New research from Europe’s leading provider of cloud infrastructure and cloud services, IONOS Cloud, has found that 38% of insurance IT decision makers (IT DMs) admit to their business having a cyber security skills gap, with a third (33%) saying this is putting their organisation at risk of security threats.
Additionally, 44% of insurance IT DMs surveyed said their business has a data protection skills gap, with over a quarter highlighting that it means they are not effectively storing data (27%) or following the correct data protection procedures (27%).
When asked about the biggest threats to their insurance business’s IT security at this time, respondents said employees not storing data correctly (36%), increased DDoS attacks (36%) and phishing and scam attacks (34%).
The research, which was conducted by Censuswide on behalf of IONOS Cloud, polled 204 insurance IT decision makers as part of a wider survey of 609 respondents. The aim was to better understand the current challenges businesses are facing in the wake of the pandemic, and where cyber security and data protection standards are sitting on insurance business’s IT priority lists.
While the skills gap is a clear issue, reassuringly, many insurance businesses do in fact recognise the importance of cyber security and data protection, with 70% saying cyber security was either their top IT priority, or within the top three, and 69% saying the same for data protection.
However, when asked about cyber security risk assessments, there was a real disparity in responses. Worryingly, only 34% have conducted a cyber security risk assessment in the past year, despite the pandemic. A further 14% have conducted one more than five years ago and have no plans to do one in the near future, and 9% have never conducted one and don’t plan to. These findings demonstrate a lack of understanding regarding the importance of risk monitoring – which can often highlight new security issues teams may not be aware of.
“What’s clear from the new insights is that insurance businesses understand the importance of both cyber security and data protection, but missing skillsets are leaving organisations extremely vulnerable. That’s why it’s vital companies put measures in place to plug these gaps, and don’t hesitate to work with external expertise to ensure businesses are protected,” commented Achim Weiss, CEO of IONOS.
Encouragingly, when it comes to the pandemic, nearly half (46%) of insurance IT DMs surveyed said they felt their business is more prepared for a cyber-attack compared to before COVID-19. The main reasons given were investment in software to defend against attacks (41%), training employees on how to spot potential cyber security issues (41%) and the senior leadership team putting greater focus on cyber security than ever before (39%).
“For insurance businesses dealing with extremely sensitive personal information, data protection and cyber security go hand-in-hand, and the sector must set the gold standard. While putting in place sound internal procedures like staff training are an important step in preventing attacks, seeking external expertise and working with designated providers can add an extra layer of defence and much needed peace of mind, especially when businesses are facing a skills or knowledge gap,” Achim Weiss added.
When it comes to data protection, over half (51%) of insurance IT DMs surveyed say they are putting more focus on adhering to legislation due to the pandemic. However, surprisingly, 15% say they are putting less focus on it with six in 10 (61%) noting increased time pressures and job workload means insufficient time to ensure the business is up-to-date with the necessary legislation.
With the Information Commissioner’s Office setting significant monetary fines for breaches to GDPR law, businesses must ensure they are fully aware of compliance procedures and the latest legislative requirements to follow when handling personal data.
“When it comes to data protection, action must be taken to bridge knowledge gaps. IT teams are under great pressure to adhere to the latest legislation, but one way to help minimise risk when it comes to data is to work with European-based cloud providers that adhere to GDPR – rather than those that must also work under laws such as the US CLOUD act”, Weiss concluded.
For more information on IONOS Cloud, visit: https://cloud.ionos.co.uk/