Return of the Guru

Data Security: There Really is a Monster Under the Bed

Ara Trembly
Insurance Experts' Forum, June 14, 2010

When I was a little kid, my annoying older brother used to warn me about the monster hiding under my bed—you know, the kind that only comes out at night and gobbles up frightened little boys. As a result, I don’t think I ever looked under there, even in the daylight (and it amazed me that my mom would actually get under there to clean!).  

Anyway, the idea was that if I didn’t look under the bed, the monster wouldn’t know I was there and thus would not serve me up as its latest culinary delight. And you know, this particular form of avoidance worked well, because—as you probably guessed—I never did have an encounter with that monster.

It occurred to me during the recent IASA Educational Conference and Business Show, however, that the insurance industry is practicing its own form of avoidance—or outright denial—when it comes to Internet security. I attended several sessions where this topic should at least have been part of the conversation, but on the rare occasion it came up, it was quickly whisked aside.

In the IT Town Hall in particular, when the conversation turned to social media in insurance, not one of the experts on the panel said a word about the security risks involved with allowing links from one’s enterprise to the vast networks of social media sites with which most of us are familiar. When I finally brought up the question, I was told that it was no big deal, and that insurance would deal with social-media-related vulnerabilities the same way it has dealt with other vulnerabilities.

Of course, to me that meant that insurance will not deal well with such threats, since our industry has seen attacks just like any other and hasn’t been particularly proactive in addressing them. In my own IASA session that focused on social media for insurance, several panel members did acknowledge the growing threat of cyber-crime, and it was clear that several of the insurers present were reluctant to fully embrace social media due to these insecurities and to associated legal vulnerabilities. This little bit of practicality gives me hope for our industry.

My point, quite simply, is that when it comes to the threat of attack via the Internet, there really is a monster under the bed—and he’s hoping you won’t look, because then he can keep doing more and more damage. I can understand that this is an unpleasant topic and we really all wish it would go away—kind of like the monster when the sun rises.  I can also understand that most of our companies probably won’t be victimized. The few who are hit, however, face huge costs to repair and replace systems—not to mention fines, possible lawsuits and loss of the public’s confidence.

Constant attention to this threat is step No. 1 in due diligence. Let’s not ignore it simply because we don’t like the thought of it.

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (2)

I have to agree with Ara that security seems to be a low-priority issue with most insurers. IASA championed a solid panel on security that included an indusrty analyst, a representrative from a security vendor and the chief security offcier from a software vendor, in addition to an insurance company CIO. Attendance was somewhat light.

This relatively low level of attention to security is unfortunate, and could ultimately prove costly. A lot of work is going to be needed to deal with the ever-increasing security threats and the tightening audit requirements (think Model Audit Rule). I wonder if teh industry is going to be ready.

Posted by: don.goodenow | June 18, 2010 2:23 PM

Report this Comment

While data security is a big issue for all parties in the industry, agents might face even bigger risks.

While breaches from external threats are very real, most client information breaches are as a result of employee actions. Most agencies have no plan for dealing with a data breach when it occurs. Add to that the increasing E&O exposure for not informing their clients they could have purchased Network Security & Data Breach insurance and that monster under the bed could be all too real.

A Utah agency was recently sued for being "careless, negligent and made various negligent misrepresentations about Perpetual's insurance coverage from Colorado Casualty."

See for details.

Posted by: imported-name i | June 18, 2010 10:40 AM

Report this Comment

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

In the Big Data Era, Storage is More than 'Just' Hardware

For on-premises needs, the latest technologies, including flash, solid state drives, and in-memory computing offer new ways to provide rapid access to new data.

Core Transformation – The Ultimate Balancing Act

The core transformation journey requires companies to shift from reactive to proactive business models, incorporating maturing and emerging technologies, customizing and personalizing products, and accelerating speed to market while providing improved customer service.

Wearables Poised to Reshape Insurer-Insured Relationship

Boosted by the impending release of the Apple Watch, wearable devices have received a fair amount of attention recently Ė and with good reason. This emergent technology has the potential to alter the way the health insurance industry operates on a fundamental level.

Despite Valiant Efforts, Insurers' Consumer Ratings Drop

Insurers also are confronting waves of disruptive changes, including big data analytics, an aging population, ongoing economic uncertainty and the growing frequency and severity of natural disasters, which threaten to challenge and undermine businesses.

Why You Can't Take a Wrecking Ball to Your Legacy System

If you think of enterprises like collections of neighborhoods that need to be nurtured, you quickly see that architecture, not obliteration, is the key.

The Apple Bounce: Are Wearables Truly this Big?

I just donít believe it; only 720,000 Androidwear watches were sold in 2014. Apple has been amazingly successful in so many markets. Were they always first? No, a lot of products before. Were they always best? Again, no, superior devices have fallen.