Tag Archives: kmart

The Threat From ‘Security Fatigue’

There is no mistaking that, by now, most consumers have at least a passing awareness of cyber threats.

Two other things also are true: too many people fail to take simple steps to stay safer online; and individuals who become a victim of identity theft, in whatever form, tend to be baffled about what to do about it.

A new survey by the nonprofit Identity Theft Resource Center reinforces these notions. ITRC surveyed 317 people who used the organization’s services in 2017 and had experienced identity theft. The study was sponsored by CyberScout, which also sponsors ThirdCertainty. A few highlights:

  • Nearly half (48%) of data breach victims were confused about what to do.
  • Only 56% took advantage of identity theft protection services offered after a breach.
  • Some 61% declined identity theft services because of lack of understanding or confusion.
  • Some 32% didn’t know where to turn for help in event of a financial loss because of identify theft.

Keep your guard up

These psychological shock waves, no doubt, are coming into play yet again for 143 million consumers who lost sensitive information in the Equifax breach. The ITRC findings suggest that many Equifax victims are likely to be frightened, confused and frustrated — to the point of acquiescence. That’s because the digital lives we lead come with risks no one foresaw at the start of this century. And the reality is that consumers need to be constantly vigilant about their digital life. However, cyber attacks have become so ubiquitous that they’ve become white noise for many people.

See also: Quest for Reliable Cyber Security  

The ITRC study is the second major report showing this to be true. Last fall, a majority of computer users polled by the National Institute of Standards and Technology said they experienced “security fatigue” that often correlates to risky computing behavior they engage in at work and in their personal lives.

The NIST report defines “security fatigue” as a weariness or reluctance to deal with computer security. As one of the study’s research subjects said about computer security, “I don’t pay any attention to those things anymore. … People get weary from being bombarded by ‘watch out for this or watch out for that.’”

Cognitive psychologist, Brian Stanton, who co-wrote the NIST study, observed that “security fatigue … has implications in the workplace and in peoples’ everyday life. It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet.”

Make no mistake, identity theft is a huge and growing problem. Some 41 million Americans have already had their identity stolen — and 50 million reported being aware of someone else who was victimized, according to a Bankrate.com survey.

Attacks are multiplying

With sensitive personal data for the clear majority of Americans circulating in the cyber underground, it should come as no surprise that identity fraud is on a rising curve. Between January 2016 and June 2016, identity theft accounted for 64% of all data breaches, according to Breach Level Index. One reason for the rise was a huge jump in internet fraud. Card not present (CNP) fraud leaped by 40% in 2016, while point of sale (POS) fraud remained unchanged.

It’s not just weak passwords and individual errors that are fueling the rise in online fraud. Organizations we all trust with our personal information are being attacked every single day. The massive breach of financial and personal history data for 143 million people from credit bureau Equifax is just the latest example.

Over the past four years, there have been a steady drumbeat of major data breaches: Target, Home Depot, Kmart, Staples, Sony, Yahoo, Anthem, the U.S. Office of Personnel Management and the Republican National Committee, just to name a few. The hundreds of millions of records stolen never perish; they will continue in circulation in the cyber underground, available for sale and/or to be used in the next innovative fraud campaign.

Be safe, not sorry

Protecting yourself online doesn’t have to be difficult or complicated. Here are seven ways to better protect your privacy and your identity today:

  • Freeze your credit rating at the big three rating agencies so scammers can’t use your identity to take out loans or credit cards
  • Add a website grader to your browser to avoid malware
  • Enroll in ID theft coverage with your bank, insurer or employer —it could be free or surprisingly inexpensive
  • Get and use a password vault so you can create and use hard-to-guess passwords
  • Be knowledgeable about common cyber scams
  • Add a verbal password to your bank account login and set up text alerts to unusual activity
  • Come up with a consistent way to decide whether it’s safe to click on something.

There is a bigger implication of losing sensitive information as an individual: it almost certainly will have a negative ripple effect on your family, friends and colleagues. There is a burden on consumers to be more active about cybersecurity, just as there is a burden on companies to make it easier for individuals to do so.

