Before insurers can offer effective coverage to their own customers, they must ensure that their own cyber security is up to the task. If they are vulnerable, their reputation as an expert in the field of cyber security insurance will be tarnished and they will lose consumer trust. The masses of sensitive and confidential personal data insurers possess could turn them into victims of cyber threats themselves. Worse yet, they could unwittingly surrender confidential customer data, possibly exposing them to massive class action lawsuits. Data breaches in the insurance industry can potentially inflict huge costs on insurers.
And make no mistake, insurers are an attractive target for cyber attacks. They are replete with massive stores of consumer data including credit card, medical bank account and confidential underwriting information. This data is catnip to hackers looking to commit identity theft, or insurance fraud.
Having already been the victims of cyber attacks in the past, most financial institutions have already secured themselves, ensuring that they are no longer easy pickings for cyber criminals. Not all insurers are ready, possibly because they have not yet suffered to the extent of their financial counterparts, but the risks facing today’s insurance industry are extremely concerning. Cyber outlaws can easily monetize stolen data, abetted by the dark web and crypto-currencies, such as Bitcoin.
According to Accenture’s “2016 High Performance Security Report,” a survey of 183 security executives from the insurance sector revealed that 79 percent of security executives at large insurance organizations were confident in their cybersecurity strategies. Seventy-two (72) percent believed they have embedded effective cyber security into their cultures.
Insurers certainly can’t afford to rest on their laurels, though. The average insurance company will face an average of 113 targeted breach attempts per year, in addition to millions of random attacks each week.
A KPMG survey of 100 insurance CEOs revealed that less than 20 percent believed that their organization is fully prepared for a cyber attack. They cited cyber security as their most pressing risk (42 percent), which means it was viewed as being more significantly risky than other difficult areas, such as regulatory risk.
The shift to digital depends on insurers maintaining customer trust, which of course requires strong cyber security discipline. They must defend themselves, and consequently, their customers and customer data, against all attacks and breaches, especially as cyber outlaws become more sophisticated.
Regulators, meanwhile, are no longer satisfied with vague responses to security concerns. They are making it clear that organizations, retailers, insurers, etc., will have to be more alert about protecting customer data. For instance, the EU’s General Data Protection Regulation (GDPR) mandates that all organizations in the EU protect their customer data and ensure it is not misused.
Stay tuned, my next blog post in this series will outline the cyber security challenges facing insurers. If you don’t want to wait, take a look at Sapiens’ NEW white paper: Insurers in the Crosshairs: Winning the War Against Hackers.