Incumbents and InsurTechs must embrace each other’s unique strengths and work together

Executive summary

New challenges, changing business dynamics have set off a tectonic shift in the insurance industry

  • Customer expectations are evolving, offers are becoming more innovative, and new players are making their presence known.
  • Fundamental and significant challenges will require insurers’ immediate and considered attention.
  • As a result of these changing dynamics, incumbents and InsurTechs agree that collaboration with other industry players is necessary to create an integrated portfolio of offerings.

Insurers must support a platform that serves a broad spectrum of customer needs

  • The future marketplace will showcase a bouquet of offerings that caters to customers’ financial and non-financial needs.
  • Insurers need a structured approach to marketplace development that includes proper identification of customer preferences and relevant offerings, evaluation of best-fit partners, and an effective GTM strategy.
  • Today’s operating model will undergo a fundamental transformation as part of the inevitable path forward.

Experience-led digital offerings and seamless collaboration with ecosystem players will drive marketplace success

  • Insurers will need to tear down internal silos, seamlessly connect with ecosystem players, and be more inventive.
  • Our Inventive Insurer profile includes key characteristics:
    • intelligent insurer,
    • open insurer,
    • deep customer,
    • and product agility.

Incumbent-InsurTech collaboration can shore up competencies in preparation for the future

  • InsurTechs’ unique capabilities and agility make them ideal partners for incumbents aiming to carve out a substantive role in the new marketplace.
  • A successful holistic collaboration will focus on long-term benefits.

New ecosystem roles will evolve as the industry transitions toward the marketplace model

  • Industry players must decide how to successfully and profitably contribute to the new ecosystem based on their most compelling competencies, as well as market needs and the external environment.

There’s no looking back for today’s digitally-empowered consumers

Throughout the past decade, as smart technology tools became mainstream, consumer interaction with the world changed dramatically. Changing lifestyles, behavior, and preferences have created a digital-age paradigm. As smartphones and the internet unlock information and decision power, interconnectivity, personalization, and seamless omnichannel access have become must-haves.

So, what does this mean for insurers?

Policyholders seek new offerings: Traditional insurance policies may not fully meet customers’ changing needs and desire for add-on services, personalization, and flexible offerings. In fact, for nearly half of policyholders, the decision to continue with their insurer is influenced by the availability of these features and benefits, according to the World Insurance Report (WIR) 2019.1

The demand for digital transaction channels is up: The popularity of digital channels is gradually growing. More than half of insurance customers (nearly 52%) interviewed as part of the WIR 2018 placed high importance on the mobile and internet or a website channel for conducting insurance transactions.

Simplicity is the rationale behind genuinely digital products

Digital channels work best when insurers streamline and standardize products and processes so customers easily understand features and benefits and can make direct purchases online with ease. In short, insurers must simplify offerings to create genuinely
digital products.

  • Easy to understand: Policy details should be redesigned and reformatted for straightforward interpretation so customers can quickly make a buy/ no-buy decision. For example, Berkshire Hathaway’s Insurance Group (BiBerk) launched a comprehensive insurance product for small businesses that combines multiple coverages. Dubbed THREE, the new product is three-pages long and links coverage for workers compensation, liability (including general liability, errors and omissions, and cyber), property, and auto.
  • Automated processes: Straight-through processing and other ease-of-use tools can simplify underwriting, claims processing, and more across the value chain. Cake Insure, a subsidiary of Colorado-based Pinnacol Assurance, launched in late 2017 with an algorithm that produces a bindable quote in less than a minute and a bound policy in fewer than five minutes for small businesses seeking workers’ compensation insurance. New York-based property and casualty InsurTech Lemonade uses artificial intelligence to automate claims processing. Lemonade showcases a 2016 case in which it crossreferenced a claim against a user’s policy, ran 18 anti-fraud algorithms, approved the claim, and sent wiring instructions to the bank in three seconds to demonstrate ease of use.
  • Straightforward policy wording: Descriptions of policy coverage and expenses (which ones are payable and which do not qualify) must be explained clearly in everyday language. Similarly, insurance industry players should work together to standardize definitions, exclusions, and processes.
  • Interactive customer education: Gamification, interactive videos, and social channels are ways to educate customers about risks, their need for coverage, and policy details. Interaction can also improve customer engagement and experience.

The marketplace of the future can holistically focus on customer needs

HomeFlix is a virtual assistant offering renters and homeowners insurance underwritten by Zurich Connect, the digital arm of Zurich Italy, and powered by on-demand digital broker Yolo, a Milan-based InsurTech. In addition to insurance coverage, the policy, introduced in July 2019, offers laundry service – washed and ironed after a few days and paid directly on delivery. Access to concierge maintenance services such as plumbing and electric also is available. Next, HomeFlix plans home delivery, babysitting, and cleaning services.

New York-based Generali Global Assistance (a division of Italy’s Generali Group, which provides travel insurance-related services) strategically partnered with San Francisco-based rideshare company Lyft in late 2017 to improve customer service and contain costs for clientele of its insurance companies and multinational corporations. Later, Lyft
collaborated with CareLinx, a US professional caregiver marketplace that helps find, hire, manage and pay caregivers online, to create CareRides, a door-to-door transportation service for special-needs individuals in 50 US metro areas. Generali Global Assistance also partnered with CareLinx to provide value-added services for existing policyholders in times of need.

The marketplace of the future can offer emerging-risk coverage

Working with Cisco, Apple, and Aon, Allianz launched a comprehensive cyber insurance product for businesses in early 2018. The product includes a solution comprised of cyber-resilience evaluation services from Aon, secure technologies from Cisco and Apple, and options for enhanced cyber insurance coverage from Allianz. The product aims to help a broader range of organizations manage and protect themselves better from cyber risks associated with ransomware and malware-related threats.

