As a result of technological advances, our data is out of our control.
While digitization is undeniably improving the way we live and work, it also places our personal data out of our control. The insurance sector has unique access to customer data, including payment information, personally identifying information, health history, and personal property, making insurance businesses an ideal target for attackers. When looking to improve your data security, whether you’re a retail broker, MGA, or carrier, it’s important to keep in mind the potential impact, compliance concerns, and the way your business serves customers.
Data breaches can devastate businesses and their impacted customers, causing deep financial repercussions. In their annual Cost of a Data Breach report, IBM found that the average data breach cost $3.9 million in damages last year. Even more startling? These costs rapidly escalate when looking at breaches in healthcare and financial services, with average costs as high as $6.45 million. These costs aren’t isolated to a single incident, either—the report found that as much as two-thirds of the overall financial impact occurs after the first year.
In the insurance sector, notable breaches occur frequently because of the unique data insurance providers are able to access. In 2014, health insurance carrier Anthem experienced an attack qualifying as a “megabreach,” compromising 78.8 million policyholder and employee records. So far in 2020, there has already been a data breach of a government health insurance marketplace, Access CT, compromising 1,100 records so far with potentially greater impact to be determined.
Beyond the financial impact on your business, there’s potential risk to your reputation and ongoing viability. Even if only a few records are compromised, your business is required to notify consumers of the impact and spread of the data breach in order to comply with regulations. Customers can understandably become concerned about the future security of their data, even if the breach didn’t impact them this time. This mistrust can drive them to seek out new insurance from one of your competitors to prevent future data loss and safeguard their privacy.
In response to widespread data breaches and misuse of customer data, regulations are being implemented around the world to improve security and make users aware of their rights concerning their data. These regulations aren’t restricted to insurance, but extend to all businesses with a digital presence (which, in 2020, is virtually all businesses). You may have noticed, in the last year or so, more and more sites including a pop-up alert asking for permission to use cookies—this is a new requirement of websites to comply with recent data privacy regulations.
The General Data Protection Act (GDPR) in the European Union and California Consumer Privacy Act (CCPA) are two recent regulations that provide specific rules for how consumer data is handled and how businesses are required to respond to breaches. These regulations, while region-specific, cover two of the world’s major technology hubs, and are serving as road maps for similar regulations in various states and countries worldwide. They all share the same goal—to protect consumer rights and ensure data privacy, while penalizing data misuse and negligence that contributes to data breaches.
Data privacy regulations have specific requirements for data breach notification and financial compensation that must be awarded to each consumer impacted by a data breach, which can be devastating to smaller insurance carriers and brokers. These regulations also come with fines for noncompliance, making it critical to implement the appropriate security measures even if you’ve never experienced a breach.
Risk management is the backbone of insurance, and cybersecurity best practices fall in line with these ideas. Like most risk management practices, the best place to begin is by carefully inspecting and auditing current processes. Identifying potential security gaps in existing processes, tools, and communication channels can help you stop breaches before they happen. Email and manual processes leave room for errors that can create security vulnerabilities. Simple mistakes like sending unencrypted files via email, storing customer data on a local drive, or leaving a document on a printer in a common space can lead to data being compromised.
InsurTech innovations often offer improved security when compared to work done on local PCs in the office. Certificate storage and delivery, for example, can take place in an entirely cloud-based environment, with blockchain measures installed to prevent alteration, and data encryption in place to protect certificates from outside interference during transmission. Transactions and account management can also be conducted in a secure, cloud-based environment, such as QBIS, with the ability to automate certain tasks to remove the potential for error.
In addition to securing your own customer data, if you offer commercial P&C coverage, your customers are likely also looking for ways to protect their business in the event of a data breach. There’s been a steady rise in interest in cybersecurity and data breach policies, especially among privately-held small- to medium-sized businesses (SMBs). While most media coverage surrounding data breaches speaks to damages in the millions of dollars impacting enterprises, smaller businesses are typically at the highest risk for data breaches and are more likely to feel their impact.
If you haven’t offered data breach insurance to your commercial lines customers previously, you may wish to consider doing so. It can be a high revenue line of business that offers great value to your customers. That said, data breach insurance requires a specific set of inspections and criteria to determine coverage levels necessary, and it can be difficult to implement this service as part of your overall offerings. Working with an insurance BPO partner can help you establish the processes to make data breach insurance available to your commercial lines customers.
You are your own best advocate when it comes to cybersecurity and protecting customer data. It’s up to insurance business leaders to educate employees about the potential impact of data breaches, ensure that processes are secure, and implement tools and communication channels that help protect customer data. Luckily, you don’t have to do it alone. With Patra as a partner for InsurTech, insurance processing, and certificate delivery, you can rest assured that your BPO partner is working with the latest security innovations and total awareness of the space.
About Patra
Patra is a leading provider of technology-enabled outsourcing services and software solutions to the insurance industry. Patra powers insurance processes by optimizing the application of people and technology, supporting insurance organizations as they sell, deliver, and manage policies and customers through our PatraOne platform. Patra’s global team of over 6,500 process executives in geopolitically stable and democratic countries that protect data allows agencies/brokerages, MGAs, wholesalers, and carriers to capture the Patra Advantage – profitable growth and organizational value.