With 2025 fast approaching, the New Year will bring new opportunities. Here, Stuart Favier, Client Manager at Northdoor plc looks at the key technology trends that organisations will need to explore in 2025.
This high-level overview discusses the most important trends to watch out for in the coming year, helping tech leaders navigate these challenges to shape the future of their organisations using improved adoption, integration, and optimisation.
Lloyd’s Blueprint Two and the London Market insurance sector
Lloyd’s Blueprint Two will continue to dominate the London Market insurance landscape in 2025. However, the launch date of phase one of Blueprint Two digital services (including the Digital Gateway) is still unknown, following a number of setbacks and delays experienced on the project.
Blueprint Two delay
Blueprint Two is a multi-phased digital transformation that will replace and upgrade existing services with a new digital platform. The new platform will support processing services for open market and delegated authority business and will be delivered in two phases.
The delay is due to challenges with testing, including onboarding and integration issues, with Lloyd’s and Velonetic wanting to ensure a secure cutover and market readiness.
The delay will give the market more time to prepare for a successful cutover to phase one and a longer planning phase for the larger, more complex phase two changes. The insurance sector needs to view the delay as an opportunity to continue their digital transformation efforts rather than seeing it as a reason to pause. For companies that have unique requirements and may face significant challenges, third-party IT consultants can help with a full digital integration and making the necessary changes in this extended time period.
Navigating the challenges
For many, adopting Blueprint Two is a daunting and expensive task. Third-party IT consultants can help organisations to find an alternative approach to compliance, by implementing solutions that enable London Market carriers to conform to the Blueprint Two back-office message changes immediately, without the need for a complete digital transformation.
These types of solutions offer minimal operational, process, and IT changes. Organisations are not compelled to go fully digital in a set timeframe, instead transitioning at their own pace, whilst still being able to access to the data within full digital messages.
Data breaches in the insurance sector
The insurance sector is facing an increasingly complex sanctions landscape. Banks are being asked to keep constantly up-to-speed with changing sanctions lists. It is also clear that the FCA is policing and enforcing the sanctions stringently.
For example, Starling Bank has been fined £29m for failings in financial crime systems, which saw the bank open 54,000 accounts for 49,000 high-risk customers between September 2021 and November 2023. This shocking figure comes at a time when sanctions are at their most extensive and being policed more closely than ever.
This massive fine needs to act as a wake-up call for the insurance sector. Sanctions and watch lists are huge and ever-changing, so ensuring that you are adhering to them is a complicated and time-consuming task. Monitoring these lists manually is no longer a viable approach. Third-party IT consultants can help the sector to implement technology to automate this process, saving time and improving accuracy.
Staying secure in 2025
Cyber threats will be on the rise in 2025, and these threats are now fuelled by innovative tools, many utilising AI, meaning the tactics threat actors deploy have become increasingly sophisticated. This means organisations will be required to balance the need to protect themselves with investing in costly cyber protection.
Organisations of different sizes will also have varying cybersecurity requirements. While still being a target, an SME or startup may not need the extensive security infrastructure a large, multi-layered enterprise would. This means there is no ‘one size fits all’ solution for any business.
Third-party IT consultants can help insurers to implement the correct level of protection for them. Solutions such as Managed Detection and Response (MDR), Managed Risk, Managed Cloud Monitoring, Managed Security Awareness and Security Operations as a Managed Service will be crucial to securing security posture in 2025. Third-party IT consultants can provide 24×7 tactical coverage and ongoing strategic security recommendations, acting as an extension of an organisation’s internal team to improve its security needs.
Digital Operational Resilience Act
The Digital Operational Resilience Act (DORA) is due to come into force from January 2025. It applies to: banks, insurance companies, investment fund managers, e-money institutions, crypto-asset service providers, crowdfunding platforms and investment firms. Some of the provisions of DORA also apply directly to certain ‘critical’ third-party Information Communication Technology (ICT) service providers, while all ICT service providers that work with the financial sector are expected to adhere to compliance regulations. DORA focuses on boosting business resilience to technology-related risk, such as disruption to operations and data loss that can be caused by cybercriminals.
Third-party security risk management
With ever increasing regulatory requirements (such as DORA), third-party security risk management will be crucial for the insurance sector in 2025. Third-party security risk management is used to continuously monitor external data feeds or monitor third-parties for changes in risk or performance. It can be used to identify high-risk third-parties or suppliers that pose the greatest risk to an organisation.
Third-party security risk management is vital to any insurance organisation to identify cybersecurity risk, such as a third-party data breach, phishing attack, or ransomware attack. It can also be used to identify operational risk, where a third-party could be disrupted by a natural disaster, political conflict, or cybersecurity attack. It can also identify financial risk, where a poorly managed third-party supply chain could lead to a financial threat for an organisation.
Third-party IT consultants can help
Third-party IT consultants have the expertise to ensure that organisations have the security requirements to be compliant with the new regulations, regardless of whether they are based in the UK. By implementing a detailed and comprehensive framework around compliance and cybersecurity resilience, third-party IT consultants can safeguard data, protect against financial and operational damage and guarantee compliance.
Third-party IT consultants can implement a robust third-party security risk management strategy which includes: categorising and profiling each of the third-parties connected with your organisation, as well as identifying any fourth or fifth-parties that are connected to these third parties and rank them accordingly. Third-party IT consultants can create documents and questionnaires in line with DORA standards and monitor fourth and fifth-party ICTs and report any incidents to the Supervisory Authority (SA).
Continuous Innovation
Continuous innovation will be essential for the insurance sector in 2025. In 2024 we have seen organisations increasingly waking up to the benefits of technology, not only from a business perspective but from a regulatory one. Security Operations as a Managed Service (SOC-as-a-service) and Third-Party Security Risk Management implemented by third-party IT consultants can help meet regulatory requirements (such as DORA) as well as protect business interests.
Integrated systems
Integrated systems and Artificial Intelligence (AI) will be high on the agenda in 2025. The insurance sector will need to look at implementing a range of ecosystems that talk to each other via Application Programming Interfaces (APIs). API integrations are the data connections that allow multiple applications or services to communicate with each other through their respective APIs. Without these integrations, the different applications, microservices, micro apps, and Software-as-a-Service (SaaS) platforms that make up larger IT ecosystem would be unable to communicate and interact.
Successful API integration is more than just connecting two systems; it requires strategic planning, careful execution, and ongoing management. Third-party IT consultants can ensure that API integration projects in the insurance sector are successful by using scalable API management solutions that facilitates the sharing and accessing of data and functionalities across various platforms.
Artificial Intelligence
AI technologies will continue to progress in 2025. According to Forrester, organisations have been drawn to AI implementations via the allure of quick wins and immediate ROI, but that led many to overlook the need for a comprehensive, long-term business strategy and effective data management practices. In short, there is no shortcut to AI success.
Despite this, Forrester predicts that 2025 will be the year businesses start to demonstrate ROI and concrete value from AI initiatives. When it comes to AI in automation, the key to success will be balancing AI innovation with the scale and reliability of traditional automation tools and methods, all supported by third-party IT consultants.
Be the first to comment