Other parts of this series:
- P&C insurers will need to overhaul their risk management to seize platform business opportunities
- Clear risk-management guidelines enable P&C insurers to bolster their business resilience and cyber-defenses
- Staff training and skills development are strong defenses that P&C insurers can deploy in the fight against cyber-crime
- New digital technology provides P&C insurers with powerful tools to counter escalating cyber-threats
P&C insurers should provide employees with regular security training that promotes behavior and practices that limit the likelihood of a successful cyber-attack. Specialist skills development further strengthens a firm’s resilience to such threats.
Staff training and skills development are strong defenses that property & casualty (P&C) insurers can easily under-estimate in their fight against cyber-criminals.
Technology barriers and governance processes are, of course, essential to protect organizations from cyber-attacks. However, the vast majority of cyber-security breaches are the result of human error or ignorance. On-going training and education of all employees are vital to promote behavior and practices that limit the likelihood of a successful cyber-attack. It’s not just front-line staff, in the sales or customer services departments, or those in IT, who need to be vigilant. Managers, including C-suite executives, are more likely to respond to phishing emails than front-line employees, according to studies we’ve conducted with Chartis Research.
Skills development, especially across different technology disciplines and business areas, is also important. An effective enterprise risk management strategy, as I mentioned in my previous blog post, requires insurers to integrate the oversight of cyber-risk and operational risk. Siloes weaken an organization’s defenses against a cyber-attack. They also inhibit a business’s resilience by impairing its ability to respond quickly and effectively to a security breach.
IT employees tend to have a good understanding of cyber-security but often lack knowledge of business risk-management and governance. Similarly, executives and managers outside the IT arena frequently have limited cyber-security knowledge. A comprehensive training and skills development program helps insurers bridge this divide and builds a unified defense against cyber-criminals. It also promotes greater understanding, communication and co-operation between employees from different parts of the organization. Such cohesion is invaluable when co-ordinating a rapid response to a cyber-security breach.
Staff rotation and shadowing, as well as joint competency centers, can further promote the sharing of skills and knowledge. Recruitment and incentive strategies should also be adjusted to encourage collaboration.
On-going training and skills development are essential to ensure that employees keep pace with frequent changes in technology and regulatory requirements. All employees should be regularly quizzed on their knowledge of security practices and procedures. Senior management oversight and support of security initiatives is essential.
In my next blog post, I’ll discuss some of the emerging digital tools can help P&C insurers counter rising cyber-threats. Meanwhile, have a look at these links. I’m sure you’ll find them helpful.