Cyberattacks on insurance and fintech companies are increasing. There were an estimated 1,000 attacks a week on insurance and legal businesses in 2023 alone – a year-on-year increase of 11%, according to SAP figures.
These attacks pose significant risks to business operations and financial stability. Both fintech and insurance sectors are heavily reliant on digital infrastructure and data and are prime targets for cybercriminals seeking to exploit vulnerabilities. The financial implications of cyberattacks can be devastating, including direct financial losses from theft or fraud, as well as indirect costs such as regulatory fines, legal fees, and reputational damage.
While cyberattacks have significantly increased in impact, the risk of extreme losses from severe incidents has risen disproportionately. Losses increased more than fourfold from 2017 to 2021, according to data provided by SAP.
To protect assets and maintain customer trust, insurance and fintech companies must prioritize cybersecurity, implement robust measures and foster a culture of awareness and preparedness to mitigate the impact of potential incidents.
Additionally, the cybersecurity industry is grappling with the threat of offensive AI-led attacks, driving increased demand for advanced cybersecurity solutions. This will need to grow in step with IT budgets as organizations come to terms with AI’s impact on their operations.
Research by Globaldata suggests that cyber investments will need to amount to 14% of total IT budgets. GlobalData also forecasts that the cybersecurity market will be worth $290bn by 2027, with managed security services, application security and identity and access management, as high-growth areas. The greater adoption of AI will help offset attacks, but countering AI-led attacks will take time, causing a bumpy ride for vendors and users in the next few years.
Key challenges for cybersecurity in insurance and fintech
Javier Gil is global lead for SAP’s Go to Market in the insurance industry and has more than 20 years of experience on a global scale. He says that insurance companies are suffering from greater numbers of attacks that are increasing in their technical capabilities.
“On one side, you have insurance businesses being exposed to cyberattacks, and on the other, they need to provide protection to their customers,” he explains Gil. Cyberattacks can significantly damage an organization’s reputation and customers expect robust protection of their sensitive information.
According to Gil, key challenges for cybersecurity include attacks becoming more sophisticated, especially with AI technologies which expand exponentially and learn autonomously. Another major issue is the lack of expertise, which leads to a limited understanding of implementing comprehensive security strategies.
For instance, among some companies, there is a perception that siloed data is advantageous to protect different business segments. Yet this is not the case and puts a business at a significant disadvantage. “It’s much more difficult for you to monitor your data,” Gil explains. “It could be that maybe you’re suffering a threat, and you don’t realize that. For instance, you’re trying to cover one hole here – but you have another hole at the same time.
“If you have one single data platform in which you have all your data, you can monitor that. You can establish a dashboard, for example, and you can really see if there’s some data breach or if there is some misuse of the data.”
Cybersecurity skills shortage
The rapid evolution of cyber threats means that hackers are often faster at developing attack strategies than companies are at defending them. This results in a need for continuous adaptation of security measures. AI can both enhance cyber threats and offer more robust defense – but requires sophisticated understanding and implementation.
Nearly every organization has become completely dependent on technologies continues to become more complex. Securing systems, networks and data against cyberattacks is a relentless, ongoing task, requiring security technologies and processes to cooperate. As a result, organizations need their cyber workforces to have a wider range of skills than ever before. Furthermore, the advent of AI-based and automated attacks will only increase the need for more resources.
“We are seeing many companies who don’t have the talent and who don’t understand how to deal with that,” says Gil. “For this, you need talent that understands which are the different threats, and this is something that the industry is lacking at the moment. It’s very difficult to get talent to understand cybersecurity and help with change management and establish different protection measures.”
Gil emphasizes the importance of building a skilled talent pool, optimizing resources through automation and reviewing roles and responsibilities of cyber and risk teams. Skill gaps should be identified, and a talent attraction and retention strategy put in place. Additionally, businesses must provide continuous learning opportunities and consider refreshing outsourcing strategies.
Gil says that these challenges require a multi-faceted, proactive approach to cybersecurity that combines technology, talent and strategic thinking.
Five crucial areas for enhancing cybersecurity in insurance
A recent GlobalData[1] poll indicated that 37% of respondents viewed cyber risk as the greatest challenge facing the insurance industry over the next three years. The same poll also revealed that 20% of participants say their organizations have not engaged in active cybersecurity measures.
However, according to Gil, there are five key aspects of cybersecurity that companies should be examining straight away, regarding their security strategy.
- Improve data protection capabilities. Understanding business-critical processes and setting up data loss protection tools
- Develop incident detection and response mechanisms. The ability to quickly detect and respond to cyber threats
- Establish a proper cloud architecture. Moving towards cloud solutions for better data protection
- Conduct continuous testing. Regularly testing cybersecurity measures and their effectiveness
- Ensure appropriate insurance coverage. Having sufficient insurance to cover potential cyber risks
Gil emphasizes that these aspects are designed to help organizations, particularly insurance companies, create a comprehensive approach to cybersecurity that goes beyond just technological solutions.
How the cloud supports cybersecurity for insurers and fintechs
Moving to the cloud can significantly enhance a business’s cybersecurity by providing access to advanced security features, secure environments, integrated security management, and robust threat detection and prevention mechanisms.
Cloud services provide secure and separate environments within an enterprise’s firewall, accessible only by internal and authorized stakeholders. The use of secure encrypted connections and private leased lines further enhances data security in transit.
Integrated security management solutions are often included in cloud services, covering the entire spectrum of IT security needs. This includes managing firewalls, intrusion detection systems and content filtering, which are crucial for preventing unauthorized access and mitigating potential threats. Cloud providers also offer managed security services, including third-party monitoring and management of IT security, ensuring continuous protection and rapid response to security incidents.
Gil says that moving to the cloud is not just about technological transformation but also about improving an organization’s cybersecurity posture. Companies need to focus on understanding the different threats behind data breaches and developing a proper architecture on the cloud.
Cloud platforms can also integrate AI-driven security solutions, allowing for far faster threat identification than the human eye. Scalability and flexibility are also key advantages, as cloud solutions can be customized to specific organizational needs and adapt easily to security protocols.
SAP solutions for cybersecurity
SAP Enterprise Threat Detection is a real-time cloud-based enterprise threat detection solution for SAP applications. A 100% managed service, delivered on the SAP Business Technology Platform, SAP Enterprise Threat Detection combines leading software with 24/7 SAP managed security services.
SAP Enterprise Threat Detection is a valuable tool for addressing cyber security threats in real-time and provides critical security information and event management (SIEM) capabilities that use real-time intelligence to help enforce data governance and detect external and internal cybersecurity threats.
The solution focuses on intelligent threat identification, preventing threats and learning future prevention patterns. This approach is essential for maintaining a healthy and secure digital environment.
Governance risk and compliance are also crucial in this process, notes Gil, as they involve online processes, different risks, and determining compliance requirements for a company’s health. “There is a conscious need for companies to do more on cybersecurity now. Not only insurance, but every single company,” adds Gil.
To learn more about SAP’s solutions for insurance, download the document below.
[1] https://www.lifeinsuranceinternational.com/analyst-comment/insurance-industry-mitigating-cyber-risks/
