Regulatory compliance has taken the lead as the primary driver of information security in the insurance industry, according to a new survey by Ernst & Young. Seventy-nine percent of insurance industry respondents to the Ernst & Young survey cite compliance with regulations as the primary driver of information security in their companies during the past year.
Asked to rank the top-three types of regulations or requirements that impact their company's information security practices during the past year, insurance executives list internal controls (67 percent), privacy (58 percent), and "industry-specific regulations" (38 percent). Operational risk ranks fourth at 32 percent.
However, organizations are missing the opportunity compliance offers to promote information security as an integral part of their business. "Compliance is proving to be more of a distraction than a catalyst for information security becoming strategically aligned within insurance companies," says Bill Barrett, head of Ernst & Young's technology and security risk services practice in the firm's financial services office.
"One might assume with the attention information security is receiving due to regulatory compliance, insurance organizations' information security postures would be improving, and information security as a function would be becoming more integral to their strategic initiatives," continues Barrett. "Unfortunately, this is not happening on a consistent basis. The gap continues to widen between the growing risks brought on by rapid changes in the business environment and what information security is doing to address those risks. This pattern is consistent, regardless of a company's size."
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.