Follow Us
ITA MEMBERSHIP

RISK / SECURITY

RISK / SECURITY

You’ve Been Hacked: Few Surprises in Cybersecurity Study

Robert Regis Hyle | April 21, 2015

When Janeen Blanton asked the audience at a session of ITA LIVE last week to guess the number of insurance carriers where Salient Commercial Solutions had discovered vulnerabilities among the 10 that volunteered to be ethically hacked by Salient, there was nervous laughter in the room as several in the audience guessed the answer was probably all 10 companies.

Ten was the correct answer, which shouldn’t surprise anyone, but should nonetheless be a cause of concern for each of us. All 10 had what Blanton characterized as moderate vulnerabilities, nine had minor vulnerabilities, and eight had critical vulnerabilities, according to Blanton, vice president of Salient’s commercial operations.

Her co-panelist at the session, Thomas Dunbar, chief information risk officer, reminded the audience of insurance executives something they surely must be tired of hearing (but often refuse to accept), “It is no longer if you will be attacked, it’s when you will be attacked; no matter how good your security program is.”

That surely must be disheartening to corporate risk officers because there is no guarantee that the amount of time and money being invested to protect their data, a sizeable amount for most carriers—it still might not be enough to get the job done.

The best most companies can ask for are minor vulnerabilities, but even those minor issues eventually reach major problems if the holes that are exposed are left open for others to find and flaunt. That is why both Blanton and Dunbar encouraged the industry to continually test for vulnerabilities.

The other point that IT leaders need to stress is that while cybersecurity often falls under the discretion of the IT department, it is not simply a technology issue. Cybersecurity is the responsibility of the risk management team because exposures often result from sloppy data handling from people working within the business units.

Like anything in life, there are two ways of doing things—the easy way and the hard way. The hard way in data security means removing names and other personal information from the data before it is used for analytics, explained Dunbar. It is a step that could avoid major embarrassment for your company someday.

 

 


Featured articles

test

ELECTRONIC CHAT

The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.

  • Electronic Chat: Ken Mitchel

    Robert Regis Hyle

    I would say that data mining technologies are under-used for most small to mid-size insurance entities, likely because it is such a large undertaking... READ MORE

ITA LIVE 2019

The tide is up! It's time to register for ITA LIVE 2019, our annual educational and networking conference! Our theme is "The InsurTech Revolution: Cutting Through the Hype." and we'll be bringing in a torrent of industry thought leaders, amazing insight and wonderful perspectives on the world of insurtech and its impact on the insurance landscape.

ITA LIVE 2019 will present real-life examples of true startup technologies that are helping insurers gain real advantage -- and a competitive edge -- in the marketplace. We’ll highlight the more successful InsurTech partnerships, while offering case studies that demonstrate exciting innovation and cutting-edge techniques impacting all aspects of the insurance ecosystem.

Ride the wave to LIVE 2019. Sign up today! We look forward to seeing you in May, 2019!

BLOGS AND COLUMNS

only online

Only Online Archive

ITA Pro Buyers' Guide

Vendor Views

Partner News