I recently wrote an article for InsuranceTech on the complexity of the regulator environment that affects insurance companies and how this impacts data security planning, particularly when it comes to data breach response and mitigation.
In Underwriting Insurance Data Security,I talk about the pressure on CIOs to protect sensitive data from loss or theft, particularly given many of the high profile data breaches in healthcare insurance. An increase in targeted cybercrime, combined with mobility and a changing regulatory landscape, has made for complex IT issues in this industry. Gartner is predicting that by 2016, 20% of CIOs in regulated industries like insurance will lose their jobs for failing to implement successful information security processes. How’s that for pressure?
Insurance industries face a combination of additional pressures brought on by a more highly regulated industry as well as a field dominated by trust — trust sorely broken following a data breach. The consequences of data breaches, which I explore in full in the article, include:
- Reputational damage
- Loss of business
- Regulatory fines or penalties
- Class-action suits
- Decreased market value
If you want to mitigate the risks of lost or stolen data, your IT department should adopt a layered approach to security technology. Encryption and passwords offer the first line of defense, but these are weak methods of security. Stronger options include persistent security technology paired with strong device policies, strong reporting, remote monitoring and more.