How DevOps is shaping Financial Services #2: The challenges in insurance

Financial Services interview #1

In this series of blog posts, we speak with database professionals from Financial Services organizations around the world to better understand how DevOps is shaping the sector. On the way, we dig into key current factors including the rise of technology upstarts in fintech and insurtech, the speed of digital transformation and the ever-increasing threat of cyberattacks.

Next up, we speak with Ben Brown, Data Architect at the Lancashire Insurance Group, a provider of global specialty insurance and reinsurance products.

Can you tell us a little about your background in the Insurance sector?

It’s probably useful to respond to that by splitting the sector into its three broad segments because they’re quite different from each other.

Commercial Insurance, which is where I’ve spent most of my career, is where companies sell complex or high-value insurance policies to other businesses. They work together with other insurance companies, which are often their competitors, all the time. For example, an oil rig might get insured for $500m which is too much risk for any one company to take, so a single policy might get split across ten different insurers, all taking $50m each. They also do specialty insurance where you need very bespoke insurance policies for, say, a space shuttle launch or Mariah Carey’s voice.

Next, there’s Health and Life Insurance. There’s no NHS in the US and some of these companies are massive. For example, United Health Group in Minnesota has eight million customers, $280 billion in revenue and 380,000 employees.

Thirdly, there’s Consumer Insurance, also known as Personal Lines insurance These companies do car, pet, home insurance, etc, and sell directly to the public. That’s mostly done via the web and comparison websites, or through agreements with other businesses, like when you take out a mortgage with a bank and they sell you house insurance.

What do you think is the biggest challenge facing the sector at the moment?

I think all businesses are going to be affected by rising energy costs and wage inflation. In insurance, Consumer insurers will feel this more than the Commercial side as people are going to start watching every penny.

From a tech perspective, this will also dovetail with challenges in finding developer talent. Not only do companies want more developers to enable them to ‘go digital’, but the developers will also cost more in wages, and there won’t be enough to meet demand.

DevOps and an agile approach can address this issue by making your existing Dev teams two to ten times more productive. This is something that can be done in a sustainable way, rather than just burning them out, as I’ve personally seen. So instead of doubling the size of your team, you enable them to deliver twice the amount of value. Stripe’s Developer Coefficient study is a good, short document that matches what I’ve seen in the real world.

The Finance, Insurance, and Banking sectors have historically been slow in adopting new technologies and processes. What do you think has been the consequences of that, particularly in your role?

I actually think it’s a good thing that sometimes they are slow. Larger organizations embrace fads and new technologies more often than smaller organizations which are less speculative. For example, a fair few companies attempted to implement blockchain, introduce innovation labs and insurtech incubators, and explore Hadoop. But from what I could see these didn’t generate value and aren’t even discussed any more.

That said, the track record of Commercial insurance companies on execution is unbelievably bad. They will fail to deliver project after project, so even if they did embrace a new technology, it wouldn’t make much difference. It’s also interesting to see how people define ‘new’.

For example, SQL Server 2022 is a brand new version of a mature product with an amazing track record of delivering features that work really well, but I never see much drive to move to the latest versions of SQL Server. Compare that with immature products with a particular niche use-case, which get lots of attention!

Digital transformations have been at the top of many CTO to-do lists across all sectors. Is this something you’re seeing within the Insurance sector as well?

Absolutely. Every company I work with is always in some sort of transformation program whether it’s a Finance transformation, Agile transformation, or DevOps transformation. With regard to digital transformation where you change your actual business model to be digital-first, the issue Commercial insurance companies have is they are so inter-dependent on other insurance companies/brokers. They all pay into a market-wide fund to try and build solutions for everyone to use, spending huge amounts of money and making some slow progress, such as Blueprint Two from Lloyd’s, which aims to build the most advanced insurance marketplace in the world.

Simple data processing and reporting can definitely be internally transformed though, as most companies have tons of manual and Excel-based processes. Robotic Process Automation (RPA) got a lot of investment but relational database and reporting tools like SSRS would have done a much better job, as all the insurance software had SQL Server back-ends.

Given the rise of cyberattacks across the sector in recent years, what would be your advice for someone tackling compliance and security in their database processes?

My advice would be to do the basics, so if there was a problem you could demonstrate that you did something, such as:

  • Reducing your attack surface by simplifying your estate
  • Masking your lower environments
  • Automating the finding of vulnerabilities

Some Commercial insurers have a large amount of cyber expertise as they write a lot of cyber insurance, so they should play a part in risk management by, for example, advising their clients how to reduce their risk.

What is interesting is that there is a lot of talk about getting catastrophe, or CAT Modeling teams, to model cyber catastrophes, where one huge cyberattack affects thousands of clients. It’s a new type of risk so no one really knows how much it could realistically cost them.

There has been a rise of insuretech players entering the market who are quick to adopt new technologies and are able to adapt quickly to customer needs. How do you see this impacting across the industry, especially for larger, well-established organizations who have been slow to embrace DevOps?

Consumer insurance companies are probably more worried about new entrants because the public usually hate buying insurance as it’s so confusing, and you never actually expect to get a claim pay out.

For example, Amazon is now going into insurance. They already have millions of customers and will probably partner with an existing insurer in the background. Plus, they can soak up losses for years while they build market share.

Lemonade is the other famous one. It’s basically trying to do everything through a chatbot and getting young customers who will then buy different insurance products as they grow older.

For Commercial insurance, the insuretechs are trying to improve specific parts of the value chain rather than actually be insurance companies themselves. So, they aren’t really a threat, they are more of a benefit if anything.

Next steps

For further insights, read the first post in this series, How DevOps is shaping Financial Services #1: The role of governance.

You might also be interested in the insights revealed in Where Financial Services businesses should focus their digital transformation efforts in 2023, and the selection of resources on our Finance page.