Other parts of this series:
Insurance executives have plenty of confidence in their cyber-security. However, the high number of security breaches their organizations experience suggests this confidence is misplaced.
Most insurers have been making big investments in cyber-security during the past few years. As a result, senior executives at these firms tend to have plenty of confidence in the defenses they’ve put in place to ward off hackers, malware and other cyber-threats.
This confidence, however, appears to be often misplaced. Our recent global survey shows that insurers are experiencing an alarmingly high number of cyber-security breaches. We found that carriers around the world experienced an average of 113 targeted cyber-attacks last year. What’s more, nearly a third of them were successful. Insurers are at the receiving end of two to three successful, highly-focused, cyber-attacks every month. Clearly, there are cracks in their defenses.
The problem goes deeper. Around 61 percent of the 183 insurance executives we canvassed acknowledged that it can sometimes take months to detect successful cyber-security breaches. For 17 percent, it can take a year or more. Such delays can result in enormous damage to the organization.
The frequency of cyber-security breaches contrasts strongly with the attitudes of many security officials at major insurers. Around 79 percent of the executives we canvassed expressed confidence in their cyber-security strategies. And 72 percent said their organizations have completely embedded cyber-security into their business culture.
Why the disparity? Insurers are certainly taking cyber-security seriously but it appears that their spending often lacks the correct focus. Close to half the insurance executives we surveyed, for example, said internal cyber-security breaches caused the greatest impact. Yet, 55 percent of them lacked confidence in their organization’s ability to detect such breaches. Furthermore, 58 percent have prioritized external controls rather than addressing internal threats
Many insurers need to relook at how they approach cyber-security. A significant change of strategy will enable them to rebuild confidence in their ability to thwart the increasing menace of cyber-criminals.
In my next blog post I’ll discuss how insurers can reboot their cyber-security and improve the effectiveness of their spending on systems and processes vital to the wellbeing of their organizations. Until then, take a look at this link. I think you’ll find it useful.