Insurers Staying Secure with Cyber Security Technology
Shawn O'Rourke | August 17, 2015
How secure am I? How secure do I need to be? These are questions that have occupied the minds of CIOs, CSOs and CTOs for many years. However, recent high-profile security breaches have prompted these questions to be contemplated beyond the conference room and into the boardroom.
CEO’s and board members are now asking: How secure are we? How secure do we need to be? And with good reason. The year 2014 saw further reaching and more sophisticated exploitations on large and small companies alike.
According to the 2015 Internet Security Threat Report from Symantec, there were 317,000,000 new pieces of malware created in 2014. Ransom-ware attacks grew by an astonishing 4,000 percent. In these attacks the victim's files are encrypted and held hostage for a ransom. Ransoms are normally paid in bit-coins, a decentralized virtual Internet currency, and can amount to $250 or more per locked file.
To further complicate matters, companies are only as secure as their business partners. A recent BitSight Technologies study reported one-third of U.S. retailers who experienced a data breach within the past year were compromised through a partner relationship.
Insurance companies are certainly not immune. Even those companies that do not transact business online are finding their security postures weaker today than they were just a year ago. Two emerging factors play a significant role in reassessing an insurance company’s security.
First, there is a stark realization that it is not possible to protect against every cyber-criminal or cyber-attack. As hard as companies have tried, a determined, sophisticated cyber-criminal will eventually breach their defenses. Therefore, insurance companies must invest equal focus and emphasis on knowing when a cyber-criminal gets in and limiting the negative impact they may cause.
Second, Personally Identifiable Information (PII) and Personal Health Information (PHI) have eclipsed credit card numbers in criminal value. PII and PHI can yield as much as 10 times the value of a credit card number when used effectively by a cyber-criminal.
In the past, companies have primarily defended against hackers, individuals or small groups that have either malicious or criminal intent. Today, insurance companies not only need to defend against hackers, but according to the Department of Homeland Security, they must also prepare a cyber-defense strategy against foreign governments, terrorists, industrial spies, organized crime, and hacktivists. These groups’ motives range from low-level nuisance web page defacements, to direct financial and trade secret theft, all the way to espionage and serious regional or national disruption.
A company becomes the victim of a cyber-attack for three primary reasons:
- Because of what they have: Insurance companies are a rich source of PII, PHI, as well as credit card transactions, making them a prime target for cyber-criminals.
- Because of who they are or what they do: Because of a public industry position, or the role it plays, the insurance industry may make individual insurance companies a cyber-target. Likewise, an individual insurance company may be involved in litigation, or other high-profile event, making it a prime target for cyber-criminals.
- Because of where they are: Cyber-crime may be a crime of opportunity. Insurance companies transact business on the Internet, store data in the cloud, and send external email containing PII and PHI. Any of these activities may be visible to cyber-criminals, making the company a target.
A successful cyber-attack on an insurance company can impact that company in many ways including:
- Disruption to insurance operations, resulting in lost productivity.
- Financial loss from recovery costs, including credit reporting, reputation restoration, or litigation.
- Data loss resulting in disruption to operations or impact to customer service.
- Regulatory investigations, resulting in additional compliance reporting or fines.
- Reputational damage to the brand, ultimately resulting in lost revenue.
So what should an insurer do today to protect itself from cyber-criminals? While the ultimate answer is different for each company, I can recommend three best-practices:
- First, insurance companies must recognize cyber-security is not just an IT issue. It is an enterprise risk. It must be understood and managed corporately, just as any other risk that has the capability to significantly and negatively impact company results.
- Second, insurers need to appropriately invest in a comprehensive security program that protects the company not only with technology, but from social engineering targeted at the company’s employees. The financial services industry, in aggregate, invests approximately 12 percent of its IT spend toward security. The insurance sector invests approximately seven percent. Because of the shift in value from credit card to PII, that gap in investment will need to close.
- Finally, insurance companies need to be prepared with a response when a cyber-attack occurs. In addition to response plans and capabilities, carriers need to ensure they have cyber-defense insurance with coverages and capabilities matched to company needs. The right capabilities and resources executed as a front-line response to a cyber-attack can significantly mitigate longer-term negative impacts.
