How insurers can transform by adopting public cloud

Though the public cloud is seen as a strategic business priority, the responsibility to define and execute the adoption strategies lies in most cases with the CIO or is co-owned by the CIO and CTO. Similarly, public cloud adoption is sponsored by IT for 75% of respondents. Only 6% of the survey participants said that cloud adoption strategies are owned by the business or the CEO.

While nearly half the respondents are currently operating on cloud technology, just more than half of those (56%) have defined success criteria for public cloud adoption (e.g., increased availability of services). That number drops to 33% among small and medium-sized insurers. Only 51% of respondents that believe public cloud gives an advantage over competitors have defined success criteria. While these findings suggest that insurance executives intuitively understand the compelling business case, clearer success metrics aligned to objectives must be a priority. EY’s market experience confirms the lack of clear metrics, as well as their value for firms that have taken the time to clearly define them.

Where success criteria exist, they are mostly related to cost reduction, particularly the reduction of run costs and operational expenses due to reduction of complexity, as well as speed to market (from business idea to realization). Technology-related criteria also include the number of decommissioned legacy systems, the number of applications moved to the cloud and workloads counting in public cloud. Given the business objectives most organizations are aiming to realize, senior business leaders should be actively involved in the execution of the public cloud adoption.

IT and the business should be aligned and work closely together, particularly in defining criteria to measure the success of public cloud implementation and operation. Such metrics should be directly linked to the top business objectives. Additionally, boards must become more knowledgeable on cloud technologies (and technology in general) as the industry becomes more tech-enabled and data-driven.

Public cloud adoption is still in its infancy among most European insurers.

• 52% have migrated less than 10% of their operations to the public cloud
  
• 19% have migrated between 10% and 20%
  
• 29% have migrated 20% or more
  
• Only 7% have migrated 90% or more
  

Among those insurers that have moved 90% or more, the priorities have been:

• Human resources, based on the availability of market-leading SaaS solutions for mainly transactional workloads.
  
• Capital management, risk management and asset liability management (ALM), due to regulatory requirements regarding model calculations.
  
• Underwriting, product and pricing, finance and accounts, largely because of the processing power necessary, particularly for AI usage.
  

This limited adoption sets the stage for dramatic growth in the coming years: 49% of respondents say their companies have plans to move 80% or more of their business to the public cloud. Roughly 10% of surveyed insurers plan to move just 10% or less. To achieve these ambitious goals, insurers must navigate a few critical challenges. Culture change was cited by 66% of respondents as a top-four challenge. Lack of knowledge and experience related to public cloud transformation and operations was named by 54% as a top-four challenge, but it was most frequently named as the number-one challenge.

Interestingly, life insurers are evenly divided on the question of whether regulatory compliance is a challenge. About half of respondents named it as their number-one challenge; the other half said it was not a challenge at all. Large insurers view costs as less of a challenge than their small and medium-sized peers.

Insurers clearly recognize that a holistic view on cloud transformation is key to success. Transformation is more than simply lift and shift legacy IT systems. Insurance executives should understand the current state of the existing IT landscape, including current run costs, the scope of investments to modernize key systems, and the cloud readiness of existing applications. With such insight, they can shape a clear strategy for using the cloud-native services to enable the business and execute against core objectives. Cloud strategies must avoid replicating the existing IT environment within a different set-up. Thoughtful change management and increased technical knowledge are also necessary to address all of the people, process and technology implications.

Just as insurers have differing objectives, products and operational footprints, they embrace different cloud strategies and models to achieve them. Two-thirds of insurers include hybrid models in their public cloud adoption strategies. About a quarter, 24%, will not consider a hybrid model and the remaining respondents either don’t know it or have not yet decided on their strategy.

Increased flexibility, complexity of existing platforms, agility, innovation and cost were all cited as reasons for using hybrid cloud models. Almost three-quarters of the companies that plan to adopt hybrid cloud models expect to use more than one public cloud provider, while 25% plan to combine three or more cloud providers.

Three in ten respondents referenced plans to move 100% of their infrastructure into public cloud environments. Respondents said that legacy IT infrastructure, lock-in periods to existing systems and technology, and regulatory considerations were barriers to full-fledged public cloud adoption. In some cases, respondents explained that it was impossible, largely for technical reasons, to migrate all applications to the cloud or do so all at one time.

