Insurance security executives have long held a blind confidence in their security policy, with their good intentions misplaced. Layering more software on top of mis-aligned legacy solutions simply exacerbates an already weak defense, according to GlobalData.
An inability to identify fracture points within the core and at the network edge clearly greatly facilitates the cyber criminal’s move to penetrate and work incognito for months.
Incumbent insurers have largely failed to appreciate the wider societal impact of data democratization: while clients may be prepared to share new and sensitive personal information, they now assume a water-tight security plan.
The major blow coming from the GDPR is that all associates through the value chain are held liable for a security breach.
Holistic cybersecurity approach
Security needs to feature as a day-to-day element of managing the business. Forward-thinking carriers are already pivoting toward a holistic cybersecurity model that not only shores up their current position, but also bakes in strong future-proofing elements to acknowledge ongoing change in line with wider growth strategies.
However achieving a comprehensive cybersecurity approach requires involving people, processes and technology that are relevant to detection, prediction and prevention. Investing in technology alone cannot safeguard from the myriad of cyber breaches that carriers now need to confront.
Vendors have much to offer in support. Managed services providers, as well as those that can boast localized Security Operation Centers (SOCs) to reassure global carriers are particularly well placed.
Establishing a holistic cybersecurity model that builds a solid defense and makes best use of available budget should be steered towards the following key areas:
- Security investment and business model alignment: This translates not only as tracing and mapping every single security investment decision to insurers’ strategic business objectives, but also monitoring the frequency and extent of incidents to establish patterns which can be pre-empted.
- Ensuring an equally tight defence across the carrier’s data sharing ecosystem: By embedding a robust security policy, risk can be shared and mitigated.
- Effective and ongoing allocation of funding: With a poor appreciation of the range of solutions already available to counter network breaches, carriers cannot invest wisely. Vendors can consolidate and streamline carrier effort by introducing them to solutions such as identity authentication and biometrics, network segmentation, cognitive based network analytics, and comprehensive managed security services.