External threats, such as network technology vulnerabilities and mobile device issues, are driving insurers to increase IT security spending in 2014, according to "IT Security Issues Update," a report from Novarica, an insurance technology consulting company. According to the survey of 95 life and P&C insurance CIO members of the Novarica Insurance Technology Research Council, the top IT security concerns for U.S. insurers are network technology vulnerabilities, application/database security, user access issues and configuration issues.
While annual IT security audits are considered best practice and are the norm, Novarica said, more than 10 percent had not done an external audit in the past year. About 20 percent of P&C and 30 percent of life and health insurers conduct audits more than once per year, according to the survey; 12 percent said they had not conducted an external IT security audit in the past year, including 25 percent of midsized P&C carriers, those ranging from $100 million to $1 billion. They instead may have conducted internal audits or have justifiable reasons for deferring an external security audit, but an annual audit by an external firm should be considered as a minimum for due diligence Novarica said.
The rapid growth of mobile has added to insurers' IT security concerns, Novarica said. Most carriers have policies and technology measures in place to manage the security of company-owned devices, but fewer have them for employee-owned devices, and even fewer still have them for devices owned by agents and other non-employees, according to the survey results.
