Insurance organizations contain a plethora of sensitive and confidential data. As they evolve their technology and work more closely with others, how can they protect this delicate information?
As the insurance industry stores immense amounts of confidential, personal, and financial details on its policyholders, it’s not difficult to comprehend why they are such a desirable goal for fraudsters.
Recent data from IBM’s Threat Intelligence Index reveals a concerning statistic: finance and insurance are the second most targeted industries for cyber attackers at 22.4% of all known attacks, surpassed only by manufacturing due to vulnerable global supply chains. This is the first time in over five years that finance and insurance have not topped this list, showing just how serious the continuing threat remains to insurers and insurtechs alike.
In a recent interview with InsurTech Magazine, Alan Calder, CEO of GRC International Group–a provider of IT governance, risk management, and compliance solutions–shared that, “Cybercriminals are pros at accessing, exfiltrating, and monetizing personal databases. They’re good at extorting organizations, are being pushed into increasing digitization and automation and, unless cyber security and privacy issues are considered in detail as part of project planning, organizations tend to leave large holes in what should be secure systems. Cybercriminals find and exploit these gaps. As well as these technical vulnerabilities, cybercriminals regularly ‘social engineer’ staff into providing access to systems and data.
“This all means that insurers have to build privacy by design into their systems, and they have to train and keep their staff continuously aware of the ever-changing social engineering attacks that are being focused on them.”
Insurers must be aware of the potential threats posed by mishandling confidential information.
The insurance industry is continually adopting new technology and needs to be vigilant about potential weaknesses. If a fresh platform leaves an insurer exposed to fraudsters, it’s not beneficial – it’s more of a liability. Plus, due to the ever-increasing number of alliances, purchases, and integrations within this sector, insurers must carefully weigh the extent of risk that comes with each choice they make.
“One of the biggest concerns in the insurance sector when it comes to using data is how widespread party sales functions are,” says Caroline Carruthers, the UK’s first ever Chief Data Officer at Network Rail and a highly acclaimed independent data consultant, offers her expertise to both public and private organizations when it comes to managing their data.
“Agents who sell insurance often use third-party data, and they don’t always have a robust process for how data is transferred to each organization. That in itself is a foundation-level issue because if you can’t rely on consistent, quality data coming to you, and you can’t rely on consistent governance and security of that data, you’re approaching data transformation with your hands and feet tied.
“Any transfer of data between two different systems has an element of risk. Thankfully, most insurance companies have moved on from manual data entry, which poses the highest risk, but not enough companies have standardized how they transfer and store data across third parties. If you’ve paid for a lot of data from external sources, you need to be able to use it to drive value instead of being hampered by poor processes.”
Do customers remain confident in sharing their personal information with insurers?
Consumers have proven that they are willing to share their data with insurers, particularly if there is an incentive involved. However, most consumers (80%) remain apprehensive about how their personal details are being used online; a statistic made evident by e-commerce company Motive.co. The consequences associated with these exchanges can be consequential and so it’s no wonder that individuals would like more control over the use of their data in this digital age.
Although there is an upside to this issue: research conducted by McKinsey with 1,000 North American consumers demonstrated that financial services ranked first among sectors in terms of the security and trustworthiness of personal data. It’s essential to establish strong systems and prevent breaches; however, how you engage with customers can be fundamental for gaining public approval – not just as a way of shielding your business from cyber-attacks but also for being viewed as doing the proper thing.
LenderDock keeps sensitive data secure
When it comes to the security of your data, LenderDock is dedicated to maintaining a high level of protection. As a SOC2-certified company, we are far exceeding industry standards for safeguarding customer information and providing an extra layer of assurance that your data is secure with us.