Other than sharing common products, the differences between the top tier of insurance carriers and their smaller rivals can be enormous. Those differences are even more apparent when looking at the issue of security. Larger insurers have a target on their back that the mid-tier don’t have to deal with, but with smaller IT staffs, the mid-tier and smaller carriers have to not only keep up with known threats but also be on the lookout for attacks that weren’t foreseen when they first decided to let customers—and the attackers that come with them—inside their perimeter.
Larger insurance carriers are proactive, according to David Helms, vice president of the cyber security center of excellence, the consulting arm of Salient Federal. The top tier recognize the Internet and mobile computing are strategic to their business, which changes a carrier’s security posture.
Keeping up with new threats is difficult for mid-tier and small insurance companies, explains Deepesh Randeri, information security officer for BrickStreet. That is why BrickStreet depends on third parties to provide them information, whether it is SANS or vendors such as McAfee.
“We do proactive log monitoring with systems-generated logs,” says Randeri. “A vendor monitors out logs for critical devices. They do a lot of research because they are in the business of keeping things secure and keeping their customers in the loop. Whenever they anticipate new threats, we get notified and they recommend certain parameters for our core devices so if we were to be attacked the logs would track that.”
Helms points out that federal mandates such as HIPAA and Sarbanes-Oxley have raised security as an issue to the executive and board level with real consequences for a company’s leadership if these areas aren’t handled correctly.
Greteman doesn’t worry about how the insurance industry is perceived in regards to security as much as he worries about his own company. In that regard he feels Allied stands up well among the competition, citing the Ponemon Institute for the second year in a row naming Nationwide as one of the most trusted companies in terms of privacy in the U.S.