The marketplace of the future can deliver simple to understand, easy-access offerings

Berlin-based startup FRIDAY offers innovative, digital automotive insurance with features like kilometeraccurate billing, the option to terminate at month’s end, and paperless administration. The InsurTech’s technologies and partnerships include:

  • Telematics support from the BMW CarData platform and from TankTaler, which tracks vehicle location as well as data such as battery voltage, mileage, and other statistics
  • Automotive services through the mobility hub of ATU, a German chain of vehicle repair franchises
  • Drivy, a peer-to-peer car rental marketplace that enables consumers to lease vehicles from private individuals
  • Friendsurance, a peer-to-peer InsurTech that pays out a percentage to customers who do not use (or use very little) annual insurance also sells FRIDAY policies

Prudential Singapore and StarHub partnered to create FastTrackTrade (FTT), Singapore’s first digital trade platform for small and midsized business (SMBs) that uses blockchain technology. FTT helps SMBs find business partners and distributors, buy and sell goods, track shipments, receive and make payments, access financing, and buy insurance via a single platform. FinTech startup Cités Gestion developed the pioneering platform with funding from Prudential.

CG1

Structure supports success

Insurer success in the future marketplace will rely on a structured approach (see Figure 3).

  • Understanding customer preferences and conceptualizing product portfolios: Insurers can tap new data sources such as social media channels and use behavioral analytics for better understanding and more accurate estimation of their customer’s preferences and risk profile. With a deeper understanding of customers, they can conceptualize personalized product portfolios for each customer segment.
  • Recruiting the right partners: Once the product portfolio is finalized, insurers should look for partners that align with their business objectives and strategic vision. Cultural fit, ease of integration of systems, and seamless channels of communication are key success factors.
  • Structuring the offerings portfolio: Insurers should closely collaborate with partners while assembling their portfolio. A winning product/service mix offers a hyper-personalized one-stop solution for all the needs of the customer.
  • A compelling go-to-market strategy: Insurers should be able to communicate the value of the marketplace by touting human-centric offerings that customers find simple to understand and easy to access.
  • Capturing feedback: Through advanced analysis of sales data, direct customer input, social media, etc., insurers can capture feedback about their offerings. The process should be continuous rather than on an ad-hoc basis. More importantly, the input should be immediately acted upon to enhance current products or to conceptualize a new product.

CG2

To realize the full potential of the structured approach, four fundamental shifts in the current operating model are critical

For an insurer to realize the full potential of the structured approach and ensuring the successful creation of the marketplace of the future, four fundamental shifts in the current operating model are critical (see Figure 4). The importance of these areas is borne out by the research. For example:

  1. Experience: More than 70% of insurers and InsurTechs said a focus on holistic risk solutions for customers was critical to establishing a future-state insurance marketplace.
  2. Data: More than 70% said advanced data management capabilities are critical.
  3. Partnerships: 90% of InsurTechs said partnerships were critical while 70% of incumbents said the same. Both insurers and InsurTechs have a hearty appetite for collaboration with other sectors, such as healthcare providers and players from the travel, transportation, and hospitality space (see Figure 5).
  4. Shared access: However, an emerging area in which views are evolving is the transition to a shared economy. Here, less than 40% of established insurers and InsurTechs say they consider shared ownership of assets to be critical.

Industry players should understand that the four shifts – focus on experience, data, partnership, and shared access – are interrelated and critical for partnering with other entities to develop bundled offerings. Concentrating on one at the expense of others may stymie the overall efficiency of the marketplace.

CG3

Digital maturity does not match aspiration

While insurers realize the importance of these fundamental shifts, there is a significant gap between their expectations and their current digital maturity. Lack of digital maturity is the biggest concern for incumbents. While 68% of insurers said they believe partnerships are critical, only 32% are currently collaborating with ecosystem partners (see Figure 6).

Less than 40% of insurers have a holistic digital transformation strategy and are collaborating with ecosystem players to provide value-added services. Only 11% of insurers say they leverage open architecture, which is critical for working with other industry players.

CG4

CG5

Experience-led digital offerings and seamless collaboration with ecosystem players will drive marketplace success

We call firms prepared to excel in the future marketplace Inventive Insurers because they have strategically updated their product portfolios, operating models, and distribution methods. They have outlined their distinctive capabilities as well as their competency gaps and are ready to deliver end-to-end solutions in the manner customers prefer.

Pragmatic assessment (and subsequent enhancement) of a firm’s digital maturity is critical to connecting with ecosystem players seamlessly. Figure 7 shows the steps companies need to take to establish the marketplace of the future.

CG6

1. Prioritize digital agility

The critical first step in the future marketplace journey is boosting digital agility. The more quickly initiatives are implemented, the more quickly firms will enhance their digital maturity and actively participate within a connected ecosystem. Insurers must holistically adopt these critical capabilities to optimize their digital agility and seamlessly connect with partners to develop digitallyintegrated ecosystems (see Figure 8).

  • Real-time data gathering
  • Advanced analytics
  • Re-engineering complex processes and automating them

CG7

2. Build an integrated ecosystem

Seamless collaboration between insurers and their strategic partners is the backbone of a digitally integrated ecosystem. As new players enter the insurance value chain (aggregators, original equipment manufacturers (OEMs), one-stop policy management apps, and third parties such as repair stores), incumbents must strengthen their position through strategic partnerships.

Our proposed digitally-integrated ecosystem seamlessly interconnects insurers with customers and partners to enable the efficient flow of information and services (see Figure 9).

CG8

In the digitally-integrated ecosystem, customers can access insurers over various channels through extended multi-device, multi-platform, and mobility offerings. Digital integration with partners will play a crucial role as insurers seek to increase their reach and provide customers with convenient and seamless services.

