Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:20 PM
Connect Directly

Lost Opportunities

Security is costly, and failed security is even more costly.

Security is costly, and failed security is even more costly. Although it's hard to imagine that anyone in the Insurance & Technology audience doesn't understand that concept fully, some recent research provides unnerving evidence of just how high -- and expensive -- the security stakes are these days.

According to the 2006 Cost of Data Breach Study released last month by The Ponemon Institute, data breaches cost companies an average of $182 per compromised record -- a 31 percent increase over comparable costs reported in 2005. That wouldn't be so bad if data breaches all were very small and contained. But we know that's not the case. For the 31 incidents analyzed for the 2006 study, total costs ranged from less than $1 million to more than $22 million. I'm sure that capital could replace a lot of legacy systems.

The Ponemon Institute reports that three-quarters of the increase in costs associated with security breaches over the past year results from increases in three activities: phone calls for customer notification, free or discounted services, and increases in customer turnover -- not a great use of your contact center agents' time. Not to say these aren't essential tasks and the least any organization could do after customer information is compromised, but just think of the time (and effort) that could have been devoted to potentially revenue-generating activities such as cross-selling, product creation, channel analysis and employee development.

Perhaps it's those lost business opportunities that are most painful in the long run, and this is why investment in sound security technologies and practices is a strategic matter, not just a cost of doing business or the proverbial "necessary evil." As with regulatory compliance, security-related spending (including network protection, identity management, fraud detection and e-mail/IM management -- the topic of a report by Associate Editor Maria Woehr, page 30) is accounting for a growing portion of insurers' IT budgets. That may be unavoidable under the best of circumstances in an increasingly global, Web-based and wireless/mobile-oriented operating environment. But when that budget slice has to be increased because of mistakes, inadequate processes, poor morale and giveaways ... well, you can almost see the gray hairs sprouting on a CIO's head as he or she watches the best intentions regarding IT/business partnership and strategy fall by the wayside.

Katherine Burger is Editorial Director of Bank Systems & Technology and Insurance & Technology, members of UBM TechWeb's InformationWeek Financial Services. She assumed leadership of Bank Systems & Technology in 2003 and of Insurance & Technology in 1991. In addition to ... View Full Bio

Register for Insurance & Technology Newsletters