Rackspace recently surveyed more than 1,400 cybersecurity professionals across organizations, including 61 insurance execs. While insurers tend to be in line with most industry sectors with regard to their cybersecurity strategies, there are certain differences that illustrate the intricacies of the rapidly digitalizing sector.
Most insurers -- 49% -- devote five to 10% of their overall IT budgets to cybersecurity, compared to the cross-industry baseline of 44%. Insurers identify their biggest challenge as new needs due to cloud infrastructure and Internet of Things connections with a 44% plurality; this was third-highest generally with a 35% plurality of all respondents. Constantly evolving threats and increasing opportunities for disruption were the top two threats among all respondents. These were Nos. 2 and 3 for insurers.
Insurers’ top investment areas are database security tools (46%) and cloud workload protection (44%), at the top end of cross-industry averages for those tools. The top investment overall was antivirus software, which came in third for insurers.
On the threat side, insurers most fear advanced persistent threats (21%) and unauthorized exposure of personal data (20%). Overall, however, the biggest fear is network and platform attacks (21% of all respondents but 18% of insurers.)
But most pressing for cybersecurity decision-makers going into next year is recruitment. With threats on the rise, a war for talent is on. Insurers are leaning on internal training (69%, compared to 52% overall) and recruitment agencies (48% vs. 44%) to fill those gaps. Insurers are also 5% more likely than the industry average to look to internships as a recruitment tool