Integration with aggregators and intermediaries offers insurers a choice of distribution channels. As insurers connect with individual customers through devices, real-time data can be captured and used to provide personalized offerings and value-added services.

Insurers will move beyond traditional touchpoints to become their customers’ constant risk control advisory and partner. For that to happen, however, insurers will need to join forces with third-party vendors for efficient claims management and payout, and with OEMs for real-time customer data.

APIs, cloud-based storage, and blockchain can foster insurance ecosystem integration by enabling the seamless and secure transfer of data between diverse systems. A digitally-integrated ecosystem – both within and outside the organization – will support the real-time, personalized services that customers already demand. Digital mastery can benefit top- and bottom lines and propel insurers forward.

Grasping the art of teamwork with close ecosystem players – and relevant offerings based on core capabilities – will lay the groundwork for insurers to partner profitably.

3. Create tomorrow’s marketplace

Firms must develop Inventive Insurer competencies to contribute to the successful development of tomorrow’s marketplace. These competencies include intelligent processes, open platforms, customer centricity, and an innovative mindset among team members ( see Figure 10).

CG9

Intelligent insurer. Automation, analytics, and artificial intelligence can prioritize customer experience within all operations.

  • Process efficiencies can support top-notch service with quick turnaround times.
  • Analytical competencies help insurers understand customer needs and act swiftly.
  • Robust digital governance provides monitoring and ensures compliance within today’s dynamic regulatory environment.

Open insurers leverage open platforms to build an ecosystem of partners through seamless collaboration with third parties and enable firms to participate in the value chain of third parties. Insurers with open platforms can access and integrate new data streams to cater to customers’ evolving needs, reaching them in the way they prefer via new distribution channels. Modern platform with open architecture for providing bouquet of offerings also allow firms to take a fail-fast approach to product development and innovate at a faster pace.

Deep customer competencies allow insurers to leverage data and channels for enhancing the customer experience across all touchpoints. Deep customer insights generated using advanced analytics and AI enable insurers to keep the customer at the center of all decisions.

Product agility is crucial for insurers to create new products at a faster pace and gain a competitive edge from an increased speed-to-market. Creative culture and ability to innovate at scale are critical components for achieving product agility. A creative culture
encourages novel thinking from employees and spurs openness to change.

Innovation labs and design thinking can encourage a fresh approach, especially within cultures that are hard-wired with conventional processes and culture.

Leadership support and vision are also critical. While Inventive Insurer status may be an aspirational future state, each firm’s journey is unique. An open platform used as a sandbox is an excellent place to begin developing new competencies and learning how to innovate at scale. Inventive Insurers create digital, experience-led offerings by collaborating seamlessly with other ecosystem players.

Incumbents and InsurTechs will benefit from strategic collaboration

For the most part, the industry sees InsurTech collaboration only as a means to drive growth and transform the customer experience. For example, 84% of insurers and 80% of InsurTechs say they are focusing on “developing new offerings.”

However, when it comes to the critical building blocks for the new insurance marketplace – such as developing holistic technology infrastructure and advanced data management capabilities – there are significant gaps in the expectations of insurers and InsurTechs. For example, fewer than 40% of incumbent insurers want to build holistic technology infrastructure by collaborating with InsurTech firms, while more than 60% of InsurTechs wish to work with insurers to create such a foundation.

What’s more, while data security remains a crucial concern when establishing partnerships with other industries, only around 10% of incumbents and 25% of InsurTechs say they want to focus collaborative efforts on data security.

Industry players should focus on a holistic approach while venturing into an insurer-InsurTech collaboration to prepare for the future and consider tactical plans for quick wins that may offer short-term benefits.

External partners can facilitate incumbent-InsurTech collaboration

After clearly outlining collaboration objectives, insurers must select a partner. The World InsurTech Report 2018 took a deep dive into the InsurTech landscape and offered ways in which incumbents can assess the success potential of short-to-medium term partnerships with InsurTech firms as well as longterm relationship feasibility. Finding a partner that can address technology capability gaps may require specialized third-party support.

Incumbents and InsurTechs can optimize their structured collaborative efforts by keeping four guiding pillars in mind: People, Finance, Business, and Technology (Figure 13).

CG10

People (The right individuals in the best-fit positions): Employees are a firm’s most essential assets when it comes to driving innovation, growth, expansion, and fruitful collaboration. Both partnering entities must be flexible and strive for a balance between the hierarchical nature of many traditional insurers and the flat organizational structure favored by InsurTechs.

Finance (Allocate optimal capital, realistically forecast returns): Without a defined investment and revenue model, it may be difficult to articulate a compelling value proposition. Participants need adequate capital to invest in the partnership and a proven revenue generating model to maintain positive cash flow in the not-too-distant future.

Business (Early traction, measurable success): Business traction, a proven business model, customer adoption, and value creation are must-meet goals for any potential collaboration. A new business model should solve the needs and challenges that were difficult to tackle independently. A collaborative partnership should produce a value proposition with quantifiable results.

Technology (Collaboration tools and technologies): Technology tools should be secure and enable frictionless collaboration, as well as scalability. Partner systems should securely integrate with the help of technology. Accessed information must be accurate, timely, and be regulatorily compliant. It should be scalable without affecting current systems.

New ecosystem roles will evolve as the industry transitions toward the marketplace model

As the insurance industry advances, new specialist roles are developing. In addition to the traditional integrated business role, new functions include that of Supplier, Aggregator, and Orchestrator. Close collaboration will enable incumbents and InsurTechs to maximize opportunities in each.

These roles are not business-model exclusive but business-case specific. Each ecosystem entity may mix and match positions depending on the business model in play (see Figure 15).

