Cybersecurity In The Insurance Sector, What Are The Challenges?

The latest cyberattacks suffered by major companies in the insurance sector have revealed the weakness of their digital protection systems. These attacks, increasingly sophisticated and designed with a specific objective, cause significant economic, reputational, or confidential information losses for insurers.

According to different studies, cybersecurity risk has been growing in recent years, placing itself in the top 10 risks of insurance companies, even above risks as delicate as operational risk or credit risk.

Given the nature of this sector, the challenges that arise are very varied, since B2C and B2B business, multiproduct and multi-sector tend to coexist, with the addition of the distributed nature of the offices, be they management, direct customer service, or through specialized agents.

Facing The Challenge Of Teleworking

The implementation of telework as a long-term operation means facing all the threats that derive from this type of non-face-to-face work. In addition to having to have enough tools without having a negative impact on work, such as a fall in telecommunications, companies must be prepared for possible threats in the market.

Working from home means that the employee can use his personal computer instead of the corporate computer, in addition to connecting to the home network. This fact can be a risk, since you may have outdated versions of Windows patches or antivirus, and operating systems that in certain cases were no longer supported in January 2020, which further aggravates the threat.

Impact On Client And User

From the insurance sector there is great concern about these threats. In fact, some companies have already been widely affected by attacks, while many of them have already been investing in different resources to avoid this type of situation.

Those that offer direct health services to clients are of special risk, due to the general impact of health data and the specific impact derived from the pandemic situation. In this case, we would not only be talking about a loss of data, but also a delay in performing medical tests that could be of high importance.

Finally, it is important to note that a high-impact cyberattack, even against a specific insurer, calls into question the digital confidence of citizens with respect to all of them when consuming services in this sector.

A Good Defense Is The Best Attack

From every we recommend a series of essential actions to minimize these risks:

• It is essential to have a security awareness program for all employees since the attacks that occur are directed at any user in any area or department. Strengthening this component is very necessary to deal with these types of threats.

• Understand the security perimeter in a broad sense, so that suppliers, external agents, customer service offices, etc. are covered with adequate protection measures for the specific risks of each of these. It deserves special attention regarding B2C health products, which are usually delivered in person at direct service offices and which implies taking into account a minimum-security infrastructure, local backups, specific training, among other actions.

• Having the latest updates for antivirus, firewalls, operating systems, and having the tools to intercept a possible attack is crucial to be able to maintain the survival of a company.
• Have tools for monitoring, recovery, and response to incidents, as well as a tested and effective business continuity plan, in order to be able to act in crisis situations. The attacks are increasingly devastating, so achieving a high degree of resilience in terms of IT infrastructure is one of the keys to successfully survive any incident of these characteristics.

In conclusion, we can affirm that zero risks in cybersecurity do not exist, although if measures and actions are taken in time, the probability that an attack will be successful can be reduced in consideration.