With high-profile data breaches like Target's, the cyberinsurance space faced rapid expansion last year and will continue to progress in 2014. However, Peter D. Hancock of AIG noted at the 2014 Property/Casualty Insurance Joint Industry Forum that despite its growth, the size of the market is tiny compared to the rising economic risk. “Cybersecurity gets a lot more talk than action,” he said, “but there is a real growth opportunity here.”
[ More on cybersecurity from the forum: 4 Insurance CEOs Reveal Cybersecurity Practices. ]
But insurers must be sure to secure their own data as well. AIG is the target of hundreds of daily cyberattacks. Instead of eliminating attacks at the first level, the company allows them to penetrate further before they react. Doing so helps AIG learn more about their attackers and further enhance their security measures. “At the end of the day, one of the most prevalent vulnerabilities is human error,” said Hancock. “We’re also working hard on social engineering and making it easier to follow procedures.”
Allianz is another insurer redoubling its security efforts while at the same time seeing an opportunity in providing coverage for other companies. The company's latest Risk Barometer study found cyber risk climbing the list of perceived threats to businesses. “Data privacy and data security is at the top of our agenda,” said Christiane Hach of Allianz Managed Operations and Services, in an interview with Insurance & Technology.
The company currently has its data in 140 datacenters. By 2017, it plans to reorganize its data into six datacenters throughout North America, Asia and Europe. Each will be connected to a private cloud network only accessible to Allianz employees.
“It’s a long-term strategic project that is going on over several years,” Hach said. The project also includes training staff on how to handle outside requests and detect malware.
Larger insurers must expand their efforts to ensure company-wide security. “The P&C business is smaller than all of MetLife, but the larger company has to worry about espionage protection,” said Kishore Ponnavolu, CEO of MetLife Auto & Home. The insurer also protects against cyberattacks from within the company, intrusions on payment data, and coordinated attacks on financial institutions.
Employees of all levels should invest effort in protection. “No one is immune to cyber exposure,” said Daniel S. Glaser of Marsh. While products have improved, he noted, insurers of all sizes should be protecting themselves against cyberattacks. “The CEO is also the CRO, whether or not they know it."