QIS: In an Age of Big Data, Insurance Carriers Face Enhanced Risk
August 22, 2016
Quadrant Information Services, a leader in big data technology for the property & casualty insurance industry, warns that digitization is a two-edged sword: with increased capability comes an increased danger of expensive—and possibly actionable—data security breaches.
(Pleasanton, CA) August 22, 2016—Breaches of data security are an increasingly serious problem for data-intensive industries of all kinds. Recent research shows that 90% of all large organizations—including insurance carriers—suffered cyber security breaches in 2015, up from 81% in 2014.1 Moreover, cybersecurity breaches are becoming more frequent and more expensive; according to the Ponemon Institute’s latest study on cybersecurity, the average consolidated total cost of a data breach grew from $3.8 million to $4 million. The study also reports that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158.2
“This is something to which insurers need to pay careful attention,” said Michael Macauley, CEO of Quadrant Information Services, a leading supplier of pricing analytics services to property and casualty insurance carriers. “As an industry, insurers tend to believe that their data—and with it, the trust of their policyholders—is secure. At one time, that might have been a reasonable assumption; but insurance, which is now a high-tech industry, is just as vulnerable to attacks by hackers as are banking, retail, entertainment, and the other categories of enterprise that have been hit with this problem.”
Macauley noted that in bolstering their cybersecurity programs, insurers should be vigilant in protecting not only against external vulnerabilities, but internal ones, as well. “One factor is simple employee negligence, a lot of which can be ameliorated by training. For instance, if an employee gets a phishing email—and everybody does from time to time—they need to know that they should never, under any circumstances, click on the link. If they’re in an open office and in the course of their work they access data of different types with different passwords, they need to know that they should never keep a Post-it note on their desk with the passwords on it.”
Macauley also cautioned that increased employee awareness and better training are not enough. Citing the latest Ponemon Institute study, he pointed out that at least 35% of cyber breaches happen due to system or business process failures. As he put it, “By its nature, building business processes tends to be reactive: we put a process in place because a problem has occurred, and we think this will solve it. What we need to do now, particularly with data security, is to look at problems that might arise—before they happen—and put something in place to prevent them.”
Such planning is particularly important in light of the trend towards using telematics (constant monitoring) as a basis for setting insurance rates. While this seemed like science fiction only a few years ago, it’s now a rapidly growing reality. Health insurance carriers are using wearable technologies, such as Fitbit or Jawbone, to monitor policyholders’ weight and exercise habits; auto insurers are installing monitoring devices in cars and rewarding policyholders who drive less and don’t speed; and similar innovations are in the works for other types of coverage.3
This is what’s called “the Internet of things,” where refrigerators, home heating systems, cars, alarm systems and heart rate monitors communicate directly with each other. Cisco Systems estimates that by 2020, there will be as many as fifty billion such devices,4 all sending and receiving data. In Quadrant’s view, this is a very good thing, overall, for both policyholders and the insurance industry. However, it represents a vast amount of very personal information, which represents a significant risk for insurers if it should be misappropriated or misused.
What all this means is that progress in big data and progress in security must go hand-in-hand. “It’s not enough to just put in firewalls; to create a data environment that can securely maintain this type of sensitive information, the industry needs to reshape the way it thinks about itself. We need to move—and quickly—to a truly security-centric business model.”
About Quadrant Information Services:
Quadrant Information Services, headquartered in Pleasanton, CA, provides pricing analytics solutions for property and casualty insurance companies. Quadrant gives actuary, product development, pricing, sales and marketing personnel at its client companies—who include all the major insurance carriers in the United States—the data they need to make accurate, data-driven decisions. An industry innovator since its founding in 1991, Quadrant has provided the P&C insurance field with a long series of technological advances—most recently, InsureWatch, the industry’s first cloud-based pricing tool, which allows the user to produce unlimited combinations of reports with the click of a mouse. For more information, and to learn why Quadrant is for insurance companies that are tired of losing the right customers and gaining the wrong ones, please visit www.quadinfo.com.
1. “2015 Information security breaches survey,” PricewaterhouseCoopers, 2015.
2. “2015 Global Cyber Impact Report,” Ponemon Institute/Aon, 2016.
3. Jaafari, Joseph, “4 technologies that are revolutionizing the insurance industry,” propertycasualty360, February 3, 2015.
4. “Internet of Things (IoT),” Cisco Systems.
# # #
Karla Jo Helms JoTo PR