When it comes to being a target for cyber-crime, not all businesses are created equal. Companies that store a great deal of personal information about their customers are at highest risk. With a single hack, cyber-criminals can steal all the information they require to engage in identity takeovers, including Social Security numbers, addresses, bank account information, personal health information and passwords. Companies particularly vulnerable to data loss include financial services providers, healthcare companies and insurance companies.
The International Association of Insurance Supervisors (IAIS), an international consortium of insurance market regulators, recently issued a statement noting that the insurance industry is especially vulnerable, as companies collect, process, and store substantial volumes of data, including critical personal identification data. Insurers are also connected to various financial institutions through investment, capital raising, and debt issuance activities, which raises the threat level against them even higher, according to the Web site Insurance Business, which highlighted the IAIS report.
“The report highlighted various cybersecurity weaknesses, saying insurers should keep track of the data flow in all IT systems, applications, and components,” wrote Insurance Business. “They must also be mindful of the user access privileges they grant their employees, placing sufficient controls on which employees have access to ‘super user’ accounts. Cybersecurity must be addressed at all levels of the organization.”
Many companies focus exclusively on network security, fearful of hackers, but in reality, a lot of personal information is stolen through less digital means, including by disgruntled employees or those out to sell information, and by fraudsters “probing” relatively unprotected contact centers. Many insurance companies today are underprepared for attacks, either from within or from outside forces. Insurance industry experts recommend that companies choose their technology and security partners carefully, and that they form what’s called a “cyber incident response team” to keep ahead of threats or attempted breaches.
Hill+Knowlton Strategies Cyber Risk National Practice Leader Fergus Kibble told Insurance Business that no industry was immune from cyber threats so it was important to be extremely vigilant when managing potential cyber risks.
“The best protection from cyber breaches is effective IT security and risk management technologies and protocols that are updated, enforced and stress-tested regularly,” he said.
In a report released last year, the IAIS found that the insurance industry lacks a uniform set of protocols for protection against rampant cybersecurity threats. It said it was imperative for businesses to increase their understanding of cyber risk and supervisory capabilities to protect the insurance sector.
As banks and other financial institutions put increasing layers of security in place to protect data, fraudsters will go looking for easier targets. Because insurance companies’ customers often have strong ties to financial services companies, they become an attractive second-string target for cyber criminals. Going forward, insurance companies need to take cues from financial services companies in building multiple layers of protection and monitoring to protect policyholders’ information from sudden and serious data breaches.
Edited by Rory J. Thompson