While safeguarding information assets is not a new business objective, cybersecurity has emerged as an area of critical concern for executives and boards of directors. As organizations’ key business operations have become more technology-reliant, they also have become more vulnerable to a cyber-attack. Increasingly frequent and high profile cyber-attacks against insurance companies, banks, and national retailers are further pushing organizations to examine their own cybersecurity profile to understand the potential threats they may face and determine how to best manage their associated risks.
At the National Association of Insurance Commissioner’s (NAIC) Spring 2014 National Meeting, Kenn Kern, Deputy Chief of the Cybercrime and Identity Theft Bureau with the Office of the New York District Attorney, outlined the following as the top cyber threats for insurance companies:
Regardless of the method of cybercrime that may be employed by attackers, a breach often leads to significant adverse consequences (e.g., loss of customers, reputational decline, and financial penalties). In addition, the daunting logistics of dealing with a cyber-attack often include simultaneously conducting a forensic analysis of the breach, initiating breach notification procedures, and fielding inquiries from customers, business partners, regulators, and the press. This often results in a loss of organizational productivity.
Insurance companies must develop a proactive cybersecurity strategy in order to manage their cyber risks before they become a problem. While the strategy details are driven by each organization’s business and information technology environment, they should incorporate the following components:
Insurance companies that lack the internal resources to develop and implement a cybersecurity strategy may benefit from the support of an experienced specialist. Cybersecurity specialists can enable a company to mitigate risks efficiently and effectively by helping them:
In summary, a robust cybersecurity strategy can help insurance companies meet the growing challenges posed by hackers and cyber criminals by identifying risks, remediating weak control processes, and ensuring that the organization is able to withstand attacks now and in the future.
For more information on this topic, or to learn how Baker Tilly insurance specialists can help, contact our team.