Cyber threats have become a major risk in the insurance industry with an increasing number of consumer health and financial data being stored by electronic means. Threats of hacking are widely known in the industry and in 2016, more than 500 insurance companies have added cyber risk insurance to the coverage they offer (source: National Association of Insurance Commissioners).
Some of the cyber risks the insurance sector faces are consumer identity theft, network shutdowns, systems being infected with malware, worms, and other malicious software, theft of valuable information such as trade secrets and consumer lists, not to mention the company’s reputation after a data breach occurs.
How Great are Financial Cyber Risks?
Besides the obvious dangers to consumers in sensitive personal information being stolen, it is assumed that insurers will suffer a pretty hefty bill when a data breach occurs. However, in a 2016 study done by the Rand Corporation, the average cost of a data breach was $200,000. The study goes on to say that is about equal to the amount most companies pay for information security. This may seem like a lot, but per the same study, on average, it equals to about 0.4% of annual revenues. Of course, this may multiply drastically if the consumers that become victims in these situations decide to file suit. In this case, having cyber insurance is most definitely worth it for any company. However, staying within the legal guidelines is a must, otherwise, a company could be paying out a huge settlement.
As for the forecast for the rest of 2017, if you take to heart the words of Robert Mueller, a former FBI Director, who says that “there are only two companies: those who have been hacked, and those who will be,” you can get an idea of the expectation for cyber threats in 2017.
Even based on the trend in the last couple years, things just don’t look that promising. By way of example, in 2015, Anthem, one of the nation’s largest health insurers, was hacked, compromising the records of 78 million American consumers. 2016 was just as damaging, and per a recent report by Experian, it looks like 2017 won’t provide any relief from cyber hacking.
What is Being Done?
In response to insurance cyber threats, the NAIC (National Association of Insurance Commissioners) is working to create an insurance data model law to provide set standards for information security. This includes oversight of service providers, investigating data breaches and requirements for notifying regulators as well as consumers when something occurs.
The organization has already developed and made available, a guide they call a Roadmap for Cybersecurity Consumer Protections and Principles for Cyber Security. The latter includes a principle that state insurance regulators are responsible for ensuring that personally identifiable consumer information held by insurers and other regulated entities will be protected from cyber security risks. The problem is, these are principles that are written to describe the requirements of law and compliance. What it doesn’t outline, is how exactly this can be done, leaving insurers desperate for solutions.
Complete prevention of cyber hacking is close to impossible, given that the methods of hacking are ever changing. For some insurance companies, it is enough to get insurance and deal with the consequences after they occur. For others, cyber threats have become a very serious issue when sensitive consumer information is being considered along with a company’s reputation. Both of these prove to be too valuable to risk.
In any case, the first action any insurance corporation should take is to assess the extent of cyber threat risk facing their organization. A free threat report is available from Massive Alliance. We are able to offer unrivaled protection when it comes to cyber security for any company.