Tag Archives: threats

6 Cybersecurity Threats for Insurers

The connectedness of everything – assets, people, business and commerce – has increased the severity and frequency of cyber attacks. The insurance sector faces a bigger threat than most industries because insurers deal with extremely sensitive data. Several insurance companies, such as Premera Blue Cross and Anthem, have experienced significant data breaches over the past years. However, these are not the only insurers affected. A report by Accenture shows that an average insurance company receives over 100 cybersecurity attacks each year, with 30% of the attempts being successful.

As an insurance leader, being aware of the potential cybersecurity threats puts you in a better position to adopt the right prevention measures. Here are the top cybersecurity threats in the insurance sector that you should know.

6 Cybersecurity Threats for Insurance Leaders

1. Cloud Vulnerabilities  

Cloud data access and storage has become a common practice for many people. However, this practice can increase the risk of a data breach. You can be susceptible to denial of services (DoS) and account hijacking attacks. With such attacks, hackers can access and tamper with your company’s data while preventing your team from accessing it. This threat can be prevented by implementing an extensive cyber risk management plan.

2. Patch Management

If your insurance company is using outdated software, you have a higher risk of cyberattack. Most cybercriminals exploit software vulnerability to access and steal company information. Failing to update your software patches makes your organization vulnerable to numerous data breaches.

Cybercrime vulnerability can be through something you consider as minor as the computer operating system. For instance, most organizations became exposed to cyber-attacks in 2018 for failing to update their Microsoft Office software following a patch release for Eternal Blue vulnerability. Therefore, it is advisable you stay up-to-date with any software you are using in your organization to avoid costly attacks.

3. Social Engineering

With the increase in social interactions, cybercriminals are exploiting such opportunities to launch social engineering attacks. Deception is the major aspect of such attacks. Usually, these criminals use trickery and manipulative approaches to lure individuals into taking various actions. For instance, you can be lured to disclose sensitive information or even bypass set security measures.

Social engineering threats are high because targets simply give hackers access to the system. Thus, it is hard for you to prevent these crimes with cybersecurity systems. However, regular training on cybersecurity is necessary for ensuring that your team members know how to detect and prevent such crimes.

See also: A Novel Approach to Cybersecurity

4. Ransomware Threats

If you thought it was only individuals who can be held hostage, think again, because your computer systems and data can, too. Ransomware attacks are some of the serious cyber threats you should worry about in the modern era. A report by the U.S Depart of Homeland Security reveals a rising number of ransomware attacks. The hackers attack your network and prevent you from accessing any data in it until a certain amount is paid. Such attacks are associated with significant losses. For example, besides the immediate losses, a ransomware attack can lead to huge monetary damages because of lost data and loss of productivity.

5. Third-Party Exposure Threats

The use of third-party services is a common practice nowadays, especially for payment processing. Most organizations do not take the necessary precautions when engaging in third-party transactions. Even where the party you are transacting with does not handle personal data directly, it can put your organization at risk of attack.

Hackers are using malware to access personal data, such as credit card numbers and Social Security numbers, through third-party companies. Therefore, it is important to take all the necessary precautions when dealing with a third-party vendor. For instance, inquire about their policy on data breaches and find out whether they have any measures in place to prevent cybersecurity attacks.  

6. Outdated Hardware

There is a common misconception that cybersecurity threats have to come from software. If you are using outdated hardware, your company data is vulnerable, too. With the increasing rate of software updates, some hardware may find it challenging to keep up. Obsolete hardware may be difficult to accept the latest security measures and patches. In such cases, your organization’s data is exposed; hence, at a high risk of cyberattack. Therefore, it is critical to regularly check your devices and replace any obsolete ones to avoid outdated hardware-related cyber-attacks.

See also: The Missing Tool for Cyber Resilience

Holistic Risk Management Plan

There you have it – a comprehensive overview of some of the top cybersecurity threats in the insurance sector. Evidently, as technology advances, insurance companies will continue to face different forms of cybersecurity threats.

While there might not be a one-size-fits-all approach to address or prevent cyber threats, being knowledgeable on the various cybersecurity vulnerabilities can help you adopt better risk detection and prevention measures. Therefore, make sure to adopt a holistic management plan to stay away from most of these threats.

A SWOT Analysis of SWOT Analysis

A classic SWOT (strengths, weaknesses, opportunities and threats analysis) is usually considered as a good start for strategic planning efforts and further analysis. A disruptive and cascading SWOT can re-position the whole strategic plan to seriously pursue disruptive innovation. A great strategic plan should not just be about beating the competition at their game, but about redefining the game as no one has done before you.

