Other parts of this series:
My previous blog talked about the misplaced confidence most insurers have in their cybersecurity and why it’s time they should change their approach to such threats. Let’s now discuss the proactive measures life insurers must initiate to overcome cybersecurity threats and grow with confidence.
Invest to innovate and outmaneuver
Insurers should innovate continuously to stay ahead of potential attackers, which may require redirecting some resources to new strategies and programs rather than investing more in current programs. Our research found, for example, that 33–51 percent of insurers, if allocated extra budget, would spend it mostly on the same things they are investing in now.
Here are seven key domains organizations seeking to identify opportunities to invest in cybersecurity innovation should look at:
1. Business alignment assesses cybersecurity incident scenarios to better understand those that could materially affect the business and identifies drivers of and barriers to remediation and transformation strategies.
2. Governance and leadership involves focusing on cybersecurity accountability, nurturing a security-minded culture, monitoring cybersecurity performance, developing incentives for employees and creating a cybersecurity chain of command.
3. Strategic threat context drives insurers to explore cybersecurity threats as a means of aligning the security program with the business strategy.
4. Cyber resilience is the company’s ability to deliver operational excellence in the face of disruptive cyber adversaries. Our survey found that only 37 percent of insurers have systems and processes that are properly designed in accordance with cyber resilience requirements.
5. Cyber response readiness means having a robust response plan, strong cyber incident communications, tested plans for the protection and recovery of key assets, effective cyber incident escalation paths, and the ability to obtain solid stakeholder involvement across all business functions.
6. The extended ecosystem should be ready to cooperate during crisis management, develop third-party cybersecurity clauses and agreements, and focus on regulatory compliance. Our survey found that only 38 percent of insurers are competent at dealing with third-party cybersecurity, and only 36 percent are competent at cybersecurity regulatory compliance.
7. Investment efficiency strives to drive financial understanding concerning investments across cybersecurity domains and the allocation of funding and resources.
A focus on these domains can improve insurers’ cybersecurity capabilities and strengthen their resilience to cyber attacks. However, this will require continuous and systematic security investments. Chief information security officers (CISOs) will have a vital role to play, and the firm will have to make cybersecurity a regular board-room agenda.
Read our point of view Insuring Your Future: Cybersecurity and the Insurance Industry for more information on measures insurers should take to protect themselves again cyber threats.