IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Three key security challenges facing the Australian insurance industry 
Thu, 12th May 2022
FYI, this story is more than a year old

Insurance companies must ensure they proactively address security challenges and protect the privacy of customer data, according to Stelvio Australia.  

Modern technologies have brought a wealth of benefits to the insurance industry including improving the customer experience and the way businesses operate. New technologies can streamline processes, complete assessments faster, save employees' time and costs, and let insurers and assessors deliver a more positive experience for the customer.

Stelvio Australia says that while modern technologies provide transformational improvements, they do create new risks.

"Modern technologies are transforming the Australian insurance industry. These solutions deliver returns on investment that include cost savings and productivity gains as well as improved business reputation, customer satisfaction, and assessment accuracy," says Yannick Gigure, general manager, Stelvio Australia.

“However, as cybercriminals become more sophisticated and businesses of all sizes become targets, it's essential that the insurance industry considers how to best protect customer and company data when using those new technologies," he says.

"As such, they must establish compliance measures to mitigate the risk of a security breach.”  

Between July and December 2020, malicious or criminal attacks accounted for 58 per cent of the breaches notified to The Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme and were the leading cause of data breaches. In that same period, 38 per cent of breach notifications were due to human error.

A report from the Australian Cyber Security Centre (ACSC) found that the barriers for small to medium-sized business to implement good cybersecurity practices include:  
A lack of dedicated IT staff  a lack of planning for how to respond to cybersecurity incidents   
Business owners failing to identify security weaknesses, and unsure where to begin  a lack of education on the risks of a cyber incident and the impact it can have on the business

There are currently three major challenges impacting on the Australian insurance industry as a result of emerging technologies:  

1. Data theft and ransomware 

As technology platforms become increasingly cloud-based and interconnected, the risk of data theft via ransomware increases. Insurance companies must remain vigilant about securing sensitive data as cybercriminals look to steal these types of records, particularly customer, employee, and financial information. Compromised information as a result of a ransomware can shut down the ability to deliver key services. And, the loss of data via a breach leaves insurers' businesses at a high risk of reputational damage, financial and investment loss, and potentially financial penalties if a company has not complied with the Australian Privacy Principles (APPs).  

2. Fraud  

The insurance industry already has a high risk of fraud. With the introduction of automated claims processes, cybercriminals have new ways to exploit insurance companies. The Insurance Council of Australia reports that insurers detected $280 million in fraudulent claims across all insurance classes excluding those relating to health insurance or personal injury in 2017. This number is expected to climb as fraudsters, and even legitimate customers, take advantage of gaps created in virtual systems. However, using software that helps detect potentially fraudulent activity and alerts the relevant parties can help to protect insurers and partners.     

3. Compliance  

The ACSC has implemented compliance responsibilities to ensure that businesses remain accountable for protecting customer and sensitive data. All businesses that work with sensitive data must be aware of and comply with NDB legislation and the Privacy Act. Specific industries may also need to comply with other legislation or industry standards. All areas of the business, including specific divisions that may deal with different industries, must comprehensively understand the relevant privacy legislation and data compliance requirements and ensure secure workflow platforms adhere to these requirements. When considering security practices, it's also important that insurance companies address the potential risk that third-party suppliers may introduce as organisations can face a security risk if their suppliers have non-compliant systems.  

“Security challenges and compliance requirements should be front and centre when insurance companies implement new technologies," says Gigure.

"Data breaches will only increase as cybercriminals become more sophisticated and the potential attack surface expands through the use of new technology," he says.

“Technology will remain a vital element for insurance businesses to remain competitive, timely, and productive. However, this means that they also need to consider the security impacts of new technologies in order to survive in today's business environment.”