The International Association of Insurance Supervisors (IAIS), a body composed of insurance market regulators in various countries, has said insurers are at risk of loss of confidential data, disruption of operations and reputational damage as a result of cyber-attacks.
IAIS said the insurance industry is especially vulnerable, as companies collect, process, and store substantial volumes of data, including personally identifiable information. Insurers are also connected to various financial institutions through investment, capital raising, and debt issuance activities.
The report highlighted various cybersecurity weaknesses, saying insurers should keep track of the data flow in all IT systems, applications, and components. They must also be mindful of the user access privileges they grant their employees, placing sufficient controls on which employees have access to ‘super user’ accounts. Cybersecurity must be addressed at all levels of the organisation.
Najibi Bisso, CGU National Underwriting Manager Professional Risks said cyber security was one of the leading risks for businesses in Australia and that it was important to work together with clients and partners to help mitigate the threat.
“We have responded to the growing need for greater cyber protection through developing CGU Cyber Defence – an offering that we believe addresses the growing cyber security concerns which SME’s will face in the future, such as privacy breaches, system damage, computer viruses and hacking.”
She said the company had also joined forced with Norton Rose Fulbright to offer a cyber incident response team to support customers when an incident occurs.”
Aon Risk Solutions' Cyber Risk National Practice Leader Fergus Brooks said no industry was immune from cyber threats, so it was important to be extremely vigilant when managing potential cyber risks.
“The best protection from cyber breaches is effective IT security and risk management technologies and protocols that are updated, enforced and stress-tested regularly,” he said.
Based on a survey by the IAIS last year, the IAIS found there was no uniform practice in the way insurance market regulators address the supervision of cybersecurity. It said it was imperative for businesses to increase their understanding of cyber risk and supervisory capabilities to protect the insurance sector.
According to cyber risk expert Ian Birdsey of law firm Pinsent Masons, many cyber security initiatives have been focused on securing banks and protecting their systems and data from attack. Less attention is paid to insurers, which are very much connected to the finance industry and hold rich data, making them a target for attackers.
"The volume and complexity of cyber-attacks against the UK is rising sharply," said the annual report. "Digital technology is revolutionising every aspect of our lives. But the changing technological landscape is opening up new vulnerabilities and new opportunities for our adversaries. We need to work even harder to keep pace with the evolving threat. The [new cyber security strategy] … will set out the government’s vision for cyber security in 2021 and the objectives and respective roles and responsibilities that will enable us collectively to achieve that goal."