Cybersecurity and the insurance industry: Challenges, opportunities, and strategies

Plante Moran, in partnership with IASA, conducted a comprehensive survey of insurance companies to gain insights on the key impacts the pandemic was having on their organizations. The survey included nearly 40 questions about technology, digitization, and cybersecurity to help identify some of the most critical business issues that have emerged during the COVID-19 pandemic as well as key opportunities.

Here, we share feedback from the resulting benchmarking report and recommendations based on our extensive experience in the insurance market. Although the challenges and recommendations are specific to the insurance industry, many of these strategies can be applied to additional industry verticals and used as a roadmap to address similar challenges and opportunities.

Survey highlights: Challenges and opportunities

Our survey uncovered several insightful findings, including the following: 

1. IT budgets have increased. 28% of respondents report increasing future IT budgets due to the COVID-19 pandemic. Respondents who say their claims frequency has stayed the same (45%) are significantly more likely to say their organization has increased its future IT budget compared to those who say their claim frequency decreased (16%).

2. Increased IT budgets can contribute to building additional growth and/or supporting new business opportunities.
   Among respondents, 31% stated that the pandemic has created a new business growth opportunity or strategy.
   

   31% stated that the pandemic has created a new business growth opportunity or strategy.

3. Companies will need to plan for a new normal that includes COVID-19. Two in five respondents indicated that their organization envisions a future in which it will operate at least one or all of its departments in a decentralized or remote work environment even after work-from-home orders are lifted.

4. Increased cybersecurity awareness coupled with greater focus on constant monitoring and data loss prevention is required. Nine in 10 respondents say their IT department’s preparedness and shift to a remote work environment was smooth with only slight challenges to adapt.

5. Organizations are placing greater emphasis on cybersecurity due diligence and cloud security. One in 10 respondents stated this is due to the increased digital presence from electronic claims handling, email delivery of policies and digital communications, and lower expenses due to downsizing office space and less travel.

6. Organizations are increasing their focus on automation. As a result, we can expect to see the use of bots and RPA (robotic process automation) to improve efficiency, reduce cost, and address resource shortages.

Strategies for enhancing your organization’s cybersecurity posture

Based on the survey results, we’ve identified key cybersecurity strategies that can help you improve your cybersecurity posture. Consider implementing the following short- and long-term initiatives:

• Reprioritize in light of the COVID-19 pandemic. During the pandemic, IT and cybersecurity leaders, who would otherwise have been focusing on security, reprioritized to assist in supporting infrastructure and connectivity and minimizing disruptions, all in a very short timeframe. In planning for the long-term, these individuals should resume and maintain a strong focus on cybersecurity concerns, especially with the recent increase in cyber-attacks and other cyber incidents.
• Develop a strategy for business growth investment. A major portion of the increased IT budget should be directed to addressing the risks and vulnerabilities related to “high” risk IT assets. This should include implementation of a risk management eco-system, which supports a quantified risk analysis and risk scoring for IT assets. The risks and vulnerabilities can be identified by conducting a structured cybersecurity assessment. Consider using a leading cybersecurity framework that incorporates industry standards and best practices such as NIST, ISO, or CSF.
• Perform frequent and automated risk assessments using a governance risk and compliance (GRC) platform. Within your organization, develop a collaboration between your IT audit and cybersecurity functions using a GRC platform for large enterprise. This can result in increased savings and efficiency.
• Prioritize a cybersecurity risk mitigation plan and strategies for high and medium risk areas. The table below offers a prioritized list of areas insurance companies should analyze and focus to mitigate relevant cybersecurity risks based on your size, business plans, technology, complexity, and other business factors. Develop a short- and long-term risk mitigation plan to help guide the implementation of these strategies.

In conclusion

The COVID-19 pandemic has brought significant change to the insurance market. Our survey uncovered many of the challenges, impacts, and opportunities. With many companies planning to continue remote work and with cyberattacks on the rise, cybersecurity has emerged as a critical factor, and vigilance must remain high. The strategies here can help you prepare to set priorities, assess risks, and take advantage of new opportunities for business growth.