Established insurers and InsurTechs can also play multiple roles within an ecosystem. For example, a firm can act as both supplier and orchestrator. Similarly, one firm may be a supplier in an ecosystem, but be an orchestrator in another ecosystem.

CG11

 

Click here to access Cap Gemini’s entire report

 

Optimize for both Social and Business Value – Building Resilient Businesses, Industries, and Societies

Why Is Corporate Capitalism at a Tipping Point?

Stakeholders are beginning to pressure companies and investors to go beyond financial returns and take a more holistic view of their impact on society. This should not surprise us. After all, we have lived through two decades of hyper-transformation, during which rapidly evolving digital technologies, globalization, and massive investment flows have stressed and reshaped every aspect of business and society.

As in previous transformations, the winners created new dimensions of competition and built innovative business models that increased returns for shareholders. Many others found their businesses at risk of being disrupted, with familiar formulas no longer working. To meet the unwavering demands of Wall Street, many companies relentlessly optimized operating models, streamlined and concentrated supply chains, and specialized their assets and teams — leaving them less resilient and less adaptable to shifting markets and trade flows. The resulting waves of corporate restructuring, consolidation, and repositioning have fractured companies’ cultures and undermined their social contracts.

Furthermore, this hyper-transformation cascaded beyond individual companies and created socio-economic dynamics that left many people and communities economically disadvantaged and politically polarized. Combined with the increasing shared anxiety that the earth’s climate is changing faster than the planet can adapt, a global zeitgeist of risk and insecurity has emerged. We will enter the 2020s with more citizens, investors, and leaders convinced that the way business, capital, and government work must change — and change quickly.

We now must rethink the sustainability of the whole system in the face of extreme externalities — or risk losing social and political permission for further progress. The 2030 UN Sustainable Development Goals (SDGs) identify the moral and existential threats that we must meet head-on. While some question the SDGs’ breadth and timeline, most agree that, if achieved, they would create a more just, inclusive, and sustainable world.

Goal 17 calls for new engagement by companies and capital in partnership for collective action across the public, social, and private sectors. Five years into the SDG agenda, there is ample evidence that governments, investors, and companies are beginning to exercise their capacity to create much-needed change.

Change Is Underway but Is Hardly Sufficient

Many institutional investors are racing to integrate ESG (environmental, social, and governance) assessments into their decision making, and they are expecting companies to report on how they deliver on those metrics. New efforts promote radical disclosure, like the Bloomberg/Carney TCFD (Task Force on Climate-Related Financial Disclosures), which encourages signatories to report on the climate risks of their financial holdings.

New standards initiatives are creating a foundation for nonfinancial performance accounting, and the prospect of widespread “integrated reporting” seems realistic. Companies are investing in “purpose” and defining their contributions to society against material ESG factors and SDG goals. Corporate sustainability and CSR (Corporate Social Responsibility) functions, historically on the sidelines, are now being integrated into line business activity, with progressive companies expanding the scope of competition to include differentiation on environmental and societal dimensions. And through industry consortia, many companies are taking collective action on issues that both threaten their right to operate and open up new opportunities for their industries.

Such examples are important early signals that the context for business is changing. However, for all the progress on commitments, agreements, metrics, and policies, there has been little aggregate progress against top-level goals, like

  • reducing CO2 emissions,
  • cutting plastics waste,
  • or narrowing social and economic inequality within nations.

Without demonstrable impact and collective progress, social and political pressure will only build, further threatening the legitimacy of corporate capitalism.

A New Societal Context for Business

Companies will face escalating social activism by investors, stakeholders, social mission organizations, and policymakers on issues of

  • climate risk,
  • economic inequality,
  • and societal well-being.

Governments and local communities will set a higher bar for a company’s right to operate, and in a connected world a company’s local performance will quickly affect its global reputation and trigger social and regulatory consequences. Stakeholders will expect radical transparency on ESG performance.

This will shift investors’ perceptions of a company’s risk and opportunity, skewing capital toward those that deliver both financial returns and positive societal impact. To satisfy a growing demographic of socially minded consumers and businesses, companies will need to demonstrate “good products doing good” and anchor their brands and identity around a credible purpose.

Talent will gravitate toward companies that give employees a line-of-sight to making the world better while also providing a fulfilling career. To win, companies will need to define competition more broadly, adding new dimensions of value through

  • environmental sustainability,
  • holistic well-being,
  • economic inclusion,
  • and ethical content.

This will require radical business model innovation

  • to enable circular economies for precious resources;
  • to provide assets that are shared rather than owned;
  • to broaden access and inclusion;
  • and to multiply positive societal impact.

At this critical moment for corporate capitalism, business is more trusted than government, according to the Edelman Trust Barometer. Farsighted corporate leaders will see the opportunity for their industries to

  • mitigate environmental and societal threats,
  • catalyze collective action to discover new solutions,
  • shape wider ecosystems,
  • and expand trust with stakeholders.

Such actions will be indispensable to strengthen social permission for corporate capitalism before it is further undermined.

CEOs Need an Agenda for Value and the Common Good

We frame the journey to new corporate value and the common good around six imperatives.

It begins with reimagining corporate strategy, then

  • involves transforming the business model,
  • reframing performance and scorekeeping,
  • leading a purpose-filled organization,
  • practicing corporate statesmanship,
  • and elevating governance.

BCG 1

While challenging to execute, we argue that this agenda will be essential to create a great company, a great stock, a great impact, and a great legacy.

Reimagine Corporate Strategy

We believe few companies have strategies for this new era of business. The following exhibit illustrates the ambition of such a strategy, which establishes competitive advantage at the intersection of

  • shareholder value,
  • corporate longevity,
  • and societal impact.

