Tag Archives: cloud

6 Cybersecurity Threats for Insurers

The connectedness of everything – assets, people, business and commerce – has increased the severity and frequency of cyber attacks. The insurance sector faces a bigger threat than most industries because insurers deal with extremely sensitive data. Several insurance companies, such as Premera Blue Cross and Anthem, have experienced significant data breaches over the past years. However, these are not the only insurers affected. A report by Accenture shows that an average insurance company receives over 100 cybersecurity attacks each year, with 30% of the attempts being successful.

As an insurance leader, being aware of the potential cybersecurity threats puts you in a better position to adopt the right prevention measures. Here are the top cybersecurity threats in the insurance sector that you should know.

6 Cybersecurity Threats for Insurance Leaders

1. Cloud Vulnerabilities  

Cloud data access and storage has become a common practice for many people. However, this practice can increase the risk of a data breach. You can be susceptible to denial of services (DoS) and account hijacking attacks. With such attacks, hackers can access and tamper with your company’s data while preventing your team from accessing it. This threat can be prevented by implementing an extensive cyber risk management plan.

2. Patch Management

If your insurance company is using outdated software, you have a higher risk of cyberattack. Most cybercriminals exploit software vulnerability to access and steal company information. Failing to update your software patches makes your organization vulnerable to numerous data breaches.

Cybercrime vulnerability can be through something you consider as minor as the computer operating system. For instance, most organizations became exposed to cyber-attacks in 2018 for failing to update their Microsoft Office software following a patch release for Eternal Blue vulnerability. Therefore, it is advisable you stay up-to-date with any software you are using in your organization to avoid costly attacks.

3. Social Engineering

With the increase in social interactions, cybercriminals are exploiting such opportunities to launch social engineering attacks. Deception is the major aspect of such attacks. Usually, these criminals use trickery and manipulative approaches to lure individuals into taking various actions. For instance, you can be lured to disclose sensitive information or even bypass set security measures.

Social engineering threats are high because targets simply give hackers access to the system. Thus, it is hard for you to prevent these crimes with cybersecurity systems. However, regular training on cybersecurity is necessary for ensuring that your team members know how to detect and prevent such crimes.

See also: A Novel Approach to Cybersecurity

4. Ransomware Threats

If you thought it was only individuals who can be held hostage, think again, because your computer systems and data can, too. Ransomware attacks are some of the serious cyber threats you should worry about in the modern era. A report by the U.S Depart of Homeland Security reveals a rising number of ransomware attacks. The hackers attack your network and prevent you from accessing any data in it until a certain amount is paid. Such attacks are associated with significant losses. For example, besides the immediate losses, a ransomware attack can lead to huge monetary damages because of lost data and loss of productivity.

5. Third-Party Exposure Threats

The use of third-party services is a common practice nowadays, especially for payment processing. Most organizations do not take the necessary precautions when engaging in third-party transactions. Even where the party you are transacting with does not handle personal data directly, it can put your organization at risk of attack.

Hackers are using malware to access personal data, such as credit card numbers and Social Security numbers, through third-party companies. Therefore, it is important to take all the necessary precautions when dealing with a third-party vendor. For instance, inquire about their policy on data breaches and find out whether they have any measures in place to prevent cybersecurity attacks.  

6. Outdated Hardware

There is a common misconception that cybersecurity threats have to come from software. If you are using outdated hardware, your company data is vulnerable, too. With the increasing rate of software updates, some hardware may find it challenging to keep up. Obsolete hardware may be difficult to accept the latest security measures and patches. In such cases, your organization’s data is exposed; hence, at a high risk of cyberattack. Therefore, it is critical to regularly check your devices and replace any obsolete ones to avoid outdated hardware-related cyber-attacks.

See also: The Missing Tool for Cyber Resilience

Holistic Risk Management Plan

There you have it – a comprehensive overview of some of the top cybersecurity threats in the insurance sector. Evidently, as technology advances, insurance companies will continue to face different forms of cybersecurity threats.

While there might not be a one-size-fits-all approach to address or prevent cyber threats, being knowledgeable on the various cybersecurity vulnerabilities can help you adopt better risk detection and prevention measures. Therefore, make sure to adopt a holistic management plan to stay away from most of these threats.

The Cloud Concept That Many Miss

Ten years ago, the idea of moving to the cloud was just a vision for insurance companies. Five years ago, the cloud concept became a trend. Today, it’s a necessity. Increasing numbers of insurers realize that the cloud enables organizational agility and digital transformation, two key factors in outstanding customer experience. 