See also: Cybersecurity: Firms Are Just Sloppy  

NIST researcher Stanton describes it this way: “If people can’t use security, they are not going to, and then we and our nation won’t be secure.”

Melanie Grano contributed to this story.

Innovation: Not Just for the Big Firms

Small- to medium-sized insurers that want to remain relevant should heed the call of innovation.

There has been a lot of press lately about how innovation can help insurers overcome growth obstacles. It’s no secret that the insurtech startups of the world, for which digital innovation is the hallmark, are garnering the attention — and funding — of venture capitalists and larger carriers, but how is that innovation affecting small- to medium-sized (SMB) insurers?

In some ways, SMB insurers are vulnerable to a fate like what is being experienced by department stores such as Kmart and JC Penney or the local bookshop, all of which hang on by a thread as the online and big-box retailers take control of the market.

Market demographics contribute to this pressure, as emerging generations of customers — with demands for anytime, anywhere digital access to policy, claims and account information — put an additional burden on carriers.

It’s no wonder that SMB insurers may feel overwhelmed at the thought of keeping up with the likes of IoT, machine learning, business intelligence or robotic process automation. But many SMB insurers assume (incorrectly) that they don’t have the resources necessary to climb aboard the innovation train.

See also: Top 10 Insurtech Trends for 2017  

Consider the business culture in which SMB insurers (small mutual insurers, commercial workers’ comp carriers, municipal risk pools, captives and self-insured groups) operate. These carriers work within a known and predictable entity where budgets are firm — often the result of a formalized, collective group mandate. Smaller self-insured pools — such as public entities, under the scrutiny of their not-for-profit, state-controlled state insurance departments — are also frequently held to a more stringent set of business performance and accounting standards and metrics.

But, like their larger counterparts across all lines of business, these smaller self-insured pools are expected to be efficient, productive and successful in every aspect of their operations, including core systems (underwriting, billing, claims), financial management and CRM/workflow.

Unique Challenges

Because of the financial and cultural boundaries under which they operate, many of these insurers — as well as many other types of small insurers — still must rely on Microsoft Office products or cobbled-together, aging, home-grown legacy solutions to support day-to-day business functions.

This may mean that a single technology solution provider (or perhaps the insurer’s own, in-house IT staff) is responsible for the health and well-being of the organization’s technology footprint, architecture, back/front office, distribution, networking, communications and security. And, lately, those that rely on outside help for their IT function are faced with confusion and potential service delays as the surge in vendor merger and acquisition results in their trusted partner being gobbled up by a technology behemoth. The service-level agreement (SLA) may remain intact, but the larger vendor will undoubtedly start pressuring the carrier to rethink outdated hardware and software. This pressure, along with the potential drop in personalized service that typically accompanies a large M&A deal, add to the SMB insurers’ challenges to remain competitive.

In addition, the talent pipeline is drying up because of a retiring workforce. To replace these workers, what’s the likelihood that SMB insurers will be able to recruit top technology talent to manage an outdated AS/400 linked to a client/server front end?

If it sounds like I’m insinuating that smaller insurers should assume a victim mentality, that’s not the case. These carriers play a critical role in risk management, so they need to remain relevant.

But these SMB insurers will not be able to overcome innovation-related growth obstacles until they better understand and embrace affordable technology innovation options that will make their jobs a lot easier.

The first step is gaining an understanding of what’s possible — such as an affordable pay-as-you-go, as-needed migration of core systems and data to a software-as-a-service (SaaS) hosted environment, a gradual sunsetting of existing hardware and the gradual move to a digital platform that pulls all necessary functionality together for reliable, secure, front- and back-end operations.

From there, SMB insurers can implement predictive analytics for use in claims, communications and even cross-selling. Even at a small scale, machine learning and artificial intelligence can help these carriers improve their claims function, customer service capabilities and more.

See also: 4 Hot Spots for Innovation in Insurance  

Risk-management changes within our marketplace — such as legislative issues, changing (read: younger) demographics, the advent of the sharing economy and the growing presence of disrupters — will affect all lines of business and all sizes of insurers.

The SMB insurers that will remain relevant will be those that hear the wake-up call and understand the path to innovation, that choose a stepped approach to business and technology relevance and that greet the future with an openness to what’s possible.