Insurance agencies are prime targets for cybercrime because their services require them to collect large volumes of sensitive personal and financial data. At the very least, that can include driver’s license numbers, Social Security numbers, credit files, and even electronic healthcare records in some cases. Those large volumes of data — and the nature of that data — are attractive to cybercriminals who will manipulate that data in ways that include selling it and/or holding it for ransom.
Ironically, even as insurtech has enabled insurance agencies to increase operational efficiency by improving data collection and analysis, risk evaluation, pricing accuracy, claims adjudication, and customer satisfaction, it’s also created some liabilities. Many of these tools are unregulated. So, they lack security and privacy considerations as they pertain to the data they collect. We (cybersecurity experts) must help insurance agents understand how these technologies work, what measures they can take to increase security and reduce exposures, and to take appropriate accountability for cybersecurity considerations.
Who’s On First?
Insurance agents and their constituents are best served by taking a preemptive approach to cybersecurity, taking measures to prevent cybersecurity incidents in the first place. Agencies can ward off cyberattacks — and be better prepared to respond to them — by thoroughly understanding their infrastructures and their potential risks. One way to achieve this is by conducting thorough risk assessments; that is, reviewing the system configurations that could increase the likelihood of successful attacks and recognizing the effects such attacks could have on their business operations.
Such risk assessments can yield documentation that can first become agency policy and then become a detailed plan for using and safeguarding systems and technological tools, and for responding to cyberattacks. This incident response plan should outline the roles and responsibilities for specific individuals to significantly reduce response and recovery time from a cyber incident.
Be Careful
As a last word, we’ll note that artificial intelligence (AI) is a double-edged sword as it pertains to cybercrime: On one hand, new monitoring tools and processes use AI to identify, address, and recover from cyber events. On the other hand, cybercriminals can use AI to help facilitate code-creation and add seeming legitimacy to attack methods to make them more successful.
If you need help assessing your cyber risk, schedule a free consultation with us. We’re on your side.
