Mastering cybersecurity Data fuels artificial intelligence, and insurers are concerned about the security of the information that drives these capabilities. (Illustration: Dan Page)

As artificial intelligence (AI) transforms the insurance sector, forward-thinking insurers are using new technologies to change how they build policyholder relationships and deliver service. They’re establishing a voice-first presence so they can communicate with the growing number of customers who use AI-assistant devices like Amazon Echo and Google Home. AI allows insurers to quickly respond to quote requests, send out personalized welcome messages, claim prevention tips, catastrophe alerts, claim status updates, appointment reminders and much more.

Data fuels AI, and when used intelligently and ethically, data can provide an incredibly positive experience for policyholders. When properly used, data and AI allow companies to reach out to customers at critical points along the policyholder journey, seamlessly providing service and information just when customers need it the most and strengthening the bond between the insurer and policyholder, reducing costly churn and increasing the lifetime value of the relationship.

Data security concerns

Insurers are rightly concerned about the security of the data that drives these capabilities. An article published on PropertyCasualty360 earlier this year outlined what’s at stake when a data breach occurs. Insurers have been fined millions of dollars for failing to protect policyholder information. And the reputational hit can cost companies even more if customers no longer trust the company to safely handle their data. So, what can insurers do if they want to take full advantage of AI-driven technologies and protect their data at the same time? Here’s the 1-2-3 of cybersecurity:

  1. Don’t neglect the basics.

A 2017 Accenture report found that the typical insurance organization is targeted by cybercriminals more than a hundred times per year, and about a third of the attacks are successful. It’s not that insurers aren’t aware of the risks or haven’t invested millions of dollars on safeguarding their data — most are acutely aware of their vulnerability and spend considerable amounts of money on locking down their databases and restricting access to sensitive company and customer information.

But, just as the best home alarm system in the world won’t protect someone who leaves a car unlocked in the driveway with the garage door remote inside, limiting data access won’t work if the people with legitimate need for access are careless with their credentials. In a cybersecurity report published on Tripwire, 76% of information security professionals surveyed said their organization had been targeted by phishing attacks last year. All it takes is one employee or partner clicking on a spoof link for a cybercriminal to bypass whatever safeguards are in place.

Cybersecurity products developed to detect and isolate email-borne phishing attacks can help insurers avoid this hazard. It’s also a good idea to train employees to spot spoof URLs and verify websites before they click on a link that may allow a hacker to steal their identity and gain access to sensitive company data. These are basic cybersecurity practices, but given the high percentage of massive data breaches that originate from phishing attacks, it’s important not to neglect the basics.

  1. Use a safer interface architecture.

The API economy provides a real opportunity for insurers to raise service levels and expand profitability. Even without a fully realized big data strategy, companies can connect together programs that perform a single function using Representational State Transfer (REST) Application Programming Interfaces (APIs) to take on larger roles. Customer-facing, customizable APIs are the bridges insurers can use to transmit customer data, enabling creation of personal messages that enhance the customer experience.

While this approach holds incredible promise for insurers who want to maximize their use of customer data to personalize communication and service delivery, it does involve the use of sensitive customer information, which can be exposed. According to a Krebs on Security report, Panera Bread accidentally exposed millions of customer records — including names, email addresses, birth dates, physical addresses and the last four digits of credit card numbers — due to an unauthenticated API endpoint that anyone could access on the company’s website.

The key point to remember here is that it’s not necessary to expose every datapoint to create a customer connection. For example, insurers don’t need to expose a policy number or expiry date to convey personalized messages and connect with customers. Think of providing access to data as a tightly controlled process like a spacewalk that astronauts perform — the hatch opens, the astronaut performs the necessary procedure, and the hatch is locked down again. Insurers who want to use AI and participate in the API economy should make sure the architecture that enables these functions keeps data safe. There are proven ways to engage safely, using just the right amount of data.

  1. Tighten security.

This is the part of the cybersecurity protocol that will not surprise anyone — insurers who are committed to digital transformation should take advantage of advanced security practices and products to safeguard their data. The insurance industry itself is defining some of these best practices to mitigate the risks associated with cybersecurity policies for other businesses, according to a recent article in CSO. Some insurers mandate annual employee training as a condition of issuing cybersecurity policies to business customers. If it’s a good idea for insured businesses, it’s a good idea for insurance companies too, especially with email-borne phishing attacks on the rise.

Requiring three-factor authentication to allow server access is another good way to lock down data. Many companies require only usernames and passwords for access, but as data breaches that make headlines demonstrate, it’s fairly simple for a cybercriminal to steal those credentials. Three-factor authentication requires something you know (user ID and password), something you have (a password-generating token, employee ID, key fob, SIM card, etc.), and something you are (retina scan, fingerprint scan, voice recognition, etc.). Servers that use three-factor authentication are much harder to hack.

Regular audits are another best practice that can safeguard company and policyholder data. The ability to store, analyze and exchange data at speed opens up incredible new opportunities for virtually all industries, including the insurance sector. But it has raised the stakes for hackers, who also realize how valuable this information is.

Today’s cybercriminals are more professional, and the techniques they use are evolving constantly. That’s why some governments and industry standards organizations are implementing cybersecurity compliance regulations that require companies to regularly conduct security assessments, including penetration testing, and to assess vulnerability and risk routinely.

Related:  Study: Clients need more information about cybersecurity

Using data for good

The data-driven AI revolution is in full swing, but this is a critical time for companies that are moving toward digital transformation. Insurers are enthusiastically embracing the API economy so they can serve customers better. They are setting themselves apart by establishing a voice-first presence, which allows them to continue conversations with their customers via AI-enabled personal assistants. But at the same time, many insurance company leaders worry about all that data on the move — what if it falls into the wrong hands? The risk is real, and no one is better at identifying risk than insurers.

But insurance companies are also champions at mitigating risks, and that’s where the 1-2-3 of cybersecurity comes into focus. Insurance company leaders who remember the basics, ensure that they and their partners use a safe interface architecture, and lock down their data with the best cybersecurity practices and products can take full advantage of digital transformation while keeping sensitive information safe. With an effective security strategy and the right technologies, insurers can use data for good, delivering an exceptional customer experience every time and gaining a competitive edge.

A serial innovator, published author and founder of SPLICE Software, Tara Kelly ( is passionate about technology’s potential to change lives for the better. She has consistently channeled that belief into developing technologies that enhance operations, enable better service delivery, and improve the customer experience.