Think about the technology investments your company is making to more efficiently manage your core processing, automate underwriting, enable ebonding and leverage data analytics. These digital innovations are transforming the surety business, but they also mean new cyber-risks for your company.
In its 2019 Annual Cost of Cybercrime Study, Accenture found that online criminal activity costs organizations an average of $13 million a year. The most expensive threats were malware, web-based attacks, and denial of service. In fact, it’s been estimated that cybercrime costs $600 billion globally.
The rising incidence of cyberattacks has caught the attention of regulators too. The National Association of Insurance of Commissioners (NAIC) has declared cybersecurity to be “one of the most important topics for the insurance sector today.”
What are the risks sureties face from a cyberattack? Among those identified by NAIC:
- Identity theft
- Business interruptions
- Damage to reputation
- Data repair costs
- Theft of customer lists or trade secrets
- Hardware and software repair costs
- Credit monitoring for impacted customers
- Litigation costs
How to protect against cyber-risk
Here are three steps you should take to reduce the threat of cyberattacks:
- Review your procedures for collecting and storing sensitive personal data. Are you complying with the appropriate legal and regulatory requirements? Have you established company-wide security measures such as multi-factor authentication, end-to-end encryption, limitations on data access, intrusion-detection protections, data retention and disposal procedures, and data recovery plans?
- Create a cyber-incident response plan. Do you have a data security plan for your company? Familiarize yourself with the National Institute of Standards and Technology’s (NIST) guidelines and best practices for managing cybersecurity risk. The NIST Cybersecurity Framework recommends ways to identify, protect, detect, respond and recover from cyberthreats.
- Consider a secure, cloud-based system. If you’re using an on-premises software system, how secure is it? Where does the data reside, and who has access to it? Today, a secure software-as-a-service (SaaS) solution is likely to be less vulnerable to cyberattack than a traditional software system. With SaaS, the data is held in the cloud instead of on an employee’s personal device where it may be compromised.
The security advantages of SaaS
According to a Cloud Security Alliance (CSA) survey, 65% of IT leaders believe the cloud is as secure or more secure than on-premises software. In addition, CSA says the benefits of switching to the cloud include lower cost, faster implementation and a better user experience. SaaS deployments can also improve reliability, business continuity and auditability.
Chris Preimesberger of eWeek writes, “A cloud environment offers insurers tremendous accessibility to leverage the SaaS provider’s information security expertise, whose offering already meets the needs of state, federal, and, where needed, global compliance requirements.” This is especially helpful for smaller companies, he says, which may not have the resources to implement extensive security and compliance protocols.
Always ask about an SaaS provider’s certifications and compliance audits. Your provider should be at least PCI DSS compliant to ensure sensitive data is protected at all stages of storage, processing and transmission. SOC 2 compliance is even better, which means the provider is maintaining the highest level of data security.
Interested in a SaaS data-management solution for your company? Let us show you how Tinubu Square meets the most stringent data security requirements. Contact us to set up an appointment and see a demo.