Insurers must guard their customers' data wisely to maintain their trust, writes Michael Davison, industry principal for financial services at Atos UK and Ireland.
Consumers and businesses pay for insurers to store and protect our most sensitive data – be it related to our health, our finances or our high-value assets.
For a long time, the ability of the insurance industry to protect this data was perhaps seen as a given. But as high-profile, large-scale data breaches hit the headlines more and more regularly, the question of ‘cyber trust’ is becoming a key concern for increasingly discerning citizens.
This was something which came through loud and clear in a recent survey Atos conducted. When asked their thoughts on insurers’ approach to cyber security, almost half of respondents (48%) marked insurance companies at “high risk” of being attacked. A similar number (49%) said that they expect data encryption to be standard practice across the insurance industry.
In short, the public is more aware of the risks than ever. And that means that it’s becoming a differentiator: 58% say it is a deciding factor when choosing an organisation or service.
The impact of new technology
For insurers facing the challenge of demonstrating their cyber security credentials, they must simultaneously grapple with emerging technologies which are fundamentally changing the insurance landscape.
Cloud services are a frequently cited vulnerability, most notably in the widespread leaking of several celebrities’ personal photographs from iCloud in 2014.
Meanwhile, the steady uptake of connected technology opens new avenues of attack for hackers on an almost daily basis. From fitness trackers to connected cars, and most prominently in virtual assistants like Alexa and Google Home, the growing presence of these so-called ‘smart’ devices offers up ever more points of access for those wishing to virtually breach our homes.
Risk and regulation
If maintaining customers’ trust isn’t enough to motivate insurers to become watertight with their cybersecurity procedures, the long-awaited introduction of the General Data Protection Regulation should be.
While news of a significant breach will always have a reputational impact that extends far beyond the damage done during the event itself, the stringent demands of the GDPR – and the penalties that come with it – raise the stakes.
Insurance organisations must make sure they understand the cyber threat facing their businesses: How ready are your organisation’s leadership board, security and commercial teams to manage the consequences of a high-profile cyber attack?
Once the threat is understood, investing in the right procedures and systems to achieve the appropriate levels of data security becomes a far more straightforward task. Sufficient security controls should provide visibility, context and insight to the threat facing sensitive data, which is stored on the cloud. But prepare for the worst and think: How could you be working with technology partners to reduce the time taken to diagnose, react and recover?
You don’t have to do this alone. A partnership with the right cybersecurity provider would mean effective support in good times and bad. You would have visibility of what really is happening in your network, insight into how this affects your sensitive data and practical help if the worst happens.
The surge of data and devices in the home and businesses is clearly bringing new opportunities to the insurance industry. But true value will only be realised if providers are able to harness this potential within a secure, trusted, and well-regulated technology environment.