All you Need to Know About Data Security for Insurance Industry
Like all other industries, the Insurance industry is steadily moving along the road of digital transformation. In a bid to secure more investment and enable customer friendly services, insurance agencies and companies have created web and mobile apps for customers to do business with them. But the increased digital presence also increases the surface for cyber-attacks. Over the next five years, insurance companies risk losing an estimated $350B in value creation opportunities from the digital economy.
Insurance is one of the most regulated industries, coming a close second to Healthcare. The insurance industry comes under special scrutiny especially with regards to the processing of data. The main reason is the volume of personal information they collect and store about an individual. This is also the reason insurance companies become attractive targets for cyber attackers. Ages, social security numbers, mother’s maiden names, credit scores, details of health conditions and financial problems – are all information which can be misused by malware authors
Insurance is an industry that runs on customer credibility. Credibility is the biggest driving factor for customers to trust insurance companies with all their personally recognizable information. Loss or theft of this data would lead to a loss of credibility and directly impact the fiscal health of the firm.
Risks of data loss are not always external. Insider threats also abound. Escalated privileges in the wrong hands could lead to accidental (or sometimes, intentional) deletion of data, leaking of proprietary information like underwriting details and pricing which could lead to a loss in credibility and shake up well-thought business strategies.
But even with strict regulations we often find insurance companies in the middle of massive data breaches. Security professionals chalk this up to timeworn strategies that the industry has applied towards data protection.
To safeguard valuable data, the insurance industry needs an assured backup solution that protects, preserves and when necessary, can restore data. So, how does an industry that stores critical personal information like social security numbers, credit card details, personal information and more stay safe? Let’s deliberate.
Make best friends with backup
Consider the fact that more than 2/3rds of enterprise data is in the hands of end-users. Almost all of them store business-sensitive data on their endpoints and several also upload that content to the cloud. File synchronization solutions like Dropbox or OneDrive can very quickly replicate the damage caused by a ransomware attack on an endpoint, to the cloud copy as well. Think – policy documents, policy holder information, employee information, intellectual property and more – getting wiped out in minutes due to a ransomware attack. The best remedy against ransomware is to have a secure backup – ideally in a location that is geographically separated from the original data source and in a form that it can’t be infected by ransomware.
In an industry where regulation requires safe storage and quick restores of data, a secure backup is already a no-brainer. As you can see, backing up of endpoint data not only ensures regulatory compliance, it has the additional benefit of serving as a defense against ransomware. Many times, it also serves as a line of defense against insider threats which could result in accidental/intentional deletion of data.
Using the Cloud?
“If someone asks me what cloud computing is, I try not to get bogged down with definitions. I tell them that, simply put, cloud computing is a better way to run your business,” says Mark Benioff, CEO, Salesforce. The general attitude in the industry regarding cloud adoption isn’t far from this ideology either. While having a cloud infrastructure is commonplace, there is always the concern around safety, privacy, and confidentiality of data kept in SaaS applications. While SaaS vendors do their best to keep the overall cloud infrastructure safe, most work on a ‘shared responsibility’ model where you are still responsible for the safety of your data. The very reason why GDPR expects organizations to have their backup plan. The best way to ensure your data is safe in the cloud is through strong encryption, combined with strict segregation of duties. A simple concept where, it is ensured that two people cannot perform one critical function, thus preventing mistakes. This coupled with encryption ensures that your data sits safely on the cloud, with access to specific people only. We will cover more on this later in another blog post.
Identity thieves and fraudsters are constantly trying to steal data. This doesn’t just affect insurance companies in terms of lost data, it also has the potential to attract hefty fines for non-compliance and cause potential loss of business. Back-up is the type of insurance that the insurance industry can’t afford to overlook. In our next blog, we will dive deeper into regulatory requirements for the insurance industry and how to navigate them.