The countless articles and blogs about the cloud seem focused on migration and innovative concepts, such as DevOps and Big Data. But not enough attention is given to a key cloud concept: maintenance. 

Let’s face it, maintenance isn’t sexy, even though most insurance companies spend 10 times more on maintenance than on the transition. What’s more, maintenance contracts with suppliers dictate long-term relationships that last long after the transition has been completed and the go-live euphoria has dissipated. 

This is why it’s critical for insurance companies to choose their software vendor carefully. The functionality of the software product, as well as the delivery capabilities of the integrators, are, of course, important. But you should also examine the quality of service for the business as usual (BAU) period that starts once the software is up and running on the cloud. What are the criteria that should guide the insurer’s CIO when choosing a software vendor providing cloud-based solutions? 

The first thing you should check is if your supplier has an end-to-end operating model. In many cases, software development, integration and maintenance are provided by three separate organizations. Multi-functional vendors (also known as one-stop-shop vendors, or OSS vendors) will take full responsibility for the solution. An OSS vendor leverages its multidisciplinary expertise in IT, database, security and applications to provide end-to-end coverage for any incident that might occur.

The second thing you should look at is the service level agreement (SLA). The SLA must include tangible service level targets and penalties for breaches. Make sure it addresses all metrics relevant to your business, such as availability, performance, incident response and resolution time, customer service window and service continuity (RPO and RTO). 

See also: The Cloud’s Vital Role in Digital Revolution  

It’s important to understand all the service entitlements that represent the extent or frequency of service actions, which could, for example, include an annual disaster recovery drill, a weekly performance audit, quarterly database improvements and running the nightly batches on a daily basis. Also crucial is a monthly report that includes the actual performance against the service level targets and a list of corrective means taken to eliminate or minimize any underachievement.  

The next thing you should consider is multi-cloud expertise and experience. Many insurance companies have hybrid IT architecture, with some of their electronic assets available on-premise and some on the cloud. To remain as flexible as possible, it is essential to choose a supplier with multi-cloud expertise that can cope with a hybrid architecture or CSP switch.

Lastly, the insurance industry is a highly regulated sector, so naturally you should choose a vendor that complies with all the relevant regulatory requirements related to information security and privacy applicable in your country, such as ISO 27001 or GDPR. One way to ensure that your supplier is a professional organization is to examine how the supplier follows industry best practices of IT service management. You could verify this by asking for copies of the documentation of their processes, or by checking if the support managers are all ITIL-certified.

Choosing the right software vendor is not easy, especially because this choice establishes a long-term relationship between the two parties. Make sure you don’t place too much focus on your wedding to cloud transition – it is more important to think of what will happen once you return from the honeymoon.

Reconnecting With Customers Via Claims

While every carrier manages claims operations in a slightly different way, there are three consistent technology setups currently in practice: Green Screen, Home-Grown and Modern. The back-end operational workflows for each of these practices are generally the same: The adjuster manually enters notes, manually sends emails or makes calls and manually ties documents from the document management systems to the claim systems. The challenge here is that the adjuster is the centrally intelligent component. Relying on an adjuster to connect various systems mires the adjuster in overly manual steps, leaving claims processing vulnerable to reduced speed, mistakes and inefficiencies – all of which lessen customer satisfaction.

Green Screen

While more common overseas and in smaller markets, green screen systems are still found in many claims operations today. The green screen is a simple claim database that only accepts user inputs from a text-based screen with minimal capabilities to integrate into any other systems. Adjusters are forced to use a separate document management system to store files and photos and use a separate email system for outward communications.

Carriers relying on green screen systems see inefficiency with data transfer. Adjusters have to hunt for documents that are not tied to a claim number, annotate the decisions they have made in the green screen system and communicate in a separate system to the customer. Most of the mindshare of the organization is spent on teaching the humans the rules of the claim and how to document their thoughts in the system.

See also: Visual Technology Is Changing Claims  

Home-Grown

Some organizations have managed to build their own systems internally over the years. In these systems, various IT projects over the years have been spliced together with complicated business rules that aim to reduce the human error and ensure legal compliance. Carriers with a home-grown system face significant IT spending to maintain their complex infrastructure. Even with a large IT staff, it is nearly impossible to launch new technology initiatives because change affects rules buried deep in the system. The result is a system that is expensive, inflexible, complex and generally oblivious to the customer experience.

Modern

Recently, carriers have consolidated their legacy systems into one modern platform. These setups require a large engagement with a third-party system integrator and many years of thoughtful planning and data migration. However, the output is rarely a truly consolidated system. Carriers with modern systems are bound to long-term, third-party support contracts and face many of the issues that home-grown carriers face. Complicated business logic is embedded in the software to try to avoid human errors, but it leads to complexity and rigidity that ensure internal compliance while ignoring the customer experience.

