Usage-based insurance (UBI) is a hit with consumers. In 2016, pay-as-you-go policies, which are tied to how much and how you drive, reached 7.1 million and had grown 32 percent in just one year. But now that insurers have found a popular service on which to build, they face a new challenge. UBI generates data. A lot of data.
In an industry that’s in the process of updating decades-old legacy systems, what are insurers going to do with the tidal wave of data that’s headed their way? An industry perspective published by DXC Technology entitled, “Securing the edges of the insurance enterprise,” offers some insights into both the scale of the challenge and some possible solutions.
When you think about it, UBI policies present a major data security challenge. A company’s most important asset, data, once resided exclusively in data warehouses safely ensconced inside corporate data centers, and you needed to guard only a dozen or so network points of entry. Now, enterprise networks are surrounded by millions of devices reporting data from customer cars, smartphones, watches, tablets and countless other connected devices the enterprise can’t control.
The problem is, these massive pools of lifestyle information are a potential gold mine for hackers, not only for the detailed data they contain about customers, but also for their strategic importance to the companies that collect it. The latter makes these enterprises likely targets for ransomware attacks.
Insurance companies can better secure themselves and this new data perimeter in a number of ways:
Understand the risks: Instead of focusing on all IT systems and endpoints equally, identify your most critical data and examine the security policies that cover that data. Assess current capabilities and gaps, and develop plans to move to a balanced position of risk and innovation.
Be ready for an attack: Regular security assessments are key to the success of any security program. Continually assess your ability to detect and respond rapidly. When an incident occurs, all stakeholders, employees and partners should know exactly what they need to do.
Enlist your employees: Internal breach points account for nearly three-fourths of all security incidents. Better awareness of good security policies and understanding of social engineering threats will increase employee vigilance about phishing attacks and potential data loss.
Attract and nurture the best talent: Finding and keeping security talent is a big challenge, which is why many enterprises have turned to managed security services vendors to add skills and knowledge related to threat intelligence, vulnerability testing, ethical hacking, multifactor identity management, and end-to-end security policy, architecture and orchestration.
UBI may be a great new insurance product, but industry players need to recognize and deal with the potential security liabilities that come with amassing UBI data.
Get the full paper here.