This latest article is by Dean Coclin, Senior Director, Trust Services Specialist, DigiCert, and it looks at the issue of verification across the insurance chain.
Digital trust has become a fundamental asset for all businesses, including the insurance sector, where customer relationships are founded on trust. Digital transformation has revolutionized the insurance sector in many positive ways, making operations more efficient and customer interactions more convenient. But this revolution has also brought about new challenges. Insurance companies handle vast amounts of sensitive data, making them prime targets for cybercriminals.
DigiCert’s most recent State of Digital Trust Survey finds nearly half of consumers (47%) have discontinued their association with a company due to lost trust. The report finds that failure to maintain digital trust would lead 84% of customers to contemplate switching companies, with 57% saying there is a high likelihood they would make the switch if they lost confidence in the company as a customer.
In financial services, which the insurance sector falls under, while 98% of organizations say digital trust is important to them, respondents also noted that implementing digital trust initiatives is difficult, and most report being only about 1/3 of the way done with these efforts.
But lagging behind when it comes to digital trust initiatives is especially concerning in the insurance industry because customers can switch insurance providers easily. In fact, most agents make it very easy for clients to switch, so loss of trust will often mean a quick loss of customer base.
The Path to Digital Trust in Insurance is Paved with Challenges
Some of the trust and security challenges facing the insurance sector mirror other verticals. Phishing, for one, remains a major concern for insurance companies, just as it does for other financial institutions. Cybercriminals view insurance organizations as lucrative targets due to their financial resources and the valuable personal information they store. These attackers employ various methods to deceive unsuspecting individuals, and two of the most common methods are phishing emails and smishing attempts via SMS messages. Employees and customers alike may fall victim to these scams, divulging sensitive information or clicking on malicious links.
Malware, often delivered through targeted attacks, is another problem. Skilled and patient attackers may infiltrate the organization, installing malware within the network to remain undetected for extended periods. During this time, they study the network’s structure, seeking vulnerabilities and plotting their attacks. Once they have gathered enough information, they will make their move to exfiltrate data, potentially causing severe financial and reputational damage.
SSL certificates are another concern. In the digital era, every insurance company must have an online presence to remain competitive and accessible to customers. Securing these online platforms is critical to building and maintaining digital trust. SSL certificates play a vital role in ensuring data security and encryption, giving customers the confidence to interact with the company’s website without fear of data breaches. However, managing SSL certificates is not without its challenges. Certificates must be regularly renewed to prevent website downtime and potential customer abandonment. An expired SSL certificate can lead to security errors, creating a negative perception of the company’s trustworthiness and potentially driving customers away. And human error makes downtime inevitable when manual processes are used at scale. Automation not only reduces costs but also leads to more reliable issuance.
Best Practices for Building Trust in Insurance
How can insurance organizations address these concerns and stay on top of emerging trends that impact trust? Let’s explore some ways insurance providers can build and maintain trust with their stakeholders and customers.
Verified Mark Certificates (VMCs): A Powerful Tool for Email Authentication
Verified Mark Certificates (VMCs) offer a way to combat phishing and enhance email authentication. VMCs, a feature supported by Gmail and Apple Mail (among others), allow users to identify authentic emails without even opening them. These certificates allow for the display of a familiar logo or brand of the sender, along with a checkmark that validates its authenticity. The process of obtaining a VMC involves stringent authentication measures, including verification of the domain, business legitimacy, trademarks, and even a video call with the applicant. These extensive steps deter scammers, providing an extra layer of protection against email-based attacks.
For insurers, implementing VMCs not only safeguards their customers from phishing scams, but also enhances the digital trust between the company and its clients.
DMARC: A Vital Pre-requisite for VMCs
DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, is an email authentication policy and reporting protocol. While VMCs offer a solution for email authentication, they require an essential pre-requisite – DMARC. DMARC is a security protocol that prevents someone from impersonating an organization’s email addresses. To obtain a VMC, insurance companies must ensure their domain has DMARC in place, making it challenging for scammers to pretend to be legitimate company representatives.
Implementing DMARC is worthwhile for organizations. Besides enabling VMCs, DMARC itself acts as a recommendation for digital trust. Insurance companies should prioritize DMARC implementation to enhance their cybersecurity posture and protect their customers from phishing attacks.
Preparing for Post Quantum Computing
As technology advances, so do the threats to encryption methods used on the internet today. One emerging trend that concerns the financial and insurance sectors is post-quantum computing. A sufficiently powerful quantum computer, known as a cryptographically relevant quantum computer (CRQC) will be able to break current encryption codes used on the internet. While this may not happen immediately, organizations must proactively prepare for such a scenario.
The National Institute of Standards and Technology (NIST) in the United States is finalizing standards for quantum-safe algorithms that cannot be broken by quantum computers. Although the timeline for quantum computing’s widespread adoption remains uncertain, forward-thinking insurance companies are already exploring the potential shift to quantum-safe algorithms. Preparing for this eventuality ensures that insurers can maintain digital trust even in the face of disruptive technological developments.
Securing the Internet of Things (IoT) Devices
As insurance companies embrace innovative solutions like usage-based insurance for vehicles, the use of Internet of Things (IoT) devices are on the rise. IoT devices, such as those plugged into cars to monitor driving habits, offer personalized insurance offerings, but also present security challenges.
The recent introduction of the Cyber Trust Mark by the U.S. government aims to establish a seal of approval for IoT devices that meet cybersecurity principles. For insurance companies, ensuring the security of IoT devices is crucial to building trust with customers. Digital signing of IoT devices and adherence to cybersecurity best practices can enhance the security and reliability of these technologies, reinforcing the trust between insurers and policyholders.
Digital Trust is Essential to Business Success
Digital trust is a cornerstone for success in the insurance sector, as customers entrust their sensitive data and financial transactions to these organizations. Addressing emerging trends that can impact digital trust, such as phishing attacks, post-quantum computing, and IoT security, is essential for insurers to build and maintain their reputation and customer loyalty.
Implementing Verified Mark Certificates (VMCs) and DMARC protocols can significantly reduce the risk of phishing attacks, instilling confidence in customers that the communications they receive are authentic and secure. Staying ahead of the curve by preparing for post-quantum computing and securing IoT devices demonstrates a commitment to cybersecurity and data protection, further bolstering digital trust.
As the insurance sector continues to embrace digital transformation, organizations must remain vigilant and proactive in addressing emerging trends to ensure a secure and trustworthy digital environment for all stakeholders. By prioritizing digital trust and implementing robust security measures, insurance companies can position themselves as leaders in the industry and foster long-lasting relationships wit
Be the first to comment