Data and security pose enormous risks to life and protection companies in today’s digital age. The very technology and capabilities that are propelling organizations forward are contributing to a perfect storm, with conditions ripe for a cyberattack or data leak. Increased artificial intelligence and cloud usage and an uptick in third-party vendors further contributes to organizations’ vulnerability.
In 2022 alone, there were over 2,500 attacks across the insurance and financial services industry, and 690 of those had confirmed data disclosure.
It’s now common for moderate-size insurers to have upwards of 200 third-party vendors. Currently, file transfer and customer data are moving through the internet at an unprecedented rate, leaving many organizations and their customers vulnerable to attack.
Florida-based MCNA Insurance Company was the victim of a massive data breach that exposed personal information of almost nine million patients in February and March 2023. Patient identifying data and health information were compromised, including names, contact information, social security numbers, driver’s licenses and medical plan information.
Core system transformation: A heightened time of threat
Transformation from legacy systems to cloud computing has become essential to an organization’s future viability and success and will impact almost all organizations over the next decade. With security risk already a significant threat for life and protection companies, imagine how much more exposed and vulnerable your organization becomes when you’re engaged in digital transformation.
Legacy core systems are equipped with cybersecurity that was suited to their capabilities during a different era, often lightyears behind the protocol required to protect your new, cloud-based platform against today’s complex cyberthreats.
Global Leader for Life, Annuity and Benefits at Capgemini.
In addition, when systems undergo legacy transformation, the data must come off the main frames and transfer to the cloud. This creates unexpected weak links that opens your organization up to increased vulnerability. If the right security isn’t in place, you could potentially expose sensitive data — and more.
Even when a major data breach isn’t on the line, weak points in an organization’s internal security can wreak havoc. Accidental leaks are quite common and can occur if the data didn’t transfer correctly, bad code was written for the system, or data was pulled incorrectly from the wrong place.
Any one of these scenarios could result in your customer receiving a mailer with someone else’s account details listed on it, causing customers to worry about who has access to their private information — including their social security number — and account details.
Life and protection companies are losing customers’ trust
Life insurance companies are sustained by the customers who trust them to care for their assets and loved ones. The customer’s entire legacy and their family’s future is bound to their life insurance policy, and they need assurance that their future is secure.
The stakes are high — not just for the organization, its reputational damage and the cost of that damage, but on a personal level for each customer it serves.
As of January 2023, high net worth (HNW) individuals with $1 million or more in investible assets held over 34% of their portfolios in cash — the highest level since 2002, and 10% higher than was recorded in 2022. These HNW consumers are fearful about the safety of their money; cybersecurity issues only add fuel to the fire.
We don’t have to look too far back in our history to find a time when people hid their money under their mattresses because they lost faith in the bank. Let’s hope we’re not headed there.
Just like the public lacked trust in the banking system during the Great Depression, the life insurance industry may find itself with a similarly catastrophic problem if we don’t mitigate future security threats and rebuild trust. It is up to us to help life and protection companies find the right balance of communication and transparency with customers to put minds at ease and instill confidence that their chosen insurer practices good cyber hygiene.
Using fit-to-purpose solutions, insurers need to overcome the trust deficit and gain consumer confidence. Customers deserve peace of mind that their selected insurer diligently upholds best practices when it comes to their sensitive data and end-of-life asset management. It is important to assess your current security controls, define protocols for your organization and optimize your security framework. And not to forget - regularly assess the effectiveness of your security controls to identify any gaps or weaknesses.
