For insurers, data security should be a natural – because insurers are in the business of risk management, and that's what security is all about.

That's the view of Martin Frappolli, CPCU, senior director of knowledge resources at The Institutes. As part of my work on the latest security report, now available in the November issue of Insurance Networking News, I had the opportunity to chat with Frappolli about data security in the insurance industry.

“Insurers probably have a lead on other industries in looking at data security risks from an enterprise risk management point of view,” he says. For example, The Institutes, which provides continuing education for insurance professionals, has a comprehensive risk management program for insurance professionals that covers information security. “There’s an entire discipline to measuring threats to an organization, and allocating resources to manage those risks,” says Frappolli. “Any insurance organization looking at that security from that perspective has a leg up right off the bat.”

However, just as the shoemaker's children had to run around in bare feet, insurance companies' own data assets often are at risk, Frappolli continues. “The risk is the old-fashioned approaches companies take, looking at security as an IT issue, and thinking the IT folks will be taking care of things.”

This is where many organizations need to up their game, he says – “enterprise risk management is no longer just a specialized area that goes in an enterprise risk management book, or a book that focuses on information technology. Data management and security is an important topic to everybody within the organization.”

If an insurance company lets security fall through the cracks, there may be implications beyond what a typical company in another industry may face, especially in terms of reputational risk. The insurance industry is built on trust, and if that trust goes away, so does business. “If you are an insured, the insurer has some sensitive information about you – especially in those sort of coverages that require a lot of personal information to get to your coverage and rates,” Frappolli says. Then once you become a claimant, and especially if you have a medical claim, be it automobile, workers comp, or other, then all of a sudden the insurer really possesses a lot of sensitive information about you. So an insurer's reputation is absolutely on the line to safeguard that as closely as possible.”

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access