How Much Does Cyber Security Cost?

By Jennifer Overhulse

Toronto, ON (Mar. 2, 2015) – In the 1990s, the fictional X-Files introduced us to the idea of a U.S. government conspiracy, backed by a global consortium, to cover up the existence of aliens. A little far-fetched most would agree. But then, in 2013, a former NSA contractor named Edward Snowden slapped us in the face with an idea which would once have been thought of as equally far-fetched, that in an increasingly digital world every phone call, text message, video clip and bank account, literally a person’s entire identity, is open and accessible to anyone with the right skills and passwords.

Perhaps it’s needless to point out that insurance is a data-driven industry, storing personally identifiable information (PII), medical histories, contact preferences, and purchase records. And, that the industry’s move toward Big Data has accelerated the gathering and utilization of such data. But, unless this data can be secured, the industry has not truly gained an advantage.

Sony became a cyber-security superstar last year, then Anthem was compromised when someone accessed unencrypted customer data, and the White House started 2015 holding a Summit on Cybersecurity and Consumer Protection at Stanford University. Hopefully, this all means there are still lessons to be learned from Home Depot, Target, and JP Morgan Chase.

As evidenced by these multiple data breaches, cyber risk is on the rise, and in order to combat it effectively, the global insurance community must better understand their own internal vulnerabilities, as well as the risks clients are facing. It’s a war that must be fought on two fronts.

At the upcoming Insurance-Canada P&C Insurance Technology Conference (ICTC2015), being held at the Metro Toronto Convention Centre in Toronto, March 9-10, insurance companies, brokers, technology vendors and industry experts will come together to discuss “The Digital Customer Experience,” of which cyber risk, and its kissing cousin cyber security, are a primary aspect.

“The recent data breach at Anthem hit close to home in our industry and it has created even more interest in, and concerns about, data security,” said Monique Hesseling, partner at Strategy Meets Action, an insurance-specific research, consulting and advisory firm. “The insurance industry is in the unique position of having to deal with this topic from two different perspectives. First, we have a lot of data on our customers and partners, sometimes extremely sensitive, which we need to protect and guard. And, as much as technology can be a threat to data security, it can be one of the most effective weapons in the fight to protect data.”

Tim Cook, CEO of Apple, while speaking at the White House Summit, was quoted as saying that the loss of privacy is one of the biggest threats facing society today. Specifically, Cook said, “History has shown us that sacrificing our right to privacy can have dire consequences.” Apparently, Cook believes that whether it is given up willingly or taken unknowingly, the loss of privacy could be the literal undoing of society.

“Relatively new technology solutions around analytics, Big Data and visualization can help assess data security risks and identify areas that need attention,” said Hesseling. “The insurance industry also develops and offers products and services that help our clients guard their sensitive data and mitigate the risks of a breach by insuring it.”

During a session at ICTC2015, “Leveraging Technology for a More Dynamic Cyber Risk Insurance Product,” Hesseling, along with Phil Baker of Creechurch International Underwriters (Creechurch), Gary Miller of CGI, and Mark Orosz of Oceanwide, will discuss developments around cyber security both from a data protection, as well as from an insurance product, perspective. By establishing cyber security best practices and identifying emerging technologies available to assess vulnerabilities which could lead to cyber risk, insurance organizations hope to prevent future encroachments and better protect policyholders as well.

During the session, Oceanwide’s Orosz will speak to the risks facing insurers today by providing examples to illustrate the magnitude and impact of these risks before focusing on how technology can be used to identify specific risks and bring new cyber risk products to market. CGI’s Miller intends to expand the conversation from technology to focus on the broader cyber risk discussion, including ways insurance organizations can establish clear mitigation plans, investigate breaches and fix vulnerabilities.

When you consider these conversations in the context of the industry moving toward true omni-channel in terms of both communication and distribution, and Big Data becoming more and more of a reality, the insurance industry’s proverbial boat could be said to be springing leaks right and left. Is it already too late and now impossible to put a finger in every hole that appears in the bottom of the boat?

Strategies for how much time, budget dollars and resources to allocate to the fight must be established by insurers, and if choices must be made, priorities must be set which will clarify the approach. Some of the questions to be answered include not just system security, BYOD policies, and employee awareness, but also concerns over third-party providers, the security of integration points, and even the vetting of subcontractors.

Target’s data breach came through an HVAC contractor, and the NSA was outed for spying on innocent Americans by a third-party contractor who literally walked out the front door with critical information. No doubt regulating bodies around the world are considering new legislation, emerging technologies and best practices which can aid in the fight. Insurers are increasing spending in support of cyber security initiatives, working day and night to prevent data breaches which are costing individuals and corporations around the world millions.

In the meantime, insurance organizations must take every opportunity for education, and perhaps even begin to take proactive steps, such as moving data to the cloud where Google and Amazon can spend big budget dollars putting up firewalls to protect it, because right now, there is no silver bullet, and no one knows just how much cyber security is going to cost.

About the Author

Jennifer Overhulse is principal owner of St. Nick Media Services. She can be reached for further comment or information via email at jen@stnickmedia.com.

Source: St. Nick Media Services