The 95 respondents to Novarica's recent IT Security Issues Update study, authored by principal Tom Benton, found more than half of insurers planning to increase their spending on IT security solutions.
But Benton, who previously served as CIO of Navy Mutual insurance, says that companies must concern themselves with more than just funding.
"When I was a CIO, when any security issue came up I was called to the CEO's office and was asked, 'How do we avoid this?" Benton says. Smaller insurers, he notes, might not have a full time CISO. "I talked to a lot of smaller insurers who were talking about creating a full time position," he noted.
[Check out what CEOs from AIG, MetLife, and more say about their companies' cybersecurity practices]
But what concerned Benton the most was the finding that external security audits are generally only done once a year -- especially since insurers were largely most fearful of external attacks rather than internal breaches. When at Navy Mutual, Benton had someone outside the organization on retainer to help with those third-party audits, and could call on them as needed.
"With the increase in the amount we're hearing about threats, my feeling is that companies should do audits more frequently than annually," he says.
Mobile represents a popular vector for cyber attacks, and Novarica's research found that most companies had policies in place regarding employees' mobile access to company data, whether on company-owned or their own devices. Life insurance companies were more likely to spend their increased data security budgets on mobile, Benton added.
Nathan Golia is senior editor of Insurance & Technology. He joined the publication in 2010 as associate editor and covers all aspects of the nexus between insurance and information technology, including mobility, distribution, core systems, customer interaction, and risk ... View Full Bio