Tips for protecting insurance payment information and data

The insurance industry is an ideal target for cyber thieves. It's valued at $1.4 trillion in the U.S., with nearly 215 million auto insurance customers alone. Considering the sheer amount of personal identifiable information (PII) insurers collect and store, ensuring that the proper safeguards are in place is imperative.

The main types of cyberattacks

There are five main ways cybercriminals target insurance information, according to a 2022 IntSights report. The following three apply to property and casualty insurers.

Ransomware attacks: Ransomware is malware that's designed to deny access to files on a computer. It can get onto a device when a user opens or downloads attachments or files or visits scam websites. Once installed, the infiltrating party will encrypt the system's files and demand a ransom payment for the decryption key. A ransomware attack gives the operator access to policy information and puts that data at risk of being dumped on the dark web for misuse if the ransom payment isn't made.

Policyholder data compromise and sale: Insurers have sensitive PII for their policyholders such as social security numbers and dates of birth, which, if stolen, can be used for fraud or for other malicious purposes. PII can also include scanned copies of government-issued documents. This type of data compromise is often the result of an email hack or phishing scam.

Hacktivists: Hacktivists often target financial institutions to support their political or economic goals. Given its high value and coveted PII, the insurance industry is particularly susceptible to this type of criminal activity. Public-facing web applications and infrastructure, like automated quote tools, should be rigorously tested to avoid bugs and misconfigurations that could inadvertently expose consumer data.

Technological advancements in cybersecurity

As cybercriminals become more advanced, several technologies have emerged to help protect against cyberattacks. I want to highlight three that are more commonly discussed.

Artificial intelligence (AI) and machine learning (ML): AI and ML empower cybersecurity professionals by enhancing threat detection and response. They analyze massive amounts of data, identify anomalies and predict potential security breaches before they happen.

Blockchain: Blockchain's decentralized nature and cryptographic principles aid in securing data, transactions and identity verification. Once data is recorded in a block and added to the chain, it becomes nearly impossible to alter, ensuring sensitive information (such as transaction records) remains tamper-proof. This immutability is a powerful defense mechanism against data breaches and unauthorized access.

Cloud computing and security: Cloud computing has changed the dynamics of data storage and accessibility. Identity and access management solutions enable organizations to manage users and control access to cloud resources, ensuring only authorized users can access sensitive data. Another critical aspect of cloud security is encryption — if unauthorized access does occur, the information stays indecipherable.

Tips to safeguard payment data

The insurance industry is playing a significant game of catch-up with the rest of the financial services world, and insurance providers must take concrete steps to protect policyholder data. Here are five tips:

• Establish strict access controls. This safeguards billing and payment systems against cyberattacks by ensuring sensitive data can only be seen by authorized parties. Implementing a principle of least privilege can be particularly effective since employees are granted the minimum access levels necessary to complete their tasks. Minimizing the number of potential entry points for cybercriminals reduces the potential damage from internal threats. 
• Initiate robust encryption protocols. Financial transactions are particularly attractive to cybercriminals. Encryption ensures data transfers are unreadable to anyone without the correct decryption key, making it highly challenging to intercept and exploit this information.
• Ensure stable and secure backups of payment and billing data. This can help your company quickly recover if it experiences a breach, minimizing disruption to operations and mitigating the risk of data loss.
• Establish routine security audits and vulnerability assessments. Continuous evaluation and refinement of security measures are critical to identifying potential weak points and addressing them promptly. It also keeps systems updated and resistant to evolving threats.
• Ongoing employee training and awareness. Many security breaches, like malware attacks, happen because of human error. Comprehensive training programs and routine updates on the latest threats and best practices can protect against this element of cybersecurity.

The desire for digital payments continues to grow in our society – it's an expectation we can deliver on, but we must also do our due diligence. As technology evolves, so will the efforts of enterprising individuals looking to take advantage of the systems in place. Proactively using the latest cybersecurity measures to ensure the safety and privacy of customers' personal information is paramount to maintaining their trust in your business.

As President and CEO of Input 1, an insurance technology company, Todd Greenbaum has a deep understanding and unique view of the evolving landscape of the insurance industry. He is widely regarded as an expert in the digital transformation of insurance processes, the integration of insurtech solutions and the enhancement of customer-centric experiences. Todd regularly advises insurance companies on the adoption of personalized, fast, and easy buying experiences that prioritize customer satisfaction. Contact Todd at TGreenbaum@input1.com.

See also:

• The biggest misconceptions about cyber insurance
• Federal agencies seek to streamline 'hodgepodge' of cyber reporting rules
• Cyber claims frequency, severity up in 2023′s first half