Insurance carriers have adopted a strategy of “inspired frugality” in relation to their spending on security, according to Forrester senior analyst Ellen Carney.
In Carney’s definition, the term indicates a state where insurers have elected to delay security projects or upgrades over the past 18 months, even as the introduction of new technology has added complexity to their security environments.
“This reluctance can be traced to a lack of visibility and weaker skills to build the security business case,” writes Carney in a research paper, “Banking and Insurance 2010: IT Security Budgets and Spending.” “Proactivity is a must, meaning vendor sales teams must be enabled with examples, case studies, and objective ROI business-case tools that can move stalled or cancelled projects forward.”
(For another look at security issues, click this Trends & Technology article from columnist Paul Rolich.)
That frugality is what enabled insurers to come through the recession less bruised than the banking industry, asserts Carney.
“What I mean by [inspired frugality] is the insurance industry, when it came to replacing [any] technology, decided to use it up, wear it out, and make do,” she says. If tools still were working, insurers stayed with them, even if the tools had reached the end of their depreciation life.
That strategy will not last much longer, predicts Carney. “I think there is going to be a catch-up when the market definitely turns around and carriers take [replacement projects] off the back burner,” she says.
At that point, however, which kind of security will be the focus seems unclear–insurers have not shown interest in investing in any specific security technology, in Carney’s view. “[Insurers] are in the midst of upgrading core applications, and they are moving [processes] online,” she says.
Fraud identification also falls into the security risk area, adds Carney, as well as identity management, vulnerability management, and data security. “These are all areas [insurers] need to invest in,” she contends.
Banks have more security issues to deal with than insurers simply because banks are where the money is, notes Carney. “Security threats around insurance involve identity theft, fraud, data theft, and those kinds of things,” she says
Banks are bearing the brunt of the attention from regulators on online security issues, points out Carney. “[Insurers] lagged the banks in terms of moving online by six or seven years,” she says. “The same kinds of [security tools] banks bought a few years ago are what insurance carriers are implementing. Anything to secure that online transaction is a key investment right now.”