The “quality” of the strategy is thus judged by how it delivers both total shareholder returns and total societal impact.

BCG 2

Consequently, it widens the scope of competition to encompass creating rich differentiation and relative advantage in multiple areas of societal value. It embeds “social value” into new business constructs, shared value chains, and reconstructed ecosystems.

It also opens, broadens, and deepens markets to enable access and inclusion. And it expands the scope of business by calling for coalitions for collective action that address existential risks to environmental and societal ecosystems.

This new type of strategy flips leadership’s perspective from “company-out” to “societal needs-in,” by asking how a specific SDG target could be met by extending the company’s capabilities, assets, products, services, and ecosystem—and those of its industry. The following exhibit lists ten questions that strategists should incorporate into their strategy processes to ensure that they embrace the opportunity to create both shareholder returns and societal impact.

BCG 3

However, these new strategies cannot simply be grafted onto existing business models. Business models themselves will need to be transformed. Sustainable business model innovation (S-BMI) takes a much wider perspective than traditional business model innovation by considering

  • a broader set of stakeholders;
  • the system dynamics of the socio-environmental context;
  • longer time horizons for sustaining adaptable advantage;
  • the limits of business model scale, viability, and resilience;
  • the cradle-to-grave production and consumption cycle;
  • and the points of leverage for profitable and sustainable transformation.

Transform Business Models

We can already observe seven topologies for sustainable business model innovation, sometimes in combination, all with the potential to increase both financial returns and societal benefits.

  • Own the origins. Compete on capturing and differentiating the “social value” of inputs to production processes, products, or services. For example,
    • pursue cleaner energy,
    • sustainable practices,
    • preserved biodiversity,
    • recycled content,
    • inclusive and empowering work practices,
    • minimized waste,
    • digitized traceability,
    • fair trade, and so on.

Performance here will require differentially advancing the societal performance of the supplier base and its stewardship of resources, communities, and trade flows. Achieving this may require backward integration to ensure fast and complete upstream transformation and then holding and using these new capabilities for competitive advantage and differentiation.

  • Own the whole cycle. Compete by creating societal impact through the whole product usage cycle, from creation through end of life. This competitive typology puts a wide aperture on the business and requires systems analysis to uncover business models that offer the richest competitive and financial options. For example,
    • designing for circularity, recyclability, and waste to value;
    • creating offerings that enable sharing rather than owning to ensure high utilization of resources and end-of-life value;
    • constructing infrastructure to facilitate circularity and repurposing;
    • integrating into other value chains to capture societal value;
    • educating and enabling consumers to choose whole-cycle propositions on the basis of value to people and planet.

To achieve these ends, expect to reposition operations, reinvent supply chains and distribution networks, pursue new backward or forward integration, acquire business adjacencies, or undertake unconventional strategic partnering.

  • Expand “social value.” Compete by expanding the value of products or services on six dimensions:
    • economic gains,
    • environmental sustainability,
    • customer well-being,
    • ethical content,
    • societal enablement,
    • and access and inclusion.

Then advocate new standards, increase transparency and traceability, tune marketing and segmentation, engage customers on the product’s wider value and their involvement in bigger change, and seek premium pricing. In business-to-business offerings, help customers integrate the full social value of your products, services, and business model into their own differentiation and ESG ambitions.

  • Expand the chains. Compete by extending the company’s value chain, layering onto other industries’ value chains to extend the reach of your products and services and the societal impact for both parties, while changing the economics and risks of doing so. For example,
    • use the reach of a consumer products distribution system to extend payments and financial services to small merchants;
    • layer one company’s health services onto another company’s physical supply chain to benefit its workers and their families while expanding markets for health services;
    • or use the byproducts of one company’s operations as feedstock in other companies’ value chains.
  • Energize the brand. Compete by digitally encoding, promoting, and monetizing the full accumulated social value that is embedded in products and services, along the whole value chain— from origins to customer, from cradle to grave. Use such data to rethink differentiation, the brand experience, customer engagement, pricing for value, ESG reporting, investor engagement, and even potential new businesses. For example,
    • strengthen the brand with promotions that showcase the business’s performance on the open, clean, green, renewable, and inclusive attributes of its operations;
    • and increase customer engagement and loyalty by using data on the product’s environmental and societal footprint to empower customers in choosing how their lifestyle affects the planet and its people.
  • Relocalize and regionalize. Compete by contracting and reconnecting global value chains to bring societal benefits closer to home markets in ways stakeholders value. For example,
    • build local and regional brands that better express local tastes and values;
    • source from smaller local producers to minimize logistics emissions and strengthen local economies;
    • reimagine production networks against total environmental and societal costs;
    • capture local waste streams as feedstocks for other activities;
    • or reconstitute jobs for microwork to use local talent.
  • Build across sectors. Compete by creating models that include the public and social sectors to improve the company’s business and societal proposition, particularly in emerging and rapidly developing economies. For example,
    • work alongside governmental bilateral aid institutions and NGO development organizations to improve the agricultural capacity of small farmers so they become reliable sources of agricultural inputs to the agro-processing value chain;
    • partner with global environmental organizations and governments to promote the reuse of ocean plastics as feedstocks to production systems;
    • partner with governments to strengthen social safety nets and prevent corruption through digitization and electronic payments;
    • or partner across sectors to restructure recycling systems to enable higher penetration of waste-to-value business models.

Extend this into industry coalitions for collective action that reshape broader rights to operate and generate new opportunities.

All seven types of S-BMI create new sources of differentiation, operating advantage, network dynamics, and societal value — enabling more durable and resilient businesses that benefit shareholders and society. But to assess and improve the performance of these business models and communicate their value, we need to expand today’s scorecards.

