Boston — Over the last 12 months, Best-in-Class organizations experienced 27% fewer data loss incidents than the industry average from trusted internal users, and 92% fewer data loss incidents attributed to malicious outsiders, according to "Data Loss Prevention: Little Leaks Sink the Ship," published by Aberdeen Group, a Harte-Hanks Company.

The Boston-based firm used a variety of criteria—from number of data-loss incidents to number of help desk calls related to data protection—to define the “Best-in-Class” distinction. A survey of these Best-in-Class companies, which included insurance companies, revealed that 64% have established consistent policies for protecting data at rest in back-end systems, data in transit and data in use at the endpoints. Also, 54% have formal documentation, awareness and end-user training programs regarding their data protection policies, which could be beneficial to insurance companies, given their network.

“The insurance industry consists of networks of independent agents and, the volume and flow of data in its many forms: structured (e.g., in databases), unstructured (e.g., in documents and spreadsheets) and semi-structured (e.g., in e-mail messages), creates a huge data leakage problem,” the report’s author and VP and research fellow for IT security, Derek Brink, tells INN. “Although we saw in the research that Best-in-Class companies are protecting data in whatever form it takes and wherever it goes (i.e., at rest in the backend systems, in motion on the network, and in use at the endpoints), there was definitely a higher degree of concern for the risk associated with data at the endpoints.”

The risk of data loss comes from all types of data: from innumerable "channels" for potential leakage, and end-user behavior ranging from inadvertent to well-intentioned to malicious, according to the report. Strategies that focus on protecting against data loss in only one channel do not solve the overall problem. Organizations with top performance take an information-centric approach to protecting sensitive data, using a combination of network-based and endpoint-based solutions to prevent data loss.

"The majority of data loss incidents are associated with simple human error, and by well-meaning employees going around policies in trying to carry out their jobs," Brink says. "The most effective strategies for preventing data loss include a combination of enabling technologies, including data discovery and classification; data monitoring and filtering; and endpoint data protection."

Aberdeen’s survey shows that 67% of Best-in-Class companies have deployed e-mail and Web-monitoring and filtering solutions; 41% have deployed network-based data loss prevention solutions; 32% have deployed agent/endpoint-based DLP; and 73% have deployed some form of encryption at the endpoint.

“Regulatory requirements to protect sensitive information is one of the top drivers we see in our research, and the insurance industry certainly has its fair share of those drivers,” Brink tells INN. “Across all industries, we see the sheer volume of information going up, and insurance is no exception there. We do see that the Best-in-Class organizations are making incremental investments that are more proactively driven by industry standards and best practices (such as COBIT), as opposed to purely reactive investments in the wake of data security incidents.”

The report is free through the end of August.

Source: Aberdeen Group

Exclusive content available only on

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access