How do we move past this? The Main Barrier to Incumbent/InsurTech Partnership: Security and Data Privacy

As digital service offerings increase in adoption and capabilities, enterprises can gather more and more data about customers and visitors which is then used to give insight into customers and their buying patterns.

Sometimes this data even includes personally identifiable financial and health information. Protecting this data and providing it to customers and third parties in a secure manner is a challenge for the financial services industry (PwC).

According to InsurTech NZ and Ernst & Young’s 2019 report, concerns around the use of IT/technology systems and data security are one of the main barriers for incumbents to engage with InsurTechs.

Why partner with InsurTechs

Backing it up a little first, let’s start with why incumbents are looking to partner with InsurTechs.

DLA Piper puts it well, noting that there is an innovation gap for incumbents where the pace of technology change is faster than their ability to keep up with changing consumer behaviors and market demands. Enterprises are acknowledging that innovating and developing new solutions internally takes time, money and management resource so being able to partner with InsurTechs is a viable way to close the innovation gap and respond to core business or customer engagement issues.

Because InsurTechs are relatively flexible, incumbents can partner with InsurTechs and technology companies to quickly mobilise a new offering with “limited brand risk and without inheriting complicated back-end administration, legacy or platform challenges” (Ernst & Young/InsurTech NZ).

“Increased collaboration will benefit the entire ecosystem – improving customer engagement and experience, creating efficiencies in back-end processes and, ultimately, offering more choice for consumers.” Jason Roberts, Chair, InsurTechNZ.

Partnerships between incumbents and InsurTechs can help end customers get more appropriate products at better prices, but seamless and secure data sharing forms the backbone of such partnerships (PwC).

So having established that there are huge benefits to be untapped from InsurTech/incumbent partnerships as well as there being valid data concerns, how can we reconcile the two?

In the next section we provide a high level to-do list for both incumbents and InsurTechs to address these concerns and prepare for success.

A to-do list for incumbents

• Team & communication: The first and arguably most important is to identify and appoint key representatives who can work closely alongside InsurTechs and construct pathways for open dialogue, achieving a mutual understanding of strategic priorities and building trust (Ernst & Young/InsurTech NZ).
• Clear expectations: Incumbents and InsurTechs together can produce clear project plans with clear timelines, outcomes and processes for dealing with data requirements and issues (DLA Piper).
• Move a little faster than usual: Part of the attraction of working with InsurTechs is their ability to be agile and not be inhibited by legacy systems. But when corporate incumbents have challenging procurement processes and inflexible legacy systems, it’s difficult for InsurTechs to allocate resources to the solution itself. Faster collaboration may be achieved with easy engagement processes, and faster decision-making and procurement processes.
• Provide clear data requirements: Focus on the must-haves when it comes to data security, with an emphasis on compliance with core security standards and prompt notification and remediation of breaches (DLA Piper).

A to-do list for InsurTechs

• Trust: InsurTechs can address any trust issues by improving their understanding of the complexity of established processes and insurance administration systems.
• Address delays promptly: Have a clear contractual process allowing them to flag delays that will impact delivery.
• Don’t deny human value: Human supervision of the technology outputs may still be beneficial to mitigate the risks of perpetuation of errors.
• Integrations: Demonstrating capability to integrate with existing incumbent IT systems.

If there are any integration issues, work with the incumbent to conduct thorough testing, integrate data closer, and clearly delineate areas of responsibilities between all parties. This will minimise the cybersecurity risks and compatibility issues during the integration process (Harvard).

In addition, JRNY CTO, Owen Evans, provides some simple tips for InsurTechs to deal with data securely:

• Keep up with security best practices by engaging with professional groups, OWASP is an easy one to get access to for example.
• Ensure access to data is locked away, stored encrypted and ideally don't store any data you don't need. Keep those keys secure too, have a password vault for your organisation and teach people to use it.
• Rely on proven technologies, don't build your own security. Rely on things like OAuth, OpenID and other standards to help you out.
• Read and understand cloud provider's privacy claims and make sure you keep data in secure places (Encryption at Rest, one way encryption for passwords using a "slow algorithm").
• Audit access to production and ensure you keep backups of everything (again encrypted).

Conclusion

Although valid, data concerns can be overcome and the immense value of incumbent/InsurTech partnerships realised.

In the words of Jonathan Howe, UK insurance leader at PwC:

“The differences between start-ups and incumbents should be embraced as vital to the future of the industry. If the long-term mindset and experience of insurance companies can successfully be partnered with the creativity and agility of start-up companies, the industry as a whole will make progress in solving problems and bringing truly innovative products to market.”

Claude Pertusati