By now the graveness of the cybersecurity threat is readily apparent as technologically-adept cybercrime organizations, politically-motivated “hacktivists,” and state-sponsored groups all test the mettle of corporate security teams.
A new article in the McKinsey Quarterly,
For insurers, striking this balance will be particularly tough since many of the technologies that are becoming increasingly vital to operations, such as predictive analytics, require a mass accumulation of data. “Corporations looking to mine data—for instance, transaction and customer information, results of product launches, and market information—create valuable intellectual property that is in itself an attractive target,” the article, authored by James Kaplan, Shantnu Sharma, and Allen Weinberg, states.
In a similar sense, one of the other new technologies redefining insurance operations, mobile devices, creates an easy point of entry into corporate networks for malware.
Yet, the authors note the most challenging attacks exploit human vulnerabilities rather than technological ones, which are easier to remediate. “Now more than ever, protecting a corporation’s technology assets from malicious damage and inappropriate use requires intelligent constraints on how employees, customers, and partners access corporate applications and data,” they write.
To craft an effective cybercrime defense, the authors say, companies need a broad management initiative that cuts across strategy, operations, risk management, and legal and technology functions and balances the need for security with business imperatives.
“Insufficient safeguards will result in the loss of critical data, but overly stringent controls can get in the way of doing business or have other adverse effects. As a result, a business-driven cybersecurity model—one that can provide resiliency to increasingly flexible, open enterprises even in the face of highly capable and determined malevolent actors—is starting to emerge.”