The hyper-connected and cascading behavior of global risks

The World Economic Forum (WEF) has published a global risk report since 2006. The WEF pleads the case that the more connected our world becomes via a globalized economy, social media, the Internet, etc, the more vulnerable the whole world is to any weak links in the system. The reports include constant references to the connected risks that can cause global system breakdowns. The descriptions of the potential threats include combinations of slow-building and creeping risks that are hyper-connected, capable of linking to create unforeseen and high-energy cascade effects that can create tipping points into a perfect storms with high local and even global fallout.

The hyper-connected and cascading behavior of internal risks

My independent research into the causes of historical disasters, which started in 2004, has identified certain cascading principles and mechanisms of how the combined effects of underestimated internal risks can wreak havoc and self-destruction even without the help of external forces. If your SWOT ignores the cascading and hyper-connected nature of internal and external risks, your efforts could be futile. Too often, risks are assumed to approach from over the horizon from the outside. This mindset ignores the fact that most organizational failures stem from internal risks and a dysfunctional work culture. The triggers of such havoc can emanate from the top of the organization and quietly ripple through the organizational cascades to create undesirable events.

A SWOT analysis on the SWOT analysis

A SWOT analysis is a mini-risk assessment and mitigation brainstorm tool.  However, its strengths will become weaknesses if the assessments are superficial. If the SWOT is reconfigured to meet the realities of a hyper-connected and cascading world, this tool can be very insightful.

What follows is a short SWOT analysis on the SWOT analysis tool to assess its capabilities to pursue true disruptive innovation. This exercise can be viewed as a self-diagnostic of a SWOT:

Strengths:

  • Simple and easy to understand
  • Helps you identify and understand challenges and opportunities
  • Can be used to develop a robust action plan
  • Concentrates on the most important factors

Weaknesses:

  • Its simplicity will not always prompt its users to go deep enough to make its analysis meaningful
  • It does not prompt its users to investigate hyper-connected risks that can cascade and ripple through an organization in a destructive manner
  • It does not prompt its users to investigate slow-burn/slow failures (aka creeping risks) that can build up over time and create tipping points that produce a perfect storm of unintended consequences
  • It does not prompt its users to solicit true and candid cultural perceptions and threats for all employee levels
  • It will not lead to disruptive innovation in its basic form

Opportunities:

  • Invigorate the classic SWOT into a cascading SWOT to match the way in which the world and modern organizations actually operate
  • Identify hidden threats and uncomfortable and unspoken talk rules
  • Include assessment of internal leadership gaps
  • Include factual assessments of cultural health of the organization
  • Include assessments of internal process inefficiencies and risks in key business processes
  • Assess the quality of your business metrics
  • Assess the organization’s responses to critical situations
  • Assess how your organization learns from its mistakes and makes the necessary changes
  • Assess the internal and external customer satisfaction levels
  • Include a “points of pain” assessment as perceived for various levels of employees

Threats:

  • The assumption that SWOT-KISS (keep it simple, stupid) is the right approach may not fit well in the complex and cascading world in which we live
  • It can misdiagnose luck as skill; the organization will be ill-prepared for adverse events
  • It assumes that, if you ask fellow employees for inputs, they will tell you the whole truth, without fear of punishment

Summary of the SWOT analysis on the SWOT analysis

A good SWOT should be provocative and assess the sensibility on your own strategies, track your efforts to solicit and address internal taboo talk rules, monitor employee frustration levels and assess your internal culture’s momentum toward success or failure. Most importantly, do not forget to gather multiple perceptions on the above opinions from leadership, mid-management and non-management employees. If the perceptions are vastly different, determine why the same people under the same roof are describing the same company in very different manners.

Transforming the SWOT into the foundation for disruptive innovation

It must be stressed that an energized SWOT is only the foundation of a good strategic plan. It is not the final analysis or strategic planning tool. The annual corporate strategic planning cycle is usually time-consuming and interactive and must get off to a good start with the right tone if anything of value is to be expected.

