Cybersecurity in Insurance Software: Protecting Sensitive Data

Janusz Januszkiewicz
July 18, 2024

Data breaches are costly. But how much?

According to a study by IBM and the Ponemon Institute The average cost of a data breach in the insurance industry is $6.58 million.

In our insurance industry, several high-profile security breaches are well-known.

The pharmaceutical giant Merck, which also provides health insurance, was hit by the NotPetya ransomware attack in 2017. The attack caused widespread disruption to Merck's global operations, infecting over 40,000 computers in its network.

Excellus Health Plan reported that data of 10 million clients may have been exposed in a cyberattack dating back to 2013. The breach compromised names, dates of birth, Social Security numbers, member identification numbers, and other sensitive information. The estimated cost of this breach was $17.3 million.

Change Healthcare insurance billing firm, which handles patient records for one in three individuals in the US, was hit by a ransomware attack by the BlackCat/AlphV group. It ended with $22 million ransom paid.

Could these companies have protected themselves from the threat? Partially, yes. However, in this article, we would like to focus on the topic of insurance software that can positively impact the overall security of an insurance company.

Cyber Threats to Insurance Carriers

Insurance organizations are on the front line of cyber risk and are under attack daily. Among the most common of these threats is ransomware – The Black Kite research reported an 81% year-over-year increase in these attacks. Total ransomware payouts in 2023 surpassed $1 billion.

Social engineering attacks also pose a big risk to insurance companies. These attacks exploit human weakness, often through whaling attacks on high level executives. As an example, an insurance company had a contract with a towing company. A fraudster used this connection to change the bank routing number. The total cost of it was $350,000.

The expansion of vendor networks has added complexity to the cyber landscape, increasing the attack surface and potential breaches through third party providers.

Data Security Challenges for the Insurance Industry

Cloud computing brings scalability and flexibility but also attracts more cyber attacks – service disruptions and account takeovers. New technologies like artificial intelligence (AI), metaverse, Internet of Things (IoT) and operational technology brings new vulnerabilities to be exploited.

On top of that are geopolitical conflicts that can trigger massive systemic cyber attacks with far reaching consequences. Adding to this is a global cybersecurity talent gap of 3.4 million – a problem for insurance companies to address their security.

Infringements related to data gathering will soon be as big of a legal issue as traditional privacy breaches for insurers. Complicating compliance management – companies that handle huge amounts of unstructured data need more advanced cybersecurity solutions than what traditional tools can offer. It's because traditional security tools fail when dealing with large amounts of non-standardized data processed by companies that offer insurance services.

Thus, you might need a data migration, which is also a risk in itself. Data migration exposes insurance companies to heightened cybersecurity risks. These include increased vulnerability during transfers, potential data loss or corruption, exposure of sensitive information, system compatibility issues, temporary security gaps, insider threats, and data integrity challenges. Such risks can lead to breaches, regulatory non-compliance, and reputational damage, necessitating robust security measures during migration processes.

And there are also tons of laws that insurance carriers have to adhere to:

  • HIPAA - Health information privacy and security for healthcare entities
  • GDPR - Data protection and privacy rights for EU citizens, focused on personally identifiable information,
  • CCPA - Privacy rights and data control for California residents
  • NYDFS Cybersecurity Regulation - Comprehensive cybersecurity requirements for NY financial institutions
  • GLBA - Financial privacy and data security for financial institutions
  • State Insurance Data Security Model Law - Insurance-specific data security standards
  • SOX - Corporate governance and financial reporting controls for public companies
  • PCI DSS - Credit card data security standards
  • FCRA - Accuracy and privacy of consumer credit information.

There are also all the KYC and AML practices. There'a a lot of it, and being compliant to it, while also maintaining data security is a tall task. 

AI and ML for Cybersecurity in Insurance

Artificial intelligence (AI) and machine learning (ML) allow insurance companies to:

  • Detect deviations from normal data behavior
  • Identify potential anomalies that may be a cyber threat
  • Monitor data flows
  • Predict threats by analyzing customer’s threat exposure and network topology

AI and ML also enables immediate response to detected threats by automating security protocols. Automation speeds up and simplifies threat response and also reduces human intervention which is a bottleneck in traditional security frameworks. The integration of AI and ML in cybersecurity is a big leap in protecting insurance companies from advanced cyber threats.