(Shawn O'Rourke is CTO with Farmington Hills, Mich.-based Amerisure Mutual Insurance Company. Amerisure and its affiliates target mid-sized commercial enterprises in manufacturing, construction and healthcare through strategically located core service centers across the U.S. For more information, visit amerisure.com.
- COVID-19 Pandemic Forces Cancellation of ITA LIVE 2020
- Leveraging Digital Resources in the Time of COVID-19
- Electronic Chat with Robert Hartwig on COVID-19 and Insurance
- Celent Study: Most Small Businesses Still Unclear on Importance of Cyber Insurance
- The January/February 2020 ITA Pro is here!
- Deloitte: New C-Suite Roles Mean More Opportunities for Women
- Electronic Chat with Pankaj Parashar
- Electronic Chat with Tara Kelly
- Electronic Chat with Chuck Wilson
- ITA, InsNerds Collaborate to Enhance ITA LIVE 2020 Content and Coverage
- How SMBs Can Compete in Digital Ecosystems in the 2020s
- 4 Ways Insurance Can Prepare for New Data Privacy Laws
- Brewer Lane Ventures Launches and Hires Insurtech Vet Martha Notaras as Managing Partner
- 2020 GIA Cohort Launches on January 14
- The November/December 2019 ITA Pro is here!
- Electronic Chat with Joshua Snead
- Electronic Chat with Wendy Aarons-Corman
- Simplifying the Move to a Third-party Print Provider
- Take a Business-Driven Approach to Continuous Improvement for Core Systems and Processes
- Electronic Chat with Ron Glozman
- Guidewire’s Data Guru Mike Byam on How Insurers are Using Internal and Third-Party Data
- Electronic Chat with Russ Bostick
- Electronic Chat with Rock Schindler
- Electronic Chat with John Siegman
- Electronic Chat with Martin Burlingame
- Insurtech Landscape 2019: Top 5 Takeaways
- Grinnell Mutual Tackles Massive Transformation -- in Stride
- A Candid Conversation with Paul Mang
- SageSure Insurance Managers Improved Competitiveness by Consolidating Payments to a Single Digital Platform
- Digital Does Matter in Insurance-- And Insurers are Missing the Mark
- The 22nd-Century Insurer: Taking a Cloud-First IT Approach
- The September/October 2019 issue of ITA PRO magazine is now available in digital format here:
- ITA Pro Magazine May/June 2019
- Spotlight on the 2019 IASA Conference
- ValueMomentum Selects Erie as Site of Regional Development Center
- Capgemini and Majesco Become Alliance Partners
- Electronic Chat with Dr. Dan Shoham
- Electronic Chat with Todd Greenbaum
- Martha Notaras: The “Outsider” with an Amazing Inside View
- Electronic Chat with Larissa Tosch
- Martha Notaras Will Join ITA LIVE 2019 as a Keynote Speaker
- Five Things to Consider When Evaluating Your Cyber Risk
- ITA Pro Magazine, January/February 2019
- Synergy Between Insurers' IT and Analytics Teams Key to Operationalizing Insights, Says Novarica
- Major Ransomware Attack Could Hit U.S. with $89B In Economic Damages
- ITA Announces 1st of Three Keynote Speakers at ITA LIVE 2019
- Electronic Chat with Jeroen Morrenhof
- Legacy Systems Are Dead. Really? Don't Count On It.
- Now Accepting Nominations for the 2019 ITA Bridge Awards
- It's time to register for ITA LIVE!
- Registration is Now Open for ITA LIVE 2019!
- What to Expect from a Digital Experience Platform Implementation
- ITA Pro Magazine September Edition is Now Available
- It's National IT Professionals Day
- Save the Date for ITA-LIVE 2019
- OneShield Software and UrbanStat Work Together to Improve Real-Time Analytics and Risk Decision-Making
- ITA LIVE 2019 - SAVE THE DATE!
- Insurance Technology Association Announces New Editor-in-Chief
- August 2018 Edition ITA Pro Magazine is Now Available
- Enterprise Architecture in an Agile World
- Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data
- Industry Insight: 4 Global Insurance Trends in Digital, Data, Content Services and Security
- Diving Deeper into Prioritizing Your Strategic Digital investments
- Why Content Rules
- How Mass Personalization Will Open the Small Business Benefits Market
- At Year End 2017, Will Your Organization Be Protected from Cyber Risks?
