Big Data: Big Opportunity, Big Risk
Quadrant Quick Take: Your company’s data represents its greatest asset. Be sure you have systems and procedures in place to protect it.
Less than ten years ago, the retailer T.J. Maxx suffered a data breach in which at least 46 million customers’ Visa and MasterCard accounts were compromised. More recently, Sony Pictures, the Democratic National Committee, Anthem Blue Cross Blue Shield, EBay, J.P. Morgan Chase, and Home Depot—among many others—have been successfully attacked. These incidents are not only embarrassing, they’re expensive. It’s estimated that the Home Depot breach cost the company $80 million out of pocket.
This problem is not only serious, it’s growing by leaps and bounds. A recent study by PricewaterhouseCoopers indicates that 90% of all large organizations, including insurance carriers, suffered a cybersecurity breach in 2015, up from 81% in 2014. At that rate, it will be pretty much everybody this year. The hackers may not hit paydirt when they get to your system, but they’re going to come in and take a look. (And you may not know it. According to the 2015 Mandiant Threat Report, last year the median time lapse from earliest evidence of compromise to discovery of compromise was 205 days—and that’s an improvement over the year before.)
But while every company is threatened with data breaches, not every company is damaged by them. The Ponemon Institute, which has been studying cybersecurity issues for more than a decade, conducted a study aimed at the financial services industry in 2015. The authors of the study strongly recommended that every company that’s not already doing it undertake an employee education program based on four key strategies:
•Awareness. Educate employees about social engineering fraud, which is aimed at tricking people into disclosing sensitive information.
•Verification. Verify the authenticity of all requests for changes in money-related instructions, and double-check with the client or customer.
•Communication. Develop a list of pre-approved vendors, and make sure employees are aware of it.
•Procedures. Institute a password procedure to verify the authenticity of any wire transfer request, and always verify the validity of an incoming email of phone call from a purported senior officer.
However, increased employee awareness and better training are not enough. What we need to do now, particularly with data security, is to look at problems that might arise, and put something in place to prevent them before they happen.
At Quadrant Information Services, our business is helping p&c insurers become better competitors in a competitive world. Check out what we have to offer—it may surprise you!