Insurance carriers can be ahead of cyber attacks and safe for their clients and data by using AI and ML. 

How to Secure Insurance Software

The security of your firm depends on the quality and security measures of this software. Insurers should prioritize software providers that:

  • Encrypt sensitive data
  • Use multi-factor authentication (MFA) to prevent unauthorized access
  • Maintain strong network security with firewalls and intrusion detection systems
  • Undergo regular security audits and compliance checks

Partnering with cybersecurity experts ensures your software is equipped to handle cyber risks effectively, safeguarding your company's data and operations.

We will use Decerto's Agent Portal as an example.

High Availability Mode

Decerto’s insurance software uses the robust infrastructure of Amazon Web Services (AWS) to achieve high availability and resilience, so services are not interrupted even during peak periods and cyber attacks. High availability is critical for insurance business continuity which is key to customer satisfaction and operational efficiency.

High Availability has many benefits:

  • Risk management and reduction of cyber threats
  • Insurance system that runs continuously and gives users a seamless experience
  • Data preservation against interruptions

Monitoring

Decerto's insurance software uses globally distributed monitoring tools to monitor its entire infrastructure, from databases to servers to applications. This real time monitoring allows us to detect anomalies and respond immediately to mitigate any cyber impact.

It uses internationally recognized tools to monitor every aspect of their databases, servers and application processes. This level of scrutiny gives them confidence to respond quickly to any security issues that may arise.

Security Audits

Decerto sees regular security audits as part of our cybersecurity strategy. These audits aim to:

  • Keep the insurance software efficient and resilient to cyber attacks
  • Comply to global data protection regulations
  • Get high scores in independent security reviews for their insurance software so they can prove its strength and reliability

The Agent Portal is stress tested for stability, performance and security. Regular audits ensure our infrastructure is protected against new cyber threats and safe.

Secure Login

Decerto has implemented Single Sign-On (SSO) and OAuth2 in the insurance Agent Portal to make the login process secure and only allow authorized users to access. SSO and OAuth2 simplify the user experience and also have strong security measures to prevent unauthorized access.

Conslusion

In conclusion, cybersecurity in insurance software is paramount for protecting sensitive data and ensuring business continuity. The high-profile breaches at companies underscore the immense financial and reputational risks associated with inadequate security measures.

Adopting advanced cybersecurity measures, including AI and machine learning, can significantly enhance threat detection, data integrity, and operational efficiency. Also implementing robust security practices in insurance software, such as encryption, multi-factor authentication, and regular security audits, is essential. Using Decerto's Agent Portal as an example, high availability, real-time monitoring, regular security audits, and secure login mechanisms illustrate best practices in securing insurance software.

In summary, while the landscape of cyber threats continues to evolve, insurance companies can mitigate risks and protect sensitive data by leveraging advanced technologies and adhering to stringent security protocols. As the industry moves forward, continuous innovation in cybersecurity practices will be essential to safeguard the future of insurance operations.

Ready To Elevate Your Insurance Software?
Connect with us today to learn more.

More Posts

Decerto Representatives to Attend ITC Vegas 2024

Join Decerto's board members, Janusz Januszkiewicz and Piotr Biedacha, at ITC Vegas 2024 from October 15-17. Discover the future of insurance innovation and schedule a meeting with us during the world’s largest insurance event.

New Material: "Guide: How to Effectively Implement Insurance Software?"

Discover Decerto's Guide: How to Effectively Implement Insurance Software? In Simple Steps – a comprehensive 30-page guide with expert insights, case studies, and best practices for successful insurance software implementation.

How to Prepare Your Insurance Company for a Data Migration Project

How to get your insurance company ready for a insurance data migration project to make the transition smooth and data intact.

Ready to Elevate Your Business?
Let's Success Together!