The number of security breaches over the last year alone would suggest that insurers have been inconsistent in maintaining IT security levels, – according to Robert Rutherford, CEO of the business and technical consultancy, QuoStar.
Rutherford’s comments come after the British Insurance Brokers’ Association (BIBA) – at its 2016 conference – announced the formation of a cyber committee to help the insurance industry as a whole tackle the vast number of security breaches it is currently facing.
Speaking to Life Insurance International (LII) Rutherford said with 70% of large insurance firms having reported a serious hacking attempt, it is clear that hackers are still capitalising on dated technology, something that has plagued the insurance industry for decades.
‘Barage of attacks’
Rutherford commented: "The insurance industry is notorious for its legacy systems and outdated technology. Due to the richness of data held on aging systems – which not only includes financial and medical data of clients, but also confidential information from the firms themselves – insurers are finding themselves facing a barrage of cyber-attacks on a daily basis."
He cited the US Department of Health and Human Services, as stating that eight of the 10 largest hacks ever recorded in the healthcare industry have happened over the past year, with over 100m health records accessed by fraudsters.
Rutherford says the primary route to a breach is via social engineering of staff.
He says: "Scam emails are a typical route, as demonstrated by the Anthem hack. This can take months of preparation, from setting up a similar domain name, copying email styles and signatures, through to even visiting a firm’s office to gain further information to create a convincing imitation."
Rutherford also calls on insurance firms to note that any device connected to the network can have a weakness.
If a weakness is identified, he explains the vendor of that software will issue a ‘patch’, or update, to fix said weakness, and the cycle continues.
"The risk to an insurance firm lies in the time between the vulnerability being identified, and it being fixed. In order to ensure that this window of opportunity is as small as possible, firms must concentrate on running more frequent cybersecurity checks," says Rutherford.
The full insight and commentary from Robert Rutherford will be available tomorrow on Life Insurance International’s (LII) FREE weekly analysis newsletter and website. Please register below to receive the FREE LII weekly newsletter straight to your inbox. It will take 1 minute to register.