Based on different studies, cybersecurity risks have continued to increase in recent years, ranking in the top 10 of insurance company risks, even above such delicate risks as operational and credit risks.
Given the nature of this sector, the challenges they face are highly diverse, as they tend to integrate B2C and B2B businesses, multi-product and multi-sector, with the added distributed nature of offices, whether they are for management, direct customer service, or via specialized agents.
The teleworking challenge
The implementation of teleworking as a long-term business decision entails having to deal with all the threats that come from this type of remote working style. In addition to the need to have enough tools without this negatively impacting work, such as telecom cuts, companies must also be prepared for possible threats on the market.
Working from home means that employees can use their own personal computers, instead of corporate devices, as well as connecting to their home networks. These facts can involve risk, as employees may have outdated versions of patches for Windows or their antivirus, as well as operating systems, which in some cases stopped receiving support in January 2020, exacerbating the threat even more.
Impact on customers and users
The insurance sector is deeply concerned about these threats. Indeed, some companies have already been extensively infiltrated by attacks, while many others have already been investing in different resources to prevent these types of situations.
Insurers that offer direct health services to customers have special risks, due to the general impact of medical records and the specific risk stemming from the pandemic. In this case, we would not only be speaking of data losses, but also delays in conducting medical tests that could be extremely important.
Lastly, it is important to mention that a high-impact cyberattack, even when it is launched against a specific insurance company, makes citizens question their digital trust towards all insurers when consuming services in this sector.
A good defense is the best attack
At everis, we recommend a series of essential actions to minimize these risks:
- It is fundamental to have a program to raise all employees’ awareness about security, as the attacks can be directed at any user in any division or department. Strengthening this component is very necessary to handle these types of threats.
- Understanding the security perimeter in its broadest sense, so that it encompasses all providers, outside agents, customer service offices, and so forth, ensuring they have suitable protection for the specific risks inherent to each of them. B2C health products merit special mention and tend to be delivered personally to direct service offices, which entails bearing in mind a minimum security infrastructure, local backups and specific training, among other actions.
- Having the latest updates for antiviruses, firewalls and operating systems, as well as the most recent version of tools that intercept possible attacks, is crucial to ensure a company’s survival.
- Having incident monitoring, recovery and response tools, as well as a tested and effective business continuity plan, for reacting to a crisis situation. Attacks have grown increasingly more devastating, so attaining high resilience levels for IT infrastructures is one of the keys to successfully survive any incident with these characteristics.
In summary, we can state that zero risk in cybersecurity simply does not exist, although if timely measures and actions are taken, the possibility of an attack being successful can be considerably reduced.