Insurers are calm in the face of the risk of cyber attacks.but isnt that too much optimism?

How do insurance companies protect themselves against cyber attacks and other digital crimes? This is the question I will answer in this series of 4 posts based on our survey of 183 insurance group security managers.

The question of cyber-security is as pronounced for insurance companies as it is for banks. Insurers indeed hold a great deal of sensitive data on their customers: state of health, bank accounts, family ties, etc. Information that hackers covet and which is less protected than repositories.

In this regard, the results of our study are not comforting. Indeed, insurers seem to be overconfident in their defense systems:

• 79% of insurers surveyed are confident in their cybersecurity strategies.
• 72% believe that cybersecurity is fully integrated into their cultures.

However, the observations made show a rather different reality because thousands, even millions, of random attacks are suffered each week by insurers. A typical insurance company faces an average of 133 organized and targeted intrusion attempts each year, one-third of which are successful.

The risks associated with an intrusion increase if it is not detected, and in this regard, 61% of insurers surveyed admit that it takes them months to identify certain attacks.

One of the main modus operandi of cyber crooks is exploiting employee login credentials to break into systems. However, only 16% of insurance companies say they are ready to educate all staff on these issues.

In my next post, I will analyze the sources of the attacks, internal and external.

Cybersecurity requires a good distribution of investments

How should insurance companies protect themselves against hackers? Accenture's survey of 183 insurance companies highlights the investments to be made. Cybersecurity comes at a cost. In this post, which closes the series of 4, I list the areas in which insurance companies have an interest in investing.

Insurers must constantly innovate to stay one step ahead of potential attackers, which may lead them to reallocate some budgets towards new defense strategies rather than continuing to focus their investments on existing devices.

As part of the study, seven areas in which insurers seeking to innovate in

 cybersecurity should focus their efforts were identified:

• Business Alignment: identify the incidents likely to impact the business the most
• Governance and Leadership: define roles and responsibilities in terms of Cyber-security and disseminate a culture of this risk within the organization
• Strategic alignment: align security programs with the company's business strategy
• Cyber-resilience: can resist Cyber-attacks and reduce their impact on operations
• Cyber ​​Plan: Have a comprehensive Cyber ​​risk response plan in place covering all levers and updated regularly
• Extensive ecosystem: take into account all partners, intermediaries, suppliers, etc. when considering protection against Cyber ​​risk
• Efficiency in investments: understand the nature of the investments to be made, with what objective, and the corresponding financial and human resources

When it comes to cybersecurity, over-investment or under-investment is common.

• 4 out of 10 financial institutions devote between 7 and 10% of their IT budget to cybersecurity, a level that seems appropriate today.
• 2 in 10 spend too much, allocating more than 11% of their IT budget to it.
• 4 in 10 under-invest, spending barely 4-6% of their IT budget.