12:43 PM
Connect Directly

Insurance CIOs Must Bridge Gap on Security: Novarica

While research indicates that insurance IT security budgets will rise, Novarica's Tom Benton says there is a cultural component to effective IT security as well.

High-profile breaches at retailers like Target, Neiman Marcus and Michaels have the entire IT community buzzing about security -- and insurance is no different.

The 95 respondents to Novarica's recent IT Security Issues Update study, authored by principal Tom Benton, found more than half of insurers planning to increase their spending on IT security solutions.

But Benton, who previously served as CIO of Navy Mutual insurance, says that companies must concern themselves with more than just funding.

Tom Benton, Novarica
Tom Benton, Novarica

"When I was a CIO, when any security issue came up I was called to the CEO's office and was asked, 'How do we avoid this?" Benton says. Smaller insurers, he notes, might not have a full time CISO. "I talked to a lot of smaller insurers who were talking about creating a full time position," he noted.

[Check out what CEOs from AIG, MetLife, and more say about their companies' cybersecurity practices]

But what concerned Benton the most was the finding that external security audits are generally only done once a year -- especially since insurers were largely most fearful of external attacks rather than internal breaches. When at Navy Mutual, Benton had someone outside the organization on retainer to help with those third-party audits, and could call on them as needed.

"With the increase in the amount we're hearing about threats, my feeling is that companies should do audits more frequently than annually," he says.

Mobile represents a popular vector for cyber attacks, and Novarica's research found that most companies had policies in place regarding employees' mobile access to company data, whether on company-owned or their own devices. Life insurance companies were more likely to spend their increased data security budgets on mobile, Benton added.

Nathan Golia is senior editor of Insurance & Technology. He joined the publication in 2010 as associate editor and covers all aspects of the nexus between insurance and information technology, including mobility, distribution, core systems, customer interaction, and risk ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
1/30/2014 | 3:32:05 PM
re: Insurance CIOs Must Bridge Gap on Security: Novarica
With all the security breaches in recent news, insurers should really plan to conduct external audits more than once a year. Yes, cultural changes can be tough to implement, but better to be prepared than face an attack of Target-like proportions.
User Rank: Author
1/28/2014 | 8:58:44 PM
re: Insurance CIOs Must Bridge Gap on Security: Novarica
It would be interesting to know how these macro security spending increases are being divvied up -- as you note, some is directed toward the mobile platform, but there are challenges in so many areas, including identity mangaement, privacy, data protection, business continuity, fraud, denial of service attacks etc etc. It could be that while total security spending is up, it's so splintered among different needs and imperatives that it doesn't accomplish what is needed. Also, to Tom's point about audits -- there are improvements in security that don't require a significant technology investment but may be just as daunting because they require changes in culture and behavior.
Register for Insurance & Technology Newsletters
White Papers
Current Issue
Insurance & Technology Digital Issue
Innovation? Check. Core modernization? Check. Security? Check. Today's insurance IT challenges don't stump this year's Elite 8.