[BreachExchange] Insurers turn to outsourcing to shore up data security

[Audrey McNeil]

http://www.insurancenetworking.com/news/security-risk/insurers-turn-
to-outsourcing-to-shore-up-data-security-38018-1.html

Two-thirds of insurers have increased the amount of outsourcing they use to
combat cyber threats in the past two years, as the number of threats rises,
according to a Moody's survey of 50 insurance carriers.

Leveraging third parties that specialize in security to assist means that
insurers are protected against turnover among their in-house security
staff, and can be generally assured that the latest risks and solutions are
at their disposal, Moody's says. The typical insurer employs about 10
different cybersecurity vendors, according to the survey.

"The increasing trend toward outsourcing is driven by a combination of
factors, the most important of which involve the need for round-the-clock
and globally-integrated coverage of cybersecurity needs, access to
up-to-date specialty expertise across an array of disciplines, and
challenges to hiring additional internal specialized staffing due to
pent-up market demand," Moody's writes.

Insurers, however, are still aggressively hiring data security experts,
Moody's says, with carrier-side cybersecurity staffs growing by about 30%
per year since 2012. Those resources are typically focused on managing
those vendor relationships.

"Outside experts may not fully understand the particulars of insurers'
business models and priorities," Moody's notes.

Another trend in insurance cybersecurity is increased reporting frequency,
especially to boards of directors. Three-quarters of insurers surveyed make
at least monthly reports to upper executive management, and just more than
half go to the board of directors quarterly.

All this activity is happening across a backdrop of increased threats to
insurers' networks. Incidents requiring a response or other escalation
increased about 25% from 2014 to 2015, Moody's found.

"Nearly all insurers today maintain detailed incident response plans, and
conduct various types of testing to ensure business continuity in the event
of a cyber-attack or data breach," the company says. "For the most
threatening attacks, our surveyed insurers reported that C-level executives
(CEO, CFO, COO, and CIO) were involved in scenario-and-response protocols."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170214/e81da3ec/attachment.html>