This is probably the best time ever to do a blog on cyber security, being that October is National Cyber Security Awareness Month. I don’t think American businesses are reacting to security threats simply because President Obama designated this month as a time to think about security, but a recent survey by Deloitte shows cyber security has caught their attention.
In the 2012 Global Financial Services Industry Security Survey, Deloitte asked businesses if there had been an increase in their information security budget. Of the seven sectors surveyed—Asia Pacific (excluding Japan); Japan; Europe Middle East and Africa (excluding the UK); Latin America and the Caribbean; United Kingdom; United States; and Canada)—the U.S. far and away led the pack as 94 percent of financial services companies reported increased security budgets. (An amazing number from the survey: Only 14 percent of respondents from Japan report an increase in information security budgets.)
So, there is either an increased awareness of cyber security in the U.S. or this country is way behind the rest of the world. You could insert another lame joke about the insurance industry being behind the times, but I should point out that these numbers are for the entire financial services industry and insurers made up just 18 percent of the total respondents.
Deloitte did break out some numbers for the insurance industry and, as in most surveys there is good and bad news. Let’s get to the bad news first: 40 percent of the insurance companies that responded have experienced one or more breaches in the past 12 months. Forty percent of anything is a significant number, so there shouldn’t be anyone among us who is not concerned.
We have written about this subject as long as the Internet has been an important tool in the offices of insurance carriers, so the fact that such a large percentage of insurance companies have been attacked in the last year shows that vigilance has to be a part of every security operation.
Deloitte also reports that data protection and information system governance are the two top security initiatives this year. This also should not be considered a surprise. Those two areas should be at or near the top of the to-do list every year. Data is the insurance industry’s most precious asset and the only way any security initiative can be successful is if many sets of eyes are focused on the issue and reporting their findings to the executive leadership and above. This issue is everyone’s concern, not just a couple of IT staffers.
Every day that an insurance carrier gets by without a data breach is a good day, but the only successful way to deal with this issue is to act like your operation is under attack ever day of the week and, as my mother used to say, twice on Sundays.