Click her to access BCG’s full article

 

Cyber Risk Management – From Security to Resilience

Rapidly evolving threats and infiltration techniques have rendered traditional cyber defense strategies insufficient and ineffective. The emerging threat vectors and speed of change amplified by the digital transformation cannot be addressed by traditional means. Globally, laws are also changing to keep pace as cybercrime evolves, knowing no
boundaries. Therefore, organizations must be nimble and agile to keep pace with policy changes, especially when expanding across different jurisdictions.

This report highlights three strategic imperatives to strengthen cyber resilience:

  • Understand (know your threats): Identify organization and industry-specific cyber threats and regulations calls for robust strategies that include cross-disciplinary considerations.
  • Measure (know yourself): Quantify the potential financial impact of cyber exposures to compare against the level of risk appetite acceptable to the board. This will determine the amount of investment necessary to mitigate and transfer any residual risk.
  • Manage (know what you can do): Proactively manage cyber risks by having clear action plans based on your capabilities and capacities to protect against cyber criminals.

It is inefficient and impractical to expect organizations to be ahead of every threat, but organizations should at least be on par with the evolution of cyber threats while ensuring compliance with changing laws and regulations. While cyber attacks are inevitable, proper preparation is the essential element that sets resilient organizations apart from the rest in managing risk, minimizing damage, and recovering quickly from any incidents.

Cyber Risk: A Top Concern

Technology continues to play a profound role in shaping the global risk landscape for individuals, businesses, and governments. Risk experts around the world continue to rank massive data fraud and theft and cyber attacks as their greatest and most likely risks over the next decade, a pattern that is consistent with previous years. Most risk experts also expect cyber attacks to have a much greater impact through business disruption and the targeted theft of money, data and intellectual property. Our increased dependence on pervasive, integrated digital technologies also increases anxiety around cyber security.

Rapid Innovation

The pace of business innovation has been driven by technology and connectivity megatrends such as mobile, the Internet of Things (IoT), big data and cloud solutions. The adoption and use of mobile devices have surpassed that of desktops since the last quarter of 2016, with mobile traffic accounting for 52 percent of total internet traffic in 2018. While business benefits include greater convenience and productivity, the use of mobile devices for both work and personal reasons has blurred the lines between sensitive corporate and confidential personal data, which are increasingly exposed to weaker application security features, mobile malware and other vulnerabilities.

Pervasive, Sophisticated Technologies

A recent study by FireEye Mandiant revealed that cyber attackers have followed cloud-reliant organizations, such as software-as-a-service and cloud computing, into the cloud. Mandiant researchers observed an increased volume of attacks against organizations with access to vast amounts of personal and confidential data, such as cloud providers, telecommunications, and retail and hospitality. More than 730 investigations were performed by Mandiant experts globally in 2018, a higher volume than any year before and an increase of more than 30 percent over 2017.

Devious, Organized Threat Actors

The modern cyber risk landscape is rapidly evolving and populated by threat actors with a myriad of motivations and attack sophistication levels. The methodologies can vary from highly-targeted and deliberate, to mass-scale with self-distributing malware. Different threat actors also have different motivations and ambitions that can be uniquely destructive.

Motivations and methodologies of threat actors can also overlap with one another. In many cases, similar tools and techniques are used by different groups since those may be the only tools available. In some cases, state-sponsored actors may even work with hacktivists to carry out an attack. Some threat groups demonstrate increased determination by maintaining persistence in victims’ networks. Some APT attackers plan out their modus operandi and patiently pursue their goals over a long period of time—months or years—before they launch their attack. They rapidly adapt to a victim organization’s attempts to remove them from the network and frequently target the same victim again if access is lost.

After an organization has been successfully attacked, there is a higher probability of re-compromise. According to FireEye, globally two in three (64 percent) compromised organizations were successfully attacked again within a year. It is more significant in APAC where almost eight in 10 (78 percent) of compromised organizations are likely to face at least one additional significant attack over the next year.

Organizations that have been attacked should strengthen their cyber security defenses and close any identified gaps to mitigate risks; unfortunately, this doesn’t always happen.

MMC1

Data Sharing Economies

Data sharing is inevitable as we accelerate into the digital economy. Our growing interconnectedness is combined with a massive increase in velocity, volume, and variety of data shared across boundaries and jurisdictions. The accelerated digitalization of countries and industries amplifies the systemic effects from cyber attacks and increases the severity of successful cyber attacks.

With the advent of digital and transformative technologies that change the nature of business, policymakers are challenged to maintain the robustness of cyber laws and legislations. The anonymity of the Internet further ensures little or no risk of repercussion for cyber criminals.

According to FireEye CEO Kevin Mandia, ”We are on a slippery slope in terms of frequency and seriousness of cyber attacks” and it is likely to get worse unless serious consequences can be put in place for criminal behavior.

Although cyber regulations have lagged behind evolving cyber threats, the past years have seen a substantial increase in new cyber laws and other regulatory schemes, and this is expected to continue. Most regulatory schemes aim to protect data and privacy and fulfil notification obligations by breached organizations, but disclosures and notifications are critical first steps to reveal the volume, frequency and complexity of breaches before data protection and privacy can be further improved.

Complications That Impact Cyber Resilience

In an increasingly complex business and cyber landscape, organizations encounter greater challenges when trying to balance their business resilience and cyber security priorities.

Between 2016 and 2018, the rate of growth for internet users was 10 times faster than the global population. Correspondingly, the surface area for attack has expanded exponentially. The exposure is estimated to impact up to six billion internet users by 2022, approximately three-quarters of the projected world population. Increased connectivity coupled with the expanded adoption of mobile devices makes building cyber security defenses much more challenging since every employee or web-connected device now represents a potential vulnerability.

