You’ve Been Hacked: Few Surprises in Cybersecurity Study
Robert Regis Hyle | April 21, 2015
When Janeen Blanton asked the audience at a session of ITA LIVE last week to guess the number of insurance carriers where Salient Commercial Solutions had discovered vulnerabilities among the 10 that volunteered to be ethically hacked by Salient, there was nervous laughter in the room as several in the audience guessed the answer was probably all 10 companies.
Ten was the correct answer, which shouldn’t surprise anyone, but should nonetheless be a cause of concern for each of us. All 10 had what Blanton characterized as moderate vulnerabilities, nine had minor vulnerabilities, and eight had critical vulnerabilities, according to Blanton, vice president of Salient’s commercial operations.
Her co-panelist at the session, Thomas Dunbar, chief information risk officer, reminded the audience of insurance executives something they surely must be tired of hearing (but often refuse to accept), “It is no longer if you will be attacked, it’s when you will be attacked; no matter how good your security program is.”
That surely must be disheartening to corporate risk officers because there is no guarantee that the amount of time and money being invested to protect their data, a sizeable amount for most carriers—it still might not be enough to get the job done.
The best most companies can ask for are minor vulnerabilities, but even those minor issues eventually reach major problems if the holes that are exposed are left open for others to find and flaunt. That is why both Blanton and Dunbar encouraged the industry to continually test for vulnerabilities.
The other point that IT leaders need to stress is that while cybersecurity often falls under the discretion of the IT department, it is not simply a technology issue. Cybersecurity is the responsibility of the risk management team because exposures often result from sloppy data handling from people working within the business units.
Like anything in life, there are two ways of doing things—the easy way and the hard way. The hard way in data security means removing names and other personal information from the data before it is used for analytics, explained Dunbar. It is a step that could avoid major embarrassment for your company someday.
Featured articles
- The Rapid Evolution of Consumer Protection Regulation
- Talent Hunt: Finding, Attracting, Retaining Top People
- Insurers Flexing Their Distribution Models
- Technology Driving Disruption in Insurance
- Fear of ‘Next Bubble’ Challenges Life, Annuity Carriers
- Technology Allows Commercial Lines Insurers to Stand Out
- Single Sign-on Viewed as Biggest Tech Challenge for Agencies
- ISCS Observes 20th Anniversary; Scurto Predicts Major Changes Ahead
- Policyholders and Their First Impressions
- Progressive Making Progress on the UBI Front
- High and Dry: Insurers Search for Disaster Recovery Plans
- Insurers Sign The (Un)Dotted Line
- Reflections of a Retired Insurance CIO
- Mobile Device Management Just One Answer to BYOD Issue
- Lessons from GEICO and Progressive on Winning the Critical Buying Stage
- You Are a Target for a Cyber Attack
- Web-based Systems are the Next Evolution in Claims Technology
- Gaining a “Wow” Experience from Web Users
- Time to Shift from Business/IT Alignment to Business/IT Alliance
- Healthcare Insurers Changing to Consumer Model
- Organization is the Key for Selecting Software Vendors
- Analysts Expound on the Needs of the Mid-tier Insurance Market
- Finding the Cure for Obamacare’s Website
- New Software Solutions Benefit Insurers on the Inside and Outside
- Products, Market Impede Investment in Systems for Life Insurers
- Combatting Cyber Threats: Predict, Prevent, Persist
- The Future of Telematics Heads Beyond Insurance
- The Shame in Cyber Security Lapses
- Building Policy Administration Systems for the Future
- Insurers Look Into The Eyes of Their Policyholders
- It’s a New Dawn for the ITA
INSURANCE IT NEWS
- Few Surprises in Cybersecurity for Insurers
- Few Surprises in Cybersecurity for Insurers
- ITA Pro Weekly, January 20, 2016
- Verisk Releases Cyber Exposure Data Standard for Insurance
- British Insurer Selects Guidewire Core Systems
- Nationwide Private Client Expands into New States with ISCS Solution
- Majesco, Appulate Announce Strategic Partnership
- Boston Mutual Partners with Onyx Data Solutions
ELECTRONIC CHAT
The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.
-
Electronic Chat: Ken Mitchel
Robert Regis Hyle
I would say that data mining technologies are under-used for most small to mid-size insurance entities, likely because it is such a large undertaking... READ MORE
WEB EVENTS
ITA is pleased to present the 2014 Webinar Series. We have many topics for you to choose from and attendance is open to all ITA members. The webinar topics are current and exciting — ranging from predictive analytics to telematics and will focus on the direction insurance carriers need to follow for the future. All webinars are presented by insurance IT professionals along with some of the leading analysts and consultants in the field. There is no cost to attend an ITA webinar. For more information and to register for the webinar, click the “title” of the webinar below.
BLOGS AND COLUMNS
-
Insurers Have to Meet or Exceed Customer Expectations
Frank Petersmark
Insurance carriers interested in meeting or exceeding their customer’s expectations regarding mobility are looking at a two-pronged approach... READ MORE
-
Technology and Your Grandfather’s Insurance Company
Robert Regis Hyle
Everybody has a wish list and it seems that atop the lists for insurance carriers still operating with legacy systems is the desire to do away with... READ MORE
only online
-
Technology Changes Coming Faster than Ever for Insurers
As Guidewire Software prepares for the start of Connections, its 11th annual user conference that begins on Nov. 2, Brian Desmond, chief marketing... READ MORE
-
‘Change’ Is Not a Word Insurance IT Leaders Should Fear
Strategy Meets Action will hold its annual Summit in Boston on Sept. 14 and the focus for this year is: Becoming the Next-Gen Insurer... READ MORE
-
Transformed Majesco Aims to Leap Over Competition
Starting last fall when the technology company dropped Mastek from its name and became simply Majesco, its mergers and acquisitions, and hirings have... READ MORE
-
Insurers Transform Customer Service Through Digital Innovation
Digital represents a continuous form of disruption to existing or new business models, products, services or experiences enabled by data and... READ MORE
Vendor Views
-
Connectivity Drives New Business in Evolving Benefits Market
In spite of all the arm-flapping and hand-waving stirred by the Affordable Care Act (ACA), the way health insurance is purchased, and employee... READ MORE
- Vendor Views
Partner News
-
Looking Back on a Pivotal Year for Insurance
What we have all experienced the last 12 months in terms of decisions, investments, and developments are vastly different than we have ever seen... READ MORE
- Partner News