3 ways insurers can manage their cyber threat
Last month, I was with the Arity crew at Dig-In in Austin, Texas. It’s one of my favorite industry conferences not only because they have great speakers (Steve Wozniak’s keynote was a personal highlight for me) but also because conversations there are squarely focused around the role technology plays in the future of insurance. As advancement in technologies including telematics and our ability to harness mobility data becomes a reality, the insurance industry is on the cusp of a major transformation.
Part of our responsibility as an industry is to ensure we usher consumers and customers and partners through these periods of change without sacrificing our business standards and values. This is especially true in the preservation of data security and privacy.
While at Dig-In, I spoke on a panel – Data Protection: Managing Your Cyber Threat – alongside David Perez, President & Founder, Lumen Insurance Technologies; Sarah Bruno, Partner, Arent Fox; and Greg Jones, Chief Data Officer, Carpe Data. While all of our work on the peripheral of the insurance industry directly, we all coalesced around a common theme: trust. We all see maintaining trust with insurance customers as table stakes for doing business.
I’ve noted some of my favorite takeaways from the panel below:
Transparency is key — be upfront about your value exchange. Consumers are frustrated – from data breaches to long and complicated opt-in agreements, to a lack of understanding around how their data is being used – and they are demanding more transparency and autonomy around how their data gets used.
People are open to sharing their personal information, but only if companies are clear about the value proposition. The simpler that message is up front, the easier the exchange will be, and ultimately, the better the user experience. And this is not only true for how we communicate with consumers, but how we should inform on the use of data with any partners as well.
Mitigating cyber risk: moats, hurdles, and barriers. While leaders in technology are constantly discussing mitigating and reacting to cyber risk, what we should be talking about is how to proactively prevent issues in the first place.
Personally, I operate on the presumption that our data has been compromised from day one. Security is not a feature – it’s the nucleus of our company. While many companies start with their core offering and build in security as a feature after the fact, that’s not my philosophy, nor how we operate at Arity.
Be paranoid. Put as many systems in place as you can afford to. Game your system and prepare for various scenarios. Have the systems and responses ready for any level of issue when the inevitable happens. And I believe they will happen. Threat actors will find their way in, someway, somehow, so it is our job to create as many moats, hurdles and barriers so that even if they marshal through where they are trying to go, the data is in a form that is utterly useless to them (e.g. encryption, etc).
It also comes down to training your people. Everyone in your company is simultaneously your biggest asset and risk when it comes to security. Constant vigilance and regular training in what to look for is, in my opinion, the most cost-effective way to establish a solid foundation for security.
Collaborate with partners that are like minded. This one is challenging because often it comes at the expense of growth opportunities; however, companies must ensure their partners have the same priorities and expectations in mind. Trust is key across all aspects of consumers engaging with businesses – between the customer and the businesses they subscribe to as well as between you and your vendors.
My advice to insurance companies is to realize that any third-party partner you work with is a shepherd of your data. You should never hesitate to learn more about what they are doing to protect your user’s privacy and personal data sovereignty in the changing legislative landscape. That’s our simple philosophy at Arity when evaluating the partners we work with.
You can’t put a cost structure around protection and security. No cost is too great to provide protection and security – don’t limit it.
Insurers have always been in the business of protecting people and harnessing their personal data. But today, that role has evolved based on how companies connect with consumers and insurers MUST evolve how they continue to deliver on the promise to protect consumers in today’s digital environment. If your executive compensation budget is greater than your security budget you need to revisit your security posture and position.
Base privacy and security measures should be omnipresent throughout your data program, period. At Arity, we’ve established controls to manage security risks relating to the data we protect. We have robust information security program designed to meet regulatory requirement, contractual obligations, and most importantly our customer expectations – simplicity and practicality in development of everything from clear user agreements, to privilege requests, to state-of-the-art security layers, to infrastructure to support the latest regulatory requirements.
Privacy and security are paramount in today’s business marketplace. It’s central to building the trust that gives us the license to do the best business we can with our customers to help deliver best in class services to consumers.
For more on Arity’s approach to data and privacy head to our privacy statement.