Documentation and communication: three big cyber security trends insurers need to know about
By Mia Papanicolaou, COO, Striata.
When it comes to cyber security threats, the insurance industry is at greater risk than most. According to the 19th EY Global Information Security Survey by Ernst & Young, nearly half of the insurers surveyed had faced some form of cyber attack in the preceding 12 months.
That insurers represent such a lucrative target to cyber criminals is hardly surprising. These companies have vast amounts of data that is incredibly valuable to cyber criminals. So lucrative is the data held by insurers that one attack even targeted people who weren't customers, but had simply requested a quote from the insurer.
Preventing cyber criminals from getting hold of this data is an ongoing battle and one that requires constant vigilance on the part of the insurers' security teams, says Mia Papanicolaou, COO, Striata.
Two of the most important fronts in this battle are documentation and communication. After all, so much of the information that insurers have on their customers resides in personal, confidential documents, such as bills, policies and claim forms that they send out. And documents can reside in multiple places, both within the organisation and on customer devices.
At the recent InsureTech conference in Las Vegas, insurers were asked what their biggest challenge or concern is, and it's no surprise that data, cyber and trust were in the top concerns. Here are some of the latest cyber security trends insurers should be thinking about when it comes to their document and communication strategies.
Security by design
For a long time, organisations of all kinds (including insurers) would adopt technological solutions and then figure out ways to make them secure afterwards. Digital documentation was no exception, with many putting accessibility to those documents ahead of security.
Later on, organisations moved to involving security at various points in the development of their digital document and communication solutions. Ultimately, though, it was still an afterthought in comparison to all the other features.
Increasingly, however, organisations have realised that security needs to be built into these systems from the ground up.
While users must shoulder some responsibility for document security, organisations must, at the very least, take steps to encrypt and protect the sensitive documents they make available on the Web or by e-mail.
Adopting security by design doesn't have to be overly complex either. Organisations can, for example, enable the viewing of a document (such as a policy or bill) as either an interactive Web or PDF experience, allowing a user to securely view the contents, while the information remains secure should the document be part of a breach.
Phishing gets personal
Over the years, cyber criminals have become increasingly sophisticated. The generic phishing e-mails of the past have become largely redundant, replaced by convincing spoofs that would fool even the most careful e-mail users.
The next phase of this evolution will see cyber criminals making their phishing efforts personalised, tailoring their attacks to each individual target.
It's therefore critical that organisations continue to invest heavily in educating consumers on the the latest phishing methods and how to avoid them, as well as ensuring that any digital customer documents are secure and these customers understand the importance of this security measure
Every customer should understand what an organisation will ask them to do, especially when it comes to accessing documentation.
Regulation and compliance
The past couple of years have seen an increased regulatory focus on data protection, especially in the document and communication space. The European Union's General Data Protection Regulation (GDPR) has drawn the most headlines and is generally understood to be the gold standard when it comes to consumer data protection.
Properly enforced, these regulations will go a long way to ensuring that organisations do everything in their power to look after their customer data.
If nothing else, an increased number of organisations looking to be compliant with consumer data regulations will result in them taking greater care when it comes to their cyber security postures.
It's been well established that communication falls within these regulations; however, it's often forgotten that digital documents also need to comply with privacy rules around data protection. They have historically been particularly vulnerable points when it comes to cyber attacks. Anything that makes them safer should, therefore, be welcomed.
Mia Papanicolaou heads up the North, Central and South American operations, providing strategy and direction for both internal teams and clients alike. Papanicolaou is a regular speaker on digital customer communication and improving the customer experience. She started her career in South Africa in the media sector before moving to the electronic messaging space, where she served as business director for e-mail marketing eMessageX. She joined Striata in 2006 as head of e-mail marketing. Papanicolaou moved to the UK as head of operations in 2010, whereafter she moved to the US in 2013 to take up the post of General Manager of the US region, prior to her appointment as COO.