Today’s heightened climate of cyber-threat mitigation has left no industry untouched. Insurance companies, much like the legal, healthcare, and financial sectors deal with a great deal of personal and often sensitive client information. This requires diligence on the part of the company and a commitment to protecting these sensitive assets in a reliable and compliant manner.
Ironically, insurance companies deal with risk on a day-to-day basis. It’s what they do. But the kinds of risks they deal with are somewhat more tangible – and these risks aren’t in a constant state of flux like today’s cyber threats are.
In order to instill confidence and protect their business continuity, insurance companies must recognize the inherent perils and do their best to bring their cyber security up to modern standards to protect theirs and their clients’ interests.
International business auditing firm KPMG reports that according to a recent study, only 20% of insurance CEOs believe that their firm is prepared for a cyber security event. 42% realize that cyber security is their most serious concern – outweighing regulatory risk by a significant margin.
Slow adopters, big risk
The insurance sector has lagged far behind other financial-sector industries in its adoption of cyber security technologies, perhaps because they have not (so far) been aggressively targeted by cyber thieves. As banks and other financial institutions were among the first under fire, they are now among the most secure. Since they are no longer easy targets, cyber thieves will move on to the low-hanging fruit and this is where the risk lies.
Insurers retain large amounts of personal and financial data, property information, and more. Regulators are no longer satisfied with vague responses to security concerns. They are pushing for transformation, but it’s been a slow start. Insurers are now actively creating cyber insurance policies for their client, but to walk the walk they need to start getting their own ducks in a row.
Primary cyber-risks to insurance companies today include:
Infrastructure vulnerabilities and unpatched or last-generation security software provide easy fodder for hackers who can potentially do a great deal of damage through theft and other malicious activity. If the company has not yet begun its digital transformation they may be inadvertently be leaving themselves open to attack.
The solution: Speak to an IT consultant about migrating some or all of your systems to the cloud. It may be necessary to upgrade workstations and servers, but the result will be increased operational efficiency and next-generation security.
Identity theft can occur as a result of client account breaches. Files that are stored on local servers may not be adequately protected.
The solution: cloud storage provides a range of industry-compliant secure storage solutions that allow for the use of credentials to access sensitive data. Client portals may be implemented as well, supporting improved operational efficiency while ensuring client data is secure. Multi-factor authentication can also be implemented, giving clients peace of mind and providing greater in-house security.
Automated threats such as denial of service (DoS), credential cracking, and vulnerability scanning have the potential to shut down all systems, virtually overnight.
The solution: the implementation of the appropriate security protocols, software, and appliances will effectively shield systems and data from automated threats. Combatting the threat goes beyond technology solutions, prompting firms to educate their employees and partners on how to recognize malicious or suspicious activity.
Systemic infection from malicious code could bring a company to its knees very quickly. Ransomware can exist on your system for a good deal of time before it completely takes hold, so often nobody will notice anything different until it is too late. Ransomware demands may be small or monumental, but even if you do pay, there is no guarantee your systems will be fully restored to its pre-attack state or that files will not be damaged in the process.
The solution: cloud storage and backup solutions offer a range of cyber security features that can prevent malicious code from invading your systems. In addition, the establishment of a disaster recovery plan (DRP) is crucial, ensuring that you can restore your systems and experience a minimal interruption of service.
Lawsuits from clients may ensue if the company experiences a breach that leaves client data vulnerable. You have a legal responsibility to protect all information that is collected and stored for the purposes of doing business. In some cases, you may be governed by HIPAA regulation, or the GDPR, if you do business with EU citizens and it is your responsibility to comply.
The solution: To avoid a potential business and financial disaster, it is always in your best interests to ensure all client data is protected, not just behind a firewall, but with a detailed security policy that is enforced by all employees, partners, and stakeholders.
The time is now for cyber security transformation
Loss of business continuity and loss of reputation may be the least of your worries if sensitive client data is leveraged for nefarious purposes. To those insurance companies who have not yet begun their digital transformation – take this as a sign to begin today.
Outdated computers, servers, and software are not compliant with today’s cyber security needs. While you may have been unaffected up to now, you may soon become the low-hanging fruit cyber-criminals are in search of.
If you are an insurance company in Arkansas and have any questions about how modern cyber security solutions can strengthen your business, reach out to Business World today, or call us toll-free at 501-214-5482 to schedule a no-obligation consultation.