View Only

The Top Digital Transformation Risks for Pools


Digital transformation is changing almost everything about pools and their operating environments. Those pools that successfully embrace digital transformation will be able to operate at peak performance. Pools that don’t will fail to meet members’ expectations.

It’s up to pool leaders to manage this transformation, and there are two dangers they should specifically avoid: The first is chasing too many ideas that all look to have value and getting nowhere as a result. The second is focusing on the wrong priorities and later finding that you accomplished your goals but, in the end, did not move your pool forward.

To provide clarity on where you might focus your efforts, we recently gathered a diverse, collaborative group of pool leaders and tech specialists to determine the most important digital transformation risks and opportunities for pools. The insights ahead are based on their discussions.


We define risks as characteristics, situations or dynamics that hold pools back in fully embracing digital transformation. The most important risks to address are those that would have a dramatic impact on pools, regardless of how likely they are to take place.

1. Cybersecurity Vulnerabilities

Cyber events create both financial and reputational risks that could be difficult to remediate. To prevent such events, pools require robust cybersecurity skills, internal threat management programs, and effective, mature cyber incident response plans.

Although pools have a role in helping protect public entity members from cyber risks, in this case we are talking about the cyber liability risk a pool itself holds.


  • Breaches at contracted third-party agencies. Your pool’s data is at risk wherever it resides or flows. An example here would be a cloud software provider your pool uses to manage member contacts that loses data in an attack on its system.
  • Human-driven security vulnerabilities. We cannot emphasize enough the importance of ongoing cybersecurity training for every pool employee. We know most cyber losses occur because someone clicks on something they shouldn’t or follows a fraudulent instruction.
  • Weaknesses in security governance. In addition to end user training, your pool also needs effective network protections (firewalls, regular implementation of patches and upgrades, etc.). Without these things, your risk of cyber intrusion increases. Importantly, outsourcing your IT functions or using a third-party administrator for certain services or functions does not absolve your pool from protecting its digital assets — every pool needs cybersecurity governance policies and practices.
  • Lacking cyber insurance. Pools spend most of their time and energy solving problems for member public entities. In addition, they may be highly focused on providing cyber coverage options for members amid challenges in today’s environment. Be sure your pool itself is also adequately insured against cyber risks.

2. Lack of a Comprehensive, Overarching Digital Strategy and Roadmap

A comprehensive digital strategy inclusive of all business units (claims, underwriting, IT, finance, etc.) is a critical piece of running a sound, healthy pool. A pool leader must consistently reevaluate their pool’s digital strategy — as well as improve the process through which their pool builds such a strategy (that process is the roadmap).

This is significant because digital immaturity can eventually become very costly. Making up lost ground is time-consuming and expensive. On the other hand, an effective roadmapping process can drive opportunities for improvements and amplify your pool’s strategic advantages.


  • Poor modernization capabilities. Pools might not understand or value the needed ongoing and incremental investments to modernize their enterprise technologies (including infrastructure and software). This could create a technology debt situation: a time when a pool has to go through expensive, distracting system upgrades all at once.
  • Lack of integration between business and digital strategies. Pools have up to 40 years of experience developing strategies to innovate on behalf of members, but digital innovation requires different knowledge and skills. Without sufficient understanding and alignment between overall business and digital strategies, pools will struggle.

3. Gaps in Digital Skills

In today’s environment, a pool must have the skills and talents available to build, maintain and utilize all aspects of its digital backbone: the key software platforms and infrastructure that support its operations.

Digital skills are fundamental for internal pool staff and contracted service providers working on behalf of the pool. In addition to baseline digital skills at every level of pool operations, it’s also important for pool supervisors, managers and leaders (whether staff or contracted) to enable and engage work teams that understand how to maximize digital resources. To do this, pool leaders must have knowledge of what skills are needed and use active efforts to cultivate that talent.

Gaps in digital skills exist within every pool operational unit, but they can be particularly problematic within IT teams. Unfortunately, the difficult employment market combined with pools being a bit behind the curve in technology innovation may make it difficult to attract and retain technology staff. A lack of access to high-level digital skills has a direct, negative impact on a pool’s ability to modernize appropriately.


  • Using service providers with substandard digital skills. When evaluating service provider qualifications, many pools overlook the digital competencies brought forward by a potential partner. How your service providers implement their own digital strategies — and the digital skills they require of their employees — is key to how they’ll perform on your behalf. 
  • Not upskilling internal IT staff. Technology changes rapidly, so it’s challenging for a small IT staff to stay up-to-date on everything that’s needed. Even in a larger IT department, building skills is critical on an ongoing basis. Pools should not only carefully consider and vet IT staff, but they should also invest in ongoing skills training for the entire IT team.

  • Business-side team members lacking needed digital skills. Above and beyond baseline technology comfort and skills, pools also need people who understand the value technology can bring to typical pool operations. Without tech-savvy business-side staff, a pool will place too much demand on the IT team or, worse yet, won’t even identify the digital opportunities it has.
  • Pool leaders and governing bodies with minimal digital skills. It can be challenging to have to “sell” pool leaders and governing body members on the value of technology, and the costs of a missed opportunity can be significant. A pool without technology-aware leaders and governing body members will find itself playing catch-up.

→ Also read the most important digital transformation opportunities for pools to consider.


AGRiP would like to thank the following people and pools for sharing their insights to determine these priorities:

  • Adrienne Beatty, Assistant Executive Officer, ACWA JPIA
  • Ken Canning, Multi-Line Program Manager, VSBIT
  • Tanya Edwards, Deputy Executive Director, Kairos
  • Lindsey Fields, Assistant Director, TMLIRP
  • Britani Laughery, Operations Manager, MMIA
  • Mary Kay Marchetti, Director of Information Services, VRSA
  • Carleen Mitchell, Deputy Director, APEI
  • Debbie Stickle, Manager for Operations and Finance, GEM