A National Cyber Security Strategy

Since the launch of its National Cyber Security Strategy, the Government has worked closely with the industry to raise awareness of the threat posed by cyber-attack to business reputation, revenue and intellectual property, and of the measures that businesses can take to mitigate the threats.

As the UK Government has pointed out: “By asking the right questions and helping customers, insurers and insurance brokers can help promote the adoption of good practice, including Cyber Essentials that reduce the frequency and cost of breaches. Cyber insurance does not, of course, remove the need for businesses to manage their risk from cyber-attack. It should be seen as part of a holistic approach to cyber risk management including business controls, investment in security and education of staff and customers.”

A report that came out in June 2014, identified more than 55,000 phishing attacks in June 2014, marking a 44% increase from May. Based on this figure, RSA estimates that phishing cost global organisations $476 million losses in June 2014 alone.

Another report shows that Finance organisations, including banks and insurers represented 2.6% of cyber-attacks on a segmented basis, which compares favourably with Industry, which was the victim of 28.6% of breaches. The insurance industry would be unwise to rest on its laurels, however.

As a Briefing (Global Cyber Executive Briefing) by Deloitte outlines:

“Cyber-attacks in the insurance sector are growing exponentially as insurance companies migrate toward digital channels in an effort to create tighter customer relationships, offer new products and expand their share of customers’ financial portfolios.

This shift is driving increased investment in traditional core IT systems (e.g., policy and claims systems) as well as in highly integrated enabling platforms such as agency portals, online policy applications and web- and mobile-based apps for filing claims. As insurers find new and innovative ways to analyze data, they must also find ways to secure the data from cyber-attacks.”

The Deloitte report provides a number of instructive case studies that insurance companies may find useful including one where the upshot was that an insurer was obliged to provide affected customers with free credit monitoring for a year, and to reimburse all damages resulting from the breach. In addition to those tangible costs – which were substantial -- the organization suffered significant brand damage and loss of trust.

We conclude this week’s blog series Is your clients data safe with you? on Friday when we ask Why do hackers hack? How can insurance companies protect themselves applying the latest governance, compliance and risk mitigation strategies?