Third-party IT consultants to assess where organisations stand in the transition process
By Stuart Favier, Client Manager, Northdoor plc
2023 was an important year for the delivery of Lloyd’s Blueprint Two, following its progression in 2022. The £300 million revamp project began in November 2020, with a roadmap detailing the digital solutions Lloyd’s is looking to implement and how it plans to deliver support through the digital transformation process published in 2022.
The road to compliance
Initially, companies were presented with two options for transitioning to Blueprint Two. The first option, “Transitional Services,” allowed companies more time to shift to a complete digital offering as long as they were making progress in transforming their business. The second option was to embrace full adherence to Blueprint Two right away. However, the recent update from Lloyd’s of London has altered this onboarding process which has created an element of uncertainty.
Lloyd’s of London has announced scrapping the direct path to complete digital adoption. Instead, all companies must go through the Phase One period before proceeding to Phase Two. This decision was driven by the need to ensure that all companies, including the larger ones seemingly prepared for full digital integration, had made the necessary changes before fully committing to digital transformation.
The transition from legacy systems
In 2024 firms will need to start transitioning from systems using nearly 30-year-old technology to new solutions, with all companies moving to Phase One at the start of July 2024. Until recently, Phase Two services were going to be available from October 2024, however this has now been pushed back to April 2025 following a request from the LMA board.
This additional six months will help ensure Phase One services have been successfully adopted across the market, before a move to Phase Two becomes possible. The intention of the phased approach is to help those businesses that continue to rely heavily on legacy systems. Legacy systems make it difficult to stay competitive and offer an experience on par with the expectations of their customers. Many insurers are functioning on outdated systems, like old technology stacks and neglected architecture. While some insurance companies have followed the direct-to-consumer trend, many insurers haven’t begun modernising or don’t know where to start.
It has become increasingly hard to support these legacy systems and attract and retain large market segments with higher product expectations. Insurtech start-ups who have fully embraced a personalised digital experience are taking advantage and rapidly acquiring market share. New markets in other countries are also directly competing with the Lloyd’s market and like new insurance firms, these markets come digital first. The need to modernise the insurance industry is critical.
Third-party IT consultants can help address challenges
The insurance sector needs to work with third-party IT consultants to assess where they stand in the transition process and whether they are ready to embrace a full digital program or if it will take longer to move to Phase Two.
To address these challenges, some insurers can seek flexible solutions for a smoother transition to Phase Two. One solution involves implementing a “Phase 1.5” approach, where “full-digital” messages are converted into the format London carriers currently receive. This allows companies to meet the compliance requirements of full-digital without having to replace their legacy systems entirely. This minimises disruptions to business continuity.
Cyber Security issues impacting customers in 2024
The rapid advancement of AI technologies will enable attackers to create more convincing large-scale phishing and disinformation campaigns in 2024. Ransomware and extortion operations will also continue worldwide, with ransomware growth rising rapidly in 2023. Malicious threat actors will continue to compromise networks and steal sensitive data in 2024 due to the profitability of this enterprise. Threat actors will also increasingly target cloud environments to establish persistence and move laterally between hybrid or multi-cloud segments of victim environments.
The cost of a data breach
According to IBM’s 2023 Cost of a Data Breach Report, the global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over three years. 51% of organisations said they are planning to increase security investments as a result of a breach, including incident response (IR) planning and testing, employee training, and threat detection and response tools. With the average savings for organisations that use security AI and automation extensively is USD 1.76 million compared to organisations that don’t. Therefore, it is vital that companies act now in order to become cyber secure in 2024 and beyond.
Third-party IT consultants can help
In 2024, organisations will need to look to third-party IT consultants who can help them to implement cyber security solutions that enables broad visibility and works seamlessly with existing technology stacks. Using Managed Detection and Response (MDR), Managed Risk, Managed Cloud Monitoring, and Managed Security Awareness, all backed by third-party IT support. Third-party IT consultants can provide 24×7 tactical coverage and ongoing strategic security recommendations, acting as an extension of an organisation’s internal team to improve its security posture.
Key issues that will impact customers in 2024
Inarguably, Lloyd’s Blueprint Two will dominate the London market 2024, with cybersecurity resilience another critical topic. Migration from on-prem to cloud infrastructure will also pick up the pace next year, with previous developments in the field greatly advancing. Cloud migration has transformed conventional computing methods by offering flexibility in storage space options and offering huge cost savings. These advancements in cloud computing will be important for how organisations utilise technology in 2024. Keeping up-to-date with the newest trends and developments in cloud computing will become increasingly important.
How compliance regulations will impact your organisation in 2024
Businesses across sectors should consider the extent to which forthcoming new EU cybersecurity laws will apply to them. The Network and Information Security Directive (NIS2), came into force in January, but EU member states have until 17 October 2024 to implement it into national frameworks.
NIS2 strengthens existing cybersecurity requirements that organisations subject to the original NIS Directive currently face. Many organisations that are not in-scope of the existing rules will find that the new rules, which place a particular emphasis on board-level governance of cyber-risk and on ensuring appropriate standards of cybersecurity throughout the supply chain, will apply to them even in their organisations reside in the UK.
The Digital Operational Resilience Act (DORA) was finalised by EU law makers in November and is due to apply from January 2025. It applies to: banks, insurance companies, investment fund managers, e-money institutions, crypto-asset service providers, crowdfunding platforms and investment firms. Some of the provisions of DORA also apply directly to certain ‘critical’ third-party Information Communication Technology (ICT) service providers, while all ICT service providers that work with the financial sector can expect to adhere to compliance regulations. DORA focuses on boosting business resilience to technology-related risk, such as disruption to operations and data loss that can be caused by cyber-criminals.
Third-party IT consultants have the expertise to ensure that organisations have the security requirements to be compliant with the new regulations, regardless of whether they are based in the UK. By implementing a detailed and comprehensive framework around compliance and cybersecurity resilience, third-party IT consultants can safeguard data, protect against financial and operational damage and guarantee compliance.
