Return of the Guru

As Enterprises Snooze, Data Attacks Focus on Financial Services

Ara Trembly
Insurance Experts' Forum, August 3, 2010

For some years now, I have been blowing my somewhat lonely horn about the poor state of data security in the insurance and financial services industries. To be sure, there have been attacks on our industry’s enterprises—some of them very costly—yet we don’t seem to have felt the pain acutely enough to make security an industry-wide priority. “Sure, it happened to someone else, but it won’t happen here,” some loopy-brained supporters of non-action have insisted.

Now a letter from David Jevans, CEO of IronKey, to his company’s customers has again shed light on this situation, and has found that the tide of crime is turning ominously in the direction of financial services. “The first half of 2010 illustrated that security threats against our data, applications and networks continue to grow,” his letter states. “As an industry, we are seeing ever more data breach notifications, where unencrypted data is lost or stolen.

“Attacks are often financially motivated, and the criminals have begun to focus their energies on the online banking services that serve companies, both small and large,” he continues. “Financial malware, such as the Zeus trojan, is being used to infect the computers of finance professionals in small, medium and large-sized companies. The criminals then use these infected computers to break into company online bank accounts, and fraudulently transfer funds out of these accounts.”

Are you a finance professional—or do you work with one? If so, perhaps you would do well to warn such persons about the increasing number of criminal attacks aimed squarely at their companies’ cyber vaults. Then again, a warning can only do so much. Preparedness—in the forms of better security technology and tighter controls on personnel who interact with technology—would seem to make sense.

It was easier to look the other way when cyber attacks weren’t being reported so close to home for insurers, agents and other financial services entities, but the crosshairs have been moved, and if you’re feeling a strange tingling in the back of your neck, it may be that some crook is about to pull the trigger that will deliver to him the information in your minimally protected systems.

I wonder how long our experts and pundits will continue to drone the “it can’t happen here” mantra. I wonder how much longer we will continue to swallow the idea that data security is a minor annoyance and not a major issue. I really am starting to believe that some insurers, whether they admit it or not, are just looking at cyber-crime as a cost of doing business, and are building certain losses into their budget projections to begin with. If that is happening, I wonder what formulae they are using to predict just how much will be stolen over any period of time.

There was a time when I believed that all it would take would be one or two highly publicized breaches for this industry to wake up and get serious about security. Experience has taught me, however, that it is much more likely that we will allow these criminal leeches to drain our blood slowly—perhaps until we reach the point where we have neither the will nor the resources to resist.

“Our applications and networks are under attack from ever more sophisticated adversaries,” Jevans says. “The Aurora attacks against numerous large companies, including Google and Adobe, showed that cyber criminals are creating more sophisticated malware, and are coordinating their attacks in order to penetrate the defenses of companies who have the most well informed IT security departments.”

But we really don’t want to acknowledge the possibility that things are getting that bad. It’s just too icky!

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Boosting Performance with Integrated Underwriting Tools

A unified, comprehensive platform can help underwriters perform their jobs more efficiently — and profitably.

Apple's Way: Succeeding in the Enterprise Without Even Trying - Part 3

Today's data centers are doing far more with much smaller footprints.

Apply Mindfulness to Leadership

Managers can benefit from applying this theory both to their career aspirations as well as to interactions and expectations of staff.

Opinion: Halbig Decision Creates New Level of Uncertainty for Obamacare

Time will tell if the Halbig decision remains viable. But in the meantime, a new level of uncertainty has been injected into the process.

CIOs: "We Don't Have Enough People to Run Our Mainframes"

Insurers will be competing with other industries for both legacy and “new IT" talent.

4 Ways to Keep Insurance Data Quality Healthy

Continually building trust and credibility in the data is the key to a successful data warehouse.