In tough economic times like these, people do what they have to do to put bread on the table, and inevitably some of those people turn to criminal activity as a source of income.
Certainly, that occurred during the early years of the Great Depression, although the final decade of that dark period actually saw a reduction in crime. Nevertheless, a recent article in The Virginia Pilot noted that statistics generally point toward increased crime during recessions.
The crimes referred to here are property-related crimes, but the scenario today is more far-reaching and devastating than the simple theft of a bottle of milk in 1930. That’s because the most valuable property many companies–particularly insurers–have is information in the form of electronic data.
The Computer Age has given us incalculable benefits in terms of speed and productivity, but it has also meant that even the smallest actions may be significantly magnified. The 1930s dairy that found itself missing a few bottles of milk undoubtedly took a miniscule financial hit, but the 2000s insurer that finds its data has been compromised and/or stolen risks serious consequences, even total ruin.
That’s why it was with a great sense of unease that I read recently that financial and other factors may expose global financial institutions, including insurers, to an increased risk of data breaches. That’s according to Deloitte Touche Tohmatsu’s sixth annual survey of global financial institutions’ information security efforts.
The survey cited “tighter budgets, a greater concern over internal security breaches due to lower employee morale, and complacency after a decrease in overall attacks over the past year” as the reasons for the elevated risk.
Let’s take a look at those reasons. The good news when it comes to insurance IT budgets is that, overall, they are remaining flat or increasing slightly, at least according to Celent, Novarica and other industry analysts. The bad news, however, is that data security is nowhere near the top of insurers’ technology concerns list.
Thus, while IT budgets may not be shrinking, there doesn’t seem to be any urgency about taking additional measures to protect sensitive and highly valuable data.
Greater concern about internal security breaches due to lower morale is certainly warranted. Disgruntled employees and former employees have been known to wreak vengeance on their employers–and what better way of getting back at a company than stealing or compromising the data that is the firm’s life blood?
As for “complacency” due to a lower overall number of attacks in the past year, this would be a major concern if it weren’t for the fact that our industry is already quite complacent about data threats. Part of that attitude may have to do with the fact that other types of financial services (banking in particular) seem to be a favorite target of cyber criminals.
While that may be true, however, it also makes sense that as the recession deepens, crooks will look to new sources of data that can potentially be sold for millions–or ransomed back to the companies for millions. They will look to crack systems that–for whatever reason–are not as well protected.
After all, if you’re a car thief, you’re much more likely to abscond with a vehicle whose doors are unlocked than one that is locked and protected by alarms, steering wheel locks and GPS-driven security devices.
That puts insurers’ data systems squarely in the crosshairs. It’s not that the doors are completely unlocked, but perhaps that old steering wheel lock or alarm system isn’t as effective as it once was.
“Consumer trust is already waning,” says Mark Steinhoff, the leader of New York-based Deloitte’s financial services security and privacy group. “As such, it is important for financial institutions to be vigilant in protecting their data and implementing checks and balances to reduce the risk and potentially catastrophic consequences of security failures. With the many challenges confronting the industry this year, combating security breaches should not fall by the wayside,” he adds.
Many insurers have reported that their IT budgets will be focused on making internal processes faster and more efficient, and thus more competitive. That’s fine as far as it goes, but, as the saying goes, the best offense is a good defense.
No one wants to be the first insurance company to suffer a major data loss that endangers the privacy of multitudes of customers–customers who trusted the company with their most sensitive information.
Indeed, in this economic climate, no one can afford to be that company.