Back

Who We Are

Meet The Team

Awards And Certificates

Annual Reports

Responsible Business

Blogs

Three sinister groups threating organisations' cyber security

View All

Case Studies

Powering Alt HAN Co.'s Smart Meter Rollout

View All

Upcoming Events

Solar & Storage Live London

View All

Webinars

Private & blended finance retrofit: lessons from a pioneering partnership

View All

Opportunities

View All

Close

Press enter to search

Thoughts

How to avoid an insurance security breach with these principles

13th Aug, 2021

Back to Our Thoughts

In today’s ultrafast-paced world, with hyperconnectivity and instant solutions, there is a heavy lean on automation, data mining analytics and artificial intelligence (AI) driven models to satisfy today’s customer across all industries.

Gone are the days when a customer wishing to take out insurance would usually discuss their options with an agent face to face or over the telephone, as the customer can now do that instead with just a few swipes on their smartphone. The customer experience journey is further evolving, with the emergence of cryptocurrency and digital wallets, as well as the use of social media to reach out to potential customers. The recent pandemic has forced a change in the way in which we work (with the increasing shift to working from home blurring the line between work and home) and how we do business, as we move to more innovative ways to reach out to our customer base.

While, from the customer experience perspective, this is very easy and straightforward; the technology and infrastructure that facilitate this is anything but that. There are complex architectures such as advanced data analytics supported by AI that automate decision-making processes, helping provide a seemingly seamless experience to the customer.

Innovation and automation

However, with great innovation and automation, comes greater responsibility! To drive the data analytics, the customer must provide a lot of data, most of it sensitive and Personally Identifiable Information (PII), which places legal and regulatory demands on the insurance company to secure this information. By extension, the infrastructure that houses the data needs to be secured. With a world moving to outsourced and cloud-based solutions, the security requirements cascade down the supplier pipeline, to ensure that any third-party suppliers meet the required security standards. In addition to this, the heart of the system, the AI algorithms, need to be secured. This would need to be underpinned by a robust security risk management strategy.

Insurance sector security risks

The security requirements become even more critical as the insurance sector is quite lucrative from a cyber-criminal’s viewpoint, given the vast amounts of sensitive information and the connectivity to other financial institutions.

With cyber-criminal methods exponentially evolving with the changing times and resorting to using AI for their nefarious purposes, the challenges become even greater. When, coupled with traditional security vulnerabilities associated with systems, processes, people and premises, the stakes get even higher!

Ways to avoid a security breach

These challenges can be easier to surmount when certain security principles are followed:

  • Ensure basics of technical security such as access control, patching, change management, network security and secure development are in place.
  • People management is key. Your security is only as good as the weakest link. With the rise in sophisticated social engineering attacks, it is imperative that all of your staff are trained and aware of the security risks surrounding your industry and organisation. This, in turn, will ensure that they are alert to any attempted cyber-attacks and will be able to raise an alarm in time.
  • Have robust Incident Management processes to ensure that you can deal with alerts proactively to avoid any data breaches.
  • Secure the supply chain and ensure that all third-party suppliers are held to the same level of security standards that you will be held to.
  • Manage risks by having an effective risk management strategy in place.

Security standards such as ISO 27001:2013, PCI DSS and Cyber Essentials are security frameworks that capitalise on industry best practice, to provide a holistic approach to cyber security management for an organisation.

While the challenges to securing data increase, as more sophisticated cyber-attacks are on the rise; these can be addressed and managed by ensuring that you have a comprehensive security strategy in place. Effective implementation of this security strategy is governed by dynamic change management.

If you’re interested in finding out more about our information security services, contact us on bd@gemserv.com

Authors

Aparna Murali

Information Security Principal Consultant

Read Bio
Previous
Delivering the optimum commercial and procurement solutions on time and on budget for the British Business Bank  
  Next
What is the next big enterprise trend in data and analytics?

Read more

Thought Leadership

The impact of the AI Draft Regulation on the insurance industry

Read more

Press Release, News

The Institute of Directors and Gemserv join forces to upskill a generation of directors in cyber security

Related Content

Read our latest insights into the Cyber and Digital sector by clicking the link below.

Find out more