Carriers and Customers

As customer needs are changing, carriers’ technology should be changing, too. Today’s customers expect a seamless tech experience with clear communication, automation and the ability to input via apps, photos, phones and inboxes. There are several new tech solutions that aim to ease a challenge of current carrier tech configurations. At Snapsheet, we have already built software that eases nearly all of these customer expectations.

Here are the capabilities that are critical to advanced claims technology – all of which will help meet customer needs:

  • Cloud-Based Architecture: This feature is important for a flexible design, which eases the implementation. There is no data migration, no system integration and no multi-year project plan. Claims software is launched stand-alone around existing systems or as a full-on replacement. It enables carriers to track, with real-time precision, all of the customer interactions, how the customer engages with the claims process and how the adjuster is engaging with the customer. Immediate insights are gained and can be operationalized.
  • Intelligent Claims Files: Instead of relying on the adjuster to tie systems together and shepherd the customer through the claims process, the Snapsheet platform has advanced capabilities that understand the expectations of each step in the claims process and guide the customer through the appropriate actions. An intelligent engine coordinates the communications and documentation needs for each file and advises the adjuster when to take action. If all of the requested information is provided, the engine may choose to automatically move the work to the next stage.
  • Real-time metrics and operational transparency: It enables the carriers to track, with real-time precision, all of the customer interactions, how the customer engages with the claims process, and how the adjuster is engaging with the customer. Immediate insights are gained and can be operationalized. The result is an enhanced customer claims experience, led by automation and real-time customer engagement to provide a tailored journey through any claim in any language in any country.
  • Customized roll-out: Customization is key. Even with a single consistent platform, such as Snapsheet’s, it is important to customize implementation for whatever legacy IT configuration exists. This adds flexibility and ease-of-use to each project. Snapsheet’s recent strategic collaboration with Zurich is an example of taking a new software approach by putting the customer experience first. Various county entities in Zurich use each of the three software setups mentioned above. Snapsheet software can be leveraged across any configuration, activating software modules that smooth or plug efficiency gaps in the current process, or completely replace existing claims systems.

See also: How to Use AI in Claims Management  

As we kick off 2019 and insurtech continues to expand, the industry will see even greater advancement in the technology space for carriers and claims processes. Automated systems are important to guide the customer through the correct claims journey and ultimately allow carriers more time to innovate.

Small Insurers and Digital Priorities

From what I’ve seen in recent insurance technology news updates, it appears that the insurance industry is finally ripe for change, ready to make the leap to digital technologies that will lead us into tomorrow. Or is it?

Consider these core drivers of change: digital innovations such as cloud, telematics, IoT, analytics and AI, mobile, real-time 24/7 access to data, the growing need for on-demand products and, in general, using these transformative technologies to create operational efficiencies, adopt new business models and anticipate and exceed customer expectations.

Even though we know these technologies are enabling new insurance products, methods, processes, services and business models, there is still an omnipresent culture that hangs on to the troubling “it’s the way we’ve always done it” battle cry. This is often voiced by insurers that share their frustrations with being challenged to change existing culture from inside out to address these digital drivers.

My view is that, while many of the larger insurers are making the hard move to adopt digital technologies, it’s still not a priority for many small- to medium-sized insurance companies. And now, more than ever, there is a certain urgency to having that discussion. Tanguy Catlin, senior partner with McKinsey & Co., when addressing the issue, referred to it as the “tipping point” that is “where those that have not adapted their [digital] strategies fade away.”

See also: Darwinian Shift to Digital Insurance 2.0  

In research results published by MIT Sloan Management Review (SMR) and Deloitte’s Digital practice, 87% of executives queried believe that digital technologies will disrupt their industries, yet only 44% felt they were adequately preparing for it. Gerald Kane, professor of information systems at the Carroll School of Management at Boston College and MIT Sloan Management Review guest editor for the Digital Business Initiative, compares insurers’ thinking about digital disruption to homeowners in disaster-prone areas who often seem caught off guard when an actual hurricane or cyclone strikes.

Source: MIT Sloan Management Review

So, why isn’t adoption of digital technologies a priority for more small- to medium-sized insurers? While many see the opportunities presented by digital technologies, perhaps they don’t believe the likelihood is high that digital will actually disrupt their own organization. But the authors of the research note that, if digital technologies represent an opportunity for your organization, they also represent a threat for your competitors — and vice versa.

