Insurers must balance security, UX: Triple-I/Fenix 24

Insurance executives agree that systematic preparation, attention to changing threats and continuous improvement are necessary in cybersecurity, according to The Insurance Information Institute (Triple-I), which partnered with Fenix24 on the report, Cybersecurity for Insurers: Squaring Safety with Service.

"The cyber challenge faced by any business, insurers or their policyholders, is in balancing performance and user experience with security," the report states. "You could build a completely secure system, if it was completely walled off from any human or external network interaction. Clearly, that would not be useful."

Triple-I and Fenix24 conducted a series of structured interviews with insurance industry executives across organizational sizes and markets to share insights on cybersecurity.

"Insurers occupy a paradoxical position in the cybersecurity landscape," said Sean Kevelighan, CEO of Triple-I, in a press release. "They assess cyber risk for policyholders and establish security requirements as conditions of coverage, yet they also need to demonstrate their own cybersecurity practices meet or exceed evolving standards."

The report highlights some areas for improvement, including recovery tests. They are often done under ideal conditions, which can create potential gaps when a real incident happens. Some respondents also mentioned permitting less secure multi-factor authentication (MFA) methods like email confirmation. Only about half of organizations deploy monthly security patches.

"Most organizations have tested their recovery plans for natural disasters or standard IT outages, but not for ransomware attacks," said Mark Grazman, CEO of Fenix24. "Understanding what actually happens in a ransomware scenario is critical to architecting true resiliency."