Cited by 59% of respondents, data security risk is the most serious concern for insurers moving their business to the public cloud. Compliance risk (44%), regulatory risk (43%) and people, and skillset risk (33%) were other common concerns. Small insurers seem to consider compliance risk to be more important than larger firms. Third-party services risk and service-level performance risk are not considered major concerns, suggesting that insurers have a high level of trust toward the public cloud providers.

This trust in cloud providers’ performance is also reflected in the challenges cited by respondents, who mentioned mainly internal challenges, such as cultural change, legacy systems, and internal knowledge and capabilities. Only 30% of the insurance companies in Europe are concerned about the US Cloud Act, perhaps because cloud providers were transparent in addressing this topic and the sense that this residual risk is manageable. Cloud providers’ robust key management functions, including customer managed encryption keys, may also provide confidence.

In terms of specific regulations that are on respondents’ radars, the General Data Protection Regulation (GDPR) and country-specific or regional rules are the top concerns, cited by 91% and 87% of respondents, respectively. 

Beyond clear business objectives and requirements, defining the right strategy starts with a thorough analysis of legacy environments and a full assessment of the cloud readiness of existing applications. A plan for cloud provider management should be considered critical as well, given that most insurers will use multiple providers. A cloud target operating model (including security operation) and a central, multi-cloud management platform should factor in cost management, performance management or Infrastructure as Code (IaC), which can help simplify the orchestration of infrastructure.

According to survey respondents, the following are among the top-three cloud initiatives for the one to three years:

• Execute on our public cloud roadmap: 49%
• Build new public cloud native digital applications: 39%
  
• Migrate legacy systems to the public cloud: 36%
  

Most insurers want to execute their public cloud roadmap. However, there is also a substantial portion of respondents who want to develop a public cloud strategy as their number one near future initiative. 85% of the insurance companies who have the execution on the public cloud roadmap as one of the top 3 priorities confirmed to have higher investments in the future. However, there is also a substantial portion of respondents citing the development of a public cloud strategy as their top near-term initiative. Our initial analysis shows that 80% of insurers that only offer life insurance have the execution of public cloud roadmap in their top-three public cloud initiatives, much higher than insurers that operate in other lines of business (e.g., non-life and health).

The second priority, building new, cloud-native applications, requires extensive technical knowledge. Insurers must be prepared to build capabilities in serverless computing and Infrastructure as Code (IaC), for instance, if they are to deliver on these initiatives.

Almost 40% want to migrate legacy systems to the public cloud, which might require a rethinking of the strategy to benefit from cloud-native services. Large insurers comprise 80% of this group, which is not surprising given how legacy constraints limit digital transformation efforts.

To deliver on these priorities, two-thirds of insurers have designated a team for the migration or planning of public cloud adoption. About one-fifth of insurers do not have a dedicated cloud adoption team or cloud transformation office (likely because they outsource to or are advised by external parties). Interestingly, 85% of insurers without a designated team for cloud migration also have not defined success criteria to measure effectiveness of public cloud adoption. Conversely, of insurers with dedicated teams, 60% indicate that they have defined success criteria. The presence of designated teams and criteria are clearly markers of maturity. In EY’s experience, designated cloud teams (Cloud Competence Center) and/or strong cloud program offices are essential in that they provide a bridge between business and IT and help keep projects on track and aligned to success criteria. They can also help attract new talent, including in-demand cloud-native skills, and to manage change.

Most insurers, regardless of type and size, are allocating relatively small percentages of their IT budget to public cloud services today. Of course, the vast majority – 88% – are planning to significantly increase their investments in public cloud services in the next one to three years, in line with their bold goals.

Survey respondents clearly indicated that increased use of cloud-native services was the most likely cause for higher costs, especially relative to easily accessible PaaS services. The implication is that the cloud business case should be built more around greater business value rather than on cost reductions.

Most respondents (80%) expect cloud migration to produce an operational break-even within four years, with only a quarter (27%) expecting it within two years, along with operational cost savings of between €5m and €10m overall. 