Underlying Trends Impose Additional Layers of Fiduciary Responsibilities

Rapid digitalization amplifies the systemic effect of cyber threats, which leads to more cyber regulations and policies. In addition to safeguarding the interests of individuals and businesses, governments and policymakers also aim provide a conducive and well-regulated environment to develop transformative technologies to spearhead their respective digital economies.

Unsurprisingly, their business models are impacted by new cyber laws and regulations. As these laws are introduced, revised and enacted, companies can find themselves in a continually reactive state when attempting to comply with changing policies. Organizations with operations across national boundaries face additional compliance costs as they attempt to navigate diverse regulations in different jurisdictions. While GDPR has led to the convergence of cyber security and data protection laws in the EU, cyber regulations in other parts of the world remain largely localized and diverse.

Re-Thinking a Cyber Resilient Culture

To reduce our growing vulnerability to humanenabled cyber threats, workplace culture needs to change. The outlook, attitudes, values, moral goals and legacy systems shared within an organization have a direct impact on how cyber threats are perceived and managed. While cyber security involves many different technical and information solutions, necessary defenses and resilience cannot be fully achieved without the right mindset.

To establish a cyber resilient culture, everyone in the organization—from executive leadership and management to data analysts and salespeople—have an equal and important role to play in defense.

Through social engineering, threat actors increasingly exploit individuals as the weakest link of the cyber security chain. Therefore, cyber security and resilience must begin with the individual. Although Finance or HR departments may be primary targets for potential access to sensitive information, other executives and employees may also be targeted to gain network access.

How To Line Up Your Defense

Given the reality of the cyber threat landscape, you need to determine the tools you need to mitigate and respond to inevitable cyber attacks. Unfortunately, while both the aggressiveness and sophistication of cyber attacks have accelerated, defensive capabilities have been relatively slow to evolve and respond.

MMC2

Darren Thayre, Partner in the Digital, Technology and Analytics Practice for Asia Pacific at Oliver Wyman, mentioned that typical cyber security discussions are often absent when organizations initially strategize on cloud implementation, a process normally driven by developers or infrastructure demands.

Many victim organizations and those working diligently on defensive improvements still lack the fundamental security controls and capabilities to either prevent breaches or to minimize the damages and consequences of an inevitable compromise.

Based on trend observations, Kelly Butler, Head of Cyber Practice, Pacific, Marsh, stated that while security remains important in the 2019 cyber landscape, it is becoming more about resilience.

Organizations must maintain a posture of continuous cyber resilience to prepare for and adapt to the changing threat landscape and recover from the disruptive attacks. Otherwise, they risk facing significant gaps in both basic security controls and—more critically—visibility and detection of targeted attacks. The saying goes, “what gets measured, gets managed,” but you can only measure what you understand.

Understand Cyber Risks from a Business Perspective

Cyber risk is now at the forefront of most corporate risk agendas. Organizations are increasingly looking to understand and assess the nature and extent of their potential cyber-related losses—a necessary first step to mitigate those losses.

A cyber defense strategy delivers substantial benefits for both the senior management and the organization, especially when the strategy and associated action plans are mandated from the top and prioritized with the necessary investments and budgets. A proactive cyber defense strategy demonstrates to regulators that the organization takes cyber risk management seriously and has clear priorities in place.

A cyber security strategy is how you direct and focus the creation of an actionable roadmap and build a comprehensive cyber security program. This process allows you to clearly link gaps identified in the program assessment to your organization’s cyber security investments. However, developing a fit-for-purpose strategy and obtaining buy-in for the cyber security program from senior management can be difficult.

MMC3

After you understand cyber risks from a business perspective, you need to identify how much cyber risk is acceptable (to be absorbed) across your entire organization. This baseline helps make decisions related to cyber risk and implement controls.

For example, you can use a structured methodology to determine your organization’s cyber risk appetite. Ideally, you should break down and prioritize your cyber risk appetite, and the metrics you need to inform and measure the risk appetite. Later, you can develop recommendations regarding governance and operating model requirements, which in turn will determine and influence corporate decisions with respect to cyber security investments.

MMC4

After you assess the amount of acceptable cyber risk, work to quantify your potential cyber risk exposure. Measure its financial impact to inform the business case for cyber security investments as well as cyber insurance that can mitigate or transfer risk.

Quantification determines nature and extent of risk impacts for different threats and scenarios. However, boards and senior executives often struggle to clearly and comprehensively gain a current understanding of their organization’s cyber risk profile.

MMC5

The increase in awareness, cyber data breaches and adoption of cloud-based services are a few of the factors that drive the growth of the cyber insurance market, while high costs inhibit growth. High premiums can be effectively overcome by systematically and clearly understanding organization-specific cyber risks to lower risk exposure and enhance risk profile. For example, the use of data analytics to quantify risk exposure and underwrite cyber risks has proved to drive more efficient and effective risk profiling and provide more accurate policy coverage.

MMC6

With an internally aligned cyber risk strategy and adequately measured risk exposure around expected losses due to cyber attacks, organizations can better insure and secure stronger financials to respond and recover from an incident. An incident response plan requires the support of proper security technologies and expertise. At a minimum, a response plan requires full view of IT assets, strong detection capabilities, clear roles and responsibilities and fast reaction times. The plan must also be regularly practiced through drills to ensure that personnel know their roles and to track and record various metrics that measure their performance. Frequent testing can help identify areas for improvement and provide opportunities to continually refine processes and protocols.

Click here to access MMC-FireEye’s Report

Moving from best to better and better – Business practice redesign is an untapped opportunity

Under mounting performance pressure, many corporate leaders are looking to business process reengineering to improve performance, and in many ways that makes sense after all, processes give shape to an organization and are often useful for coordinating routine flows across large organizations. The routine work of a company should be done as efficiently as possible, which increasingly means incorporating automation.

