Why Is The Industry So Blas? About Big Database Breach?

by Ara C. Trembly

One thing I discovered about the insurance industry when I migrated here some years back from the technology field is that we are an understated lot.

Theres just not a lot of excitement in our considerably large corner of the business world, and although insurance is filled with people possessed of 24-karat hearts, it is arguably devoid of dynamic personalities.

If I were to pick a single spokesperson to represent this industry, it would be the guy who used to do the Visine commercials. You know, the one with the big glasses, hangdog look and monotone voice that drones, “Visinegets the red out.” Cant you just picture him saying something like, “Insurancewe are party animals”?

But seriously folks, I am amazed at the reactionor lack of reactionin the insurance industry to the recent, all-too-easily accomplished breach of the databases held by Alpharetta, Ga.-based ChoicePoint, which provides risk management and fraud prevention information to our industry. Its Insurance Services division provides information that includes motor vehicle reports, claims histories, customized policy rating and insurance software, and property inspections and audits.

I mean, we are talking about the company that maintains sensitive, private information on virtually every U.S. citizen. “They know more about us than the IRS does,” notes Chuck Johnston, longtime industry analyst and currently group director, insurance, for Siebel Systems Inc., based in San Mateo, Calif.

Literally tens of thousands of consumers had their information exposed to the bad guys who pretended to be customers who wanted to use the ChoicePoint database in order to gain access. Yet, since the story broke some weeks ago, very little has been said in our industry about what the effects could be for us.

“What happened [with ChoicePoint] is very, very, very serious. There is nothing more serious than when your identity is compromised,” says Judy Johnson, another noted insurance analyst, who is vice president and principal solutions architect for Patni Computer Systems Inc., Cambridge, Mass.

Johnson suggests that the timing of the incident was fortunate for ChoicePoint in that the insurance industry is being investigated for unethical practices. “Had [the ChoicePoint] story not come out at the same time, people would have been screaming bloody murder,” she states. “Once we stop looking at Eliot Spitzer, people are going to be very upset.”

When it comes to the consumer privacy aspects of legislation such as HIPAA and Gramm-Leach-Bliley, “the industry has been blas?,” she continues. “My guess as to why is because the industry, until Spitzer, has never been questioned seriously about its policies and practices, except by rating bodies who are concerned about financial stability. The industry has acted with impunity and been a law unto itself for 100 years.”

Johnson notes that our industry is “supposed to be in a position of trust; it doesnt help our image to be compromised so easily. This is not an IT problem; it is a very serious business problem.”

Donald Light, senior analyst for New York-based Celent Communications agrees, noting that, “The insurance industry as a whole is having a tough time as regards image right now. This adds another piece of negative news. The industry has taken a hit in terms of public trust. Funny business between two insurers means nothing to most people, but the fact that my information is in the hands of criminals means a lot to the average person.”

According to Siebels Johnston, “When you consider kind and breadth of information [stored] at ChoicePoint, we have to invest more in protecting it. We have a larger exposure for information terrorism than any other industry, except certain governmental things, and I dont think we make enough investment in IT to manage it. They probably think security was adequate, but low-tech things work the best. Social engineering is where its at.”

Jim Kellner, CEO of Applied Systems, University Park, Ill., expresses concern about the number of companies and individuals in the industry who access confidential consumer data, and the risks that come with having such data. “This information is available to too many people,” Kellner says. “The people ordering it dont know what risks are for the information they bring into their systems. The people that are getting the information get no benefit, they only assume the risks. The industry, on behalf of the agencies, needs to consider seriously privacy issues around what information stays in an agency.”

Will the industry get serious about protecting the privacy of its customers? Maybe not, unless someone takes a cattle prod to the sleepy, red-eyed image and behavior that have made us so complacent.


Reproduced from National Underwriter Edition, April 15, 2005. Copyright 2005 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.