December 20, 2012

Last year, around this time, I came up with four topics that I expected to see lots of activity around in 2012. Some were more right than others -- there wasn't a lot of social media use for underwriting, but there was a lot of telematics activity, for example.

Now, in considering what might be the biggest story of 2013, I'm both repeating and repositioning myself. Last year, I identified enterprise data security as No. 3 on my list. This year, not only is it No. 1, I expect it to be one of the biggest issues facing insurers.

The reason is simple: Each new technology or channel adopted by insurers creates a new vector for data security issues. These can be on the policyholder side or on the insurer side -- but there are an increasing amount of bases to cover and precious few infielders.

This year one of my favorite interviews was with Kirk Herath, Nationwide's chief privacy officer. His assertion that he wouldn't bank on mobile due to its insecurity opened my eyes to the true risk of using these platforms for financial transactions. But even with such a conscientious steward of and advocate for consumer privacy in the organization, Nationwide still suffered the year's most high-profile data breach in insurance.

Whether its consumers' own clumsiness, or thieves adapting to the 21st-century, or religious extremists who want to attack the pillars of America's economy, policyholder data is under siege. Yet, insurers are after more, thirsty for "big data" to feed usage-based insurance programs, personalized customer experiences, or better underwriting.

There's nothing wrong with that, of course. The new world of analytics offers opportunities for insurance companies to refine pricing and gain competitive advantage. And surely no insurance company, being expert in risk management and liability, would take their duty to protect policyholders' private data anything less than deathly serious.

The question is, when are insurers addressing the security issue? It needs to be early in the process of any new initiative, whether you're storing data locally or, as is increasingly popular for next-generation technologies, in the cloud. Vendor companies must be equally vigilant and demonstrate their commitment to data security and privacy before any insurance company can in good conscience select them as a partner. Perhaps an industry rating system can assist that effort.

In addition, there is sure to be more activity on the regulatory front relating to privacy. But do legislators understand the issues facing technology organizations? The average age of Congresspersons is about 60. Technologists who have grown up in the new world of mobile and e-commerce must be ready to advise policymakers.

Of course, there are also consumer expectations to manage. The world may seem more open, but people are very protective of their personal data -- as the recent outcry against the social photo-sharing network Instagram clearly illustrates. Insurers must be clear and honest about what data they ask for with each new initiative, how it's being used, and how it's being secured. Their business depends on it.

ABOUT THE AUTHOR
Nathan Golia is senior editor of Insurance & Technology. He joined the publication in 2010 as associate editor and covers all aspects of the nexus between insurance and information technology, including mobility, ...