

Documents