Other parts of this series:
As the insurance industry becomes more digitally active with customers to meet their evolving expectations, cybersecurity remains an increasing concern for insurers.
By now, everyone has heard of the cyber attack health insurance giant Anthem faced back in 2015, which compromised nearly 80 million consumers’ records, including the records of at least 12 million minors. This January, the California Department of Insurance released its examination findings, which revealed that very likely, “the cyber attacker was acting on behalf of a foreign government.”
“This was one of the largest cyber hacks of an insurance company’s customer data,” said California Insurance Commissioner Dave Jones in a statement. “Insurers have an obligation to make sure consumers’ health and financial information is protected. Insurance commissioners required Anthem to take a series of steps to improve its cybersecurity and provide credit protection for consumers affected by the breach.”
Also in January, the news of another security breach impacting insurance consumers came out of Delaware. The breach affected approximately 19,000 consumers covered by Highmark Blue Cross Blue Shield of Delaware. Two subcontractors, SummitRe and BCS Financial Corporation, suffered the actual breach.
“Since opening the investigation, I have been in contact with insurance commissioners across the country to discuss how we can better address these issues to protect consumers’ identities and personal data,” said Trinidad Navarro, the Delaware Insurance Commissioner. Navarro is a member of the National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force, which is currently in the process of drafting the Insurance Data Security Model Law.
While these major cyber attacks have been limited so far to health insurance, property and casualty insurers should pay heed to these examples and start thinking about bolstering their efforts for cyber resiliency.
Here are six key steps insurance leaders can take to reboot their cybersecurity approach:
- Define cybersecurity success: Improve alignment of cybersecurity strategies with business imperatives and improve ability to detect and prohibit more advanced attacks,
- Pressure test security capabilities: Engage “good” external hackers for attack simulations to establish a realistic assessment of internal capabilities,
- Protect from the inside out: Prioritize protection of your insurance organization’s key assets and focus on the internal incursions with greatest potential impact,
- Keep innovating: Invest in state-of-the-art programs that enable outmaneuvering adversaries vs. investing in more existing programs,
- Make security everyone’s job: Employees are the ones to discover a whopping majority (98%) of breaches not detected by security team members. Prioritize cybersecurity training for all employees,
- Lead from the top: Engage with enterprise leadership and make the case that cybersecurity is a critical priority in protecting your insurance company’s overall value.
In the next parts of this series, we will delve deeper into some these key strategies that can help your insurance company build the cyber resilience necessary in the face of increased risk.
To learn more, register to download the report: Building Confidence: Facing the Cybersecurity Conundrum.