July 15, 2009

Quite some time ago, I wrote a blog post about my pinky finger, which was shattered by an opponent's stick during an ice hockey game a couple years prior. I discussed my experiences dealing with the various doctors and physical therapists I worked with to repair the valuable appendage and how an EHR of some sort could have helped streamline the process.Just a few days ago, I again found myself using that old injury as way to relate back to a common insurance technology issue. I was discussing IT security with a friend of mine that works for an IT security software vendor (he also happens to be a hockey teammate of mine).

My friend isn't a sales associate but he does work in an IT capacity as part of the sales team. As such, the company expects him to have a certain understanding of the company's sales approach and its differentiation points. Sometimes, they ask him to present a hypothetical sales pitch to an internal team, just so he can exercise his sales muscles. Recently, he was asked to come up with a sales pitch targeted for an insurance carrier.

So, after our last hockey game, my friend asked me a few questions about the industry. Then the conversation turned to metaphors and ones that might describe how insurers react to IT security issues. I immediately thought of my poor little pinky.

The reason I got hurt in the first place, from one point of view, was that an opposing player slashed my hand. But from another perspective, the reason I got hurt was that there was a hole in my glove. Had it not been there, my hand would have been protected and while I'm sure the slash still would have hurt, I doubt it would have required surgery, or even for me to leave the game.

After I recovered from the surgery and rehabilitated my hand, I bought brand new hockey gloves -- I had learned my lesson, but I had learned it too late. Some insurers, though certainly not all, take a similar approach to IT security as I did to hockey equipment. Rather that being proactive and indentifying possible weaknesses in protection (like, you know, a giant hole in one of your most important pieces of protection), we only react and fix gaps in protection that have already been exposed. It's no way to treat your body and it's no way to run a business.