Other parts of this series:
Digital channels are revolutionizing how European insurers work and serve their customers, but they have also introduced a range of new risks to be managed. The number of cyber attacks is rising across the continent, and the potential costs of data breaches are also climbing.
Against this backdrop we believe the protective steps insurers are taking are important, but not enough. In this blog series, I’ll look at the data privacy and security landscape in Europe, as well as the need for “cyber resiliency.” Symantec’s 2015 report—which surveyed over 7,000 consumers across seven European countries: the United Kingdom, France, Germany, Denmark, Spain, Netherlands and Italy—found that nearly 60 percent of respondents have experienced a data protection issue in the past.1
With the European Parliament and European Commission mulling though new data protection rules for the European Union’s (EU’s) 28 member states, the continent’s insurers face new and more severe dimensions of risk. One of the stringent proposals is a fine for businesses of up to €100 million for a privacy breach.2
Insurers are at an especially high risk of cyber attacks and data breaches because of the value and volume of sensitive data they manage—national insurance numbers, medical records, credit histories, driving records and more. As such, insurers should start thinking differently about digital risk management.
Cyber attacks are not an “if” but a “when and how.” The threats are too frequent and too varied and attackers are often nimble and adapt quickly. Attackers require little capital investment and few resources to devise and mount their attacks. Many criminals may already be inside a company, and breaches inevitable in our view.
Traditional preventive measures can slow attackers down, but not ultimately stop them. That means firms should think differently. In addition to improving their traditional preventive measures, they also should make themselves cyber resilient. In my next post, I’ll take a closer look at what it means to be a cyber resilient insurer.
1. “State of Privacy Report 2015,” Symantec. Access at: https://www.symantec.com/content/en/us/about/presskits/b-state-of-privacy-report-2015.pdf
2. “Data Protection Regulation: Insurers risk heavy fines,” Banking & Insurance, October 6, 2015. Access at: http://en.finance.sia-partners.com/data-protection-regulation-insurers-risk-heavy-fines