Return of the Guru

As Enterprises Snooze, Data Attacks Focus on Financial Services

Ara Trembly
Insurance Experts' Forum, August 3, 2010

For some years now, I have been blowing my somewhat lonely horn about the poor state of data security in the insurance and financial services industries. To be sure, there have been attacks on our industry’s enterprises—some of them very costly—yet we don’t seem to have felt the pain acutely enough to make security an industry-wide priority. “Sure, it happened to someone else, but it won’t happen here,” some loopy-brained supporters of non-action have insisted.

Now a letter from David Jevans, CEO of IronKey, to his company’s customers has again shed light on this situation, and has found that the tide of crime is turning ominously in the direction of financial services. “The first half of 2010 illustrated that security threats against our data, applications and networks continue to grow,” his letter states. “As an industry, we are seeing ever more data breach notifications, where unencrypted data is lost or stolen.

“Attacks are often financially motivated, and the criminals have begun to focus their energies on the online banking services that serve companies, both small and large,” he continues. “Financial malware, such as the Zeus trojan, is being used to infect the computers of finance professionals in small, medium and large-sized companies. The criminals then use these infected computers to break into company online bank accounts, and fraudulently transfer funds out of these accounts.”

Are you a finance professional—or do you work with one? If so, perhaps you would do well to warn such persons about the increasing number of criminal attacks aimed squarely at their companies’ cyber vaults. Then again, a warning can only do so much. Preparedness—in the forms of better security technology and tighter controls on personnel who interact with technology—would seem to make sense.

It was easier to look the other way when cyber attacks weren’t being reported so close to home for insurers, agents and other financial services entities, but the crosshairs have been moved, and if you’re feeling a strange tingling in the back of your neck, it may be that some crook is about to pull the trigger that will deliver to him the information in your minimally protected systems.

I wonder how long our experts and pundits will continue to drone the “it can’t happen here” mantra. I wonder how much longer we will continue to swallow the idea that data security is a minor annoyance and not a major issue. I really am starting to believe that some insurers, whether they admit it or not, are just looking at cyber-crime as a cost of doing business, and are building certain losses into their budget projections to begin with. If that is happening, I wonder what formulae they are using to predict just how much will be stolen over any period of time.

There was a time when I believed that all it would take would be one or two highly publicized breaches for this industry to wake up and get serious about security. Experience has taught me, however, that it is much more likely that we will allow these criminal leeches to drain our blood slowly—perhaps until we reach the point where we have neither the will nor the resources to resist.

“Our applications and networks are under attack from ever more sophisticated adversaries,” Jevans says. “The Aurora attacks against numerous large companies, including Google and Adobe, showed that cyber criminals are creating more sophisticated malware, and are coordinating their attacks in order to penetrate the defenses of companies who have the most well informed IT security departments.”

But we really don’t want to acknowledge the possibility that things are getting that bad. It’s just too icky!

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The 5 "I"s of Underwriting Innovation

Underwriting has come a long way in a short time thanks to data and analytics.

Insurers are Losing the Customer Satisfaction Battle – Can Social Media Help or Hurt?

GEICO and Progressive suffered the largest individual carrier dips in satisfaction, according to the ACSI report.

Claims Transformation: Modernization Is Just the Beginning

Claims transformation is bigger than modernization, encompassing changes to the entire claims business model and philosophy rather than simply the day-to-day processes of claims operations.

Why Insurers are Leading on Data and Analytics

A State Street survey finds insurance companies are more likely to be further along in becoming “data innovators” than their financial services counterparts.

Driverless Cars: Unintended Consequences for Insurers to Watch

When bad or unexpected or unusual things happen, the computer gives up control and hands it back to the now woefully unprepared occupant.

The Other Auto Insurance Telematics Shoe Drops

Progressive's decision to charge Snapshot drivers more if their driving data indicates higher risk has started the industry down a road of data-driven adverse selection.