Much to the dismay of risk managers, chief executives and CIOs across the industry, insurance companies have become targets for hackers attempting to access personally identifiable information (PII) for policyholders. As gatekeepers protecting millions of birth dates, medical histories, home addresses, names of spouses and children, purchasing preferences and even Social Security numbers, insurers are high-value targets for identity thieves. Recent breaches at Anthem and Primera are promoting a fair amount of fear on the part of the public, and insurers are scrambling to lock the front and back doors standing between hackers and vulnerable data assets, but this task is proving easier said than done.
Related: 4 cyber security tips from the FBI
Cloud-based solutions compound the problem by forcing insurers to begin to think about securing the data itself, instead of just the front and back doors. Insurers historically have had a crusty exterior and soft underbelly, meaning the majority of efforts were put into firewalls and keeping unwanted visitors out of critical systems. With cloud-based solutions, insurers now need to take security architecture and decisions to the data level as it increasingly no longer resides within an insurer’s four physical walls. Thus, insurers more than ever must be data masters.
Beyond locked doors
Many modern insurers are the end result of mergers, acquisitions and transformations. These companies have been through multiple sets of executive teams with often competing strategies and priorities. Employees have managed the change involved in switching from one IT environment to another, and sometimes, back again. And, while these situations are absolutely not unusual, they are problematic for IT executives who are charged with guaranteeing airtight cyber security.
To ensure the continued trust of policyholders and agents, insurers need to build a data mastery security strategy that includes data classification, encrypted database fields and an architecture that is focused on privacy by design. In addition, insurers must conduct a privacy impact assessment to determine the potential implications to existing systems and risk mitigation strategies. Insurers must establish fundamental principles regarding data privacy (for example, accountability, purpose, consent, collection, disclosure, and retention). Given that most insurers’ data is spread out across multiple core administration systems in possibly multiple locations, it begs the question, “How can true cyber security be ensured without achieving data mastery maturity first?”
What comes first?
Next to the chicken and the egg, it’s the age old story of which comes first. Attempting to ensure cyber security before achieving data mastery maturity is the equivalent of putting the cart before the horse. By first developing a solid strategy for identifying, locating, organizing and utilizing the data already in house, insurers can get started on the road to achieving data mastery maturity. However, when reversed in order, and cyber security and data mastery initiatives are undertaken piecemeal, the end result is in jeopardy of total failure.
Location, location, location
Although this may not seem like a step toward cyber security, identifying and locating critical data is a process every insurer must go through before trying to secure it. Many document management, content management, enterprise content management (ECM) and even analytics solutions available today include efforts to easily and quickly access relevant data, so it is locatable at the touch of a single button, and accessible by all the parties with both need and authority. Insurers who have not done so already must figure out how to immediately and securely access critical data. Investing in a strong data security strategy with solid data privacy principles included is a good first step.
Getting a deeper understanding of and control over an insurer’s data is a key part of achieving data mastery, and enables insurers to plan for the volume, velocity and variety involved in the influx of information that is Big Data. However, Big Data utilization is a bigger step that brings with it analytics and reporting capabilities that naturally help insurers achieve strategic business goals, and that enable bigger steps toward cyber security.
Cyber security is creating an even bigger need for data mastery maturity than existed before. Without mastery of your data, insurers may find the data may actually be the master instead of the other way around.
Ben Moreland is vice president of data and analytics for Innovation Group. He can be reached for further comment or information via email at email@example.com.