What Keeps Insurance Security Teams Up At Night? Plenty.

There aren’t too many industries that know more about their “customers” than the insurance industry does. The good news is that they can use all that policyholder insight to build new products and ways to deliver them, and make better decisions about how to price those products. But possessing all that insight also puts them at a big disadvantage when it comes to keeping customer and other data secure. That concern turns to white-knuckle terror when it comes to adopting the tech that the insurance industry’s financial services siblings—banking and capital markets—have been deploying for a few years now. Not surprisingly, this includes the risks associated with consumer tech, like smart phones and social media, but also in the infrastructure technology that the insurance industry is exploring, if not embracing—cloud computing and data center, desktop and application virtualization.

During the third quarter, Forrester talked to 70 North American insurers about their hardware and infrastructure investment plans, following up that research with another 89 conversations to ask about their risk concerns when looking at some of these same infrastructure initiatives. 

What we learned is that virtualization is a big priority, with assorted aspects of server virtualization leading in terms of precedence for the coming year (See Figure 1). And though it brought up the rear, even public and private cloud services were being looked at. Why? Because all of these technologies can reduce both CAPEX and OPEX, since insurers can either work the capacity they have more efficiently, or buy and use it as a service.

But these infrastructure improvements aren’t without peril. When we asked about specific risk concerns, we learned that insurance security decision-makers viewed both cloud and data center virtualization as something that they were somewhat or very concerned about. Less concern was voiced when it came to application and desktop virtualization: the former because there just aren’t that many insurers ready to look at, and the latter, let’s face it, because most insurance companies manage risk by implementing technology that’s been proven in other industries and with other insurers (See Figure 2).

This gap between importance and anxiety needs to be filled by skillful technology vendors who can do more than tell a virtualization or cloud story with a slick power point deck. Along with articulating strong value to this particular insurer’s business problem, they clearly need to make the CIO feel confident in their ability to keep all kinds of data secure and private. And a bit of good news—most likely it’s that senior IT decision-maker—the CIO—that’s most involved throughout the decision-making process for buying servers, storage and systems management and security solutions.

Ellen Carney is a senior analyst with Forrester Research. She focuses on how the financial services industry researches, procures and deploys business technology, and is responsible for developing the global forecasts for IT budget and spending forecasts for insurance and banking. Follow her on Twitter at: http://twitter.com/ellenmcarney

Readers are encouraged to respond to Ellen using the “Add Your Comments” box below. She also can be reached at ecarney@forrester.com.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.