Consumer Security Worries Hamper Web Insurance Growth,Survey Says

Despite the obvious benefits of speedy service and convenienceoffered by the Internet, the majority of consumers in a recentsurvey said they are concerned about security when it comes tosending medical and personal property insurance informationonline.

According to Old Greenwich, Conn.-basedIVANS, which sponsored the survey, “Insuring Consumer ConfidenceOnline,” 74 percent of consumers surveyed expressed concern withtheir doctors sending medical information to an insurance companyover the Internet.

Additionally, 66 percent were concerned about the privacy andsecurity of property claims information being exchanged via theInternet.

IVANS said the survey indicates that the majority of Internetusersespecially younger, more experienced usersare “concerned andskeptical” about their information being sent over the Internet.Survey respondents most concerned about security of their medicaldata on the Internet were between 35 and 44 years of age.

Survey respondents with household incomes between $15,000 and$25,000 were the most concerned about their personal propertyinformation being sent over the Internet.

One interesting trend, however, was that respondents grew lessconcerned about Internet transactions as their income levelsrose.

The results came from a telephone survey of more than 2,000adults conducted by Opinion Research Corp. International ofPrinceton, N.J. this past October. The survey asked about Internetinformation transfers that are “a transaction away from a consumerstransaction,” as well as direct sending of information fromconsumers to companies and agents, said Clare DeNicola, senior vicepresident of network services for IVANS.

“There is a real opportunity for health and property-casualtyinsurers to educate consumers about the security measures they havetaken to protect personal insurance data being sent over theInternet,” noted Ms. DeNicola. “The survey results show that manyconsumers are not yet aware of the advanced networking technologiesavailable today that can protect their data on the Internet.”

But are insurers actually taking such security measures? “Somecompanies are doing nothing, some are doing very little, and someare doing the whole spectrum,” Ms. DeNicola said. “Most are doingencryption [of data] at a minimum, while others are taking the nextstep and securing their own virtual private networks.”

Encryption turns data into a coded stream of information thatcan only be read by an authorized party who has the key to thecode. A virtual private network (VPN) is a computer network that ispart of a public network, but appears to the customer to be aprivate national or international network. These systems useencryption and other security methods to ensure that onlyauthorized users can access the network.

“In health insurance, for example, some [security measures] aremandated,” said Ms. DeNicola. “We have quite a few health insurersusing secured network services, not even using the Internet.”

She added, however, that carriers need to let consumers knowthat the safeguards are there. “Some insurers do say that your datais protected, but many dont,” she pointed out.

The survey also revealed, however, that consumer trust is a keyissue in e-commerce.

“In order for e-commerce to be truly effective for the[insurance] industry, consumer trust must be secured,” the surveynoted. “The smallest violation of a consumers trust would bedevastating and could destroy a companys credibility. Insurers needto make sure consumers understand what is being done to protecttheir data.”

According to Judy Johnson, vice president of insurance strategyfor Sapiens Americas in Cary, N.C., consumers are “absolutelyjustified” in feeling skeptical about the security of onlinetransactions.

“The issue is not about whether the Internet is secure. Theissue is about whether we can trust the insurance company to do theright thing,” she stated.

When it comes to security measures for online transactions, saidMs. Johnson, insurers “arent doing a lot,” despite the fact thatlevels of concern have been raised after the attacks of Sept. 11,2001, and that there has been increased media focus on terrorismand cyberterrorism.

“The lack of trust resides where it has always resided,” shenoted. “[Consumers] dont trust the insurance industry to handle theinformation properly.”

She added that insurers have “very perfunctorily” sent outprivacy information as mandated by the Gramm-Leach-Bliley Act, “butthe business hasnt changed fundamentally. They havent reached outto explain how concerned they are about protecting informationinvolved in transactions.”

While good security technology already exists, insurers havebeen slow to adopt it, according to Ms. Johnson.

“The insurance industry has never felt the need to explainitself to the rest of the world,” she said. “Theyre saying weve gotyou by the short hairs; heres our stuff.” She acknowledges thatsome companies have done marketing campaigns to raise trust levels,but said that the industry as a whole “hasnt shown by eitheractivities or communications that it has changed its ways.”

Ms. Johnson asserted that the insurance industry “gainedtremendous ground in terms of trust” after 9/11 by saying it wouldpay all related claims. “Then they marched backward, saying werenever going to do this again; how do we get out of this? Theygained trust, then they turned around and threw it away.”

“I dont know if its just an Internet issue,” said ChuckJohnston, formerly an insurance analyst with Stamford, Conn.-basedMeta Group. “I think people in general are more concerned aboutprivacy after all the publicity around [the Health InsurancePortability Act] initiatives and increasing awareness of identitytheft, which can make a mess of your life.”

“Its not about the Internet being insecure,” he added.“Consumers are seeing a higher value in their personalinformation.”

What can insurers do to regain consumer trust in the area ofonline information transfers?

IVANS Ms. DeNicola said insurers should closely examine alltheir online communications and assess their own levels ofsecurity. “Then go and advertise what youre doing. Consumers needto be educated.” The education should be part of communications toinsureds, posted on the carriers Web site, and extended to agents,”she added.

“Insurers need full disclosure of both security and privacyefforts, not only as part of [complying with] legal acts,” said Mr.Johnston. “They need to be very transparent and very public aboutwhat theyre doing.”

Some insurers, Mr. Johnston added, may be concerned that toomuch disclosure could create a “warranty,” which would potentiallyleave them open to a lawsuit if information were compromiseddespite a carriers security and privacy efforts. “This could makeinsurers reluctant to guarantee safety about data, but itsimportant for them to publicize what theyre doing,” he said. “Itsan education issue.”

Sapiens Ms. Johnson agreed that “part of the solution ismarketing,” but “the more fundamental piece is that insurers haveto look at what theyre doing, clean up their business processes,and understand how to make transactions as safe and secure aspossible.”

Ms. Johnson pointed to insurers with a “people oriented”reputation, such as USAA. “Every time a customer calls, they arehandled properly and immediately,” she observed, adding that if theIVANS survey had queried only USAA customers, “skepticism aboutonline transfers wouldnt be nearly as high.

“You dont need a computer-animated gecko,” she concluded.

Reproduced from National Underwriter Property &Casualty/Risk & Benefits Management Edition, December 16, 2002.Copyright 2002 by The National Underwriter Company in the serialpublication. All rights reserved.Copyright in this article as anindependent work may be held by the author.