Protecting data security and integrity in insurance
Data security in the insurance industry is a matter of the most fundamental importance. In order to write policies, insurers need to keep sensitive and personal data about policyholders and their insured assets.
In a world of rampant cybersecurity threats and a rising tide of ransomware attacks, how are insurers keeping this data private – and what more can be done?
“Insurance is a data-hungry business,” explains Rory Yates, SVP of Global Strategy for EIS. “Insurers take a lot of our data, and other related data, to calculate how in a pooled and capital-invested model they can reduce the financial burden of risk. It’s a massive data exchange based on trust and financial leverage.
“I once worked with a market-leading UK insurer who had calculated they had more unstructured data than Facebook – something they were proud of until my team pointed out that this was expensive, largely without an ROI, planet-destructive, and potentially dangerous.”
Data governance ‘a critical aspect’ for today’s insurers
Indeed, data is more abundant now than it has been in a long time; there has been an explosion of data available to insurers over the past decade, not least because of a growing number of IoT devices, smart sensors and parametrics equipment.
“How insurance organisations handle that avalanche of information is critical to success,” Yates says. “Data in the core technology and operational context is often one aspect of the data environment, where now we see third parties, BI and BI redundancy and back-up all acting as huge stores of the same data. It'll require other aspects of data security to be considered, and will continue to be an area of focus for insurers.”
This is something that Jason du Preez, Vice President at Informatica, concurs with: “Data management is vital to the insurance industry as it reinvents itself to stay relevant in today’s digital world. Data governance has become a critical aspect of data management in an industry dependent on sensitive, personal customer data. Not only for defensive plays like regulatory compliance, but also for important offensive plays that bolster competitive advantage like more accurate risk assessment, efficient claims processing or enhanced customer experience.
"But effective data governance is a challenge for insurers, many of which are large enterprises. Our survey of 600 global executives revealed half are using five or more technologies to support data management priorities in 2023. This complexity introduces technical debt, interrupts the data supply chain, and makes transparency, data quality and governance significantly more difficult to achieve.”
For du Preez, whose company specialises in AI-powered cloud data management, choosing the right data governance structures and IT systems is an important step in ensuring that you’re able to preserve the integrity of stored data.
"For insurers, data fuels risk assessment, underwriting, pricing, fraud detection and claim processing – all tasks where data integrity, including quality, privacy and security is essential,” he continues.
"A data governance platform that simplifies these tasks with well-integrated, best-of-breed capabilities can make it easier to provide a holistic view of data assets to a broader range of users. A modern data governance approach combines discovery, classification, quality, and access management capabilities to ensure the free flow of high-quality data to those that need it without compromising on security and privacy. Combined with AI-powered automation, this approach can lead to faster and more informed decision-making and dependable data-driven outcomes – crucial for insurers in today’s highly competitive and regulated market.”
How can insurers prevent against cyber threats?
The potential dangers, when insurers don’t safeguard the integrity of customers’ data, is plain to see. As well as the inevitable data loss and reputational damage, companies who fall foul of hackers can then find themselves on the sharp end of the regulatory and legislative whip.
“A data protection breach can erode consumer trust in your company, leading to a loss of custom or revenue,” explains Louise Perkins, a Partner at Haseltine Lake Kempner LLP.
Ransomware continues to be the most pervasive threat facing targets like insurers. According to IBM X-Force, of all backdoor attacks, 70% are failed ransomware attempts. Nonetheless, cyber criminals are beginning to get smarter, and if they can gain access to a company’s internal systems without using brute force, they will take that opportunity
“Today, cyber criminals prefer to log in than hack in, which makes preventing the theft or misuse of access credentials critical,” says James Nadal, Product Specialist at Osirium. “Privileged logins and admin accounts present the greatest risk. These give users the power to do things like make changes to databases, install software, and alter system settings. In the wrong hands, they can be used to steal vast volumes of customer data.
“While it’s true that cyber threats are growing in sophistication, most successful attacks are still accomplished by targeting human fallibility. Research from Verizon reveals that human error is a factor in four out of five data breaches, with employees continuing to be susceptible to social engineering methods such as phishing.
“The first step in stopping the theft or accidental exposure of privileged credentials is to ensure nobody has access rights they don’t need. There is always too much privilege – staff often retain access to systems they no longer require after leaving or changing roles.
“Next, employees should only be granted the access they need to do their work, for the shortest possible time, and with the lowest level of privilege. Ideally, users should be separated from privileged logins altogether, using software that directly ‘injects’ them into systems. If nobody has access to a password, it can’t be leaked or misused.”
And EIS Group’s Rory Yates concurs: “As we move to data ecosystem-based models, increased digitisation and further the data reach into other tools and experiences, data security will intensify with it.
“From the right foundations, insurers can protect their core while making the data they already have far more valuable. From here, traceability and transparency improve.”