I get it, change is hard… but, the argument, “we are not in a financial position to prioritize” is irrelevant to the discussion of digital technology investments. Competitors aren’t waiting for your company to be in a better “financial position” before they act. Moreover, because at some point in the coming years insurers will need to replace their growing faction of retirement-age employees with a younger, more tech-savvy labor force. And in a war for the best talent, the A and B players have absolutely no desire to work on outdated systems. So, what does that mean for the future of your company?

See also: Digital Insurance, Anyone?  

Just remember, technology is an accelerator for your company and your staff. In other words, the more digital technologies that are put into play, the greater and faster the return. Those insurers that ignore its call will fall further and further behind until they reach the tipping point and slowly fade away. Remember what happened to Blockbuster Video when it failed to adapt in a time of digital change. Don’t be a Blockbuster in a Netflix world.

3 Ways to an Easier Digital Transformation

Across industries, digital transformation and cloud migration are forces to be reckoned with. Insurance is no exception.

As an industry accustomed to operating on legacy technology, insurers should approach the cloud migration process judiciously. But they should also know that moving all workloads to the cloud – even if incrementally – is necessary to keep up with evolving customer expectations.

The industry at large is receiving this message. Nearly 70% of insurers report they are somewhere along the journey to digitally transform their infrastructure, according to a report from Ensono and Forrester.

But the jump from mainframe to cloud shouldn’t take place overnight. By taking a methodical approach and prioritizing the right workloads, insurance technology teams can achieve a hybrid IT infrastructure that allows for improved operations at manageable costs. Here are three guidelines to follow as your insurance organization adopts a hybrid cloud strategy:

Prioritize which applications to move first

46% of insurers surveyed in the Ensono/Forrester study cited improving application performance as the most important IT change their company could make to augment customer engagement. But according to IBM, nine out of 10 of the world’s largest insurance companies still run on mainframes. Leaning on legacy technology alone makes it challenging to keep pace with application upgrades and customer expectations for speed and experience. Organizations that remain within a stand-alone legacy environment will have to rely on workarounds to keep upgrading their app performance, and these workarounds will only become more frequent and costly.

See also: Digital Transformation: How the CEO Thinks

However, moving all operations to the cloud and scaling up overnight isn’t a realistic ask of traditional insurers, either. The transition is expensive and takes months of planning and testing. Instead, insurance organizations should take things slower by prioritizing the applications that require the highest levels of performance as well as most external and third-party connectivity. The basic rule of thumb: Apps that are customer-facing should be at the top of your list.

Set yourself up with premium analytics

Quality data is central to understanding the needs of agents and customers, but legacy technology doesn’t allow for the best insights. Turning to a cloud or hybrid strategy increases an insurer’s ability to access top-notch, real-time data and analytics, as well as expand into emerging cloud offerings.

According to Ensono and Forrester, almost half of insurance decision makers use cloud platforms for advanced data analytics, and about 40% believe it’s important to expand their use of emerging cloud technologies like mobile or internet of things (IoT) and increase reliance on public cloud platforms for systems of engagement. Those systems of engagement need to connect seamless to systems of record.

Find the right partners

Data analytics clearly play a huge role in the benefits insurers can reap from a hybrid cloud strategy. But a full 100% of insurers admitted to facing data-related security issues, according to Ensono’s study. Whether this is due to outdated IT infrastructure or a lack of expertise, it’s unacceptable to put any data at risk, especially customer data.

The right partners can help keep your organization’s data secure while optimizing the right applications for cloud. Mainframes – a true foundation of the insurance business – aren’t going away in this process, but they won’t bear the whole burden any more, either. Legacy systems do have their perks, such as security and expense, but ultimately insurers need to ensure they have access to the expertise needed to help their businesses thrive in the cloud.

See also: 4 Rules for Digital Transformation

The transition to a hybrid IT environment requires re-engineered IT infrastructure, the use of real-time data and insights and the right talent – the kind that can create a flexible and competent IT strategy with a custom balance of legacy platforms and cloud environment. Partners like managed service providers (MSPs), migration services and consultants can make the process much smoother. Accessing third-party support also allows your organization to skip the stressful experience of hiring for internal tech experts in a talent economy suffering from an IT skills gap.

The push from customers for faster, better service in insurance continues. But dated infrastructure and an IT talent shortage is holding the insurance industry back. Digital transformation is the only way to achieve growing expectations, cloud migration being the core driver behind the progress. Insurers must thoughtfully design an infrastructure migration plan associated with their application strategy and seek the needed resources to help carry it out, thus ensuring a stabler as well as growing customer-backed future.