Enterprising Developments

Data Security Should be in Insurers' DNA

Joe McKendrick
Insurance Experts' Forum, November 20, 2013

For insurers, data security should be a natural – because insurers are in the business of risk management, and that's what security is all about.

That's the view of Martin Frappolli, CPCU, senior director of knowledge resources at The Institutes. As part of my work on the latest security report, now available in the November issue of Insurance Networking News, I had the opportunity to chat with Frappolli about data security in the insurance industry.

“Insurers probably have a lead on other industries in looking at data security risks from an enterprise risk management point of view,” he says. For example, The Institutes, which provides continuing education for insurance professionals, has a comprehensive risk management program for insurance professionals that covers information security. “There’s an entire discipline to measuring threats to an organization, and allocating resources to manage those risks,” says Frappolli. “Any insurance organization looking at that security from that perspective has a leg up right off the bat.”

However, just as the shoemaker's children had to run around in bare feet, insurance companies' own data assets often are at risk, Frappolli continues. “The risk is the old-fashioned approaches companies take, looking at security as an IT issue, and thinking the IT folks will be taking care of things.”

This is where many organizations need to up their game, he says – “enterprise risk management is no longer just a specialized area that goes in an enterprise risk management book, or a book that focuses on information technology. Data management and security is an important topic to everybody within the organization.”

If an insurance company lets security fall through the cracks, there may be implications beyond what a typical company in another industry may face, especially in terms of reputational risk. The insurance industry is built on trust, and if that trust goes away, so does business. “If you are an insured, the insurer has some sensitive information about you – especially in those sort of coverages that require a lot of personal information to get to your coverage and rates,” Frappolli says. Then once you become a claimant, and especially if you have a medical claim, be it automobile, workers comp, or other, then all of a sudden the insurer really possesses a lot of sensitive information about you. So an insurer's reputation is absolutely on the line to safeguard that as closely as possible.”

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Data Governance in Insurance Carriers

As the insurance industry moves into a more data-centric world, data governance becomes more critical for ensuring the data is consistent, reliable and usable for analysis.

Fear This

Just days before this Issue, which contains our security cover story, went to press, we got some interesting news: 1.2 billion unique usernames and passwords and 542 million email addresses were reportedly stolen from 420,000 websites, according to The New York Times. The websites ranged from Fortune 500 companies down to small online retailers.

Should You Back Up Enterprise Data to the Cloud?

Six questions that need to be asked before signing on with an outside service.

Modernizing Information Management

While better reporting and actuarial analysis help to support financial decisions, improved analytics and decision making greatly assist the rest of the organization.

5 Strategies to Change the Game

Allstate's director of technology and operations says disruptive innovation has the power to completely change industries — ours included.

Strategic Planning: Here and Now

Insurers’ annual strategic planning efforts can benefit from an infusion of tactical reality.