Industry’s ‘Dull’ Image May Actually Protect Against Some Breaches

For some time now, I and others have been warning the insurance industry that we are vulnerable to cyber-attack, and that such attacks could be disastrous to our reputation as a trusted, rock-solid backup to accident and loss.  Now, however, it appears that at least one segment of the hacking community is really just doing their break-and-enter act for entertainment.  If that’s so, then our industry has little to fear. 

According to an online posting from The StarPhoenix, the Internet vigilante hacker group Anonymous claimed to have broken into an Apple Inc. server and published a small number of usernames and passwords for one of the company’s websites.  Anonymous said on Sunday via its account on Twitter that Apple could be a target for hackers and released the data as part of its Anti Security, or “AntiSec,” campaign. 

Anonymous, says the posting, teamed up with the Lulz Security group of hackers late in June. LulzSec, which gained wide recognition for breaching the websites of Sony Corp, the Central Intelligence Agency and a British police unit among other targets, said it had accomplished its mission to disrupt corporate and government bodies for entertainment (italics mine).  

Why is this good news for insurance?  The answer is that if the purpose of these hacks is to entertain the perpetrators and their friends, there really isn’t too much mojo to be gained by cracking an insurance company.  Surely in the status hierarchy of these crackers (“malicious, annoying people who get cheap thrill out of cracking computer codes, and breaking into systems” according to HackAnonymous.com), it is much cooler to have messed with a federal government spy organization or a major entertainment corporation than it would be to crack into the servers of the good hands people or to chip off a piece of the rock. 

It is certainly no secret in our industry that outsiders view us with downright boredom, unless of course there is a claim involved.  By definition, a cyber-break-in achieves notoriety based to a great degree on the stature and entertainment value of the victim.  If I beat my 75-year-old arthritic accountant at tennis, you probably won’t be terribly impressed, but if I beat Roger Federer (just a fantasy, I assure you), that would undoubtedly boost my personal tennis stock.  So if you want to build a reputation as a top-of-the-line cyber-meddler, other industries than insurance would seem to be more appealing targets. 

But let’s not get carried away with these comforting thoughts.  There are still plenty of cyber-criminals out there who are doing their nefarious deeds for profit and profit only.  From that point of view, insurance is just as likely a target as any industry, especially because we deal with sensitive data and often financial information.  With that in mind, prior warnings about vulnerability are still very much viable, and defenses, both physical and policy-based, are advisable.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.