California-based Quadrant Information Services, a provider of big data technology for the property/casualty insurance industry, warns that digitization is a two-edged sword: with increased capability comes an increased danger of expensive—and possibly actionable—data security breaches.
Breaches of data security are an increasingly serious problem for data-intensive industries of all kinds. Recent research shows that 90 percent of all large organizations—including insurance carriers—suffered cybersecurity breaches in 2015, up from 81 percent in 2014.1 Moreover, cybersecurity breaches are becoming more frequent and more expensive; according to the Ponemon Institute’s latest study on cybersecurity, the average consolidated total cost of a data breach grew from $3.8 million to $4 million. The study also reports that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158.2
“This is something to which insurers need to pay careful attention,” said Michael Macauley, CEO of Quadrant Information Services, a supplier of pricing analytics services to property/casualty insurance carriers. “As an industry, insurers tend to believe that their data—and with it, the trust of their policyholders—is secure. At one time, that might have been a reasonable assumption; but insurance, which is now a high-tech industry, is just as vulnerable to attacks by hackers as are banking, retail, entertainment, and the other categories of enterprise that have been hit with this problem.”
Macauley noted that in bolstering their cybersecurity programs, insurers should be vigilant in protecting not only against external vulnerabilities, but internal ones, as well.
“One factor is simple employee negligence, a lot of which can be ameliorated by training. For instance, if an employee gets a phishing email—and everybody does from time to time—they need to know that they should never, under any circumstances, click on the link. If they’re in an open office and in the course of their work they access data of different types with different passwords, they need to know that they should never keep a Post-it note on their desk with the passwords on it,” he said.
Macauley also cautioned that increased employee awareness and better training are not enough. Citing the latest Ponemon Institute study, he pointed out that at least 35 percent of cyber breaches happen due to system or business process failures.
“By its nature, building business processes tends to be reactive: we put a process in place because a problem has occurred, and we think this will solve it. What we need to do now, particularly with data security, is to look at problems that might arise—before they happen—and put something in place to prevent them,” said Macauley.
Such planning is particularly important in light of the trend towards using telematics (constant monitoring) as a basis for setting insurance rates. While this seemed like science fiction only a few years ago, it’s now a rapidly growing reality. Health insurance carriers are using wearable technologies, such as Fitbit or Jawbone, to monitor policyholders’ weight and exercise habits; auto insurers are installing monitoring devices in cars and rewarding policyholders who drive less and don’t speed; and similar innovations are in the works for other types of coverage.
This is what’s called “the Internet of things,” where refrigerators, home heating systems, cars, alarm systems and heart rate monitors communicate directly with each other. Cisco Systems estimates that by 2020, there will be as many as fifty billion such devices,4 all sending and receiving data. In Quadrant’s view, this is a very good thing, overall, for both policyholders and the insurance industry. However, it represents a vast amount of very personal information, which represents a significant risk for insurers if it should be misappropriated or misused.
What all this means is that progress in big data and progress in security must go hand-in-hand. ”
It’s not enough to just put in firewalls; to create a data environment that can securely maintain this type of sensitive information, the industry needs to reshape the way it thinks about itself. We need to move—and quickly—to a truly security-centric business model,” said Macauley.
Source: Quadrant Information Services