Securing the edges of the insurance enterprise
In a little over a decade, usage-based insurance (UBI) has transformed from an intriguing new pricing gimmick to a must-have option in the product portfolio. Nearly 300 U.S. insurers are now offering some form of UBI, and the number of U.S. policies based on UBI reached 7.1 million in 2016, growing 32 percent in just a year.
Telematics from connected vehicles is just a part of the wealth of data pouring into the insurance industry from a widening array of sources — smartphones, smart watches, smart homes, internet bots, social networks, security cameras, body cameras, health trackers, satellite photos, drones and much more.
This data could support innovative ways to assess and price risk, but many insurers are finding they need to overhaul their existing IT environment, move applications to the cloud and support a burgeoning number of mobile and internet of things (IoT) devices. This technology shift is creating new challenges for securing data and protecting customer privacy on the edges of enterprises.
“As we embrace mobile solutions and rely on connected applications, we’re taking our corporate information assets outside of the traditional enterprise fortress,” notes Todd Pedersen, director of insurance security at DXC Technology. “Instead of a well-defined enterprise network and a sophisticated, layered defense, we now need to focus on the users of the data. For every mobile app launched to support UBI, you’ve created a new network that didn’t exist at most enterprises as recently as two years ago, and you have no control of the endpoints.”
Tips for securing your enterprise:
- Understand your risks. Instead of focusing on all IT systems and endpoints equally, identify your most critical data and examine the security policies that cover that data. Assess current capabilities and gaps, and develop plans to move to a balanced position of risk and innovation.
- Be ready for the next attack. Regular security assessments are key to the success of any security program. Continually assess your ability to detect and respond rapidly. Make sure you have a fully tested response plan in place to mitigate cyber risk. When an incident occurs, all stakeholders, employees and partners should know exactly what they need to do.
- Enlist your employees. Better awareness of good security policies and understanding social engineering threats will increase employee vigilance about phishing attacks and potential data loss. Remember, internal breach-points account for nearly three-fourths of all security incidents. Information access and identity management are critical to knowing who is accessing your data and why.
- Attract and nurture the best talent. Demands for emerging IT skills are constantly growing as enterprises expand their use of cloud infrastructure, mobile apps and the internet of things (IoT). Finding and keeping security talent in these areas is an even bigger challenge, which is why many enterprises have turned to managed security services vendors to add skills and knowledge related to threat intelligence, vulnerability testing, ethical hacking, multifactor identity management, and end-to-end security policy, architecture and orchestration. Identify skills gaps you have today and anticipate how they will change in the future to stay ahead of the cyber criminals.