Insurance companies should shore up their cyber defenses against the rising threat from criminals and ‘hacktivists.’ Strong systems and governance are critical, along with a culture that takes data security seriously.
As banks get better at defending against cyber attacks, criminals are turning their attention to the insurance sector. In addition to money, thieves are also seeking premium rating tables, claims and accident and loss information, as well as customers’ personal and financial details.
The commercial and reputational damage can be significant, with further potential fines for inadequate systems and controls.
According to KPMG’s 2012 Data Loss Barometer, the insurance sector is at the highest risk from social engineering attacks and system and/or human error incidents. The very infrequency of customer interactions makes it harder to spot trends.
Insurers can learn from banking by creating more robust structures and processes, and investing in back office technology and systems with greater connectivity and coordination. Such diligent cyber defense should also extend to any third parties that process claims.
Technical preparedness alone is unlikely to be enough to prevent insurance cyber attacks, and leadership should look at the wider culture and governance, to identify weak spots and encourage compliance.