With BIBA 2019 just around the corner, it’s a good time to look at the ever-changing threat posed by cyber-attacks on insurers, brokers and MGAs. Not only because insurance companies themselves are often targets, but understanding more about cyber security can really help brokers and their staff sell a wide range of products and services all types of businesses.
IE: Mike there are more cyber insurance policies on the market than ever before, what should brokers be looking for at BIBA as regards finding the best offering?
MS: Regrettably digital fraud and cyber breaches are becoming more frequent. The threat posed to a company’s business should not be underestimated and it’s very important that brokers operating in this arena not only take steps to protect themselves but also have a very good appreciation of the nature of the risks that there customers are facing. The landscape has changed significantly, money/cash purloined from for example a bank is arguably less valuable than data.
It’s strange but true; data is incredibly valuable, can be used many times and obviously you can do so much with it; impersonate someone else, damage a company by leaking sensitive information and so on.
IE: So if brokers are looking to sell the right products, what do they need to look for within those software packages?
MS: Companies large and small, public sector departments, are all susceptible to cyber attacks. There are many attributes of the defensive framework that needs to be put in place; for example application and associated services that are focused on identifying dubious patterns of data, rather than security processes. It isn’t just about difficult-to-guess passwords or restricting login access.
Let’s say you run a company that’s handling hundreds of claims each month. Some may be automated, some managed by the staff in-house and then another tranche partly assessed by outsourced suppliers.
What you will need is fraud detection software that looks for patterns of data flow, so that you can spot something unusual happening. It could be a selection of motor claims which have been lodged in short a period of time from a specific postcode or been referred to a relatively unknown bodyshop for repair.
Alternatively a series of “slip & trip” PI claims targeted against a single building contractor. One should also be on the look-out for internal breaches in security procedures where there have been multiple, inexplicable bank transactions with newly appointed suppliers.
Smart fraud detection software assimilates patterns of data and identifies anomalies, these are then highlighted to the business so that further checks can be undertaken and corrective measures taken as appropriate.
IE: Insurance companies themselves are also clear targets, their data is extremely valuable and obviously they store huge volumes of information about policy holders.
MS: Correct. Many nefarious people would love to know customer asset details; where a classic car is stored, the value of specified jewellery items and the alarm systems used. It is crucial that such data is protected, all companies face large fines under GDPR regulations for any breach through lack of implementing adequate protection and perhaps more importantly, the loss of consumer trust if such information leaked out in any way would have far reaching consequences. One needs robust and continually refreshed systems in place to prevent that happening.
IE: What makes BAE Systems experts in this field?
MS: Long experience in fighting cyber-crime is one of our core strengths. With our heritage of being the largest defence contractor in the UK, our experience of working across both public and private sectors we are uniquely positioned to stay abreast of developments in this rapidly evolving market. We recognise not only the importance of managing our own environment which comprises a workforce of some 80,000 people but also are very cognisant of working in a connected world where we are interacting with customers and is some cases diverse supply chains encompassing hundreds of third party suppliers.
IE: What are biggest threats in cyber right now, and the most common attack points?
MS: Complacency; the cyber landscape is not a fixed environment, it is evolving and becoming ever more complex and the nature of the fraudulent activities undertaken are becoming ever more unpredictable. Too many organisations under-invest or fail to appreciate that the weakest link in one’s defence defines the strength of the whole corporate security infrastructure. If one element is out of place or not covered adequately then the whole proverbial wall will collapse.
Simple steps to educate staff about the dangers of phishing emails, which is a common method, makes a difference. Quarantine emails in the Cloud, so that the content and attachments are all scanned before the email ever appears in the recipient’s inbox.
The fake invoice is becoming fairly common place and is likely to effect us all if we are not careful. This is not simply a corporate issue; it’s well worth looking at every invoice in-depth before making payments and checking whether the accounts details are in fact correct.
Cyber crime is becoming more prevalent and is a 24/7 365 days a year issue. In addition to consulting services which helps organisations protect themselves BAE Systems provides an immediate response service to many organisations to deal with any problems as they arise. When you think about the reputational damage, plus the associated costs in recovering data, business down-time etc. it is crucial that all businesses have a plan to cope with a cyber-attack at any time..
IE: Mike, thank you for your insights.
This article is sponsored content produced in association with BAE Systems