Given the migration of insurers to digital channels and the large amount of sensitive personal information they store, it should come as no surprise that cyberattacks are becoming increasingly prevalent. Yunus Scheepers, CTO at SilverBridge Holdings, examines the importance of cyber security.
“Providing some element of protection in the policies themselves as well as safeguarding their own databases are integral components to protecting clients’ interests. Fortunately, as insurers embrace more innovative technology solutions, this is resulting in increased investment in their traditional core IT systems to support the changing environment. And while much of this is done with the aim of finding better ways to analyse data, shoring up cyber defences are equally critical,” Scheepers notes.
Identity thieves and fraudsters are using more sophisticated malware and social engineering techniques to compromise data. The sheer amount of personal data stored in insurance databases is simply too good a target for those with malicious intent to ignore. Research indicates that most reported breaches are characterised by short attacks – criminals target a system, steal specific information, and then move on. Of course, this is not to say that the risk of more long-term activities is not something to take note of. The fact that long-term intrusions have not been detected should probably be a cause for concern – it could mean that these attacks are so stealthy that they are not able to be detected by conventional cyber security tools and activities.
“Even though the percentage of successful security breaches showed a decrease in 2018 when compared with the previous year, that does not mean insurers can rest on their laurels. Even if only one in five attempts are successful, that still represents significant risk. And when one considers that almost half of breaches are not detected for more than a week, insurers have no choice but to become more proactive around their cyber security.”
Insurers deal with risk daily. That is the nature of their business. Everything comes down to risk management. The same thinking therefore needs to apply to cyber security policies and systems. Even if the statistics do not give insurers enough reason for caution, the regulatory environment will. Protecting personal information is a critical aspect of business. Those not taking the necessary steps to do so, risk significant financial fines, reputational damage, and the potential for customer legal action.
“Insurers have a number of data points that cover all aspects of people’s lives – from their identity numbers to bank account details, their home contents to the identities of their loved ones. To this end, attackers will always target the point of least resistance. This means having a firewall and anti-virus are not effective strategies. Like the approach taken by banks, insurers must adapt a more pervasive cyber security approach, one that factors in all the entry points into the back-end systems.”
Given the extreme rate at which cyber security threats are evolving, insurers cannot dismiss the concept of artificial intelligence (AI)-based security platforms. Unlike traditional cyber security systems that focus on known attack vectors, AI-based platforms actively look for anomalous or suspicious patterns and behaviours. Some of these platforms are even capable of responding intelligently to potential threats with mechanisms such as file quarantines, allowing administrators to conduct more thorough investigations in a controlled environment. There is already undeniable evidence that AI-based malware is emerging as a more prevalent threat. As a result, it makes sense that AI-based protection must be deployed to combat this threat.
“To this end, I believe that AI-based cyber security platforms will become the norm in the near future,” says Scheepers.
Insurers are constantly looking to become more pro-active in the digital environment and this includes ways to more effectively address their cyber security needs. Given that it has become a case of when and not if a breach occurs, this is a vital area to focus on. Cyber-attacks are no longer initiated as a targeted, human-driven activity but rather driven by malware randomly probing any system that is exposed on the internet. The risk of business interruption and the costs for policyholders have become too significant in this connected market.
“An integrated approach to cyber security is therefore essential if the insurer is to keep attackers out while mitigating the exposure when a breach does occur. Just ticking the regulatory boxes is not adequate. Insurers in the digital market must take cyber security seriously if they are to continue harnessing business opportunities,” adds Scheepers.
And this is not only limited to the technical aspects of cyber security. To be truly effective, the insurer must link protection to the broader business strategy. In this way, it becomes part of the business continuity and disaster recovery policies of the organisation.
“Cyber security must permeate every facet of the business if the company has any hope of safeguarding its data. In this way, the insurer can take a much more proactive stance towards the protection needed, with all processes aligning to this common vision,” he concludes.
SilverBridge has over 24 years’ experience as a leading provider of insurance software solutions in the African financial services industry. Our footprint extends to 14 African countries. SilverBridge’s digital insurance suite allows financial services companies the opportunity to respond quickly to changing markets. With customers throughout Africa, SilverBridge has the knowledge, experience, and technology capabilities to help its clients do better business.