Articles - Dealing with Data Breach


Insurers face new vulnerabilities as hackers push the envelope. Over the last 5 to 10 years, companies across all industries have experienced data breaches on a fairly consistent basis, with hackers pursuing data for the sake of profit. The insurance sector is by no means immune to data breaches. Indeed, it was recently reported that insurers have seen a 317% rise in data breaches in the first quarter of 2016 compared with the same periods in 2014 and 2015.

 By Brookes Taney, Vice President of Data Breach Solutions, Epiq Systems
 
 Insurers collect, store, and manage substantial volumes of confidential personal and commercial information. This makes the industry an attractive target for cybercriminals who seek information that later can be used for financial gain through extortion, identity theft, or other criminal activities.
  
 Not only are data breach incidents among insurers increasing in number, the motives of the cybercriminal are changing rapidly. Traditionally, hackers targeted names, addresses, bank and credit card information in order to commit fraud. Increasingly, there appears to be a hierarchy among hackers—a contest of sorts—with status measured by the size, scale and audacity of the hack. In the Netherlands, an insurer was recently subject to the so-called “CEO hack,” a specific form of phishing cyber-attack where the criminals had allegedly researched certain operational details of the insurer. Pretending to be the CEO of a major and well-known commercial customer of the insurer, the criminals tried to persuade employees of the insurer to transfer money into a certain account.
  
 Given the shifting landscape, what steps should insurers take to effectively prepare for and respond to data breaches? In the past, an insurer’s response to a breach would begin with the discovery of an incident. At this stage, the extent of the breach and any specifics as to what information was taken might be unknown. Outside counsel and investigators would likely be involved as soon as possible to find out what type of information was compromised, when it was taken and how quickly the leak could be stopped.
  
 Insurers are now looking for more than just one-off breach responses. Instead they are looking to partner with experts who can handle a breach from initial detection through any resulting litigation and offer adjacent services, such as proactive information governance to help both reduce the risk of a data breach, and minimise the damage if one does occur. Similarly, even after a data breach, that partner may offer services to efficiently and effectively handle any litigation that arises from the breach, including eDisclosure services, forensics and collections, document review and processing and production.
  
 Insurers can face lawsuits from consumers and shareholders, as well as regulatory fines and potential loss of clients and reputation. As the breach runs through its life cycle, litigation may arise depending on factors including, but not limited to, the size of the breach, the company and consumers involved, and the nature and scope of what was taken or compromised. In the event of litigation, an organisation may require an eDisclosure service, which enables it to efficiently manage the collection, processing and review of electronic documents and communications. An experienced eDisclosure service provider will use technology to perform automated searches on collected data to determine relevance to the case at hand. Utilising technology not only speeds up the eDisclosure process, but it also helps manage the cost of the exercise.
  
 With the help of its service provider, the insurance organisation will need to prove to the regulatory authorities that it had systems in place to minimise the risk of a breach in the first instance by demonstrating that it had established, well-communicated corporate policies as to data loss prevention and any associated auditing procedures. It will also need to show that it had no advance knowledge of potential threats and that it responded with timely and adequate notice, post-breach.
  
 Document review is integral to this process, involving in-depth evaluation of the relevant communications. In data breach litigation, this process can be exhaustive, with large bodies of documents needing to be reviewed for relevance by trained experts in very short periods of time. In this scenario, an outsourced solution for document review with secure facilities, tested training methodologies and review workflows is essential.
  
 A rise in the volume of data breaches among insurers has put the threat of malicious hacking in the spotlight, raising fears of regulatory punishment and severe damage to corporate reputation. Insurers need to take control of the whole data breach cycle, working with information governance experts to take a more proactive approach to prevention and developing a more holistic, end-to-end response in the case of detection. As hackers become more sophisticated and less predictable, organisations are increasingly engaging with experts to counter the threat should it arise.

Back to Index


Similar News to this Story

Actuarial Post Magazine Awards Winners Edition December 2024
Welcome to the Actuarial Post Awards 2024 winner’s edition and we hope you enjoy reading about their responses on having won their award. The awards
Guide to setting expense reserves under the new Funding Code
The new defined benefit (DB) funding code of practice (new Funding Code) requires all schemes to achieve funding levels that ensure low dependency on
Smooth(ing) Operator
Private equity can be a great asset. It’s generally the most significant way to have any real world impact as an investor (eg infrastructure assets li

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.