Insurers are doing exciting things in response to rapid consumerization of technology, largely enabled by mass adoption of mobile technology. Insurers are emulating online retailers in their development of customer experience, they are liberalizing their internal mobile device-use policies and reshaping the way they process claims. However, as insurers venture into the anytime/anywhere mobile world, they need to redouble their information security efforts.
Willy Sutton robbed banks because “that’s where the money is,” as he famously said. But to the extent that data is money for cybercriminals, insurance companies present an espeically lucrative target, Sadik Al-Abdulla, senior manager in CDW’s (Vernon Hills, Ill.) security practice noted in an exchange we had last week.
“Data loss prevention in the insurance industry is particularly challenging because you must follow sensitive data every step of the way,” Al-Abdulla said. “There is more opportunity for data loss because the insurance industry handles more data than other industries, and because more employees touch the data.”
Insurers are making great strides in their mobile-enabled customer experience efforts, and they are also potentially enjoying new efficiencies at the same time, for example with improvements on field force mobile enablement. That’s very good news, but at the same time carriers need to scrupulously examine new exposures that mobile creates within their business processes, Al-Abdulla cautions:
Think about this scenario: When someone from the corporate office sends an adjuster to meet a customer to review a claim, the corporate office sends the customer’s personal information to the adjuster. How is that information getting to the adjuster’s mobile computing device? Is the transmission secure? What if the adjuster has 10 things to do and gets eight of them done, and he takes two of them home to get done later? Does he email the information to his personal account? The insurance industry is one of few in which nearly all business processes are related to customer data. There are therefore more potential points for customer data loss.
Chris Potter, a U.K.-based information security partner at PwC noted in an exchange with I&T last week that as employees’ smart phones and tablets have become more powerful tools over the past couple of years, CIOs have been under pressure to open their systems to these devices.
[For more on mobile-driven consumerization strategies: 3 Keys to Turning the Potential Pain of Consumerization Into Pleasure.]
“Unfortunately, not all smart phone operating systems are secure, so insurance carriers run the risk that unsecured devices could punch straight through their security defenses, opening up sensitive personal data to misuse,” Potter said.
That being the case, Potter said, it’s necessary to have an explicit mobile information security strategy in place.
CDW stresses that such a strategy embraces more than purely technical controls, CDW’s Al-Abdulla stresses. “For insurance companies especially,” he says, “user education about data security policies and procedures is essential.”
Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio