Industry Insight: Aon’s Jack Sanford, a cyber security analyst, explains how human centric approach to data and cybersecurity will future proof your organisation against the growing threats in insurance.
We all know that information security is important, but home-based working and a wider sense of uncertainty in the insurance environment has led to law enforcement agencies and IT analysts alike warning of a serious and immediate problem, says Jack of Aon.
Without a shadow of a doubt, IT security has become one of the critical issues in business across the board. It doesn’t help that there is a global skills shortage. Indeed, IT security has a zero per cent unemployment figure. Last year the International Information System Security Certification Consortium said “the cybersecurity skills shortage is expected to result in 3.5 million unfilled positions by 2021”. Meanwhile, attacks are on the rise: in 2017 Cisco reported that ransomware was growing at a yearly rate of 350 per cent.
Today there are particular challenges: the novel coronavirus pandemic has driven many office-based enterprises, including insurers, to implement and intensify home-working programmes—in many cases by government dictate. As a result, key workers are now working in atypical environments, some even using domestic equipment. Unsurprisingly, this has become a bonanza for criminals.
The FBI in the United States has said complaints about attacks have risen 400 per cent, from 1,000 to 4,000 daily, while Britain’s National Fraud Intelligence Bureau reported an identical percentage increase. In August, Interpol said the rise in attempted attacks between January and April was “alarming”. EU police body Europol has also warned that the long term outlook is bleak, with straitened circumstances making crime a more attractive option.
But today there is more going on than a change in working practices. In the end, the introduction of any new technology brings with it a new series of questions about security and, more widely, compliance.
The good news is that IT security is something that can be met with a proactive approach. Rather than focussing on technologies, be they virtual private networks (VPNs) or firewalls, a focus on policy will reveal the correct solutions. Devices should be secured according to business need and best practices, while staff should be trained to understand the risk environment in which they are working—something that should be a natural fit for insurance professionals.
Moving to cloud-based IT systems can help, and managed security services are there to help insurers keep things compliant, but the real goal is to think in terms of the data rather than the technology that rings it.
Developing a compliance policy means that insurers can define the playing field for collaborators and partners, and ensure that partners themselves remain compliant. Indeed, this is more important than the technology itself: the technical solutions should be led by a coherent and data-centric policy and followed-up by appropriate training ensuring human factors are at the centre. Having a human-centric approach means recognising that not only are insurers dealing in human data, but also that people are the main source of breaches in the first place, whether maliciously or not.
A well-developed policy should also be extended out to partner organisations, including suppliers, who should be able to demonstrate their ability to comply with relevant cybersecurity legislation and be able to support insurers as they transition to any new technology. That way, real partnership can be developed from the ground up, ensuring that all parties are working toward the same goals.
To keep one step ahead and make compliance work for you, continue your journey with the CUO’s Guide to Industry 5.0, Ebook series. Click the banner below for part 2: Leading Compliance.