Insurtech initiatives make insurers more vulnerable to data breaches. Through best practices, insurers can lower their risk and minimize damages from breaches. 

Insurtech, or the use of technology to enhance the ability of insurers to offer innovative products and services efficiently, is changing the industry. Mobile apps are becoming increasingly sophisticated, streamlining the work of agents. Insurers are building ecosystems, storing large amounts of personal data about their clients. Insurers also are beginning to use the information found on smartwatches and in devices inserted in cars to calculate rates and determine products based on lifestyle. This trend means that insurers will need to become even more vigilant about cybersecurity.

Cyber attacks on insurance companies are growing. At least 81 percent of the major health care or health insurance companies had a data breach within the last two years, according to U.S. Consumer Affairs. State Farm, the largest property and casualty insurer, was a victim of a data breach last year. Insurers, however, can undertake programs to lessen the odds of a data breach and to mitigate the losses should one occur.

Many hackers gain entry through attacks that target employees. Training employees to distinguish phishing attacks and how to spot potential email breaches can reduce the number of successful attacks. Attacks can further be reduced through training employees in how to encrypt data, generate strong passwords, and properly file and store data. Employee access to the Internet should be limited only to what they need to do their jobs. Employees also should only be allowed to access data that is required for their tasks.

A cybersecurity expert, whether an in-house employee or a managed service provider, can help avoid attacks through proper planning. The development of a long-term cybersecurity strategy that is continually updated as new technology is released is a key factor in preventing breaches. The plan should note and classify the sensitive material you must protect, as well as delineate how you will protect it and how you will respond if a breach occurs.

An expert also can track incidents and plug holes. The expert also can keep up to date on breaches that have occurred at other companies and strengthen security to avoid them occurring at their own company.

Insurance companies must insist that employees change passwords frequently and implement multi-factor authentication. They should forbid employees from downloading foreign software and apps until they have been approved by the IT department. Computers that can access sensitive data should be kept locked and not available for public use.

Software manufacturers are continually updating their software to enhance security; downloading patches as soon as they are released is important. Likewise updating infrastructure and encouraging employees to update their personal devices frequently can ensure the most recent security updates.

Cybersecurity should permeate the culture of a company. It should be woven into every business plan, policy, and procedure. Senior-level executives should actively promote cybersecurity and ensure that employees do so as well. Compensation should be tied to cybersecurity practices and performance and should always be part of the conversation.