UnitedHealth Group, Prudential, and Anthem Blue Cross Blue Shield are just a few insurance industry insiders that have been hacked. They’re among a much larger group of big-name cyberattack victims that includes Facebook, LinkedIn, Capital One, Target, Home Depot, JPMorgan Chase, and many more U.S. corporations.
These global companies all lost sensitive customer data to hackers, even with access to the latest cybersecurity technology and small armies of IT professionals. So, what hope does your smaller insurance company have to avoid the same fate?
You’re making a good start by reading about the risks, arming yourself with knowledge, and learning how to best avoid the threat of insurance cybercrime by adopting insurance cybersecurity processes, practices, and tools that mitigate the risk. As a trusted thought leader in the insurance industry sector, we have some suggestions for how you can protect your company from this ever-increasing threat.
Understanding the Cybersecurity Landscape in the Insurance Industry
As an insurer, you hold a lot of information about your policyholders. You know who they are, their ages, their social security numbers, their bank records, where they live, and how to get in touch with them.
That’s just for starters. Depending on the type of coverage you offer, you might also have their medical records, credit reports, and driving records on hand. All of this information is held digitally, likely in the cloud.
You collect and store data on policyholders and accept credit card payments if you conduct e-commerce. You need all of this sensitive data to provide a high level of service — and cybercriminals want it.
Sure, this priceless data is protected, but… is it? It’s likely that the Fortune 500 insurance companies and other corporations that have been hacked were also convinced that their data was safe from prying eyes. But that’s not always the case.
You and your employees might use potentially less secure smartphones to communicate with your company and policyholders, especially when off-site.
Then you have such futuristic-sounding technological advancements as artificial intelligence being used to accelerate auto claims. What vulnerabilities will AI bring to insurance cybersecurity? Only time will tell.
No wonder cybercrime is such a thriving business in the industry.
And that’s where cybersecurity insurance comes into the picture.
What Is Cybersecurity Insurance?
Despite any company’s best-laid plans for protecting its digital environment, cyberattacks can and frequently do still happen. That’s why cybersecurity coverage is one of the top trends in insurance today.
This form of coverage protects against financial losses resulting from a cyberattack that cripples the company or exposes its customers (or policyholders) to identity theft and privacy loss.
This form of protection covers business income losses due to digital invasion, as well as the cost of data recovery.
Additional benefits of your cybersecurity policy might include lawsuit defense after a cyberattack and even costs associated with the loss or theft of a laptop or other electronic device containing access to sensitive policyholder data.
Identifying Common Cyber Threats to Insurance Companies
Dangerous cyber threats might be directed at your company or at your policyholders. Either way, you’re a victim. After all, a policyholder whose security has been compromised through identity theft from data provided by your company is not a happy customer. Can you blame them if they take their business to a competitor?
The following are common insurance cybersecurity threats.
Data Breach
This is a matter of hackers breaking into your system and gaining possession of sensitive data regarding your policyholders. This can include banking information, social security numbers, and other sensitive data points.
Ransomware
This is malicious software that’s unwittingly allowed onto your computer system, usually by the bad internet practices of employees. Once infected, your system effectively shuts down. Your company loses access to your policyholder files, so you can’t do business with them until a ransom is paid or IT experts restore your system.
Distributed Denial of Service (DDoS) Attacks
This is an insurance cybercrime delivered directly to your company rather than your policyholder base. The bad actors flood your network with digital traffic to the extent that it freezes your system and prevents your company from conducting online business. In addition to irritating your policyholders, denial-of-service attacks could mask other malicious behavior. These bad actors might also demand a ransom to stop the system-crippling attacks.
The Role of Regulation in Insurance Cybersecurity
Regulations designed to protect you and those whose sensitive data you hold are both internal and external. That is, there are regulations you can enact to safeguard your system and networks, and those that outside entities enforce on companies like yours.
Internal regulations include policies set up to protect your systems and sensitive data, such as strong password protocols, written policies for avoiding attacks, and guidance on cyber risks. Your team must also know how and when to notify policyholders of breaches and how to restore the system with minimal damage to work processes and your company’s reputation.
External regulations will vary depending on the type of coverage you offer and when and how you do business. For instance, the Health Insurance Portability and Accountability Act (HIPPA) regulates how you deal with policyholder privacy issues on medical records if you provide a health policy.
The EU Cybersecurity Act mandates cybersecurity certification for any company doing business with European Union companies or individuals. Other regulatory bodies also have rules and policies that your insurer might have to follow.
Best Practices for Enhancing Cybersecurity for Insurance Companies
The best practices for attaining cybersecurity in digital insurance delivery start with employee training and a written policy for keeping the company and its sensitive data safe online. All employees should know the do’s and don’ts of online activity.
Strong firewalls and password protection are essential, and your people should know how to recognize suspicious activity and alert your IT team.
If you don’t have an internal IT team, have your computer systems set up and regularly monitored by third-party IT professionals. There are also consultants who will come in periodically and try to breach your system to test how strong your cybersecurity policies and practices really are. Consider hiring such a consultant every few years.
And finally, establish processes and procedures for notifying your policyholders of a data breach and regaining their trust and confidence in your company as soon as possible.
Many insurance companies are actively in the mergers and acquisitions business so protecting your data during the M&A process is an important consideration. All of these best practices apply. If your company is being acquired, you may want to have additional checks in place, too, as you’re likely to be sharing more information with external parties than usual and will want to ensure you don’t inadvertently expose confidential information that could be harmful.
Learn More About How Confie Is Fighting Cybercrime
Confie is the nation’s largest personal lines agency. We work with a network of independent agents all over the country. As such, we take insurance cybersecurity very seriously and work closely with our agents to help them strengthen their systems and deal with the fallout of breaches if they do occur.
Want to find out more about insurance cybercrime and how to protect your company against it? Contact us online or call us at (714) 252-2500 to learn more about working safely and productively with our team.