- Do Insurance Bots Dream of Mitigating Risk?
- Conditioned to Respond
- Managing & Mobilizing Insurance Data in a Connected World
- Race to the Finish Line
- New Tools, New Opportunities in Claims
- ITA LIVE: Reaching Insurance Industry Crossroads
- Advice to Insurance IT Leaders: Keep Your Eye on the Ball
- New Date, Venue for ITA LIVE 2017
- Guidewire Makes Major Push to Small and Midtier Market by Acquiring ISCS
- Insurance Disruption is Happening Right Now
- Insurity Adds Strategic Investment Partner, General Atlantic
- Beyond Transformation: The Convergence of Finance, Risk, and Actuarial Functions
- The Rapid Evolution of Consumer Protection Regulation
- Talent Hunt: Finding, Attracting, Retaining Top People
- Insurers Flexing Their Distribution Models
- Technology Driving Disruption in Insurance
- Fear of ‘Next Bubble’ Challenges Life, Annuity Carriers
- Technology Allows Commercial Lines Insurers to Stand Out
- Single Sign-on Viewed as Biggest Tech Challenge for Agencies
- ISCS Observes 20th Anniversary; Scurto Predicts Major Changes Ahead
- Policyholders and Their First Impressions
- Progressive Making Progress on the UBI Front
- High and Dry: Insurers Search for Disaster Recovery Plans
- Insurers Sign The (Un)Dotted Line
- Reflections of a Retired Insurance CIO
- Mobile Device Management Just One Answer to BYOD Issue
- Lessons from GEICO and Progressive on Winning the Critical Buying Stage
- You Are a Target for a Cyber Attack
- Web-based Systems are the Next Evolution in Claims Technology
- Gaining a “Wow” Experience from Web Users
- Time to Shift from Business/IT Alignment to Business/IT Alliance
- Healthcare Insurers Changing to Consumer Model
- Organization is the Key for Selecting Software Vendors
- Analysts Expound on the Needs of the Mid-tier Insurance Market
- Finding the Cure for Obamacare’s Website
- New Software Solutions Benefit Insurers on the Inside and Outside
- Products, Market Impede Investment in Systems for Life Insurers
- Combatting Cyber Threats: Predict, Prevent, Persist
- The Future of Telematics Heads Beyond Insurance
- The Shame in Cyber Security Lapses
- Building Policy Administration Systems for the Future
- Insurers Look Into The Eyes of Their Policyholders
- It’s a New Dawn for the ITA
INSURANCE IT NEWS
- RiskGenius Releases COVID Coverage Checklist to Help Commercial Insurers Evaluate Coronavirus Exposure
- Intellagents Adds Infinilytics to Marketplace for Next-Generation Claims Processing Capabilities
- Sancor Seguros do Brazil S.A. Deploys Guidewire InsurancePlatform to Increase Operational Efficiency
- Covid-19: James Allen Creates Pandemic Policy for U.S. Businesses
- Zywave Launches COVID-19 Resource Center
- Sapiens Partners with HazardHub on Real-Time Geographic Risk Data
- Encova Insurance Selects One Inc Digital Payments Platform
- Next Insurance Named One of Forbes' Best Startup Employers 2020
The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.
ITA LIVE 2020
ITA LIVE 2020 –SAVE THE DATE!
April 5th – 7th, 2020
The Diplomat Resort
Become a member today to receive updates – www.itapro.org/MR
BLOGS AND COLUMNS
You have surely heard it said that small businesses are the growth engine for America. Today, the phrase has a special ring to it for benefits... READ MORE
With stagnant growth and lingering low interest rates, the life insurance industry faces a challenging future... READ MORE
Finding insurance carriers willing to write commercial lines risks has always been a challenge for producers... READ MORE
As Guidewire Software prepares for the start of Connections, its 11th annual user conference that begins on Nov. 2, Brian Desmond, chief marketing... READ MORE
Case study of how a Fortune 500 employee benefits provider serving 35 million insureds throughout the U.S. and Europe transitioned from in-house... READ MORE
- Vendor Views