Why Legacy Technology Should Frighten the C-Suite | Riskonnect

Halloween is upon us, stoking scary visions of zombies, ghosts and haunted graveyards. But what’s really frightening is the everyday reality organizations face while using legacy risk management technology to manage their insurance policies, claims and risks in general.

The C-suite needs be well aware of how legacy technology is holding its business back, and understand that the potential damages of archaic technology far exceed “mere inconveniences” for employees faced with resulting cumbersome and inefficient processes.

In the spirit of Halloween, here are the top three frightening realities that stem from using legacy risk management technology:

Legacy System Fright #1: Heightened Security Risks

Data breaches are becoming the way of the world. Cybersecurity is consistently named a top risk for businesses, with cybercrime costing the global economy an estimated $445 billion annually, according to a report from the Center for Strategic and International Studies called, “Net Losses: Estimating the Global Cost of Cyber-Crime.”

Organizations that fall prey to data breaches can face huge losses in the form of compromised reputation, legal damages and declines in revenue and shareholder value. As such, organizations must look for ways to minimize the impact of a cybersecurity breach on their businesses—and deploying secure technology is one obvious solution.

But legacy systems of any kind—including those used for risk, insurance and claims—are often a deterrent to security, rather than a solution. First, they lack the additional security controls offered by more modern technology, including those that are cloud-based. Second, they often distract IT departments away from cybersecurity efforts because they must devote so much time to updating or patching countless applications in order for them to work on an internal server.

The right advanced risk management technology, however, will offer end-to-end security, including controls like:

  • Password policies that can be defined to fit client standards including timeouts, length, and password strength
  • Client defined/assigned security roles for users–down to the field level–to prevent unauthorized access to any part of your system including objects, reports, page layouts and views, and specific fields
  • Server protection at top tier data center facilities with adequate physical access controls  
  • Firewalls with tightly controlled perimeters, intrusion detection systems and proactive log monitoring
  • Third party validation services that attest to the secure nature of the software

Further, truly Integrated Risk Management Technology can actually consolidate or reduce the amount of applications being used (from enterprise risk management and Sarbanes-Oxley solutions, to claims management and compliance and regulatory management solutions, to health and safety management solutions)—creating tremendous efficiencies for the IT department.

Less time spent managing multiple applications might mean more time devoted to broader and more meaningful cybersecurity efforts. Plus, fewer applications likely means less risk of one or a multitude of those applications causing a breach or falling out of compliance.

Legacy System Fright #2: Low Quality Data

Data quality is top of mind for most executives as they want to avoid making and being held accountable for poor decisions based on erroneous or incomplete data. Still, in a recent KPMG study, 84% of CEOs indicated they’re concerned about the quality of the data on which they base their decisions.

Legacy risk management systems can contribute to this data distrust. Often, such systems are unable to seamlessly import or export real-time data, particularly in standardized formats that would make sense to any stakeholder across the enterprise.

In addition, data can rarely be integrated. This means different data sets don’t “talk to each other,” and changes to one set of data won’t be reflected in another set of data—even if the data is ultimately related and does in fact affect each other. It also means data typically must be updated manually or “re-keyed” multiple times.  

These limitations translate into “rear-view mirror data” at best, and entirely inaccurate data at worst. Either way, trends are difficult to identify, and confident decision-making is a struggle—whether that decision making is on behalf of risk, safety or claims managers, or the leadership overseeing their programs and initiatives.

Inaccurate and untimely data aside, legacy system data is also difficult to report—almost always necessitating the manual creation of graphs and charts from static data representing a fleeting snapshot in time. As such, creating reports is time consuming, and the data within those reports is further out of date by the time it reaches decision makers’ hands—also hindering confident decision making.

Conversely, Integrated Risk Management Technology can surface relevant risk information from wherever it’s hiding in an organization and analyze it, connect it with other internal and external data, and normalize it securely in the cloud. It also makes risk data dynamic—updated and visualized in real time. Questions can be asked and answered on the spot, in the same meeting, rather than weeks at a time elapsing while a new report is crafted. With such advanced technology, actionable intelligence is as easy to create as it is to consume.

Legacy System Fright #3: Unproductive Workforce

All too often, the benefits of employee engagement and productivity are considered “soft” or “intangible,” when really, hard costs and definite ROI can in fact be attributed to unproductive and productive workforces respectively.

For instance, investment in technology beyond a legacy system might seem like a “nice to have” from leadership, because of course, they want the best for their people. But when leadership only views such an upgrade as means to save employees from inconveniences—instead of as solution that will lead to cost cutting and revenue generation across the business—making the case for investment can be difficult.

A productive workforce is not employees just “whistling while they work” and pleasantly checking the boxes on their to-do lists each day. A productive workforce is innovative—in ways that technology cannot and never will be. Yet, to be productive, employees need the resources and tools to do the parts of their job that make them unproductive.

Look at it this way, the inefficiencies spurred by legacy systems can hinder IT from working on preventing security breaches, even though the hefty costs associated with a breach and its potential negative impact on any organization have already been discussed above.

Similar inefficiencies can also mean claims managers are spending more time processing claims than actually investigating them, hindering them from detecting expensive fraudulent claims or uncovering claims trends that could lead to a reduction in the frequency or severity of claims and associated costs.

The same could be said for risk and safety managers: Legacy systems might be forcing them to be reactive rather than proactive–resulting in heightened incident, insurance and legal costs to name a few. No…employee productivity is not just a feel good initiative. The costs of unproductivity are very real.

Integrated Risk Management Technology enables productivity, however–driving innovation by automating and streamlining administrative tasks so employees have more time to do higher-value work; as well as by supplying them with higher quality data and visibility into that data to improve decision making at all levels across the organization.


In conclusion, while the realities posed by legacy systems can in fact be frightening, advanced risk management technology now exists that can turn an organizational nightmare into a dream come true.


Request Your Free Riskonnect Demo

Pin It on Pinterest