Data theft: The Cyber Risk Brokers Pose to Carriers

Too many brokers put off having their laptops encrypted–creating a reputation vulnerability for their carrier partners.

(Image credit: Adobe Stock.)

While insurance carriers have some of the best security practices in the industry, there’s a weak link that doesn’t get enough attention: brokers. That’s because most insurance carriers distribute their products through brokers, despite the online presence of major insurance companies.

Mitchell Osak of the Financial Post noted, “A 2012 McKinsey study of the U.S. auto insurance sector found 59 percent of consumers dealt with a broker and directly with an insurance provider through their customer journey. For the foreseeable future, good brokers will continue to play an important role in the marketing, selling and servicing of insurance products by providing choice and advice to consumers.”

Finding Out the Hard Way

As smaller business entities with few guidelines and procedures, insurance brokers are increasingly finding out the hard way that endpoint security and encryption are critically important.

Insurance company data breaches demonstrate that cybersecurity is one of their biggest risks, and that insurance companies are very appealing to hackers. According to the Pittsburgh Post-Gazette, “The value of personal financial and health records is two or three times [the value of financial information alone], because there’s so many more opportunities for fraud,” said David Dimond, chief technology officer of EMC Healthcare, a Massachusetts-based technology provider. Combine a Social Security number, birth date and some health history, and a thief can open credit accounts plus bill insurers or the government for fictitious medical care, he noted.

In 2011 and 2012, combined, there were 458 big breaches involving a total of 14.7 million people, according to the Federal Department of Health and Human Services. In 2013 and 2014, there were 528 breaches involving 19 million people.

As the NFL’s Washington Redskins just discovered, an unencrypted laptop is not secure. The fight between Apple and FBI has taught us the iPhones are very secure, even too secure for the FBI to easily hack. Unfortunately, turning on the passwords on a laptop doesn’t provide the same level of protection. A laptop doesn’t automatically come with encryption. It has to be installed after purchase. This is a bit complicated to do and raises questions:

  • What happens if I lose my password, and what happens if I have a hardware or software failure?
  • How am I going to get back into my computer if something goes wrong?

As a result, all too many brokers put off having their laptops encrypted–creating a reputation vulnerability for their carrier partners.

Under HIPAA, anyone who stores sensitive third-party information is responsible for having this data encrypted. Failure to do so could lead to sensitive data ending up in the wrong hands. And, if you compromise your customers’ security as a result of data theft, you risk paying fines—and ultimately lose your customers’ trust, which leads to less business and decreased revenue.

Insist on Encryption

The solution for brokers? They should consider endpoint security and encryption, including deployment and management. They can then focus on their core businesses, confident that the loss of confidential data will be prevented because they are armed with a world-class cybersecurity control arsenal.

Carriers, in the meantime, should insist on encryption as standard operating procedure for the brokers they use and consider monitoring solutions that keep them abreast of endpoint risks.

Ebba Blitz // Ebba Blitz is the CEO of Alertsec and has been on the company’s board since the start in 2007 and specializes in fast deployment of IT Security. Blitz has also been covering the tech sector as a journalist for more than twenty years and moderated events for some of the largest companies in the US and Sweden. Customers include Microsoft, Oracle, Johnson & Johnson.

Leave a Comment