The insurance industry is coming off a year marked by several breaches from hackers seeking access to customer’s private personal information. Roughly 110 million Americans -- one in three -- risked being impacted by the breaches last year, according to North Dakota’s Insurance Commissioner Adam Hamm, adding that regulators fortunately have yet to verify any victims.
“There’s a bull’s-eye on the insurance industry. The bad guys know insurers have mountains of PII (personally identifiable information) data and that if they break into a company, it’s the mother lode for them,” Hamm said during a panel at the Property/Casualty Insurance Joint Industry Forum on Jan. 12. “If we don’t get cyber security right, it could critically wound the insurance industry -- not just one particular company.”
By all accounts, Hamm says, insurers have done a good job responding to the changing world of data over the past 24 months, referring to big data as a necessary risk as the industry evolves beyond its traditional practices. But it doesn’t mean the business is changing fast enough. In a vast new world of driverless cars, machine learning and remote sensing, insurance regulators are growing wary of the security threats posed by big data.
“It’s a little bit of good news/bad news in terms of how the industry has done with big data,” said Hamm. “The first couple of words to come out of people’s mouths when I ask about insurance are it is ‘old and complicated’. Nobody goes to the mall on Saturday morning and says I’m going to buy some insurance.”
The amount of data used, stored and transferred since big data took the industry by storm has grown exponentially, panelists said. In fact, 80 percent of the world’s digital data was created in the last two years, according to Hemant Shah, co-founder and CEO of Risk Management Solutions. There are five zettabytes of data currently in existence, and that is expected to reach 40 by 2020, he said.
“The progress is there, but the industry spends too much time thinking of how to use the new technology as a weapon. Instead, we need to create products for a changing world,” said Shah. “The economy is fundamentally different and so is what consumers and corporations care about.”
Going forward, the more PII used to by insurers, the more regulators will pay attention, Hamm says. Their biggest concern is not larger companies who seem to have a foothold in it; rather, it is the mid-size insurers who may not be sophisticated enough to understand pricing and risks involved.
In order to implement regulations on cybersecurity and how to protect PII data, regulators will begin by asking questions to gauge what sort of data is being collected during insurers' statutory financial exams.
“We have to get these rules in place now before the other shoe drops and a batch of 10,000 Americans have their information sold on the dark web,” said Hamm. “Imagine what the spotlight on the industry will be then.”
