Other parts of this series:
In the first two parts of this series, I talked about how security breaches against insurers are going to be likely on the rise in 2017, and how it’s time for insurance leaders to reboot their approach to cybersecurity by defining success clearly for their individual organizations. Prioritizing where to focus resources for effective cyber resilience is an important part of the security challenges the insurance industry faces.
Yet, a recent Accenture global survey of 2,000 security executives from 15 countries and a dozen industries including insurance, banking, capital markets revealed that many still continue to invest ineffectively in cybersecurity.
According to Accenture’s High Performance Security Report 2016, 50 percent of executives would spend any extra budget on more of the same things they are doing now. Less than one in three would invest in mitigating financial losses and only 17 percent invest in cybersecurity training.
A Forrester research on Cybersecurity in 2017 found that the complexity curve facing enterprises hasn’t reached its peak yet, which leaves security stuck solving problems of capacity and capability with limited resources already burdened with too many technologies, too many alerts and too much to do. The company predicts that security services and automation will combine to consume 25 percent of security budgets in 2017.
Leaders in insurance should consider the following cybersecurity domains, to identify the potential opportunities for smart investing:
Business Alignment. Assess security incident scenarios for your insurance company to better understand those that could materially affect your organization and identify drivers of and barriers to remediation and transformation strategies.
Strategic Threat Context. By anticipating future threats, gain insight on competitive and geopolitical risks that are unique to your insurance organization in order to align security programs with business strategy.
The Extended Ecosystem. Crisis management requires cooperation, develop third-party security clauses with other insurers and partners across other industries, and focus on regulatory compliance.
Governance and Leadership. Leaders in insurance need to focus on security accountability, nurture a security-minded culture and create a clear-cut chain of command.
Cyber Resilience. Understand the threat landscape with the insurance industry, design key asset protection approaches and use “design for resilience” techniques to limit a cyber attack’s impact.
Cyber Response Readiness. Have a robust response plan, strong cyber incident communications and the ability to ensure stakeholder involvement within all functions of your insurance organization.
Investment Efficiency. Drive financial understanding concerning investments across security domains and the allocation of funding and other resources.
When it comes to cybersecurity, standing still is no longer an option. Insurers need to innovate continually to stay ahead of potential attackers, which may require redirecting some resources to new strategies and programs rather than investing more in current programs.
To learn more, register to download the report: Building Confidence: Facing the Cybersecurity Conundrum.