An Insurance Cybersecurity Saga
Back when we commuted to work, I would stop each morning and buy 2 large coffees to begin my commute. It was such a daily ritual that the baristas knew my name and exactly how I preferred my coffee. One particular day when the barista came back, she apologized, and informed me that my card had been declined, I was both mildly embarrassed and incredibly surprised, considering it was a trivial amount (less than $10) and I had just gotten paid. I phoned my bank and learned it was more than a technical glitch. In a matter of 2 days, I lost over $23,000.
I soon learned that I was a victim of identity theft, totally pwned. Over the course of the next 10 days, this clever thief managed to make over $94,000 in purchases – simply using personal identification information (PII) data they had obtained via a data breach of one of my insurance carriers. To add further insult to injury, it took the carrier an additional 3 months to notify me, even though the damage had already been done.
This painful lesson taught me that ANYONE is at risk, from individuals to large financial corporations, and especially data gold mines like insurance carriers.
As new and evolving technologies continue to increase interconnectivity, consumers from every age group, background, and digital adeptness are pushed to expand their digital footprint. Their footprint may encompass: online commerce, digital payments and electronic submissions; exactly where cyber criminals are looking to maximize their operations. These operations include but aren’t limited to increasing the scale and severity of phishing, socially engineered attacks, pirating software, spam schemes, mal and ransomware.
With its huge store of personally identifiable information (PII) for policyholders, the insurance industry has become an increasingly enticing target for cyber-crime. Over the last few years, data breaches at insurance companies have exposed the personal information of over 100 million people, myself included. It’s expected that global cyber-crime costs will grow to over $6 trillion (USD) in 2021 and while insurers provide protection (cyber insurance and data breach policies), they themselves are prime targets, due to the massive amount and sensitive nature of the data they hold.
As cybercriminals continue to exploit software vulnerabilities, launching trojan horses, like Emotet and Trickbot, insurers of ALL sizes must not only continue to be vigilant, but ensure that both their hardware and software are able to keep up with the escalating threats. Failing to update software leaves companies vulnerable to breaches, however, with the increasing rate of software updates, legacy systems and supporting hardware may find it challenging to keep up. Obsolete technologies make it difficult to accept and deploy the latest security measures and system patches while some security operations often can be overwhelmed with existing tasks, alerts, vulnerabilities, and active incidents; to focus on future threats.
Thankfully, as the cyber threats evolve, so do the tools and technologies that carriers can deploy, to help identify, prevent, protect and eliminate attacks. Digital technologies are providing a framework for innovation, giving insurers more flexibility and choice, by leveraging the cloud, low code/no code, API and microservice driven platforms, which provide better security, maximize performance and optimize the customer experience. By harnessing evolving enterprise technologies, such as artificial intelligence (AI) machine learning (ML), automated and adaptive networks, and supercomputing, insurers can more readily meet the future incursions.
In the meantime, the best defense is a good offense, so I now continue to minimize my exposure, monitor my credit, frequently change passwords, regularly check haveibeenpwned, and wait for the next savvy insurers to offer a more comprehensive “you’ve been pwned” policy.