For insurers today, the cybersecurity stakes couldn’t be higher
For consumers and businesses alike, insurance is there for when things don’t go to plan.
We pay for insurers to store and protect our most sensitive data – be it related to our health, our finances or our high-value assets.
For a long time, the ability of the insurance industry to protect this data was perhaps seen as a given. But as high-profile, large scale data breaches hit the headlines more and more regularly, the question of ‘cyber trust’ is becoming a key concern for increasingly discerning citizens.
This was something which came through loud and clear in a recent survey we conducted. When asking members of the public their thoughts on insurers’ approach to cyber security, almost half of those we spoke to (48%) marked insurance companies at “high risk” of being attacked. A similar number (49%) said that they expect data encryption to be standard practice across the insurance industry.
In short, we’re more aware of the risks than ever. And that means that it’s becoming a differentiator: 58% say it is a deciding factor when choosing an organisation or service, according to the same survey.
The impact of new technology
For insurers facing the challenge of demonstrating their cyber security credentials, they must simultaneously grapple with emerging technologies which are fundamentally changing the insurance landscape.
Cloud services are a frequently cited vulnerability – most notably in the widespread leaking of several celebrities’ personal photographs from iCloud in 2014.
Meanwhile, the steady uptake of connected technology opens new avenues of attack for hackers on an almost daily basis. From fitness trackers to connected cars, and most prominently in virtual assistants like Alexa and Google Home, the growing presence of these so-called ‘smart’ devices offers up ever more points of access for those wishing to virtually breach our homes.
In 2016, for instance, an attack on domain name system provider Dyn saw swathes of internet users across Europe and North America fall victim to a cyber attack. The attack was accomplished through a piece of malware which is thought to have gained access through a multitude of internet connected devices including printers, cameras and baby monitors.
Risk and regulation
If maintaining customers’ trust isn’t enough to motivate insurers to become watertight with their cybersecurity procedures, the long-awaited introduction of the General Data Protection Regulation (GDPR) should be.
While news of a significant breach will always have a reputational impact that extends far beyond the damage done during the event itself, the stringent demands of the GDPR – and the penalties that come with it – raises the stakes.
Considerable fines can be levied on companies in breach of the new data protection requirements. Penalties can extend up to 20 million Euros or 4% of annual global turnover. For insurance companies – often large, multinational organisations – the prospect of such a fine is eye-watering.
So, what can insurance companies do to protect themselves from these threats?
There are several questions which organisations must be asking themselves, and it starts with seeking to understand the risk: how well do you understand the cyber threat facing your business? How ready is your organisation’s Leadership Board, security and commercial teams to manage the consequences of a high-profile cyber attack?
Once the threat is understood, investing in the right procedures and systems to achieve the appropriate levels of data security becomes a far more straightforward task. Sufficient security controls should provide visibility, context and insight to the threat facing sensitive data which is stored on the Cloud.
And finally, prepare for the worst. In the event of a security incident, how could you be working with technology partners to reduce the time taken to diagnose, react and recover?
You don’t have to do this alone; building trust in the face of today’s security landscape is no mean feat. A partnership with the right cybersecurity provider would mean effective support in good times and bad. You would have visibility of what really is happening in your network, insight into how this affects your sensitive data and practical help if the worst happens.
The surge of data and devices in the home and businesses is clearly bringing new opportunities to the insurance industry. But true value will only be realised if providers are able to harness this potential within a secure, trusted, and well-regulated technology environment.