Insurers must not underestimate the need to secure the data they collect through IoT

Technology is developing at an impressive pace, and with it, so is the amount of data we generate. Insurers must leverage this growing resource. Historically, valuing risk has been very difficult—it’s virtually impossible to assess each customer individually. But, by deploying IoT, insurers can significantly increase the amount of data they hold and use it to instantly evaluate risk on an individual basis. Instant, individual risk assessment is only one application for big data and the IoT in the insurance industry; there are other possibilities, too, such as fraud detection. As the old saying goes, “With great power comes great responsibility.” If insurers hope to maximize efficiency by using more data, they must understand that securing and storing data is a complex task. If they fail, they risk consequences, including public scrutiny and hefty government fines.  

IoT is a frontrunner for enabling mass data collection for insurers; the potential is limitless  

Previous research from HFS discussed the need for insurers to move toward a predict–and–prevent model by leveraging the IoT, and the benefits would be huge. Insurers cannot underestimate the sheer amount of data needed to create such a model, however. Currently, it is believed that 2.5 quintillion bytes of data are produced every day and that by 2020, IoT will consist of over 30 billion connected devices. For insurers, this means a lot of data to secure and store, which isn’t cheap or easy! 

Adopting IoT means insurers must defend against cybercriminals on multiple battlefields  

The very nature of the IoT is to connect multiple devices to a single network, offering undeniable benefits and an endless flow of data, but there’s no reward without risk. Ultimately, a cybercriminal needs only a single point of weakness to infiltrate a system—a smart home sensor, a telematics device in a car, or even a smartwatch—the threat is always present. Insurers must be certain that every one of their IoT offerings is secure and protected from ever-evolving cyber threats; otherwise, they risk the entire network.  

The concern doesn’t end there. Once insurers collect data, they must process it into a suitable format and store it, ready for analysis. With solutions like cloud and blockchain, insurers must make informed decisions and find a solution that will scale exponentially in line with the growing quantity of data they will amass. Leading cloud providers have already recognized this need and are investing heavily to bolster the security of their offerings; for example, HFS analysts have already discussed Google’s acquisition of Chronicle. Choosing the incorrect solution or using any solution with incorrect security measures could lead to compromised customer data, unsurprisingly having negative implications for the insurer.

Customer perception isn’t the only problem awaiting insurers who aren’t prepared—losing customer data opens the door for legal complications 

If insurers fall victim to cyberattacks that compromise large quantities of customer data, the damage to the firm’s reputation could be impossible to rebuild. However, more pressing and significant would be the resulting financial and legal implications. There was an example of this in May 2019 when First American Financial exposed 885 million files, some of which dated as far back as 2003; the company had “failed to implement even rudimentary security measures.” The result for First American Financial was a class-action lawsuit against the company. 

Nurturing a healthy partnership ecosystem and preparing a variety of perimeter and internal defense solutions should be the first step for insurers. 

Insurers don’t need to tackle their security concerns alone. As is often the case in the hyperconnected world, insurers must build a healthy partnership ecosystem for protection from cybercriminals. Previous HFS research discussed the benefits of partnering with multiple security providers and explained how a robust ecosystem could offer the necessary holistic protection.  

Insurers must consider using the elements of perimeter and internal defense solutions in combination. Solutions combining perimeter solutions, such as firewalls, with internal solutions, such as threat hunting defenses like Infocyte Hunt, are ideal. Each component adds an element of security individually, but alone they would fail to secure a network fully—no single line of defense is impenetrable.  

Developing a cybersecurity strategy may appear daunting at first, but it doesn’t have to be as complex as it may seem 

Ultimately, insurers must understand that they can never eliminate the risk of a breach; however, there are some steps beyond perimeter and internal defenses that they can take to mitigate them: 

• Organizations must maintain an accurate and updated list of devices in their network. In the case of a breach, this will allow them to quickly pinpoint which device has been compromised.  
• Educate staff on basic cybersecurity practices, from locking their computer when they pop out for a coffee to ensuring they have a strong password on their accounts.  
• Enable one-way connection principle, which would prevent vulnerable endpoint devices from initiating connections with the internal network.  
• Develop an isolated secondary IoT network for devices that don’t support network security standards, which are thus easily exploited because of their insufficient security capabilities, will protect a primary network from threats. 

The Bottom Line: If you want to drive efficiency by increasing data collection, you must secure the data properly; pressure on margins is already huge, and any security errors could prove fatal.  

Leveraging IoT technologies to increase data collection is the likely next step for the insurance industry, but if insurers don’t efficiently prepare, they risk potentially fatal financial consequences and damages to their reputation. It is crucial to understand that the cost of introducing technologies and supplying them to customers is only half of the story; with every innovation comes a new security weakness that you must secure before you deploy it at scale.