Other parts of this series:
Ecosystems offer a great set of positive opportunities for insurers willing to embrace them along with the emerging risks.
As insurers join ecosystems—spanning a variety of businesses, connected homes, healthcare, workplaces and more—they are extending and absorbing the risks and vulnerabilities of their ecosystem partners. An incident that cripples one enterprise can rapidly expand to threaten the company’s ecosystem, industry and beyond. And yet few insurers reported knowing for sure that their partners are as diligent in their security efforts as they are themselves.
With these threats in mind, here are four key steps for insurers that collaborate in an ecosystem:
- Understand the threats and risks they and other ecosystem partners face. One way they can do this is by expanding their approach to threat modeling to span the entire ecosystem. Only 38 percent of businesses report including the chief information security officer. The CISO should be involved in insurers’ ecosystem strategies and decisions.
- Spread responsibility for and ownership of security throughout the organization, giving security teams the agility to respond to a fast-changing environment.
- Embrace DevSecOps. Addressing security early in the development lifecycle is 30 times cheaper than doing so in production. Integrating security teams into DevOps teams allows for continuous improvements to security.
- Evolve the approach to governance as ecosystem-driven business expands. To begin creating ecosystem-level standards and governance, insurers should look not just to their partners but also to their broader industry to collaborate. Other companies, even competitors, are likely to be facing the same challenges, and have opportunities to build solutions that make it safer for every company to conduct business.
Ecosystems offer a great set of positive opportunities for carriers willing to embrace both them and the inevitable new risks. By widening their perspective, leaders will gain a better understanding of their real attack surface, and will be in a better position to prepare themselves for the ecosystem-driven threats that will only grow in the post-digital world.
At the same time, being able to take advantage of ecosystem partners flexibly and at pace requires a different approach to third-party risk management. Processes to assess and approve partners must move faster, but must be accompanied by an unwavering eye on security and protecting the enterprise.
To learn more, read Accenture Technology Vision for Insurance 2019 .