[For part 1 of this conversation, which discusses advancing e-delivery in the insurance industry,
INN: The industry is seeing all kinds of new developments with regards to distribution.
SG: Everybody has read about Google Compare, and Amazon, and many others -- even Microsoft could all get into the insurance business! We certainly recognize that. In the middle market, and particularly as you look at commercial lines, we're responding by doing some innovation of our own.
INN: Can you give us an example?
We talk about our USI ONE Advantage. The O stands for Omni, and Omni is something we have built. It is a proprietary knowledge engine that allows us to capture the intellectual capital of the best and brightest across USI and deliver the solutions for our clients directly out of that knowledge solutions engine. It's real-time. It's interactive. It's dynamic and evolving. And the output from Omni is customized for each client and their specific needs. It offers a pretty broad coverage of each business area and enables us to deliver actionable solutions with the real quantifiable financial impact to our clients.
The N is really about our network of local and national resources. USI is now more than 4,400 people networked nationally but we also have local and regional account teams that allow very hands-on service that we can deliver to clients.
The E stands for our enterprise. That's really about our team-based strategic planning process that we're using across USI. And so it's a planning process that's disciplined, focused and provides deep analytics that's kind of centered on the business issues and challenges for our clients.
INN: What are the business issues and challenges that your clients are facing?
SG: Companies are facing higher risks, higher exposures and the need to better manage those, whether it's the property casualty side of the house or the employee benefits side. One of the things that we're bringing to the employee benefits arena is, we're working with a company called Verisk Analytics. And Verisk -- in particular, their division Verisk Health -- is providing us with tools and resources that we use with clients to help them manage their employee population health through claims analytics. Innovation isn't always something that we develop in-house. Sometimes it's looking to companies, like Verisk, for tools and capabilities that they can bring to bear as well.
INN: What about cyber security?
SG: Cyber security is definitely top of mind. The nature of the attacks used to be a lot simpler. It used to be about viruses and worms and phishing and spoofing and DDOS (distributed denial of service) attacks. And now they're very new, multifaceted attacks from social engineering to ransomware to advanced persistent threats. They're very targeted. They're using your names and your titles and they look very professionals and things aren't misspelled like they used to be. So you get phishing attacks now that look, for all intents and purposes, very legitimate. That's even more concerning, because making sure that every one of your people is aware and sufficiently knowledgeable that they can determine what's real and what's not real in those scenarios.
INN: How do you combat this new reality?
We take a pretty layered approach to security. I look at it from the outside in; everything from what's happening with our physical security -- are the doors and locks and cameras all in place on our facilities? -- We then look at our perimeter, our firewalls and our routers. And what are we doing to make sure that nobody gets through there. We look across our network, both our wired network, our wireless network, and use multifactor authentication. We look at the data that moves across the network. Then we take a look at the endpoints, you know, all of the endpoints, whether they're on the network or what are we doing to monitor what's going on when they're off the network. Then we get a little more granular and we're looking at individual applications, and we're scanning code for vulnerabilities. We’re monitoring database activities. And we are understanding how those applications use data.
Then we look at the data itself. You know, what is it? Are we encrypting it? Are we disposing of it properly? How are we managing the data over its life with us? Then we wrap that in policies that help prevent the bad behaviors from happening at the outset. There are operations for continuous monitoring and the ability to respond if and when an incident occurs. That's the framework that I think about cyber security in. It's all built on a foundation of the NIST security controls and risk management framework.
Companies like ours find it a responsibility not just to educate and implement the layers of protection against the company assets, but I feel obligated to help train our employees to take this information home and start protecting their home environments as well.