Lessons learned by early adopters of public cloud technology confirm that robust cost management frameworks are necessary to realize the business case and these financial outcomes. They can also help in controlling the deployment of new cloud services, defining key performance indicators and smoothing the transition from a focus on capital expenditures to an emphasis on operational expenditures.

The COVID-19 pandemic reiterated the importance of resilience to insurance companies. Certainly, they are looking to the public cloud to build on those gains; 92% of respondents said increased business resilience and availability is a driving factor for public cloud adoption. To achieve it, 69% plan to use “multi-region” (33%) or “multi-zone” (36%) clouds to boost business resilience and availability. A quarter of those companies planning to use a “multi-cloud” model (deploying the same services on the different cloud providers) consider vendor lock-in as a minor risk.

Finding the appropriate approach for resilience and availability is not a decision driven exclusively by cost or technology considerations (e.g., the current IT architecture and operations model). Regulatory requirements (including data localization requirements for specific countries and the possibility of storing and processing data abroad) play a critical defining role. Options from cloud providers are another factor. For instance, a cloud provider with only one data center in the country might limit themselves.

Based on the research results and EY professional’s direct engagement with many leading global insurers, we recommend the following actions for those firms that want to make the most of their investments in the public cloud by taking a holistic approach:

1. Infuse the board and business leadership with cloud knowledge:

As insurance becomes more tech-enabled and data-driven, leaders need deeper and broader understanding to make better decisions and be more fully engaged with IT.

2. Conduct readiness and maturity assessments:

A strong business case starts with a clear sense of current gaps and the best future opportunities. To assess cloud applications, embrace the 6Rs methodology (re-host, re-platform, re-factor/re-architect, re-purchase, retire, retain) to determine the best path forward.

3. Build holistic cloud strategies based on business value created:

Digital transformation is not about achieving the lowest possible cost base, but rather more efficient operations, richer customer experiences, stronger engagement and, ultimately, increased profitability.

4. Define clear success criteria aligned to business objectives:

Embedded metrics must be used to track progress at every step of the public cloud adoption journey.

5. Establish a cloud competence center:

An empowered central team can help develop internal cloud capabilities, keep key initiatives moving forward and foster the necessary culture change.

6. Involve legal, risk management and compliance teams, as well as regulators:

The sooner the potential details and roadblocks are identified in the cloud transformation process, the less likely roadblocks will emerge.

7. Embrace robust change management:

It takes more than the migration or replacement of legacy IT systems for successful public cloud adoption. Effective change management and strong leadership are also essential.

8. Prioritize data security and risk management:

Conducting a cloud risk and security assessment at an early stage can help establish a strong cloud risk management framework.

9. Design a target operating model for the cloud:

A cloud provider management framework is critical when managing multiple providers and ensuring effective long-term governance.

10. Formalize a cost management framework:

Lessons learned by early adopters of the public cloud confirm that robust cost management frameworks are necessary to realize the business case and can also control the deployment of new cloud services.

The cloud in context: converting potential to value

The future for those insurers that can master public cloud adoption looks bright. Powered by advanced data analytics and AI, leading insurers can greatly increase their capacity for innovation and accelerate their speed to market with new products and solutions. According to EY NextWave Insurance research (pdf), the most successful will be able to position as trusted “life and wellness concierges,” increasing customer retention by 30%. 

In our survey interviews, we learned that leading organizations are already investing heavily in these key areas. They have more than tripled their overall tech spend (pdf) and are looking to derive much greater value from their data assets. Survey respondents believe that technologies that generate deep insights and predictive power will provide the greatest near-term impact. Their interest in robotic process automation (RPA) and intelligent automation implies that they are looking to empower workers to focus on higher-value tasks, rather than transaction processing. Similarly, they are adopting AI, machine learning and advanced analytics for more predictive insights and better anticipate emerging trends and opportunities. 

It’s no surprise that insurers are looking for such transformative benefits by adopting public cloud models. The technology certainly has such potential. The differentiator for tomorrow’s top performers is their ability to convert that potential into tangible and sustainable value.

Special thanks to EY’s Yash Ghogre, Manager, Consulting, Ernst & Young LLP and Oedger Meijborg, Senior Manager, Consulting, Ernst & Young LLP for their contributions to this article.