Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:25 AM
Connect Directly

Cybersecurity Management: What to Know for 2014

After an 18% increase in data security losses in 2013, here are three ways insurers can improve their practices.

In 2013, 82% of insurance CEOs were confident in cybersecurity and firms averaged $4.3 million in protection. Yet industry losses were up 18% from 2012, with big liabilities increasing faster than smaller losses, according to the Global State of Information Security Survey by PwC.

The cybersecurity workforce has increased over the past ten years, but today’s attackers are also more collaborative and sophisticated, said Joe Nocera, principal at PwC and leader of information security and risk practice for the financial services vertical. Technology has improved security tools and techniques, but it has also contributed to the growing complexity of cyberattacks. It’s time for insurers to rethink their protective strategies.

[How often do you assess security risks? Once-A-Year Cyber Risk Assessments Aren’t Enough. ]

Insurers should be especially aware of attacks coming from third parties that have access to company information such as agents, brokers, and marketing affiliates. Nocera recommends analyzing the full cycle of how company data travels, and who has access to it, to implement appropriate safeguards.

Firms also lack appreciation for hacktivist-type organizations because of their tendency to target the banking industry. “It would be naïve to assume that some of our largest insurers aren’t also being targeted with those types of attacks,” said Nocera. Insurers should monitor these groups, which often have a multi-year approach to cyberattacks.

Most firms are currently focused on parameter security, an expensive and time-consuming approach that aims to place equal protection on all company assets. Insurers should instead use their fixed resources to focus on in-depth protection for their most valuable assets and strategize protection for attacks that are more likely to occur.

To boost security, Nocera recommends implementing the following best practices:

• Elevate the discussion: Spread awareness of cybersecurity among company management and security staff so that everyone understands the risks and can prepare to implement safeguards.

• Understand the threat landscape: Know who is targeting your company and which data is most likely to be targeted.

• Plan for the worst-case scenario: Create a well-documented and well-tested incident-response plan so that business can continue in the event of a security breach.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Register for Insurance & Technology Newsletters