But organizations may be missing a much greater opportunity to improve performance.

Here’s the thing: Much of the work of many organizations today—at least the work that typically offers the potential for differentiation—is no longer routine or even predictable. When conditions and requirements shift constantly, processes fail. While process optimization can still certainly help

  • reduce costs
  • and streamline operations,

leaders should consider a different kind of organizational rethinking for significant performance improvement. And in an environment of accelerating technological advances and rapid and unpredictable change, constant performance improvement is a must. Competition can come from anywhere—doing well relative to the competitors on your radar isn’t enough. Many barriers to competition are falling, and many boundaries, between industries and between markets, are blurring.

  • Consumers have more access to information and alternatives than ever, along with a coincident increase in expectations.
  • Workers have more access to information and alternatives—and increased expectations.

At the same time, many employees, in all kinds of environments, face increasing pressure to reach higher levels of individual performance. The useful life of many skills is in decline, creating a constant pressure to learn fast and reskill.

Many companies have struggled to effectively respond to these pressures since long before the Internet of Things and cognitive technologies added new layers of complexity. The average return on assets for US companies has declined for the past several decades, and companies find themselves displaced from market leadership positions more often than they used to. While the price-performance improvement in the digital infrastructure has increased exponentially, most companies are still capturing only a small fraction of the value that ought to be available through the technologies built on this infrastructure. Existing approaches to performance improvement appear to be falling short.

It begs the question: In a world of digital transformation and constant change, what does performance improvement mean? Many companies suffer from at least one of three broad problems that can misdirect their focus:

  1. Thinking of performance improvement too modestly. Leaders often think of performance advances as discrete, one-time jumps from A to B, or even a series of jumps to C and D. The initiatives that typically generate these bumps are similarly construed as pre-defined, one-time changes rather than as unbounded efforts that have the potential to generate more and more improvement. As we discuss in more detail, not only do most companies need to continually improve their performance— those that don’t start accelerating may fall further and further behind and become increasingly marginalized. Accelerating improvement, then, should be a goal of operations, not just one-off initiatives.
  2. Thinking of performance improvement too narrowly, focused only on costs. Process dominated much of performance improvement efforts for the past several decades, focusing largely on the denominator of the financial ratio of revenues to costs. But costs can be cut only so far, and technology-based process efficiencies can be quickly competed away, especially at a time when the changing environment and shifting customer expectations are making many standardized processes quickly obsolete. Further reductions can become harder to achieve and have less impact. The relevant performance might be more about an organization’s ability to create significant new value. Workers across an organization regularly encounter new needs, new tools for meeting needs, and opportunities to identify new ways of delivering more value and impact in multiple dimensions, including helping other parts of the organization generate more value. The potential for value creation isn’t confined to certain roles or functions, and is bounded primarily by an organization’s ability to create new knowledge and creatively address new problems. Focusing on new value creation may be the key to getting on a trajectory of accelerating performance improvement. Doing so would require an organization to move beyond efficiency and standardization and begin focusing on cultivating the behaviors—such as experimentation and reflection to make sense of what has been learned—associated with new value creation.
  3. Thinking of performance improvement at the wrong level. Most organizations manage performance where they measure it—which is to say where they have data: broadly, for the department and organization, and narrowly, for the individual. Both levels can miss where work, especially value-creating work, increasingly gets done: in groups. As a result, organizations can miss the opportunity to shape how work actually gets done. Focusing on performance where it matters most to the organization’s work might be a key to having a significant impact on the performance that matters.

The imperative to act seems simple: Today’s environment seems to offer no reprieve, no stabilization that gives us a chance to catch our breath and say, “OK, now we’ve got it figured out.” The methods and processes that led organizations to great success in the past seem to no longer be working. For sustained performance improvement, companies may need to change their focus and look in new directions.

Deloitte 1

Deloitte 2

Deloitte 3

Click here to access Deloitte’s detailed study

The Digital Business Imperative

Don’t Build A Digital Strategy; Digitize Your Business Strategy

Digital fundamentally changes your relationship with your customers. You can’t address this change with a bolt-on digital strategy that adds an app here or a site there. To remain competitive, you must re-engineer how your business creates value for your customers in the digital age.

Digital Has Changed Your Markets
Your customers aren’t who they used to be — they haven’t been for quite some time now. Digital touchpoints permeate every aspect of your customers’ lives — how they watch TV on Netflix, how they research new products on their smartphone, how they check their balance on PayPal, or how they review their stay on Airbnb. Business buyers expect automated service, tap communities for insights, and want services with apps attached; they’re even more digital than consumers are. Digital has transformed the market context for every business, and the pace of change is accelerating.

Digital Has Changed The Way That You Operate
Digital has transformed more than your channels and customers. It also disrupts you from within, changing the way that you do business. Digital not only accelerates the pace of change but also brings new opportunities for firms that can embrace the technology fast enough. It speeds time-to-market, reduces costs, and unlocks new revenue streams. There’s a reason why manufacturers ABB, Schneider Electric, and Siemens spent a combined €8 billion on acquiring software assets to help clients design, manage, and optimize complex industrial operations like power grids more effectively.

Use Digital To Help Customers Get To The Outcomes That They Desire

Re-envision your business not as a set of products and services but as part of the personal value ecosystems that your customers assemble according to their needs and desires. Learn to increase value by expanding your company’s role in your customers’ personal value ecosystems.

Digital Operational Excellence Increases Business Agility

Digital business isn’t just about customer experience — it’s also a way to drive operational agility. Digital operations can increase speed-to-market, make employees more productive, promote leaner processes, and maximize asset utilization.

Digital Dimensions

 

Click here to access Forresters’ detailed study