Data and users are what usually attract cyber-criminals to specific sectors and organizations. And the insurance industry has both in droves. While carriers play an integral role in helping their customers to transfer financial liability for serious security breaches, they risk themselves becoming a target.
Effective data-centric security is therefore critically important—not just to help insurers avoid big-name breaches that can cause severe financial and reputational damage, but also to protect their main driver of growth: data analytics.
Insurance is a data-driven business. And often the data that carriers collect is among the most sensitive information around. It includes customers’ financial and personally identifiable information (PII) and often medical details that could be used to commit identity and insurance fraud. As they come to rely increasingly heavily on cloud-based services and homegrown code, insures are also unwittingly expanding their own cyber-attack surface—offering more gaps in protection for threat actors to probe. At an estimated global market size of $6 trillion, the insurance sector therefore represents a large and extremely attractive target.
This is far from a theoretical threat. Among big-name companies in the vertical that have already been breached this year area:
Managed Care of North America (MCNA) Dental: One of the largest US government-sponsored dental care insurance providers had PII on nearly nine million customers compromised.
Latitude Financial: An estimated 14 million customer records were stolen from the financial services and insurance giant, making it the largest breach ever recorded in New Zealand. This included around eight million driver’s license details.
Aflac and Zurich: Around two million customers in Japan were impacted by a supply chain breach impacting the same US sub-contractor shared by these insurance multinationals. Compromised data included age, gender, last name, policy number, insurance type number and coverage amount/premium.
Fundamental to the success of any insurer is its ability to derive insight from large data volumes. That makes protecting this data absolutely critical to their business model. The organization must have confidence that data hasn’t been tampered with, and it must be able to analyze and process it without breaking strict regulatory compliance rules.
Data analytics is big business. Insurers are estimated to have invested $3.6bn in the technology in 2021 alone. It’s easy to see why. By deriving intelligent insights from large data volumes, insurers can drive enhanced:
Lead generation: By understanding where to invest their money, for the lowest customer acquisition costs.
Customer experience and satisfaction: By understanding where customer pain points are most acute and helping to fix them, such as via self-support tools. Analytics can also help insurers to personalize their offerings more effectively for each customer.
Fraud prevention: By combining historical customer data with external contextual data to flag suspicious activity with greater certainty. Predictive analytics can even be brought in to alert which customers are most likely to submit fraudulent claims. This is a big deal considering over $300bn is lost annually to insurance fraud in the US alone.
Enhanced underwriting: Predictive analytics are helping to transform the complex business of assessing customer risk profiles and pricing policies fairly. They’re not only improving the accuracy of this process but also speeding it up, which means insurers are less likely to lose prospective customers to rivals.
All of the above adds up to happier customers, more leads to target, reduced fraud losses and, ultimately, improved revenue and growth.
Yet as mentioned, this data must be secured in compliance with industry and international standards and regulations without affecting its utility. Technologies like tokenization help to do exactly that, ensuring data analytics experts working in the sector can satisfy their compliance and security teams whilst extracting the insights they need to drive value and growth.
This is where comforte’s Data Security Platform can help. It automatically and continuously discovers and classifies data, wherever it is in the organization—including in the cloud-based data stores used by analytics tools. Then it applies tokenization or other optional data protection techniques to the data to keep it secure throughout its lifecycle. This is data security first and foremost for competitive advantage and growth.