Despite the obvious benefits of speedy service and convenience offered by the Internet, the majority of consumers in a recent survey said they are concerned about security when it comes to sending medical and personal property insurance information online.

According to Old Greenwich, Conn.-based IVANS, which sponsored the survey, “Insuring Consumer Confidence Online,” 74% of consumers surveyed expressed concern with their doctors sending medical information to an insurance company over the Internet. Additionally, 66% were concerned about the privacy and security of property claims information being exchanged via the Internet.

IVANS says the survey indicates that the majority of Internet users–especially younger, more experienced users–are “concerned and skeptical” about their information being sent over the Internet. Survey respondents most concerned about security of their medical data on the Internet were between 35 and 44 years of age.

The results came from a telephone survey of more than 2,000 adults conducted by Opinion Research Corporation International, Princeton, N.J., in October. The survey asked about Internet information transfers that are “a transaction away from a consumers transaction,” as well as direct sending of information from consumers to companies and agents, says Clare DeNicola, senior vice president of network services for IVANS.

“There is a real opportunity for health and property-casualty insurers to educate consumers about the security measures they have taken to protect personal insurance data being sent over the Internet,” notes DeNicola. “The survey results show that many consumers are not yet aware of the advanced networking technologies available today that can protect their data on the Internet.”

But are insurers actually taking such security measures? “Some companies are doing nothing, some are doing very little and some are doing the whole spectrum,” DeNicola says. “Most are doing encryption [of data] at a minimum, while others are taking the next step and securing their own virtual private networks.”

Encryption turns data into a coded stream of information that can only be read by an authorized party who has the key to the code. A virtual private network (VPN) is a computer network that is part of a public network, but appears to the customer to be a private national or international network. These systems use encryption and other security methods to ensure that only authorized users can access the network.

“In health insurance, for example, some [security measures] are mandated,” says DeNicola. “We have quite a few health insurers using secured network services, not even using the Internet.”

She adds, however, that carriers need to let consumers know that the safeguards are there. “Some insurers do say that your data is protected, but many dont,” she observed.

The survey also pointed out, however, that consumer trust is a key issue in e-commerce. “In order for e-commerce to be truly effective for the [insurance] industry, consumer trust must be secured,” the survey noted. “The smallest violation of a consumers trust would be devastating and could destroy a companys credibility. Insurers need to make sure consumers understand what is being done to protect their data.”

According to Judy Johnson, vice president, insurance strategy, for Sapiens Americas, Cary, N.C., consumers are “absolutely justified” in feeling skeptical about the security of online transactions. “The issue is not about whether the Internet is secure; the issue is about whether we can trust the insurance company to do the right thing,” she states.

When it comes to security measures for online transactions, says Johnson, insurers “arent doing a lot,” despite the fact that levels of concern have been raised after the attacks of September 11, and that there has been increased media focus on terrorism and cyberterrorism.

“The lack of trust resides where it has always resided,” she notes. “[Consumers] dont trust the insurance industry to handle the information properly.”

She adds that insurers have “very perfunctorily” sent out privacy information as mandated by the Gramm-Leach-Bliley Financial Services Modernization Act, “but the business hasnt changed fundamentally. They havent reached out to explain how concerned they are about protecting information involved in transactions.”

While good security technology already exists, insurers have been slow to adopt it, says Johnson. “The insurance industry has never felt the need to explain itself to the rest of the world. Theyre saying: Weve got you by the short hairs; heres our stuff.” She acknowledges that some companies have done marketing campaigns to raise trust levels, but says the industry as a whole “hasnt shown by either activities or communications that it has changed its ways.”

Johnson asserts that the insurance industry “gained tremendous ground in terms of trust” after 9/11 by saying it would pay all related claims. “Then they marched backward, saying were never going to do this again; how do we get out of this? They gained trust, then they turned around and threw it away.”

“I dont know if its just an Internet issue,” states Chuck Johnston, formerly an insurance analyst with Stamford, Conn.-based Meta Group. “I think people in general are more concerned about privacy after all the publicity around HIPAA initiatives and increasing awareness of identity theft, which can make a mess of your life.

“Its not about the Internet being insecure,” he continues. “Consumers are seeing a higher value in their personal information.”

What can insurers do to regain consumer trust in the area of online information transfers? IVANS DeNicola says insurers should closely examine all their online communications and assess their own levels of security. “Then go and advertise what youre doing. Consumers need to be educated.”

The education should be part of communications to insureds, posted on the carriers Web site and extended to agents,” she adds.

“Insurers need full disclosure of both security and privacy efforts, not only as part of [complying with] legal acts,” says Johnston. “They need to be very transparent and very public about what theyre doing.”

Some insurers, Johnston adds, may be concerned that too much disclosure could create a “warranty,” which would potentially leave them open to a lawsuit if information were compromised despite a carriers security and privacy efforts. “This could make insurers reluctant to guarantee safety about data, but its important for them to publicize what theyre doing,” he says. “Its an education issue.”

Sapiens Johnson agrees that “part of the solution is marketing,” but “the more fundamental piece is that insurers have to look at what theyre doing, clean up their business processes, and understand how to make transactions as safe and secure as possible.”


Reproduced from National Underwriter Life & Health/Financial Services Edition, November 25, 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.