SWOT expansion to include internal cascading risks

The biggest opportunities to achieving strategic objectives lie in the ability of leadership to identify, assess and manage the internal cascading connections and cause-and-effect relationships that exist. The main areas of internal, hyper-connected top-to-bottom cascading elements and loops include:

  • Leadership strategies, attitudes and behaviors
  • Cultural behavior
  • Process efficiency
  • Performance outcomes
  • Responses to shortfalls in performance metrics
  • Feedback loops to leadership that either incorporate lessons learned or ignore such lessons, offering the next cycle of adverse events the opportunity to sink the ship

Each of the above mentioned elements of internal cascades should be SWOT-ed separately with candid and honest inputs from all levels of employees (See graphic below). Embracing such logic allows leaders to create a cascading strategic plan that can energize the organization instead of just addressing the symptoms of issues with sugar-coated Power Point slides or adding a fresh coat of paint to the Titanic while it is sinking.

Untitled

Figure 1. Each element of internal cascades should be SWOT-ed separately with candid and honest inputs from all levels of employees

SWOT expansion to include external cascading risk assessments

External risks need to be listed, rated for connectedness and assessed for their impact and likelihood of affecting the business. This offers a good start for subsequent strategic risk management efforts. The World Economic Forum’s annual Global Risk Report offers a good reference to use as a starting point for possible risks to consider. Separate SWOT analysis should be carried out for the six main areas of global risks:

  • Economic
  • Environmental
  • Geopolitical
  • Societal
  • Technological
  • Real-time feedback loops to leadership on the status and changes in global risks

Conclusion

Organizations and the world are hyper-connected communities that are exposed to threatening invisible cascade, ripple and domino effects. Today’s risks can easily leap past national borders, firewalls and other security safeguards and trigger very unexpected circumstances that can threaten the reputation and existence of the business. Modern applications of the SWOT analysis should consider this complex and cascading nature in which the world now operates. A thorough SWOT analysis can be a good start for any level of strategic planning, including the ultimate wish of any organization, which is to create disruptive innovation and value that will ignite the passions of its employees and customers.

10 Shortcomings of SWOT Analysis

If you think that the analysis you use to identify the strengths, weaknesses, opportunities and threats (SWOT) in your business is adequate, beware. It is intended to provide a 360-degree view of your risks and opportunities but often fails to fill that requirement because of superficial applications and failure to look at risks from connected systems.

If your risk and opportunity analysis techniques are lacking, you could be very unprepared for the next recession, disruptive technology or game-changing way of thinking that could soon affect you. Too often, the last domino that struck in the last crisis is the main focus of all future risk-mitigation efforts. The whole string of triggers and threatening signals that led up to that last publicized tipping point and bursting bubble are ignored.

Here are the 10 most common shortcomings for SWOT analysis:

  1. Underestimating the role that vertical and lateral cascading human factors can play and having fragile back-up plans
  2. Absence of war gaming, stress testing and disruptive failure mode analysis testing of your leadership mindset, strategy, work culture, processes, products and services
  3. Lack of focus on disruptive innovations; you respond to them but do not create them with proven innovation-on-demand techniques
  4. Assumptions that cyber security and patents are safe, so they aren’t stress tested with advanced cyber-circumvention and patent-busting techniques
  5. “Taboo talk rules”; uncomfortable discussion topics are avoided or not identified with focused and anonymously solicited inputs from employees
  6. Ignoring “Trojan horse” risks that are secretly lurking in the hearts and minds of your employees or piggy-backing on purchased technology, software, products or services
  7. Lack of use of “gamification” techniques to address the most sensitive threats in a disciplined, humane, engaging and effective manner
  8. Failure to include effective strategies to attract and retain key human talent
  9. Failure to identify low-profile threats that create unstoppable cascading risks — from leadership to culture to processes to bad performance to weak responses to critical situations
  10. Lack of use of external perspectives to challenge group-think assumptions of perceived safety and robustness

Simple SWOT analysis and risk-management techniques will not offer the protection required to survive the next economic crisis or disruptive technology. KISS concepts (keep it simple, stupid) have lost their ability to identify and protect against complex cascading risks. The world is a fragile, hyper-connected and cascading system full of surprises that will punish casual optimists and reward those who hope for the best but seriously plan for worst-case scenarios.

The World Economic Forum’s 2014 World Risk Report describes the global risks that can quietly cascade across borders and affect organizations in unsuspecting and surprising ways from a variety of threatening and linked factors. The complex dynamics that exist between developed, developing and emerging world markets is further complicated by the fact that many organizations know very little about the cascading system dynamics within their own four walls.

Classic methods that attempt to describe the risk and opportunity landscape for individuals and organizations have not kept pace with the rising complexity and interactions between highly networked workplaces, global economies and internal and external threats. We have now entered a new era where we need new ways to describe and understand the complex world we have created, which has outgrown the simple tools we like to describe it with.