Insurance carriers have adopted a strategy of “inspiredfrugality” in relation to their spending on security, according toa Forrester senior analyst, Ellen Carney.

In Ms. Carney's definition, the term indicates a state whereinsurers have elected to delay security projects or upgrades overthe past 18 months, even as the introduction of new technology hasadded complexity to their security environments.

“This reluctance can be traced to a lack of visibility andweaker skills to build the security business case,” writes Ms.Carney in a research paper, “Banking and Insurance 2010: ITSecurity Budgets and Spending.”

“Proactivity is a must, meaning vendor sales teams must beenabled with examples, case studies, and objective ROIbusiness-case tools that can move stalled or cancelled projectsforward,” she said.

That frugality is what enabled insurers to come through therecession less bruised than the banking industry, according to Ms.Carney.

“What I mean by [inspired frugality] is the insurance industry,when it came to replacing [any] technology, decided to use it up,wear it out, and make do,” she said.

If tools still were working, insurers stayed with them, even ifthe tools had reached the end of their depreciation life, Ms.Carney added.

That strategy will not last much longer, she predicted.

“I think there is going to be a catch-up when the marketdefinitely turns around and carriers take [replacement projects]off the back burner,” according to Ms. Carney.

At that point, however, which kind of security will be the focusseems unclear–insurers have not shown interest in investing in anyspecific security technology, in Ms. Carney's view.

“[Insurers] are in the midst of upgrading core applications, andthey are moving [processes] online,” she reported.

Fraud identification also falls into the security risk area,added Ms. Carney, as well as identity management, vulnerabilitymanagement, and data security.

“These are all areas [insurers] need to invest in,” shesaid.

Banks have more security issues to deal with than insurerssimply because banks are where the money is, according to Ms.Carney.

“Security threats around insurance involve identity theft,fraud, data theft, and those kinds of things,” she noted.

Banks are bearing the brunt of the attention from regulators ononline security issues, pointed out Ms. Carney.

“[Insurers] lagged the banks in terms of moving online by six orseven years,” she said. “The same kinds of [security tools] banksbought a few years ago are what insurance carriers areimplementing. Anything to secure that online transaction is a keyinvestment right now.”

Robert Regis Hyle is Editor In Chief of Tech Decisions forInsurance, part of Summit Business Media's P&C MagazineGroup, which includes National Underwriter. See www.tech-decisions.com formore information.