Return of the Guru

As Enterprises Snooze, Data Attacks Focus on Financial Services

Ara Trembly
Insurance Experts' Forum, August 3, 2010

For some years now, I have been blowing my somewhat lonely horn about the poor state of data security in the insurance and financial services industries. To be sure, there have been attacks on our industry’s enterprises—some of them very costly—yet we don’t seem to have felt the pain acutely enough to make security an industry-wide priority. “Sure, it happened to someone else, but it won’t happen here,” some loopy-brained supporters of non-action have insisted.

Now a letter from David Jevans, CEO of IronKey, to his company’s customers has again shed light on this situation, and has found that the tide of crime is turning ominously in the direction of financial services. “The first half of 2010 illustrated that security threats against our data, applications and networks continue to grow,” his letter states. “As an industry, we are seeing ever more data breach notifications, where unencrypted data is lost or stolen.

“Attacks are often financially motivated, and the criminals have begun to focus their energies on the online banking services that serve companies, both small and large,” he continues. “Financial malware, such as the Zeus trojan, is being used to infect the computers of finance professionals in small, medium and large-sized companies. The criminals then use these infected computers to break into company online bank accounts, and fraudulently transfer funds out of these accounts.”

Are you a finance professional—or do you work with one? If so, perhaps you would do well to warn such persons about the increasing number of criminal attacks aimed squarely at their companies’ cyber vaults. Then again, a warning can only do so much. Preparedness—in the forms of better security technology and tighter controls on personnel who interact with technology—would seem to make sense.

It was easier to look the other way when cyber attacks weren’t being reported so close to home for insurers, agents and other financial services entities, but the crosshairs have been moved, and if you’re feeling a strange tingling in the back of your neck, it may be that some crook is about to pull the trigger that will deliver to him the information in your minimally protected systems.

I wonder how long our experts and pundits will continue to drone the “it can’t happen here” mantra. I wonder how much longer we will continue to swallow the idea that data security is a minor annoyance and not a major issue. I really am starting to believe that some insurers, whether they admit it or not, are just looking at cyber-crime as a cost of doing business, and are building certain losses into their budget projections to begin with. If that is happening, I wonder what formulae they are using to predict just how much will be stolen over any period of time.

There was a time when I believed that all it would take would be one or two highly publicized breaches for this industry to wake up and get serious about security. Experience has taught me, however, that it is much more likely that we will allow these criminal leeches to drain our blood slowly—perhaps until we reach the point where we have neither the will nor the resources to resist.

“Our applications and networks are under attack from ever more sophisticated adversaries,” Jevans says. “The Aurora attacks against numerous large companies, including Google and Adobe, showed that cyber criminals are creating more sophisticated malware, and are coordinating their attacks in order to penetrate the defenses of companies who have the most well informed IT security departments.”

But we really don’t want to acknowledge the possibility that things are getting that bad. It’s just too icky!

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The Apple Bounce: Are Wearables Truly this Big?

I just donít believe it; only 720,000 Androidwear watches were sold in 2014. Apple has been amazingly successful in so many markets. Were they always first? No, a lot of products before. Were they always best? Again, no, superior devices have fallen.

Ten Stats About Social, Mobile, Analytics, Big Data, Cloud and Digital

Deployment rates have grown in the year since Novaricaís last study on these topics.

How Quote Data Can Deliver Powerful Business Insights

Quote data often is disregarded due to its volume, but properly managed can offer insights into product and pricing strategy, expense control, cross selling and upselling.

Trends in P&C and L/H/A Policy Administration Systems

Novarica research shows that nearly 40 percent of P&C and life/health/annuity carriers are currently replacing or planning to replace a policy administration system.

Product Configurators: Moving Insurers toward Self-Sufficiency

Insurers may like a vendorís full service model for updating policy content rules, but they donít want to be held captive if the vendor doesnít offer fast speed-to-market.

Insurers: Let's Be The Best

I donít like when insurance companies are hectored by people inside or outside of the industry about how they arenít innovative. Many insurers are leading the way in gleaning real results from emerging technology disciplines, including big data, analytics, mobile technology, and telematics.